如何通过Terraform将虚拟机用户登录角色添加到用户列表? [英] How to add Virtual Machine User Login roles to a list of users by Terraform?

问题描述

a@cc.com & b@cc.com 是我们组织的电子邮件地址.这些电子邮件也用作Azure登录帐户.我已经设置了Terraform代码以使用AzureAD来访问Azrue中的VM.我的问题是我如何才能授予这些帐户虚拟机用户登录的角色?

 资源"azurerm_role_assignment"测试" {scope ="$ {data.azurerm_management_group.primary.id}"role_definition_id =虚拟机用户登录"Principal_id ="a@cc.com，b@cc.com"} 

2.单击用户，然后您可以找到对象ID .

如果要添加用户列表作为角色，则可以如下使用.在我的示例中，有两个用户具有 Object ID 65c66b3xxxxxxa623338 和 c098bc79xxxxxx58cb26e .

 数据"azurerm_subscription"主要" {}数据"azurerm_client_config"测试" {}变量"ids" {类型=列表(字符串)默认值= ["65c66b3xxxxxxa623338"，"c098bc79xxxxxx58cb26e"]}资源"azurerm_role_assignment"测试" {count ="$ {length(var.ids)}"scope ="$ {data.azurerm_management_group.primary.id}"role_definition_name =虚拟机用户登录名"Principal_id ="$ {element(var.ids，count.index)}"} 

a@cc.com & b@cc.com are E-mail addresses of our organization. These emails are also used as the Azure login accounts. I've set up a Terraform code to use the AzureAD to access to the VM in Azrue. My question is How Can I grand those accounts the role of Virtual Machine User Login?

resource "azurerm_role_assignment" "test" {
  scope              = "${data.azurerm_management_group.primary.id}"
  role_definition_id = "Virtual Machine User Login"
  principal_id       = "a@cc.com, b@cc.com"
}

The official documents says principal_id is the ID of the Principal (User, Group, Service Principal, or Application) to assign the Role Definition to. Isn't the that the email address is the ID of the user?

解决方案

The principal_id should be the Object ID of the user.

1.Navigate to the Azure Active Directory in the portal -> Users -> search by the user principal name(email address in your case).

2.Click the user, then you can find the Object ID.

If you want to add a list of users as the role, you could use that as below. In my sample, there are two users with Object ID 65c66b3xxxxxxa623338 and c098bc79xxxxxx58cb26e.

data "azurerm_subscription" "primary" {}

data "azurerm_client_config" "test" {}

variable "ids" {
  type    = list(string)
  default = ["65c66b3xxxxxxa623338","c098bc79xxxxxx58cb26e"]
}

resource "azurerm_role_assignment" "test" {
  count                = "${length(var.ids)}"
  scope                = "${data.azurerm_management_group.primary.id}"
  role_definition_name = "Virtual Machine User Login"
  principal_id         = "${element(var.ids, count.index)}"
}

这篇关于如何通过Terraform将虚拟机用户登录角色添加到用户列表?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！