0

In our existing code, there's a tempalte similar as below which would do multiple principal assignments towards a single database. I'm trying to expand the template to do multiple principal assignments towards **mulitple **databases.

I tried to use nest copy but seems nest copy is not supported. Is there a way to workaround this?

Existing Tempalte:

  "parameters": {
    "clusterName": {
      "type": "string"
    },
    "databaseName": {
      "type": "string"
    },
    "aadTenantId": {
      "type": "string"
    },
    "databasePrincipalAssignments": {
      "type": "array"
    }
  },
  "resources": [
    {
      "copy": {
        "name": "dbPrincipalResources",
        "count": "[length(parameters('databasePrincipalAssignments'))]"
      },
      "type": "Microsoft.Kusto/clusters/databases/principalAssignments",
      "apiVersion": "2022-02-01",
      "name": "[format('{0}/{1}/{2}', parameters('clusterName'), parameters('databaseName'), format('{0}_{1}_{2}_{3}', parameters('databasePrincipalAssignments')[copyIndex()].principalId, parameters('databasePrincipalAssignments')[copyIndex()].principalType, parameters('databasePrincipalAssignments')[copyIndex()].role, copyIndex()))]",
      "properties": {
        "principalId": "[parameters('databasePrincipalAssignments')[copyIndex()].principalId]",
        "role": "[parameters('databasePrincipalAssignments')[copyIndex()].role]",
        "tenantId": "[parameters('aadTenantId')]",
        "principalType": "[parameters('databasePrincipalAssignments')[copyIndex()].principalType]"
      }
    }
  ]

Existing Parameter:

  "parameters": {
    "clusterName": {
      "value": "clusterNameA"
    },
    "databaseName": {
      "value": "databaseNameA"
    },
    "aadTenantId": {
      "value": "tenantIdA"
    },
    "databasePrincipalAssignments": {
      "value": [
        {
          "principalId": "id1",
          "role": "Viewer",
          "principalType": "App"
        },
        {
          "principalId": "id2",
          "role": "Ingestor",
          "principalType": "App"
        },
        {
          "principalId": "id3",
          "role": "Admin",
          "principalType": "App"
        }        
      ]
    }
}

So to expand the template to support mulitple databases, the new paramter is similar as below:

  "parameters": {
    "databasesPrincipalAssignmentsArray" : {
      "value": [
        // for databaseA
        {
          "clusterName" : "clusterNameA",
          "databaseName" : "databaseNameA",
          "aadTenantId" : "tenantId",
          "PrincipalAssignmentsArray": {
            "value": [
              {
                "principalId": "id1",
                "role": "Viewer",
                "principalType": "App"
              },
              {
                "principalId": "id2",
                "role": "Ingestor",
                "principalType": "App"
              },
              {
                "principalId": "id3",
                "role": "Admin",
                "principalType": "App"
              }        
            ]
          }
        },
        // for databaseB
        {
          "clusterName" : "clusterNameB",
          "databaseName" : "databaseNameB",
          "aadTenantId" : "tenantId",
          "PrincipalAssignmentsArray": {
            "value": [
              {
                "principalId": "id3",
                "role": "Viewer",
                "principalType": "App"
              },
              {
                "principalId": "id4",
                "role": "Ingestor",
                "principalType": "App"
              }      
            ]
          }
        }        
      ]
    }
  }
RootBeer
  • 43
  • 6
  • You're wanting to do an loop within a loop, which is complex and problematic. I'm going to start by suggesting you look at Bicep for ARM authoring. It's been supported by Microsoft for 2 years now, and does a great job at speeding up ARM template generation. What you're wanting to do is the same as this pattern, have a look https://stackoverflow.com/a/76516922/66112 Stack Overflow's not a code-writing service.... especially when it's JSON you're looking at, I might have done it for bicep – GordonBy Jun 28 '23 at 12:29

0 Answers0