search

Azure / terraform-azurerm-avm-res-authorization-roleassignment

AVM Terraform module for role assignments
https://registry.terraform.io/modules/Azure/avm-res-authorization-roleassignment
MIT License
7 stars 3 forks source link

[AVM Module Issue]: Role Assignment to multiple resources issue #68

Open ele-core-it opened 2 weeks ago

ele-core-it commented 2 weeks ago

Check for previous/existing GitHub issues

Issue Type?

Bug

(Optional) Module Version

0.0.1, 0.1.0

(Optional) Correlation Id

No response

Description

Trying to use the Role Assignments module to apply roles to multiple resources fails with error:

`Planning failed. Terraform encountered an error while generating this plan.

╷ │ Error: Invalid index │ │ on .terraform\modules\role_assignments\local.role.assignments.for.resources.tf line 86, in locals: │ 86: scope = data.azurerm_resources.resources_by_resource_group_and_name[key].resources[0].id │ ├──────────────── │ │ data.azurerm_resources.resources_by_resource_group_and_name is object with 3 attributes │ │ The given key does not identify an element in this collection value: the collection has no elements.`

The code works if I only apply roles to one resource at a time, but otherwise I get a variation of the above error.

role_assignments_for_resources = { sa1 = { resource_name = azurerm_storage_account.dl_st.name resource_group_name = azurerm_resource_group.rg.name role_assignments = { role_assignment_1 = { role_definition = "role2" users = ["user1"] } role_assignment_2 = { role_definition = "role3" users = ["user1"] } } } sp1 = { resource_name = azurerm_synapse_spark_pool.syn_spark.name resource_group_name = azurerm_resource_group.rg.name role_assignments = { role_assignment_1 = { role_definition = "role3" users = ["user1"] } } } syn1 = { resource_name = azurerm_synapse_workspace.workspace.name resource_group_name = azurerm_resource_group.rg.name role_assignments = { role_assignment_1 = { role_definition = "role3" users = ["user1"] } } } }

microsoft-github-policy-service[bot] commented 1 week ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!