generate dev template

elastic · Mar 12, 2024 · 425783d · 425783d
1 parent dfca8ef
commit 425783d
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/deploy/azure/ARM-for-organization-account.dev.json b/deploy/azure/ARM-for-organization-account.dev.json
@@ -109,6 +109,9 @@
  "AdditionalRoleGUID": {
  "value": "[variables('roleGUID')]"
  },
+ "ManagementGroupID": {
+ "value": "[managementGroup().id]"
+ },
  "ResourceGroupName": {
  "value": "[parameters('ResourceGroupName')]"
  },
@@ -123,6 +126,9 @@
  "AdditionalRoleGUID": {
  "type": "string"
  },
+ "ManagementGroupID": {
+ "type": "string"
+ },
  "ResourceGroupName": {
  "type": "string"
  },
@@ -134,7 +140,7 @@
  {
  "type": "Microsoft.Authorization/roleAssignments",
  "apiVersion": "2022-04-01",
- "name": "[guid(managementGroup().id, parameters('SubscriptionId'), parameters('ResourceGroupName'), deployment().name, 'securityaudit')]",
+ "name": "[guid(parameters('ManagementGroupID'), parameters('SubscriptionId'), parameters('ResourceGroupName'), deployment().name, 'securityaudit')]",
  "properties": {
  "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "principalId": "[reference(resourceId(parameters('SubscriptionId'), parameters('ResourceGroupName'), 'Microsoft.Compute/virtualMachines', 'cloudbeatVM'), '2019-07-01', 'Full').identity.principalId]",
@@ -178,6 +184,11 @@
  "template": {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
+ "parameters": {
+ "PublicKeyDevOnly": {
+ "type": "string"
+ }
+ },
  "resources": [
  {
  "type": "Microsoft.Compute/virtualMachines",
@@ -308,8 +319,8 @@
  "name": "[parameters('AdditionalRoleGUID')]",
  "properties": {
  "assignableScopes": [
- "[managementGroup().id]",
- "[concat('/subscriptions/', parameters('SubscriptionId')]",
+ "[parameters('ManagementGroupID')]",
+ "[concat('/subscriptions/', parameters('SubscriptionId'))]",
  "[concat('/subscriptions/', parameters('SubscriptionId'), '/resourcegroups/', parameters('ResourceGroupName'))]"
  ],
  "description": "Additional read permissions for cloudbeatVM",
@@ -359,12 +370,7 @@
  ]
  }
  }
- ],
- "parameters": {
- "PublicKeyDevOnly": {
- "type": "string"
- }
- }
+ ]
  }
  },
  "dependsOn": [