Support for `role_definition_name` in `azurerm_cosmosdb_sql_role_assignment`

[timja]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There are two built-in roles. It would be nice to be able to use these directly without having to pass the id in.

For those of you who want to do this in the meantime you can workaround this by doing:

role_definition_id = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"

New or Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_sql_role_assignment

Potential Terraform Configuration

resource "azurerm_cosmosdb_sql_role_assignment" "example" {
  resource_group_name   = azurerm_resource_group.example.name
  account_name          = azurerm_cosmosdb_account.example.name
  role_definition_name  = "Cosmos DB Built-in Data Contributor"
  principal_id          = data.azurerm_client_config.current.object_id
  scope                 = azurerm_cosmosdb_account.example.id
}

References

https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions

[neil-yechenwei]

Thanks for raising this issue. Seems service API only supports roleDefinitionId for now. Maybe it would be supported by API in the future. If you happen to know, could you share the doc talking about this feature roleDefinitionName? Thanks in advance.

[timja]

It’s not mentioned in the docs but Azure CLI supports it.

example command is here: https://plugins.jenkins.io/azure-cosmosdb/#plugin-content-rbac-setup