azurerm_role_assignment - fix id parsing for root or provider scope…

…d role assignments (#27237) * fix: root or provider scoped role assignments * fix: typo in error message Co-authored-by: stephybun <steph@hashicorp.com> --------- Co-authored-by: Franz, Felix (UIT) <Felix.Franz@union-investment.de> Co-authored-by: stephybun <steph@hashicorp.com>
hashicorp · Oct 4, 2024 · 22e2f9a · 22e2f9a
1 parent 6dc1254
commit 22e2f9a
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 2 deletions.
diff --git a/internal/services/authorization/parse/role_assignment.go b/internal/services/authorization/parse/role_assignment.go
@@ -96,8 +96,18 @@ func (id RoleAssignmentId) AzureResourceID() string {
 		return fmt.Sprintf(fmtString, id.Name)
 	}
 
-	fmtString := "/subscriptions/%s/providers/Microsoft.Authorization/roleAssignments/%s"
-	return fmt.Sprintf(fmtString, id.SubscriptionID, id.Name)
+	if id.SubscriptionID != "" {
+		fmtString := "/subscriptions/%s/providers/Microsoft.Authorization/roleAssignments/%s"
+		return fmt.Sprintf(fmtString, id.SubscriptionID, id.Name)
+	}
+
+	if id.ResourceProvider != "" {
+		fmtString := "/providers/%s/providers/Microsoft.Authorization/roleAssignments/%s"
+		return fmt.Sprintf(fmtString, id.ResourceProvider, id.Name)
+	}
+
+	fmtString := "/providers/Microsoft.Authorization/roleAssignments/%s"
+	return fmt.Sprintf(fmtString, id.Name)
 }
 
 func (id RoleAssignmentId) ID() string {
@@ -179,6 +189,22 @@ func RoleAssignmentID(input string) (*RoleAssignmentId, error) {
 		}
 		roleAssignmentId.Name = idParts[1]
 		roleAssignmentId.ManagementGroup = strings.TrimPrefix(idParts[0], "/providers/Microsoft.Management/managementGroups/")
+	case strings.HasPrefix(input, "/providers/") && !strings.HasPrefix(input, "/providers/Microsoft.Authorization/roleAssignments"):
+		idParts := strings.Split(input, "/providers/Microsoft.Authorization/roleAssignments/")
+		if len(idParts) != 2 {
+			return nil, fmt.Errorf("could not parse Role Assignment ID %q for Resource Provider", input)
+		}
+		if idParts[1] == "" {
+			return nil, fmt.Errorf("ID was missing a value for the roleAssignments element")
+		}
+		roleAssignmentId.Name = idParts[1]
+		roleAssignmentId.ResourceProvider = strings.TrimPrefix(idParts[0], "/providers/")
+	case strings.HasPrefix(input, "/providers/Microsoft.Authorization/roleAssignments"):
+		name := strings.TrimPrefix(input, "/providers/Microsoft.Authorization/roleAssignments/")
+		if name == "" {
+			return nil, fmt.Errorf("ID was missing a value for the roleAssignments element")
+		}
+		roleAssignmentId.Name = name
 	default:
 		return nil, fmt.Errorf("could not parse Role Assignment ID %q", input)
 	}

diff --git a/internal/services/authorization/parse/role_assignment_test.go b/internal/services/authorization/parse/role_assignment_test.go
@@ -255,6 +255,30 @@ func TestRoleAssignmentID(t *testing.T) {
 				TenantId:         "34567812-3456-7653-6742-345678901234",
 			},
 		},
+		{
+			Input: "/providers/Microsoft.Capacity/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121",
+			Expected: &RoleAssignmentId{
+				SubscriptionID:   "",
+				ResourceGroup:    "",
+				ResourceProvider: "Microsoft.Capacity",
+				ResourceScope:    "",
+				ManagementGroup:  "",
+				Name:             "23456781-2349-8764-5631-234567890121",
+				TenantId:         "34567812-3456-7653-6742-345678901234",
+			},
+		},
+		{
+			Input: "/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121",
+			Expected: &RoleAssignmentId{
+				SubscriptionID:   "",
+				ResourceGroup:    "",
+				ResourceProvider: "",
+				ResourceScope:    "",
+				ManagementGroup:  "",
+				Name:             "23456781-2349-8764-5631-234567890121",
+				TenantId:         "34567812-3456-7653-6742-345678901234",
+			},
+		},
 	}
 
 	for _, v := range testData {