forked from Azure/terraform-azurerm-caf-enterprise-scale
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlocals.role_assignments.tf
47 lines (43 loc) · 1.8 KB
/
locals.role_assignments.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# The following locals are used to extract the Role Assignment
# configuration from the archetype module outputs.
locals {
es_role_assignments_by_management_group = flatten([
for archetype in values(module.management_group_archetypes) :
archetype.configuration.azurerm_role_assignment
])
es_role_assignments_by_subscription = local.empty_list
es_role_assignments = concat(
local.es_role_assignments_by_management_group,
local.es_role_assignments_by_subscription,
)
}
# The following locals are used to build the map of Role
# Assignments to deploy.
locals {
azurerm_role_assignment_enterprise_scale = {
for assignment in local.es_role_assignments :
assignment.resource_id => assignment
}
}
# The following locals are used to build the output of Role
# Assignments created by the child module.
locals {
flatten_role_assignments_for_policy_output = flatten([
for pa_id, role_assignments in module.role_assignments_for_policy : [
for role_assignment_id, role_assignment_config in role_assignments.azurerm_role_assignment : {
role_assignment_id = role_assignment_id
role_assignment_config = role_assignment_config
}
]
])
role_assignments_for_policy_output = {
for role in local.flatten_role_assignments_for_policy_output :
(role.role_assignment_id) => role.role_assignment_config
}
}
# The following locals is required to resolve bug as per https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/794
# This locals is used by resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity"
# in resources.role_assignments.tf to determine if the connectivity management group exists
locals {
connectivity_mg_exists = length([for k, v in local.es_landing_zones_map : v if(v.id == "${var.root_id}-connectivity")]) > 0
}