You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When deploying to a tenant with a disabled subscription we run run into an error:
Proposed fix
We still collect all subs with the azurerm data source, but filter it and use that going forward.
data "azurerm_subscriptions" "available" {}
# Filter only active subscriptions
locals {
active_subscriptions = [
for sub in data.azurerm_subscriptions.available.subscriptions :
sub if sub.state == "Enabled"
]
}
resource "azurerm_role_assignment" "reader" {
count = length(local.active_subscriptions)
principal_id = azuread_service_principal.mondoo.object_id
role_definition_name = "Reader"
scope = local.active_subscriptions[count.index].id
}
Another thing that might be worth discussing: Should the allow/deny list affect where we deploy the role assignment? Currently the allow or deny list is only used for the mondoo integration itself.
The text was updated successfully, but these errors were encountered:
Describe the bug
When deploying to a tenant with a disabled subscription we run run into an error:
Proposed fix
We still collect all subs with the azurerm data source, but filter it and use that going forward.
Another thing that might be worth discussing: Should the allow/deny list affect where we deploy the role assignment? Currently the allow or deny list is only used for the mondoo integration itself.
The text was updated successfully, but these errors were encountered: