Fix non-unique roleAssignments (Azure#47491)

christothes · web-flow · commit 5030a3572892 · 2024-12-10T19:36:42.000Z
diff --git a/sdk/cloudmachine/Azure.Provisioning.CloudMachine/src/CloudMachineInfrastructure/CloudMachineInfrastructure.cs b/sdk/cloudmachine/Azure.Provisioning.CloudMachine/src/CloudMachineInfrastructure/CloudMachineInfrastructure.cs
@@ -122,7 +122,7 @@ public ProvisioningPlan Build(ProvisioningBuildOptions? context = default)
 
         context ??= new ProvisioningBuildOptions();
         // This must occur after the features have been emitted.
-        context.InfrastructureResolvers.Add(new RoleResolver(Features.RoleAnnotations, [Identity], [PrincipalIdParameter]));
+        context.InfrastructureResolvers.Add(new RoleResolver(Id, Features.RoleAnnotations, [Identity], [PrincipalIdParameter]));
         return _infrastructure.Build(context);
     }
 
diff --git a/sdk/cloudmachine/Azure.Provisioning.CloudMachine/src/CloudMachineInfrastructure/RoleResolver.cs b/sdk/cloudmachine/Azure.Provisioning.CloudMachine/src/CloudMachineInfrastructure/RoleResolver.cs
@@ -11,10 +11,11 @@
 
 namespace Azure.CloudMachine;
 
-internal class RoleResolver(Dictionary<Provisionable, (string RoleName, string RoleId)[]> annotations, IEnumerable<UserAssignedIdentity> managedIdentities, IEnumerable<BicepValue<Guid>> userPrincipals) : InfrastructureResolver
+internal class RoleResolver(string id, Dictionary<Provisionable, (string RoleName, string RoleId)[]> annotations, IEnumerable<UserAssignedIdentity> managedIdentities, IEnumerable<BicepValue<Guid>> userPrincipals) : InfrastructureResolver
 {
     public override IEnumerable<Provisionable> ResolveResources(IEnumerable<Provisionable> resources, ProvisioningBuildOptions options)
     {
+        Dictionary<string, int> roleCount = new();
         foreach (Provisionable provisionable in base.ResolveResources(resources, options))
         {
             yield return provisionable;
@@ -24,9 +25,20 @@ public override IEnumerable<Provisionable> ResolveResources(IEnumerable<Provisio
                 {
                     foreach (BicepValue<Guid> userPrincipal in userPrincipals)
                     {
-                        yield return new RoleAssignment($"{resource.BicepIdentifier}_{userPrincipal.Value.ToString().Replace('-', '_')}_{RoleName}")
+                        string roleKey = $"{resource.BicepIdentifier}_{userPrincipal.Value.ToString()}_{RoleName}";
+                        if (roleCount.TryGetValue(roleKey, out int count))
                         {
-                            Name = BicepFunction.CreateGuid(resource.BicepIdentifier, userPrincipal, BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId)),
+                            count = count + 1;
+                        }
+                        else
+                        {
+                            count = 1;
+                        }
+                        roleCount[roleKey] = count;
+
+                        yield return new RoleAssignment($"{resource.BicepIdentifier}_{count}_{RoleName}")
+                        {
+                            Name = BicepFunction.CreateGuid(resource.BicepIdentifier, id, userPrincipal, BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId)),
                             Scope = new IdentifierExpression(resource.BicepIdentifier),
                             PrincipalType = RoleManagementPrincipalType.User,
                             RoleDefinitionId = BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId),
diff --git a/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/GenerateBicep.bicep b/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/GenerateBicep.bicep
@@ -28,8 +28,8 @@ resource cm_storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
   }
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
+resource cm_storage_1_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
@@ -48,8 +48,8 @@ resource cm_storage_cm_identity_StorageBlobDataContributor 'Microsoft.Authorizat
   scope: cm_storage
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
+resource cm_storage_1_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')
@@ -87,8 +87,8 @@ resource cm_servicebus 'Microsoft.ServiceBus/namespaces@2024-01-01' = {
   }
 }
 
-resource cm_servicebus_00000000_0000_0000_0000_000000000000_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_servicebus', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
+resource cm_servicebus_1_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_servicebus', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')
@@ -262,8 +262,8 @@ resource cm_kv 'Microsoft.KeyVault/vaults@2023-07-01' = {
   }
 }
 
-resource cm_kv_00000000_0000_0000_0000_000000000000_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_kv', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))
+resource cm_kv_1_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_kv', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')
@@ -295,8 +295,8 @@ resource openai 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
   }
 }
 
-resource openai_00000000_0000_0000_0000_000000000000_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('openai', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))
+resource openai_1_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('openai', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442')
diff --git a/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/JustCloudMachine.bicep b/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/JustCloudMachine.bicep
@@ -28,8 +28,8 @@ resource cm_storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
   }
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
+resource cm_storage_1_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
@@ -48,8 +48,8 @@ resource cm_storage_cm_identity_StorageBlobDataContributor 'Microsoft.Authorizat
   scope: cm_storage
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
+resource cm_storage_1_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')
@@ -87,8 +87,8 @@ resource cm_servicebus 'Microsoft.ServiceBus/namespaces@2024-01-01' = {
   }
 }
 
-resource cm_servicebus_00000000_0000_0000_0000_000000000000_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_servicebus', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
+resource cm_servicebus_1_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_servicebus', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')
diff --git a/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/OpenAI.bicep b/sdk/cloudmachine/Azure.Provisioning.CloudMachine/tests/Data/OpenAI.bicep
@@ -28,8 +28,8 @@ resource cm_storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
   }
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
+resource cm_storage_1_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
@@ -48,8 +48,8 @@ resource cm_storage_cm_identity_StorageBlobDataContributor 'Microsoft.Authorizat
   scope: cm_storage
 }
 
-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
+resource cm_storage_1_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')
@@ -87,8 +87,8 @@ resource cm_servicebus 'Microsoft.ServiceBus/namespaces@2024-01-01' = {
   }
 }
 
-resource cm_servicebus_00000000_0000_0000_0000_000000000000_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('cm_servicebus', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
+resource cm_servicebus_1_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('cm_servicebus', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')
@@ -250,8 +250,8 @@ resource openai 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
   }
 }
 
-resource openai_00000000_0000_0000_0000_000000000000_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid('openai', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))
+resource openai_1_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('openai', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))
   properties: {
     principalId: principalId
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442')

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ public ProvisioningPlan Build(ProvisioningBuildOptions? context = default)`
`122`	`122`
`123`	`123`	`context ??= new ProvisioningBuildOptions();`
`124`	`124`	`// This must occur after the features have been emitted.`
`125`		`- context.InfrastructureResolvers.Add(new RoleResolver(Features.RoleAnnotations, [Identity], [PrincipalIdParameter]));`
	`125`	`+ context.InfrastructureResolvers.Add(new RoleResolver(Id, Features.RoleAnnotations, [Identity], [PrincipalIdParameter]));`
`126`	`126`	`return _infrastructure.Build(context);`
`127`	`127`	`}`
`128`	`128`
Original file line number	Diff line number	Diff line change
`@@ -11,10 +11,11 @@`
`11`	`11`
`12`	`12`	`namespace Azure.CloudMachine;`
`13`	`13`
`14`		`-internal class RoleResolver(Dictionary<Provisionable, (string RoleName, string RoleId)[]> annotations, IEnumerable<UserAssignedIdentity> managedIdentities, IEnumerable<BicepValue<Guid>> userPrincipals) : InfrastructureResolver`
	`14`	`+internal class RoleResolver(string id, Dictionary<Provisionable, (string RoleName, string RoleId)[]> annotations, IEnumerable<UserAssignedIdentity> managedIdentities, IEnumerable<BicepValue<Guid>> userPrincipals) : InfrastructureResolver`
`15`	`15`	`{`
`16`	`16`	`public override IEnumerable<Provisionable> ResolveResources(IEnumerable<Provisionable> resources, ProvisioningBuildOptions options)`
`17`	`17`	`{`
	`18`	`+ Dictionary<string, int> roleCount = new();`
`18`	`19`	`foreach (Provisionable provisionable in base.ResolveResources(resources, options))`
`19`	`20`	`{`
`20`	`21`	`yield return provisionable;`
`@@ -24,9 +25,20 @@ public override IEnumerable<Provisionable> ResolveResources(IEnumerable<Provisio`
`24`	`25`	`{`
`25`	`26`	`foreach (BicepValue<Guid> userPrincipal in userPrincipals)`
`26`	`27`	`{`
`27`		`- yield return new RoleAssignment($"{resource.BicepIdentifier}_{userPrincipal.Value.ToString().Replace('-', '_')}_{RoleName}")`
	`28`	`+ string roleKey = $"{resource.BicepIdentifier}_{userPrincipal.Value.ToString()}_{RoleName}";`
	`29`	`+ if (roleCount.TryGetValue(roleKey, out int count))`
`28`	`30`	`{`
`29`		`- Name = BicepFunction.CreateGuid(resource.BicepIdentifier, userPrincipal, BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId)),`
	`31`	`+ count = count + 1;`
	`32`	`+ }`
	`33`	`+ else`
	`34`	`+ {`
	`35`	`+ count = 1;`
	`36`	`+ }`
	`37`	`+ roleCount[roleKey] = count;`
	`38`	`+`
	`39`	`+ yield return new RoleAssignment($"{resource.BicepIdentifier}_{count}_{RoleName}")`
	`40`	`+ {`
	`41`	`+ Name = BicepFunction.CreateGuid(resource.BicepIdentifier, id, userPrincipal, BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId)),`
`30`	`42`	`Scope = new IdentifierExpression(resource.BicepIdentifier),`
`31`	`43`	`PrincipalType = RoleManagementPrincipalType.User,`
`32`	`44`	`RoleDefinitionId = BicepFunction.GetSubscriptionResourceId("Microsoft.Authorization/roleDefinitions", RoleId),`
Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,8 @@ resource cm_storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		`-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
`32`		`- name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))`
	`31`	`+resource cm_storage_1_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
	`32`	`+ name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))`
`33`	`33`	`properties: {`
`34`	`34`	`principalId: principalId`
`35`	`35`	`roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')`
`@@ -48,8 +48,8 @@ resource cm_storage_cm_identity_StorageBlobDataContributor 'Microsoft.Authorizat`
`48`	`48`	`scope: cm_storage`
`49`	`49`	`}`
`50`	`50`
`51`		`-resource cm_storage_00000000_0000_0000_0000_000000000000_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
`52`		`- name: guid('cm_storage', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))`
	`51`	`+resource cm_storage_1_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
	`52`	`+ name: guid('cm_storage', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))`
`53`	`53`	`properties: {`
`54`	`54`	`principalId: principalId`
`55`	`55`	`roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')`
`@@ -87,8 +87,8 @@ resource cm_servicebus 'Microsoft.ServiceBus/namespaces@2024-01-01' = {`
`87`	`87`	`}`
`88`	`88`	`}`
`89`	`89`
`90`		`-resource cm_servicebus_00000000_0000_0000_0000_000000000000_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
`91`		`- name: guid('cm_servicebus', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))`
	`90`	`+resource cm_servicebus_1_AzureServiceBusDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
	`91`	`+ name: guid('cm_servicebus', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419'))`
`92`	`92`	`properties: {`
`93`	`93`	`principalId: principalId`
`94`	`94`	`roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419')`
`@@ -262,8 +262,8 @@ resource cm_kv 'Microsoft.KeyVault/vaults@2023-07-01' = {`
`262`	`262`	`}`
`263`	`263`	`}`
`264`	`264`
`265`		`-resource cm_kv_00000000_0000_0000_0000_000000000000_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
`266`		`- name: guid('cm_kv', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))`
	`265`	`+resource cm_kv_1_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
	`266`	`+ name: guid('cm_kv', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))`
`267`	`267`	`properties: {`
`268`	`268`	`principalId: principalId`
`269`	`269`	`roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')`
`@@ -295,8 +295,8 @@ resource openai 'Microsoft.CognitiveServices/accounts@2024-10-01' = {`
`295`	`295`	`}`
`296`	`296`	`}`
`297`	`297`
`298`		`-resource openai_00000000_0000_0000_0000_000000000000_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
`299`		`- name: guid('openai', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))`
	`298`	`+resource openai_1_CognitiveServicesOpenAIContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {`
	`299`	`+ name: guid('openai', 'cm0c420d2f21084cd', principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442'))`
`300`	`300`	`properties: {`
`301`	`301`	`principalId: principalId`
`302`	`302`	`roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a001fd3d-188f-4b5d-821b-7da978bf7442')`