Below is the code snippet to pass multiple json file names to create the IAM definition. But I am getting the error code 405. Am I missing anything here?
Error
│ Error: authorization.RoleDefinitionsClient#CreateOrUpdate: Failure responding to request: StatusCode=405 -- Original Error: autorest/azure: Service returned an error. Status=405 Code="" Message="The requested resource does not support http method 'PUT'."
│
│ with azurerm_role_definition.iam_role_def["manage-resource-group"],
│ on main.tf line 5, in resource "azurerm_role_definition" "iam_role_def":
│ 5: resource "azurerm_role_definition" "iam_role_def" {
│
variable.tf
variable "iam_definition_list" {
type = list(string)
description = "Name to be used for this IAM definition. Changing this forces a new resource to be created."
default = []
}
main.tf
data "azurerm_subscription" "az_subscription" {
}
resource "azurerm_role_definition" "iam_role_def" {
for_each = toset(var.iam_definition_list)
name = jsondecode(file("${path.cwd}/definition/${each.value}.json")).roleName
scope = data.azurerm_subscription.az_subscription.id
description = jsondecode(file("${path.cwd}/definition/${each.value}.json")).description
permissions {
actions = jsondecode(file("${path.cwd}/definition/${each.value}.json")).permissions[0].actions
not_actions = jsondecode(file("${path.cwd}/definition/${each.value}.json")).permissions[0].notActions
data_actions = jsondecode(file("${path.cwd}/definition/${each.value}.json")).permissions[0].dataActions
not_data_actions = jsondecode(file("${path.cwd}/definition/${each.value}.json")).permissions[0].notDataActions
}
assignable_scopes = [data.azurerm_subscription.az_subscription.id]
role_definition_id = "${data.azurerm_subscription.az_subscription.id}/providers/Microsoft.Authorization/roleDefinitions/${replace(lower(each.value)," ","-")}"
}
manage-resource-group.json
{
"assignableScopes": [
"/subscriptions/xxx-xxx-xxx",
"/subscriptions/yyy-yyy-yyyy",
"/subscriptions/zzz-zzz-zzz"
],
"description": "Provides permission to create and delete resource groups.",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Manage Resource Group",
"roleType": "Custom",
"type": "Microsoft.Authorization/roleDefinitions"
}