We have a managed identity that is passed in through external variables, e.g.
data “azurerm_user_assigned_identity” “identity” {
name = var.identity.name
resource_group_name = var.identity.resource_group
}
and we wish to validate that this identity has been assigned a particular (e.g. Owner or Contributer) role in the scope of a subscription, which is defined in the azurerm provider like this:
provider “azurerm” {
features {}
tenant_id = var.ids.tenant_id
subscription_id = var.ids.subscription_id
…
}
This role assignment is not done through Terraform but by a 3rd party using Azure portal/CLI. Is this kind of validation possible through Terraform? Ideally we are hoping when someone runs terraform apply it’s going to fail with an error saying the managed identity does not have the correct role assigned.
Thanks!