Skip to content

Commit c0c35c8

Browse files
moritzkoerbermoritzkoerber
committed
Add permission management
1 parent 3336b4f commit c0c35c8

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

ops/stack.tf

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,3 +187,22 @@ resource "azurerm_role_assignment" "function_storage_access" {
187187
role_definition_name = "Storage Blob Data Contributor"
188188
principal_id = azurerm_linux_function_app.af-v2.identity[0].principal_id
189189
}
190+
191+
############################################
192+
# Permission management
193+
############################################
194+
resource "azurerm_role_assignment" "function_roles" {
195+
for_each = {
196+
for pair in setproduct(
197+
[azurerm_linux_function_app.af-v1, azurerm_linux_function_app.af-v2],
198+
["Storage Queue Data Contributor", "Storage Blob Data Contributor"]
199+
) : "${pair[0].name}-${pair[1]}" => {
200+
function = pair[0]
201+
role = pair[1]
202+
}
203+
}
204+
205+
scope = azurerm_storage_account.main-sa.id
206+
role_definition_name = each.value.role
207+
principal_id = each.value.function.identity[0].principal_id
208+
}

0 commit comments

Comments
 (0)