refactor: make principal type optional in role assignments and clean up e2e tests (#1884)

Co-authored-by: Harmanpreet Kaur <[email protected]>

Author: Harmanpreet-Microsoft

infra/core/security/role.bicep

@@ -1,21 +1,23 @@
-metadata description = 'Creates a role assignment for a service principal.'
+// core/security/role.bicep
+metadata description = 'Creates a role assignment for a principal.'
 param principalId string
-
+param roleDefinitionId string
+@description('Type of principal. Leave empty for auto-detection.')
 @allowed([
+  ''
   'Device'
   'ForeignGroup'
   'Group'
   'ServicePrincipal'
   'User'
 ])
-param principalType string = 'ServicePrincipal'
-param roleDefinitionId string
-
+param principalType string = ''
 resource role 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(subscription().id, resourceGroup().id, principalId, roleDefinitionId)
   properties: {
     principalId: principalId
-    principalType: principalType
     roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+    // Only include principalType if explicitly provided
+    ...(principalType != '' ? { principalType: principalType } : {})
   }
 }

infra/main.bicep

@@ -1196,7 +1196,7 @@ module storageRoleUser 'core/security/role.bicep' = if (principalId != '') {
   params: {
     principalId: principalId
     roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
-    principalType: 'User'
+    //principalType: 'User'
   }
 }
 
@@ -1207,7 +1207,7 @@ module openaiRoleUser 'core/security/role.bicep' = if (principalId != '') {
   params: {
     principalId: principalId
     roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908'
-    principalType: 'User'
+    //principalType: 'User'
   }
 }
 
@@ -1218,7 +1218,7 @@ module openaiRoleUserContributor 'core/security/role.bicep' = if (principalId !=
   params: {
     principalId: principalId
     roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
-    principalType: 'User'
+    //principalType: 'User'
   }
 }