Add AD role to SP (#11)

* Add AD role to SP

* Add user-friendly comment for the role_id field

modules/services/service-principal/main.tf

@@ -25,6 +25,14 @@ resource "azuread_service_principal" "sysdig_sp" {
   }
 }
 
+#---------------------------------------------------------------------------------------------
+# Assign "Directory Reader" AD role to Sysdig SP
+#---------------------------------------------------------------------------------------------
+resource "azuread_directory_role_assignment" "sysdig_ad_reader" {
+  role_id             = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" // template ID of Directory Reader AD role
+  principal_object_id = azuread_service_principal.sysdig_sp.object_id
+}
+
 #---------------------------------------------------------------------------------------------
 # Assign "Reader" role to Sysdig SP for primary subscription
 #---------------------------------------------------------------------------------------------