From 820cab3b6c586c816964e92124bef8eba1fcabb3 Mon Sep 17 00:00:00 2001 From: yairra Date: Wed, 27 Sep 2023 14:22:33 +0300 Subject: [PATCH] Azure HA Template | Updated managed identity permissions --- azure/templates/marketplace-ha/mainTemplate.json | 5 ++++- .../nestedtemplates/existing-nsg-RoleAssignment.json | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json index 86cd551e..7021bcb2 100644 --- a/azure/templates/marketplace-ha/mainTemplate.json +++ b/azure/templates/marketplace-ha/mainTemplate.json @@ -1115,7 +1115,7 @@ }, { "condition": "[and(equals(parameters('managedSystemAssigned'), 'yes'), not(parameters('deployNewNSG')))]", - "dependsOn": ["[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]"], + "dependsOn": "[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]", "name": "[concat('ExistingNsgRoleAssignment', copyIndex())]", "copy": { "name": "ExistingNsgRoleAssignmentCopy", @@ -1146,6 +1146,9 @@ }, "principalId2": { "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2022-11-01', 'Full').identity.principalId]" + }, + "index": { + "value": "[copyIndex()]" } } } diff --git a/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json b/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json index 1aa9ce64..07530416 100755 --- a/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json +++ b/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json @@ -18,6 +18,9 @@ }, "principalId2": { "type": "string" + }, + "index": { + "type": "int" } }, "resources": [ @@ -25,7 +28,7 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[concat('Microsoft.Network/networkSecurityGroups/', parameters('ExistingNSG').name)]", - "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId1'), '1', '-nsg'))]", + "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('principalId1'), '1', '-nsg', parameters('index')))]", "properties": { "roleDefinitionId": "[parameters('roleDefinitionId')]", "principalId": "[parameters('principalId1')]" @@ -35,7 +38,7 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[concat('Microsoft.Network/networkSecurityGroups/', parameters('ExistingNSG').name)]", - "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId2'), '2', '-nsg'))]", + "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId2'), '2', '-nsg', parameters('index')))]", "properties": { "roleDefinitionId": "[parameters('roleDefinitionId')]", "principalId": "[parameters('principalId2')]"