Include managementGroup().name as part of role assignment GUID to avo…

…id possible duplicates. (#143) * Include mgmt group name as part of role assignment GUID. * Updated README to include revised default value. Co-authored-by: Ryan Graham <[email protected]> Co-authored-by: Jack Tracey <[email protected]>
Azure · Feb 15, 2022 · 5268a43 · 5268a43
1 parent 011e7e8
commit 5268a43
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/infra-as-code/bicep/modules/roleAssignments/README.md b/infra-as-code/bicep/modules/roleAssignments/README.md
@@ -62,7 +62,7 @@ Connect-AzureAD
 
 | Parameter                 | Type   | Description                                                                                                                                                               | Requirement                      | Example                                |
 | ------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -------------------------------------- |
-| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name.  Default:  guid(parRoleDefinitionId, parAssigneeObjectId)                                                                   | Unique GUID                      | `f3b171da-2023-4508-b467-042a53f4cd5d` |
+| parRoleAssignmentNameGuid | string | A GUID representing the role assignment name.  Default:  guid(managmentGroup().name, parRoleDefinitionId, parAssigneeObjectId)                                                                   | Unique GUID                      | `f3b171da-2023-4508-b467-042a53f4cd5d` |
 | parRoleDefinitionId       | string | Role Definition ID(i.e. GUID, Reader Role Definition ID:  acdd72a7-3385-48ef-bd42-f606fba81ae7)                                                                           | Must exist                       | `acdd72a7-3385-48ef-bd42-f606fba81ae7` |
 | parAssigneePrincipalType  | string | Principal type of the assignee. Allowed values are `Group` (Security Group) or `ServicePrincipal` (Service Principal or System/User Assigned Managed Identity)            | One of [Group, ServicePrincipal] | `ServicePrincipal`                     |
 | parAssigneeObjectId       | string | Object ID of groups, service principals or  managed identities. For managed identities use the principal ID. For service principals, use the object id and not the app ID | Must exist                       | `a86fe549-7f87-4873-8b0e-82f0081a0034` |

diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep
@@ -12,8 +12,8 @@ VERSION: 1.0.0
 */
 targetScope = 'managementGroup'
 
-@description('A GUID representing the role assignment name.  Default:  guid(parRoleDefinitionId, parAssigneeObjectId)')
-param parRoleAssignmentNameGuid string = guid(parRoleDefinitionId, parAssigneeObjectId)
+@description('A GUID representing the role assignment name.  Default:  guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId)')
+param parRoleAssignmentNameGuid string = guid(managementGroup().name, parRoleDefinitionId, parAssigneeObjectId)
 
 @description('Role Definition Id (i.e. GUID, Reader Role Definition ID:  acdd72a7-3385-48ef-bd42-f606fba81ae7)')
 param parRoleDefinitionId string