Azure HA Template | Updated managed identity permissions

CheckPointSW · Sep 27, 2023 · 820cab3 · 820cab3
1 parent ea1c72d
commit 820cab3
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json
@@ -1115,7 +1115,7 @@
     },
     {
       "condition": "[and(equals(parameters('managedSystemAssigned'), 'yes'), not(parameters('deployNewNSG')))]",
-      "dependsOn": ["[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]"],
+      "dependsOn": "[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]",
       "name": "[concat('ExistingNsgRoleAssignment', copyIndex())]",
       "copy": {
         "name": "ExistingNsgRoleAssignmentCopy",
@@ -1146,6 +1146,9 @@
           },
           "principalId2": {
             "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2022-11-01', 'Full').identity.principalId]"
+          },
+          "index": {
+            "value": "[copyIndex()]"
           }
         }
       }

diff --git a/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json b/azure/templates/nestedtemplates/existing-nsg-RoleAssignment.json
@@ -18,14 +18,17 @@
     },
     "principalId2": {
       "type": "string"
+    },
+    "index": {
+      "type": "int"
     }
   },
   "resources": [
     {
       "type": "Microsoft.Authorization/roleAssignments",
       "apiVersion": "2022-04-01",
       "scope": "[concat('Microsoft.Network/networkSecurityGroups/', parameters('ExistingNSG').name)]",
-      "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId1'), '1', '-nsg'))]",
+      "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('principalId1'), '1', '-nsg', parameters('index')))]",
       "properties": {
         "roleDefinitionId": "[parameters('roleDefinitionId')]",
         "principalId": "[parameters('principalId1')]"
@@ -35,7 +38,7 @@
       "type": "Microsoft.Authorization/roleAssignments",
       "apiVersion": "2022-04-01",
       "scope": "[concat('Microsoft.Network/networkSecurityGroups/', parameters('ExistingNSG').name)]",
-      "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId2'), '2', '-nsg'))]",
+      "name": "[guid(resourceGroup().id, concat(parameters('vmName'), parameters('roleDefinitionId'), parameters('principalId2'), '2', '-nsg', parameters('index')))]",
       "properties": {
         "roleDefinitionId": "[parameters('roleDefinitionId')]",
         "principalId": "[parameters('principalId2')]"