-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathmain.role_definitions.tf
34 lines (31 loc) · 1.44 KB
/
main.role_definitions.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
resource "azapi_resource" "role_definitions" {
for_each = local.role_definitions
type = "Microsoft.Authorization/roleDefinitions@2022-04-01"
body = {
properties = {
assignableScopes = each.value.role_definition.properties.assignableScopes
description = each.value.role_definition.properties.description
permissions = each.value.role_definition.properties.permissions
roleName = each.value.role_definition.properties.roleName
type = each.value.role_definition.properties.type
}
}
name = each.value.role_definition.name
parent_id = "/providers/Microsoft.Management/managementGroups/${each.value.mg}"
retry = var.retries.role_definitions.error_message_regex != null ? {
error_message_regex = var.retries.role_definitions.error_message_regex
interval_seconds = lookup(var.retries.role_definitions, "interval_seconds", null)
max_interval_seconds = lookup(var.retries.role_definitions, "max_interval_seconds", null)
multiplier = lookup(var.retries.role_definitions, "multiplier", null)
randomization_factor = lookup(var.retries.role_definitions, "randomization_factor", null)
} : null
timeouts {
create = var.timeouts.role_definition.create
delete = var.timeouts.role_definition.delete
read = var.timeouts.role_definition.read
update = var.timeouts.role_definition.update
}
depends_on = [
time_sleep.after_management_groups
]
}