hashicorp · katbyte · Jun 12, 2018 · Jun 11, 2018 · Jun 11, 2018 · Jun 11, 2018
diff --git a/azurerm/resource_arm_role_definition.go b/azurerm/resource_arm_role_definition.go
@@ -5,6 +5,7 @@ import (
 	"log"
 
 	"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization"
+	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
@@ -22,7 +23,8 @@ func resourceArmRoleDefinition() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"role_definition_id": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
+				Computed: true,
 				ForceNew: true,
 			},
 
@@ -81,6 +83,15 @@ func resourceArmRoleDefinitionCreateUpdate(d *schema.ResourceData, meta interfac
 	ctx := meta.(*ArmClient).StopContext
 
 	roleDefinitionId := d.Get("role_definition_id").(string)
+	if roleDefinitionId == "" {
+		uuid, err := uuid.GenerateUUID()
+		if err != nil {
+			return fmt.Errorf("Error generating UUID for Role Assignment: %+v", err)
+		}
+
+		roleDefinitionId = uuid
+	}
+
 	name := d.Get("name").(string)
 	scope := d.Get("scope").(string)
 	description := d.Get("description").(string)

diff --git a/azurerm/resource_arm_role_definition_test.go b/azurerm/resource_arm_role_definition_test.go
@@ -87,6 +87,28 @@ func TestAccAzureRMRoleDefinition_update(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMRoleDefinition_emptyName(t *testing.T) {
+	resourceName := "azurerm_role_definition.test"
+
+	ri := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMRoleDefinitionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMRoleDefinition_emptyId(ri),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMRoleDefinitionExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttrSet(resourceName, "name"),
+				),
+			},
+		},
+	})
+}
+
 func testCheckAzureRMRoleDefinitionExists(name string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[name]
@@ -201,3 +223,23 @@ resource "azurerm_role_definition" "test" {
 }
 `, id, rInt)
 }
+
+func testAccAzureRMRoleDefinition_emptyId(rInt int) string {
+	return fmt.Sprintf(`
+data "azurerm_subscription" "primary" {}
+
+resource "azurerm_role_definition" "test" {
+  name               = "acctestrd-%d"
+  scope              = "${data.azurerm_subscription.primary.id}"
+
+  permissions {
+    actions     = ["*"]
+    not_actions = []
+  }
+
+  assignable_scopes = [
+    "${data.azurerm_subscription.primary.id}",
+  ]
+}
+`, rInt)
+}
diff --git a/website/docs/r/role_definition.html.markdown b/website/docs/r/role_definition.html.markdown
@@ -17,7 +17,6 @@ Manages a custom Role Definition, used to assign Roles to Users/Principals.
 data "azurerm_subscription" "primary" {}
 
 resource "azurerm_role_definition" "test" {
-  role_definition_id = "12345678-1234-5678-1234-123456780123"
   name               = "my-custom-role"
   scope              = "${data.azurerm_subscription.primary.id}"
   description        = "This is a custom role created via Terraform"
@@ -37,7 +36,7 @@ resource "azurerm_role_definition" "test" {
 
 The following arguments are supported:
 
-* `role_definition_id` - (Required) A unique UUID/GUID which identifies this role. Changing this forces a new resource to be created.
+* `role_definition_id` - (Optional) A unique UUID/GUID which identifies this role - one will be generated if not specified.. Changing this forces a new resource to be created.
 
 * `name` - (Required) The name of the Role Definition. Changing this forces a new resource to be created.