From dc21bc9e89f9d8281c7e67041701cad9aad365b6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 7 Jul 2022 16:41:13 +0200 Subject: [PATCH 1/5] mg --- .../roleAssignments/managementGroup/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep index 07251accef..20a01686bd 100644 --- a/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep @@ -357,7 +357,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev output name string = roleAssignment.name @sys.description('The resource ID of the Role Assignment.') -output scope string = tenantResourceId('Microsoft.Management/managementGroups', managementGroupId) +output resourceId string = extensionResourceId(tenantResourceId('Microsoft.Management/managementGroups', managementGroupId), 'Microsoft.Authorization/roleAssignments', roleAssignment.name) @sys.description('The scope this Role Assignment applies to.') -output resourceId string = extensionResourceId(tenantResourceId('Microsoft.Management/managementGroups', managementGroupId), 'Microsoft.Authorization/roleAssignments', roleAssignment.name) +output scope string = tenantResourceId('Microsoft.Management/managementGroups', managementGroupId) From 9953c9f244eb33ac650f04f7a8c317f96e142772 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 7 Jul 2022 16:42:17 +0200 Subject: [PATCH 2/5] rg --- .../roleAssignments/resourceGroup/deploy.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep index 9314d1702e..e5cd422e5a 100644 --- a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep @@ -356,10 +356,10 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev output name string = roleAssignment.name @sys.description('The resource ID of the Role Assignment.') -output scope string = resourceGroup().id - -@sys.description('The scope this Role Assignment applies to.') output resourceId string = az.resourceId(resourceGroupName, 'Microsoft.Authorization/roleAssignments', roleAssignment.name) @sys.description('The name of the resource group the role assignment was applied at.') output resourceGroupName string = resourceGroup().name + +@sys.description('The scope this Role Assignment applies to.') +output scope string = resourceGroup().id From 146c3439734acef1ebdd76b2e5489943552e6631 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 7 Jul 2022 16:42:50 +0200 Subject: [PATCH 3/5] sub --- .../roleAssignments/subscription/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep index dfbd7f0597..2a8927bfca 100644 --- a/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep @@ -357,7 +357,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev output name string = roleAssignment.name @sys.description('The resource ID of the Role Assignment.') -output scope string = subscription().id +output resourceId string = subscriptionResourceId(subscriptionId, 'Microsoft.Authorization/roleAssignments', roleAssignment.name) @sys.description('The scope this Role Assignment applies to.') -output resourceId string = subscriptionResourceId(subscriptionId, 'Microsoft.Authorization/roleAssignments', roleAssignment.name) +output scope string = subscription().id From 8a6c7d974d7d3e296cf9eed82be8489d130573fa Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 7 Jul 2022 16:50:49 +0200 Subject: [PATCH 4/5] roledef --- modules/Microsoft.Authorization/roleDefinitions/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep b/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep index 052c570948..9786701808 100644 --- a/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep +++ b/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep @@ -107,4 +107,4 @@ output name string = empty(subscriptionId) && empty(resourceGroupName) ? roleDef output resourceId string = empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_mg.outputs.resourceId : (!empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_sub.outputs.resourceId : roleDefinition_rg.outputs.resourceId) @sys.description('The scope this Role Definition applies to.') -output roleDefinitionScope string = empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_mg.outputs.scope : (!empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_sub.outputs.scope : roleDefinition_rg.outputs.scope) +output scope string = empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_mg.outputs.scope : (!empty(subscriptionId) && empty(resourceGroupName) ? roleDefinition_sub.outputs.scope : roleDefinition_rg.outputs.scope) From 93e0c6367830bf2385ccaa2ecb5e2cede005d199 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 7 Jul 2022 18:03:35 +0200 Subject: [PATCH 5/5] readme update --- .../roleAssignments/managementGroup/readme.md | 4 ++-- .../roleAssignments/resourceGroup/readme.md | 4 ++-- .../roleAssignments/subscription/readme.md | 4 ++-- modules/Microsoft.Authorization/roleDefinitions/readme.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md index f3840cc8a8..a0d2558c89 100644 --- a/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md @@ -40,5 +40,5 @@ With this module you can perform role assignments on a management group level | Output Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | -| `resourceId` | string | The scope this Role Assignment applies to. | -| `scope` | string | The resource ID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md index fced8d5490..0ea273c28a 100644 --- a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md @@ -41,5 +41,5 @@ With this module you can perform role assignments on a resource group level | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceGroupName` | string | The name of the resource group the role assignment was applied at. | -| `resourceId` | string | The scope this Role Assignment applies to. | -| `scope` | string | The resource ID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md b/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md index 8467450e91..19acd7eed8 100644 --- a/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md @@ -40,5 +40,5 @@ With this module you can perform role assignments on a subscription level | Output Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | -| `resourceId` | string | The scope this Role Assignment applies to. | -| `scope` | string | The resource ID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | diff --git a/modules/Microsoft.Authorization/roleDefinitions/readme.md b/modules/Microsoft.Authorization/roleDefinitions/readme.md index a7566ea2e3..1af3c4a999 100644 --- a/modules/Microsoft.Authorization/roleDefinitions/readme.md +++ b/modules/Microsoft.Authorization/roleDefinitions/readme.md @@ -159,7 +159,7 @@ module roledefinition 'yourpath/modules/Microsoft.Authorization.roleDefinitions/ | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | -| `roleDefinitionScope` | string | The scope this Role Definition applies to. | +| `scope` | string | The scope this Role Definition applies to. | ## Considerations