We were trying to create an automation pipeline in Azuredevops to assign roles in resource level for any kind of resources. and used below templae for that purpoe.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"roleDefinitionId": {
"type": "string"
},
"principalId": {
"type": "string"
}
},
"variables": {
"roleAssignmentName": "[guid(parameters('principalId'), parameters('roleDefinitionID'), resourceGroup().id)]"
},
"resources": [
{
"type": "Microsoft.OperationalInsights/querypacks",
"apiVersion": "2021-04-01-preview",
"name": "[variables('roleAssignmentName')]",
"properties": {
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]",
"principalId": "[parameters('principalId')]"
}
}
]
}
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"roleDefinitionId": {
"value": "#{roleDefinitionId}#"
},
"principalId": {
"value": "#{principalId}#"
}
}
}
Created Azuredevops Task to replace the parameters files "principalid" and "roledefinitionid" ids and when performing arm deployment group task with the updated templates, its failing.
Note: In my above example, i tried to assign the Contributor assignment only to a specific resource qpck-1 for a specific group.
is there any way to use same template to assign the roles at resource level for different kind of resources.
2
Answers
the template shows the resource
querypacksexplicitly, however, it should be parameterizedSo you could change
to
And in the parameter file add the following
Where the
resourceTypecould be any type you need like"Microsoft.Compute/virtualMachines", and theresourceNamecloud be the name of the VM likeODS_VMAnd, by the way, it is better to provide the error message to be sure about the cause and the resolution.
Hope that help
it seems like you are missing "scope" ?
for ex: