updated role assignment logic.

Azure · Jan 24, 2024 · 4d6ef0f · 4d6ef0f
1 parent cd51934
commit 4d6ef0f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -1654,10 +1654,10 @@ module federatedCredsDevSample './modules/federated_identity.bicep' = {
 }
 
 module appRoleAssignments './modules/app_assignments.bicep' = {
-  name: '${serviceLayerConfig.name}-user-managed-identity-operator'
+  name: '${serviceLayerConfig.name}-user-managed-identity-rbac'
   params: {
     operatorIdentityName: stampIdentity.outputs.name
-    identityclientId: appIdentity.outputs.clientId
+    identityprincipalId: appIdentity.outputs.principalId
     kvName: keyvault.outputs.name
   }
   dependsOn: [

diff --git a/bicep/modules/app_assignments.bicep b/bicep/modules/app_assignments.bicep
@@ -1,5 +1,5 @@
 param operatorIdentityName string
-param identityclientId string
+param identityprincipalId string
 
 @description('The name of the Azure Key Vault')
 param kvName string
@@ -11,11 +11,11 @@ resource userIdentity 'Microsoft.Authorization/roleAssignments@2022-04-01' exist
 var managedIdentityOperator = resourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830')
 resource identityOperatorRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   scope: userIdentity
-  name: guid(userIdentity.id, identityclientId, managedIdentityOperator)
+  name: guid(userIdentity.id, identityprincipalId, managedIdentityOperator)
   properties: {
     roleDefinitionId: managedIdentityOperator
     principalType: 'ServicePrincipal'
-    principalId: identityclientId
+    principalId: identityprincipalId
   }
 }
 
@@ -30,6 +30,6 @@ resource kvRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   properties: {
     roleDefinitionId: keyVaultSecretsUser
     principalType: 'ServicePrincipal'
-    principalId: identityclientId
+    principalId: identityprincipalId
   }
 }