CODEWITHSUNDEEP
azureazure-devopsarmrbacazure-bicep
Mathias Indermühle
Mathias Indermühle

Reputation: 123

roleAssignment with current user id

I'm using Azure AD app registration principles to deploy resources via Azure Resource Manager to deploy via Pipelines. During the deployment I need to set some permissions to the deployment user to ensure it has enough permission to - for example - upload files. As I'm using different principles, and I'm not managing those in the code, I would like to know if there is a way to reference the "current user-principals - ID" during the deployment.

Something like:

deployment().properties.xx

or

environment()

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-deployment https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?tabs=bicep

Otherwise, I would need to inject this information via parameter, I think. I could get that information by script - or there is a variable even present from azure dev ops. Any ideas, help appreciated. Thanks.

Upvotes: 2

Views: 1353

Answers (2)

Thomas
Thomas

Reputation: 29492

Starting with Bicep v0.32.4, this is now supported:

New deployer() function to retrieve ObjectId of the principal that is deploying the Bicep file (#15340)

resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' >= {
 // can be used to help make GUID unique
 name: guid(deployer().objectId, readerRoleDefinitionId, resourceGroup().id)
 properties: {
   principalId: deployer().objectId // easily retrieve objectId
   roleDefinitionId: readerRoleDefinitionId
 }
}

So deployer().objectId is what you are after.

Upvotes: 1

bmoore-msft
bmoore-msft

Reputation: 8717

Currently, it's not possible to get the objectId of the user deploying the template... we do have a backlog item for it.

Upvotes: 4

Related Questions