Azure azurerm_role_assignment dynamic condition

zilcas.z · February 7, 2024, 1:27pm

Hey,

I have a module used to created Azure service principal and assign roles to it.
I need to configure couple of arguments (see bold) to the role assignment, based on some criteria.
Is there a more “elegant” way to achieve this, or using an IF statement is the only way to go? for example:

resource “azurerm_role_assignment” “user_app_assignment” {
scope = var.scope
role_definition_name = var.role
principal_id = azuread_service_principal.my_principal.id
condition_version = length(regexall(“some_regex”, var.some_var)) > 0 ? null : “2.0”
condition = length(regexall(“some_regex”, var.some_var)) > 0 ? null : <<-EOT
(
(
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete’})
)
EOT
}

system · August 5, 2024, 1:27pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Azurerm_role_assignment not imported in azurerm provider 2.90.0 Azure azure	1	599	April 17, 2023
Help to create Azure role assignment with several roles Azure azure	3	963	September 6, 2024
Role assignment error when applying changes to Azure Azure azure	2	3988	July 1, 2022
Help with azurerm_role_assignment Terraform	2	2139	April 16, 2021
Azurerm_role_definition: scope vs assignable_scopes Terraform Providers azure	0	630	December 27, 2022

Azure azurerm_role_assignment dynamic condition

Related topics