Add comments with role names

pamelafox · pamelafox · commit 826e5c7bb1b0 · 2025-09-10T10:14:50.000-07:00
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -972,7 +972,7 @@ module storageRoleUser 'core/security/role.bicep' = {
   name: 'storage-role-user'
   params: {
     principalId: principalId
-    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
+    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader
     principalType: principalType
   }
 }
@@ -982,7 +982,7 @@ module storageContribRoleUser 'core/security/role.bicep' = {
   name: 'storage-contrib-role-user'
   params: {
     principalId: principalId
-    roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
+    roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' // Storage Blob Data Contributor
     principalType: principalType
   }
 }
@@ -992,7 +992,7 @@ module storageOwnerRoleUser 'core/security/role.bicep' = if (useUserUpload) {
   name: 'storage-owner-role-user'
   params: {
     principalId: principalId
-    roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
+    roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' // Storage Blob Data Owner
     principalType: principalType
   }
 }
@@ -1092,7 +1092,7 @@ module storageRoleBackend 'core/security/role.bicep' = {
     principalId: (deploymentTarget == 'appservice')
       ? backend.outputs.identityPrincipalId
       : acaBackend.outputs.identityPrincipalId
-    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
+    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader
     principalType: 'ServicePrincipal'
   }
 }
@@ -1104,7 +1104,7 @@ module storageOwnerRoleBackend 'core/security/role.bicep' = if (useUserUpload) {
     principalId: (deploymentTarget == 'appservice')
       ? backend.outputs.identityPrincipalId
       : acaBackend.outputs.identityPrincipalId
-    roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
+    roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' // Storage Blob Data Owner
     principalType: 'ServicePrincipal'
   }
 }
@@ -1114,7 +1114,7 @@ module storageRoleSearchService 'core/security/role.bicep' = if (useIntegratedVe
   name: 'storage-role-searchservice'
   params: {
     principalId: searchService.outputs.principalId
-    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
+    roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader
     principalType: 'ServicePrincipal'
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -972,7 +972,7 @@ module storageRoleUser 'core/security/role.bicep' = {`
`972`	`972`	`name: 'storage-role-user'`
`973`	`973`	`params: {`
`974`	`974`	`principalId: principalId`
`975`		`- roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'`
	`975`	`+ roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader`
`976`	`976`	`principalType: principalType`
`977`	`977`	`}`
`978`	`978`	`}`
`@@ -982,7 +982,7 @@ module storageContribRoleUser 'core/security/role.bicep' = {`
`982`	`982`	`name: 'storage-contrib-role-user'`
`983`	`983`	`params: {`
`984`	`984`	`principalId: principalId`
`985`		`- roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'`
	`985`	`+ roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' // Storage Blob Data Contributor`
`986`	`986`	`principalType: principalType`
`987`	`987`	`}`
`988`	`988`	`}`
`@@ -992,7 +992,7 @@ module storageOwnerRoleUser 'core/security/role.bicep' = if (useUserUpload) {`
`992`	`992`	`name: 'storage-owner-role-user'`
`993`	`993`	`params: {`
`994`	`994`	`principalId: principalId`
`995`		`- roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'`
	`995`	`+ roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' // Storage Blob Data Owner`
`996`	`996`	`principalType: principalType`
`997`	`997`	`}`
`998`	`998`	`}`
`@@ -1092,7 +1092,7 @@ module storageRoleBackend 'core/security/role.bicep' = {`
`1092`	`1092`	`principalId: (deploymentTarget == 'appservice')`
`1093`	`1093`	`? backend.outputs.identityPrincipalId`
`1094`	`1094`	`: acaBackend.outputs.identityPrincipalId`
`1095`		`- roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'`
	`1095`	`+ roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader`
`1096`	`1096`	`principalType: 'ServicePrincipal'`
`1097`	`1097`	`}`
`1098`	`1098`	`}`
`@@ -1104,7 +1104,7 @@ module storageOwnerRoleBackend 'core/security/role.bicep' = if (useUserUpload) {`
`1104`	`1104`	`principalId: (deploymentTarget == 'appservice')`
`1105`	`1105`	`? backend.outputs.identityPrincipalId`
`1106`	`1106`	`: acaBackend.outputs.identityPrincipalId`
`1107`		`- roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'`
	`1107`	`+ roleDefinitionId: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' // Storage Blob Data Owner`
`1108`	`1108`	`principalType: 'ServicePrincipal'`
`1109`	`1109`	`}`
`1110`	`1110`	`}`
`@@ -1114,7 +1114,7 @@ module storageRoleSearchService 'core/security/role.bicep' = if (useIntegratedVe`
`1114`	`1114`	`name: 'storage-role-searchservice'`
`1115`	`1115`	`params: {`
`1116`	`1116`	`principalId: searchService.outputs.principalId`
`1117`		`- roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'`
	`1117`	`+ roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader`
`1118`	`1118`	`principalType: 'ServicePrincipal'`
`1119`	`1119`	`}`
`1120`	`1120`	`}`