From fbbd87fab90b53dc86db8db13751eabd1410e6c1 Mon Sep 17 00:00:00 2001 From: Shreyas_Microsoft Date: Fri, 19 Jun 2026 08:48:46 +0530 Subject: [PATCH] change role names to role ids --- infra/main.bicep | 36 ++++++++++++++++++------------------ infra/main.json | 40 ++++++++++++++++++++-------------------- infra/main_custom.bicep | 34 +++++++++++++++++----------------- 3 files changed, 55 insertions(+), 55 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 34c40e41..466d5a08 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -592,7 +592,7 @@ module avmContainerRegistry 'modules/container-registry.bicep' = { roleAssignments: [ { principalId: avmContainerRegistryReader.outputs.principalId - roleDefinitionIdOrName: 'AcrPull' + roleDefinitionIdOrName: '7f951dda-4ed3-4680-a7ca-43fe172d538d' //'AcrPull' principalType: 'ServicePrincipal' } ] @@ -620,36 +620,36 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { roleAssignments: [ { principalId: avmManagedIdentity.outputs.principalId - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalId: avmContainerApp_API.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp_API.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } @@ -729,32 +729,32 @@ module avmAiServices 'modules/account/aifoundry.bicep' = { } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services OpenAI User' + roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' //'Cognitive Services OpenAI User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Azure AI Developer' + roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' //'Azure AI Developer' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services OpenAI User' + roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' //'Cognitive Services OpenAI User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Azure AI Developer' + roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' //'Azure AI Developer' principalType: 'ServicePrincipal' } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services User' + roleDefinitionIdOrName: 'a97b65f3-24c7-4388-baec-2e87135dc908' //'Cognitive Services User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services User' + roleDefinitionIdOrName: 'a97b65f3-24c7-4388-baec-2e87135dc908' //'Cognitive Services User' principalType: 'ServicePrincipal' } ] @@ -1316,22 +1316,22 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.9 roleAssignments: [ { principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } ] diff --git a/infra/main.json b/infra/main.json index 7aa966c0..a5d30c43 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.44.1.10279", - "templateHash": "3841741921827855283" + "templateHash": "10450741366794216818" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -23908,7 +23908,7 @@ "value": [ { "principalId": "[reference('avmContainerRegistryReader').outputs.principalId.value]", - "roleDefinitionIdOrName": "AcrPull", + "roleDefinitionIdOrName": "7f951dda-4ed3-4680-a7ca-43fe172d538d", "principalType": "ServicePrincipal" } ] @@ -28013,36 +28013,36 @@ "value": [ { "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]", - "roleDefinitionIdOrName": "Storage Blob Data Contributor", + "roleDefinitionIdOrName": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Blob Data Contributor", + "roleDefinitionIdOrName": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Blob Data Contributor", + "roleDefinitionIdOrName": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", "principalId": "[reference('avmContainerApp_API').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Queue Data Contributor", + "roleDefinitionIdOrName": "974c5e8b-45b9-4653-ba55-5f855dd0fb88", "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Queue Data Contributor", + "roleDefinitionIdOrName": "974c5e8b-45b9-4653-ba55-5f855dd0fb88", "principalId": "[reference('avmContainerApp_API').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Blob Data Contributor", + "roleDefinitionIdOrName": "ba92f5b4-2d11-453d-a403-e96b0029c9fe", "principalId": "[reference('avmContainerApp_Workflow').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" }, { - "roleDefinitionIdOrName": "Storage Queue Data Contributor", + "roleDefinitionIdOrName": "974c5e8b-45b9-4653-ba55-5f855dd0fb88", "principalId": "[reference('avmContainerApp_Workflow').outputs.systemAssignedMIPrincipalId.value]", "principalType": "ServicePrincipal" } @@ -36185,8 +36185,8 @@ "avmContainerApp_API", "avmContainerApp_Workflow", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", "virtualNetwork" ] }, @@ -36248,32 +36248,32 @@ }, { "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Cognitive Services OpenAI User", + "roleDefinitionIdOrName": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Azure AI Developer", + "roleDefinitionIdOrName": "64702f94-c441-49e6-a78b-ef80e0188fee", "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp_Workflow').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Cognitive Services OpenAI User", + "roleDefinitionIdOrName": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp_Workflow').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Azure AI Developer", + "roleDefinitionIdOrName": "64702f94-c441-49e6-a78b-ef80e0188fee", "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Cognitive Services User", + "roleDefinitionIdOrName": "a97b65f3-24c7-4388-baec-2e87135dc908", "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp_Workflow').outputs.systemAssignedMIPrincipalId.value]", - "roleDefinitionIdOrName": "Cognitive Services User", + "roleDefinitionIdOrName": "a97b65f3-24c7-4388-baec-2e87135dc908", "principalType": "ServicePrincipal" } ] @@ -56778,22 +56778,22 @@ "value": [ { "principalId": "[tryGet(tryGet(reference('avmContainerApp').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader", + "roleDefinitionIdOrName": "516239f1-63e1-4d78-a4de-a74fb236a071", "principalType": "ServicePrincipal" }, { "principalId": "[tryGet(tryGet(reference('avmContainerApp_API').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader", + "roleDefinitionIdOrName": "516239f1-63e1-4d78-a4de-a74fb236a071", "principalType": "ServicePrincipal" }, { "principalId": "[tryGet(tryGet(reference('avmContainerApp_Web').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader", + "roleDefinitionIdOrName": "516239f1-63e1-4d78-a4de-a74fb236a071", "principalType": "ServicePrincipal" }, { "principalId": "[tryGet(tryGet(reference('avmContainerApp_Workflow').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader", + "roleDefinitionIdOrName": "516239f1-63e1-4d78-a4de-a74fb236a071", "principalType": "ServicePrincipal" } ] diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 71add0f0..212c18b0 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -595,7 +595,7 @@ module avmContainerRegistry 'modules/container-registry.bicep' = { roleAssignments: [ { principalId: avmContainerRegistryReader.outputs.principalId - roleDefinitionIdOrName: 'AcrPull' + roleDefinitionIdOrName: '7f951dda-4ed3-4680-a7ca-43fe172d538d' //'AcrPull' principalType: 'ServicePrincipal' } ] @@ -623,26 +623,26 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { roleAssignments: [ { principalId: avmManagedIdentity.outputs.principalId - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Blob Data Contributor' + roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor' principalId: avmContainerApp_API.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp_API.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } @@ -652,7 +652,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: 'Storage Queue Data Contributor' + roleDefinitionIdOrName: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor' principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! principalType: 'ServicePrincipal' } @@ -732,32 +732,32 @@ module avmAiServices 'modules/account/aifoundry.bicep' = { } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services OpenAI User' + roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' //'Cognitive Services OpenAI User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Azure AI Developer' + roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' //'Azure AI Developer' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services OpenAI User' + roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' //'Cognitive Services OpenAI User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Azure AI Developer' + roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' //'Azure AI Developer' principalType: 'ServicePrincipal' } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services User' + roleDefinitionIdOrName: 'a97b65f3-24c7-4388-baec-2e87135dc908' //'Cognitive Services User' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'Cognitive Services User' + roleDefinitionIdOrName: 'a97b65f3-24c7-4388-baec-2e87135dc908' //'Cognitive Services User' principalType: 'ServicePrincipal' } ] @@ -1340,22 +1340,22 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.9 roleAssignments: [ { principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Workflow.outputs.?systemAssignedMIPrincipalId! - roleDefinitionIdOrName: 'App Configuration Data Reader' + roleDefinitionIdOrName: '516239f1-63e1-4d78-a4de-a74fb236a071' //'App Configuration Data Reader' principalType: 'ServicePrincipal' } ]