fix role assignment when using role definition name

[omerlh]

I tried to assign a role to service principal using the role name (custom role), this is my TF file:

resource "azurerm_role_assignment" "test" {
  principal_id                 = "<>"
  role_definition_name = "some-identity-role-definition"
  scope        = "<>"
}

And I noticed that I'm getting the following error:

Error: Error loading Role Definition List: could not find role 'some-identity-role-definition'

  on file.tf line 7, in resource "azurerm_role_assignment" "test":
   7: resource "azurerm_role_assignment" "test" {
``
So I started investigating. Testing using Azure CLI worked:

az role definition list --query "[?roleName == 'some-identity-role-definition']"

This returned the roles as expected - so it's exist in Azure. I replicated the bug in a smaller program:
```go
package main

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization"
	"github.com/Azure/go-autorest/autorest/azure/auth"
)

func main() {
	fmt.Println("Hello, world.")

	client := authorization.NewRoleDefinitionsClient("<>")
	authorizer, err := auth.NewAuthorizerFromCLI()
	if err == nil {
		client.Authorizer = authorizer
	}
	name := "some-identity-role-definition"

	roleDefinitions, err := client.List(context.Background(), "", fmt.Sprintf("roleName eq '%s'", name))
	if err != nil {
		fmt.Printf("Error loading Role Definition List: %+v", err)
	}

	len := len(roleDefinitions.Values())

	fmt.Printf("len: %+v", len)
}

And noticed that the problem is with the scope. When the scope is empty ("" or "/") no value is returned, but when it's the scope of the subscription ("/subscriptions/<>/") or anything under it, it is working. When I enabled terrform debug logs I noticed the expected behavior - this is the HTTP request:

//providers/Microsoft.Authorization/roleDefinitions?%24filter=roleName+eq+%27some-identity-role-definition%27&api-version=2018-01-01-preview HTTP/1.1

see the //? it's because of the missing scope. I added a small change to use the scope supplied by the user, tested locally using my little program and it worked.

BTW looking at the role definition data source, look like it pass the scope correctly (see this line) the same as I did here.

[katbyte]

Thanks for the PR @omerlh, this LGTM 🙂

[ghost]

This has been released in version 1.32.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.32.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!