terraform-azurerm-simple-iam/outputs.tf

output "role_assignment_ids" {
  value       = { for key, ra in azurerm_role_assignment.role : key => ra.id }
  description = "IDs of unconditional role assignments, keyed by '${scope}:${role_definition_name}'."
}

output "rbac_admin_role_assignment_id" {
  value       = { for scope, ra in azurerm_role_assignment.rbac_admin : scope => ra.id }
  description = "IDs of constrained RBAC Administrator role assignments, keyed by scope. Empty when delegable_roles is empty."
}

output "rbac_admin_condition" {
  value       = length(var.delegable_roles) > 0 ? local.rbac_admin_condition : null
  description = "Rendered condition used for constrained RBAC Administrator assignments, or null when delegable_roles is empty."
}