Update quickstart subscription-role-assignment (#12031)

* Update sample subscription-role-assignment

* Fix readme

* Update API version

subscription-deployments/subscription-role-assignment/README.md

@@ -9,10 +9,12 @@
 ![Best Practice Check](https://azurequickstartsservice.blob.core.windows.net/badges/subscription-deployments/subscription-role-assignment/BestPracticeResult.svg)
 ![Cred Scan Check](https://azurequickstartsservice.blob.core.windows.net/badges/subscription-deployments/subscription-role-assignment/CredScanResult.svg)
 
+![Bicep Version](https://azurequickstartsservice.blob.core.windows.net/badges/subscription-deployments/subscription-role-assignment/BicepVersion.svg)
+
 [![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fsubscription-role-assignment%2Fazuredeploy.json)
 [![Deploy To Azure US Gov](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.svg?sanitize=true)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fsubscription-role-assignment%2Fazuredeploy.json)
-[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fsubscription-role-assignment%2Fazuredeploy.json)
+[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fsubscription-role-assignment%2Fazuredeploy.json)   
 
 This template is a subscription level template that will assign a role at subscription scope.
 
-*NOTE: Role assignments use a GUID for the name, this must be unique for every role assignment on the group.  The roleAssignmentName parameter is used to seed the guid() function with this value, change it for each deployment.  You can supply a guid or any string, as long as it has not been used before when assigning the role to the resourceGroup.*
+*NOTE: Role assignments use a GUID for the name, this must be unique for every role assignment on the subscription.  The roleAssignmentName parameter is used to seed the guid() function with this value, change it for each deployment.  You can supply a guid or any string, as long as it has not been used before when assigning the role to the subscription.*

subscription-deployments/subscription-role-assignment/azuredeploy.json

@@ -1,6 +1,13 @@
 {
   "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.4.1008.15138",
+      "templateHash": "2201665590578346073"
+    }
+  },
   "parameters": {
     "principalId": {
       "type": "string",
@@ -16,20 +23,19 @@
       }
     }
   },
+  "functions": [],
   "variables": {
-    // this creates an idempotent GUID for the role assignment
     "roleAssignmentName": "[guid(subscription().id, parameters('principalId'), parameters('roleDefinitionId'))]"
-   },
+  },
   "resources": [
     {
       "type": "Microsoft.Authorization/roleAssignments",
-      "apiVersion": "2020-04-01-preview",
+      "apiVersion": "2020-08-01-preview",
       "name": "[variables('roleAssignmentName')]",
       "properties": {
         "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]",
-        "principalId": "[parameters('principalId')]",
-        "scope": "[subscription().id]"
+        "principalId": "[parameters('principalId')]"
       }
     }
   ]
-}
+}

subscription-deployments/subscription-role-assignment/main.bicep

@@ -0,0 +1,18 @@
+targetScope = 'subscription'
+
+@description('principalId if the user that will be given contributor access to the resourceGroup')
+param principalId string
+
+@description('roleDefinition for the assignment - default is contributor')
+param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c'
+
+// this creates an idempotent GUID for the role assignment
+var roleAssignmentName = guid(subscription().id, principalId, roleDefinitionId)
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
+  name: roleAssignmentName
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+    principalId: principalId
+  }
+}

subscription-deployments/subscription-role-assignment/metadata.json

@@ -1,11 +1,10 @@
 {
     "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#",
     "itemDisplayName": "Assign a role at subscription scope",
-    "description": "This template is a subscription level template that will assign a role at subscription scope.  Currently, this template cannot be deployed via the Azure Portal.",
+    "description": "This template is a subscription level template that will assign a role at subscription scope.",
     "summary": "This template is a subscription level template that will assign a role at subscription scope.",
     "type": "SubscriptionDeployment",
     "validationType": "Manual",
     "githubUsername": "bmoore-msft",
-    "dateUpdated": "2020-06-06"
+    "dateUpdated": "2021-11-11"
 }
-