Skip to content

Commit

Permalink
KUBE-393: Add name to role assignments
Browse files Browse the repository at this point in the history
  • Loading branch information
gleb committed Jun 13, 2024
1 parent cfda530 commit 767adb2
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,20 +63,23 @@ resource "azurerm_role_definition" "castai" {
resource "azurerm_role_assignment" "castai_resource_group" {
principal_id = azuread_service_principal.castai.id
role_definition_id = azurerm_role_definition.castai.role_definition_resource_id

name = "${substr(var.aks_cluster_name, 0, 32)}0000"
scope = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group}"
}

resource "azurerm_role_assignment" "castai_node_resource_group" {
principal_id = azuread_service_principal.castai.id
role_definition_id = azurerm_role_definition.castai.role_definition_resource_id
name = "${substr(var.aks_cluster_name, 0, 32)}0001"

scope = "/subscriptions/${var.subscription_id}/resourceGroups/${var.node_resource_group}"
}

resource "azurerm_role_assignment" "castai_additional_resource_groups" {
for_each = toset(var.additional_resource_groups)
principal_id = azuread_service_principal.castai.id
name = "${substr(var.aks_cluster_name, 0, 32)}0002"

role_definition_id = azurerm_role_definition.castai.role_definition_resource_id
scope = each.key
}
Expand Down

0 comments on commit 767adb2

Please sign in to comment.