[Modules] Updated Authorization/RoleAssignments to new dependency approach

.github/workflows/ms.authorization.roleassignments.yml

@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'

modules/Microsoft.Authorization/roleAssignments/.test/mg.common/dependencies.bicep

@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId

modules/Microsoft.Authorization/roleAssignments/.test/mg.common/deploy.test.bicep

@@ -0,0 +1,45 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'aramgcom'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+module resourceGroupResources 'interim.dependencies.bicep' = {
+  scope: subscription('<<subscriptionId>>')
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    resourceGroupName: resourceGroupName
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Backup Reader'
+    description: 'Role Assignment (management group scope)'
+    managementGroupId: last(split(managementGroup().id, '/'))
+    principalType: 'ServicePrincipal'
+  }
+}

modules/Microsoft.Authorization/roleAssignments/.test/mg.common/interim.dependencies.bicep

@@ -0,0 +1,27 @@
+targetScope = 'subscription'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Required. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: managedIdentityName
+  }
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = resourceGroupResources.outputs.managedIdentityPrincipalId

modules/Microsoft.Authorization/roleAssignments/.test/mg.min/dependencies.bicep

@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId

modules/Microsoft.Authorization/roleAssignments/.test/mg.min/deploy.test.bicep

@@ -0,0 +1,42 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'aramgmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+module resourceGroupResources 'interim.dependencies.bicep' = {
+  scope: subscription('<<subscriptionId>>')
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    resourceGroupName: resourceGroupName
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+  }
+}

modules/Microsoft.Authorization/roleAssignments/.test/mg.min/interim.dependencies.bicep

@@ -0,0 +1,27 @@
+targetScope = 'subscription'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Required. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: managedIdentityName
+  }
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = resourceGroupResources.outputs.managedIdentityPrincipalId

modules/Microsoft.Authorization/roleAssignments/.test/rg.common/dependencies.bicep

@@ -0,0 +1,13 @@
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId

modules/Microsoft.Authorization/roleAssignments/.test/rg.common/deploy.test.bicep

@@ -0,0 +1,50 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'arargcom'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Backup Reader'
+    description: 'Role Assignment (resource group scope)'
+    principalType: 'ServicePrincipal'
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}

modules/Microsoft.Authorization/roleAssignments/.test/rg.min/dependencies.bicep

@@ -0,0 +1,13 @@
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId

modules/Microsoft.Authorization/roleAssignments/.test/rg.min/deploy.test.bicep

@@ -0,0 +1,48 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'arargmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}