slawek/terraform-azurerm-simple-iam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance examples and documentation for role assignments, adding scenarios for multiple principals and role constraints

Browse Source
This commit is contained in:
Sławek Koszewski
2026-02-27 19:30:42 +01:00
parent 6b6615b7d3
commit b7594f4a5f
8 changed files with 366 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
examples/scenario-3.tfvars.json Normal file
View File

@@ -0,0 +1,60 @@
{
"principals": {
"principal1": {
"principal_name": "sp-app-ops",
"principal_id": "00000000-0000-0000-0000-000000000011",
"principal_type": "ServicePrincipal",
"role_assignments": {
"subscription": {
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000",
"roles": [
"Reader"
],
"delegable_roles": [
"Reader",
"Contributor"
]
},
"rg_app": {
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-app",
"roles": [
"Contributor"
],
"delegable_roles": [
"Reader",
"Contributor"
]
}
}
},
"principal2": {
"principal_name": "sg-security-reviewers",
"principal_id": "00000000-0000-0000-0000-000000000022",
"principal_type": "Group",
"role_assignments": {
"rg_security": {
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-security",
"roles": [
"Owner"
],
"restricted_roles": [
"Owner",
"User Access Administrator",
"Role Based Access Control Administrator"
]
},
"rg_logs": {
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-logs",
"roles": [
"Role Based Access Control Administrator"
],
"restricted_roles": [
"Owner",
"User Access Administrator",
"Role Based Access Control Administrator"
]
}
}
}
}
}