New Example: SIG with Image Definition and Role Assignment (#1251)

* New Example: Shared Image Gallery with Image Defintition and Role Assignment New Example: Shared Image Gallery with Image Defintition and Role Assignment * Update main.bicep Processed suggested changes * Update main.json Now also updating the transpiled json result
Azure · Jan 3, 2021 · f998860 · f998860
1 parent 700770b
commit f998860
Show file tree

Hide file tree

Showing 3 changed files with 177 additions and 0 deletions.
diff --git a/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep
@@ -0,0 +1,69 @@
+param azureSubscriptionID string
+param sigName string
+param sigLocation string
+param imagePublisher string
+param imageDefinitionName string
+param imageOffer string
+param imageSKU string
+param imageLocation string
+param roleNameGalleryImage string
+param principalId string
+param templateImageResourceGroup string
+
+var templateImageResourceGroupId = '/subscriptions/${azureSubscriptionID}/resourcegroups/${templateImageResourceGroup}'
+var imageDefinitionFullName = '${sigName}/${imageDefinitionName}'
+
+//Create Shard Image Gallery
+resource wvdsig 'Microsoft.Compute/galleries@2020-09-30' = {
+  name: sigName
+  location: sigLocation
+}
+
+//Create Image definitation
+resource wvdid 'Microsoft.Compute/galleries/images@2020-09-30' = {
+  name: imageDefinitionFullName
+  location: imageLocation
+  properties: {
+    osState: 'Generalized'
+    osType: 'Windows'
+    identifier: {
+      publisher: imagePublisher
+      offer: imageOffer
+      sku: imageSKU
+    }
+  }
+}
+
+//create role definition
+resource gallerydef 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+  name: guid(roleNameGalleryImage)
+  properties: {
+    roleName: roleNameGalleryImage
+    description: 'Custom role for network read'
+    permissions: [
+      {
+        actions: [
+          'Microsoft.Compute/galleries/read'
+          'Microsoft.Compute/galleries/images/read'
+          'Microsoft.Compute/galleries/images/versions/read'
+          'Microsoft.Compute/galleries/images/versions/write'
+          'Microsoft.Compute/images/write'
+          'Microsoft.Compute/images/read'
+          'Microsoft.Compute/images/delete'
+        ]
+      }
+    ]
+    assignableScopes: [
+      templateImageResourceGroupId
+    ]
+  }
+}
+
+//create role assignment
+resource galleryass 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+  name: guid(resourceGroup().id, gallerydef.id, principalId)
+  properties: {
+    roleDefinitionId: gallerydef.id
+    principalId: principalId
+  }
+}
diff --git a/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json
@@ -0,0 +1,104 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "azureSubscriptionID": {
+      "type": "string"
+    },
+    "sigName": {
+      "type": "string"
+    },
+    "sigLocation": {
+      "type": "string"
+    },
+    "imagePublisher": {
+      "type": "string"
+    },
+    "imageDefinitionName": {
+      "type": "string"
+    },
+    "imageOffer": {
+      "type": "string"
+    },
+    "imageSKU": {
+      "type": "string"
+    },
+    "imageLocation": {
+      "type": "string"
+    },
+    "roleNameGalleryImage": {
+      "type": "string"
+    },
+    "principalId": {
+      "type": "string"
+    },
+    "templateImageResourceGroup": {
+      "type": "string"
+    }
+  },
+  "functions": [],
+  "variables": {
+    "templateImageResourceGroupId": "[format('/subscriptions/{0}/resourcegroups/{1}', parameters('azureSubscriptionID'), parameters('templateImageResourceGroup'))]",
+    "imageDefinitionFullName": "[format('{0}/{1}', parameters('sigName'), parameters('imageDefinitionName'))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Compute/galleries",
+      "apiVersion": "2020-09-30",
+      "name": "[parameters('sigName')]",
+      "location": "[parameters('sigLocation')]"
+    },
+    {
+      "type": "Microsoft.Compute/galleries/images",
+      "apiVersion": "2020-09-30",
+      "name": "[variables('imageDefinitionFullName')]",
+      "location": "[parameters('imageLocation')]",
+      "properties": {
+        "osState": "Generalized",
+        "osType": "Windows",
+        "identifier": {
+          "publisher": "[parameters('imagePublisher')]",
+          "offer": "[parameters('imageOffer')]",
+          "sku": "[parameters('imageSKU')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2018-01-01-preview",
+      "name": "[guid(parameters('roleNameGalleryImage'))]",
+      "properties": {
+        "roleName": "[parameters('roleNameGalleryImage')]",
+        "description": "Custom role for network read",
+        "permissions": [
+          {
+            "actions": [
+              "Microsoft.Compute/galleries/read",
+              "Microsoft.Compute/galleries/images/read",
+              "Microsoft.Compute/galleries/images/versions/read",
+              "Microsoft.Compute/galleries/images/versions/write",
+              "Microsoft.Compute/images/write",
+              "Microsoft.Compute/images/read",
+              "Microsoft.Compute/images/delete"
+            ]
+          }
+        ],
+        "assignableScopes": [
+          "[variables('templateImageResourceGroupId')]"
+        ]
+      }
+    },
+    {
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2020-04-01-preview",
+      "name": "[guid(resourceGroup().id, resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage'))), parameters('principalId'))]",
+      "properties": {
+        "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage')))]",
+        "principalId": "[parameters('principalId')]"
+      },
+      "dependsOn": [
+        "[resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage')))]"
+      ]
+    }
+  ]
+}
diff --git a/docs/examples/index.json b/docs/examples/index.json
@@ -375,6 +375,10 @@
         "filePath": "201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep",
         "description": "201/vm-windows10-with-nvidia-gpu-extension-and-condition"
     },
+    {
+        "filePath": "201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep",
+        "description": "201/shared-image-gallery-with-image-defintition-and-role-assignment"
+    },    
     {
         "filePath": "301/function-app-with-custom-domain-managed-certificate/main.bicep",
         "description": "301/function-app-with-custom-domain-managed-certificate"