For deployment of azure lighthouse I want to deploy multiple authorization for principle_id and role_definition_id like in the example provided in microsoft documentation [link]
Is that possible for the resource in terraform azurerm_lighthouse_definition?
What asking is that how or can I add multiple authorizations in this resource in tf.
How can make the below resource work?
resource "azurerm_lighthouse_definition" "example" {
name = "Sample definition"
description = "This is a lighthouse definition created via Terraform"
managing_tenant_id = "00000000-0000-0000-0000-000000000000"
authorization {
principal_id = "00000000-0000-0000-0000-000000000000"
role_definition_id = data.azurerm_role_definition.contributor.role_definition_id
principal_id = "00000000-0000-0000-0000-000000000000"
role_definition_id = data.azurerm_role_definition.contributor.role_definition_id
}
}
Hi there,
i dont know if you still have this issue , but for the folks that are interested.
you can solve this easily.
3 things you need to do:
1. declare a variable with type list object (for example authorization)
variables “authorizations” {
description = “List of Authorization objects.”
type = list(object({
principalId = string
roleDefinitionId = string
}))
}
2. create your variable with objects and name it authorization
list object example
authorization = {
{
principalid = “”
roledefinitionid = “”
}
{
principalid = “”
roledefinitionid = “”
}
}
3. use a dynamic loop with name authorization instead of the authorization block of the resource
example how you use this within the resource azurerm_lighthouse_definition
resource “azurerm_lighthouse_definition” “yourdefinitionname” {
name = “”
description = “”
managing_tenant_id = “”
scope = “”
dynamic “authorization” {
for_each = toset(var.authorizationsDeployment)
content {
principal_id = authorization.value.principalid
role_definition_id = authorization.value.roleDefinitionId
}
}
}
and voila you are done.