Merge pull request #221 from Evilazaro:feature/userGroupAllProjects

Evilazaro · web-flow · commit 150d8be4cbc2 · 2025-07-25T12:55:42.000-05:00
role assingment
diff --git a/src/workload/project/project.bicep b/src/workload/project/project.bicep
@@ -96,43 +96,43 @@ resource project 'Microsoft.DevCenter/projects@2025-04-01-preview' = {
 }
 
 @description('Configure project identity role assignments')
-module projectIdentityUG '../../identity/projectIdentityRoleAssignment.bicep' = [
+module projectIdentity '../../identity/projectIdentityRoleAssignment.bicep' = [
   for (role, i) in identity.roleAssignments: {
-    name: 'prj-rbac-UG-${i}-${uniqueString(project.id, role.azureADGroupId)}'
-    scope: resourceGroup()
+    name: 'prj-rbac${i}-${uniqueString(project.id, project.name)}'
+    scope: resourceGroup(securityResourceGroupName)
     params: {
       projectName: project.name
-      principalId: role.azureADGroupId
+      principalId: project.identity.principalId
       roles: role.azureRBACRoles
-      principalType: 'Group'
+      principalType: 'ServicePrincipal'
     }
   }
 ]
 
 @description('Configure project identity role assignments')
-module projectIdentityUGRG '../../identity/projectIdentityRoleAssignmentRG.bicep' = [
+module projectIdentityRG '../../identity/projectIdentityRoleAssignmentRG.bicep' = [
   for (role, i) in identity.roleAssignments: {
-    name: 'prj-rbac-UGRG-${i}-${uniqueString(project.id, role.azureADGroupId)}'
+    name: 'prj-rbac-RG-${i}-${uniqueString(project.id, project.name)}'
     scope: resourceGroup(securityResourceGroupName)
     params: {
       projectName: project.name
-      principalId: role.azureADGroupId
+      principalId: project.identity.principalId
       roles: role.azureRBACRoles
-      principalType: 'Group'
+      principalType: 'ServicePrincipal'
     }
   }
 ]
 
-@description('Configure project identity role assignments')
-module projectIdentity '../../identity/projectIdentityRoleAssignmentRG.bicep' = [
+@description('Add the AD Group to the DevCenter project')
+module projectADGroup '../../identity/projectIdentityRoleAssignment.bicep' = [
   for (role, i) in identity.roleAssignments: {
-    name: 'prj-rbac-RG-${i}-${uniqueString(project.id, role.azureADGroupId)}'
-    scope: resourceGroup(securityResourceGroupName)
+    name: 'prj-adgroup-${i}-${uniqueString(project.id, project.name)}'
+    scope: resourceGroup()
     params: {
       projectName: project.name
-      principalId: project.identity.principalId
+      principalId: role.azureADGroupId
+      principalType: 'Group'
       roles: role.azureRBACRoles
-      principalType: 'ServicePrincipal'
     }
   }
 ]
@@ -147,9 +147,9 @@ module catalogs 'projectCatalog.bicep' = {
     secretIdentifier: secretIdentifier
   }
   dependsOn: [
-    projectIdentityUG
-    projectIdentityUGRG
     projectIdentity
+    projectIdentityRG
+    projectADGroup
   ]
 }
 
@@ -163,9 +163,9 @@ module environmentTypes 'projectEnvironmentType.bicep' = [
       environmentConfig: envType
     }
     dependsOn: [
-      projectIdentityUG
-      projectIdentityUGRG
       projectIdentity
+      projectIdentityRG
+      projectADGroup
       catalogs
     ]
   }
@@ -182,9 +182,9 @@ module connectivity '../../connectivity/connectivity.bicep' = {
     location: resourceGroup().location
   }
   dependsOn: [
-    projectIdentityUG
-    projectIdentityUGRG
     projectIdentity
+    projectIdentityRG
+    projectADGroup
     catalogs
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -96,43 +96,43 @@ resource project 'Microsoft.DevCenter/projects@2025-04-01-preview' = {`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`@description('Configure project identity role assignments')`
`99`		`-module projectIdentityUG '../../identity/projectIdentityRoleAssignment.bicep' = [`
	`99`	`+module projectIdentity '../../identity/projectIdentityRoleAssignment.bicep' = [`
`100`	`100`	`for (role, i) in identity.roleAssignments: {`
`101`		`- name: 'prj-rbac-UG-${i}-${uniqueString(project.id, role.azureADGroupId)}'`
`102`		`- scope: resourceGroup()`
	`101`	`+ name: 'prj-rbac${i}-${uniqueString(project.id, project.name)}'`
	`102`	`+ scope: resourceGroup(securityResourceGroupName)`
`103`	`103`	`params: {`
`104`	`104`	`projectName: project.name`
`105`		`- principalId: role.azureADGroupId`
	`105`	`+ principalId: project.identity.principalId`
`106`	`106`	`roles: role.azureRBACRoles`
`107`		`- principalType: 'Group'`
	`107`	`+ principalType: 'ServicePrincipal'`
`108`	`108`	`}`
`109`	`109`	`}`
`110`	`110`	`]`
`111`	`111`
`112`	`112`	`@description('Configure project identity role assignments')`
`113`		`-module projectIdentityUGRG '../../identity/projectIdentityRoleAssignmentRG.bicep' = [`
	`113`	`+module projectIdentityRG '../../identity/projectIdentityRoleAssignmentRG.bicep' = [`
`114`	`114`	`for (role, i) in identity.roleAssignments: {`
`115`		`- name: 'prj-rbac-UGRG-${i}-${uniqueString(project.id, role.azureADGroupId)}'`
	`115`	`+ name: 'prj-rbac-RG-${i}-${uniqueString(project.id, project.name)}'`
`116`	`116`	`scope: resourceGroup(securityResourceGroupName)`
`117`	`117`	`params: {`
`118`	`118`	`projectName: project.name`
`119`		`- principalId: role.azureADGroupId`
	`119`	`+ principalId: project.identity.principalId`
`120`	`120`	`roles: role.azureRBACRoles`
`121`		`- principalType: 'Group'`
	`121`	`+ principalType: 'ServicePrincipal'`
`122`	`122`	`}`
`123`	`123`	`}`
`124`	`124`	`]`
`125`	`125`
`126`		`-@description('Configure project identity role assignments')`
`127`		`-module projectIdentity '../../identity/projectIdentityRoleAssignmentRG.bicep' = [`
	`126`	`+@description('Add the AD Group to the DevCenter project')`
	`127`	`+module projectADGroup '../../identity/projectIdentityRoleAssignment.bicep' = [`
`128`	`128`	`for (role, i) in identity.roleAssignments: {`
`129`		`- name: 'prj-rbac-RG-${i}-${uniqueString(project.id, role.azureADGroupId)}'`
`130`		`- scope: resourceGroup(securityResourceGroupName)`
	`129`	`+ name: 'prj-adgroup-${i}-${uniqueString(project.id, project.name)}'`
	`130`	`+ scope: resourceGroup()`
`131`	`131`	`params: {`
`132`	`132`	`projectName: project.name`
`133`		`- principalId: project.identity.principalId`
	`133`	`+ principalId: role.azureADGroupId`
	`134`	`+ principalType: 'Group'`
`134`	`135`	`roles: role.azureRBACRoles`
`135`		`- principalType: 'ServicePrincipal'`
`136`	`136`	`}`
`137`	`137`	`}`
`138`	`138`	`]`
`@@ -147,9 +147,9 @@ module catalogs 'projectCatalog.bicep' = {`
`147`	`147`	`secretIdentifier: secretIdentifier`
`148`	`148`	`}`
`149`	`149`	`dependsOn: [`
`150`		`- projectIdentityUG`
`151`		`- projectIdentityUGRG`
`152`	`150`	`projectIdentity`
	`151`	`+ projectIdentityRG`
	`152`	`+ projectADGroup`
`153`	`153`	`]`
`154`	`154`	`}`
`155`	`155`
`@@ -163,9 +163,9 @@ module environmentTypes 'projectEnvironmentType.bicep' = [`
`163`	`163`	`environmentConfig: envType`
`164`	`164`	`}`
`165`	`165`	`dependsOn: [`
`166`		`- projectIdentityUG`
`167`		`- projectIdentityUGRG`
`168`	`166`	`projectIdentity`
	`167`	`+ projectIdentityRG`
	`168`	`+ projectADGroup`
`169`	`169`	`catalogs`
`170`	`170`	`]`
`171`	`171`	`}`
`@@ -182,9 +182,9 @@ module connectivity '../../connectivity/connectivity.bicep' = {`
`182`	`182`	`location: resourceGroup().location`
`183`	`183`	`}`
`184`	`184`	`dependsOn: [`
`185`		`- projectIdentityUG`
`186`		`- projectIdentityUGRG`
`187`	`185`	`projectIdentity`
	`186`	`+ projectIdentityRG`
	`187`	`+ projectADGroup`
`188`	`188`	`catalogs`
`189`	`189`	`]`
`190`	`190`	`}`