From f99886011731933f4e005e0f6b793df7343c75a9 Mon Sep 17 00:00:00 2001
From: Freek Berson <freek.berson@wortell.nl>
Date: Sun, 3 Jan 2021 21:12:52 +0100
Subject: [PATCH] New Example: SIG with Image Definition and Role Assignment
(#1251)
* New Example: Shared Image Gallery with Image Defintition and Role Assignment
New Example: Shared Image Gallery with Image Defintition and Role Assignment
* Update main.bicep
Processed suggested changes
* Update main.json
Now also updating the transpiled json result
---
.../main.bicep | 69 ++++++++++++
.../main.json | 104 ++++++++++++++++++
docs/examples/index.json | 4 +
3 files changed, 177 insertions(+)
create mode 100644 docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep
create mode 100644 docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json
diff --git a/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep
new file mode 100644
index 00000000000..0a25275f383
--- /dev/null
+++ b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep
@@ -0,0 +1,69 @@
+param azureSubscriptionID string
+param sigName string
+param sigLocation string
+param imagePublisher string
+param imageDefinitionName string
+param imageOffer string
+param imageSKU string
+param imageLocation string
+param roleNameGalleryImage string
+param principalId string
+param templateImageResourceGroup string
+
+var templateImageResourceGroupId = '/subscriptions/${azureSubscriptionID}/resourcegroups/${templateImageResourceGroup}'
+var imageDefinitionFullName = '${sigName}/${imageDefinitionName}'
+
+//Create Shard Image Gallery
+resource wvdsig 'Microsoft.Compute/galleries@2020-09-30' = {
+ name: sigName
+ location: sigLocation
+}
+
+//Create Image definitation
+resource wvdid 'Microsoft.Compute/galleries/images@2020-09-30' = {
+ name: imageDefinitionFullName
+ location: imageLocation
+ properties: {
+ osState: 'Generalized'
+ osType: 'Windows'
+ identifier: {
+ publisher: imagePublisher
+ offer: imageOffer
+ sku: imageSKU
+ }
+ }
+}
+
+//create role definition
+resource gallerydef 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+ name: guid(roleNameGalleryImage)
+ properties: {
+ roleName: roleNameGalleryImage
+ description: 'Custom role for network read'
+ permissions: [
+ {
+ actions: [
+ 'Microsoft.Compute/galleries/read'
+ 'Microsoft.Compute/galleries/images/read'
+ 'Microsoft.Compute/galleries/images/versions/read'
+ 'Microsoft.Compute/galleries/images/versions/write'
+ 'Microsoft.Compute/images/write'
+ 'Microsoft.Compute/images/read'
+ 'Microsoft.Compute/images/delete'
+ ]
+ }
+ ]
+ assignableScopes: [
+ templateImageResourceGroupId
+ ]
+ }
+}
+
+//create role assignment
+resource galleryass 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+ name: guid(resourceGroup().id, gallerydef.id, principalId)
+ properties: {
+ roleDefinitionId: gallerydef.id
+ principalId: principalId
+ }
+}
diff --git a/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json
new file mode 100644
index 00000000000..a3d7e73b5cb
--- /dev/null
+++ b/docs/examples/201/shared-image-gallery-with-image-defintition-and-role-assignment/main.json
@@ -0,0 +1,104 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "azureSubscriptionID": {
+ "type": "string"
+ },
+ "sigName": {
+ "type": "string"
+ },
+ "sigLocation": {
+ "type": "string"
+ },
+ "imagePublisher": {
+ "type": "string"
+ },
+ "imageDefinitionName": {
+ "type": "string"
+ },
+ "imageOffer": {
+ "type": "string"
+ },
+ "imageSKU": {
+ "type": "string"
+ },
+ "imageLocation": {
+ "type": "string"
+ },
+ "roleNameGalleryImage": {
+ "type": "string"
+ },
+ "principalId": {
+ "type": "string"
+ },
+ "templateImageResourceGroup": {
+ "type": "string"
+ }
+ },
+ "functions": [],
+ "variables": {
+ "templateImageResourceGroupId": "[format('/subscriptions/{0}/resourcegroups/{1}', parameters('azureSubscriptionID'), parameters('templateImageResourceGroup'))]",
+ "imageDefinitionFullName": "[format('{0}/{1}', parameters('sigName'), parameters('imageDefinitionName'))]"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Compute/galleries",
+ "apiVersion": "2020-09-30",
+ "name": "[parameters('sigName')]",
+ "location": "[parameters('sigLocation')]"
+ },
+ {
+ "type": "Microsoft.Compute/galleries/images",
+ "apiVersion": "2020-09-30",
+ "name": "[variables('imageDefinitionFullName')]",
+ "location": "[parameters('imageLocation')]",
+ "properties": {
+ "osState": "Generalized",
+ "osType": "Windows",
+ "identifier": {
+ "publisher": "[parameters('imagePublisher')]",
+ "offer": "[parameters('imageOffer')]",
+ "sku": "[parameters('imageSKU')]"
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "apiVersion": "2018-01-01-preview",
+ "name": "[guid(parameters('roleNameGalleryImage'))]",
+ "properties": {
+ "roleName": "[parameters('roleNameGalleryImage')]",
+ "description": "Custom role for network read",
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Compute/galleries/read",
+ "Microsoft.Compute/galleries/images/read",
+ "Microsoft.Compute/galleries/images/versions/read",
+ "Microsoft.Compute/galleries/images/versions/write",
+ "Microsoft.Compute/images/write",
+ "Microsoft.Compute/images/read",
+ "Microsoft.Compute/images/delete"
+ ]
+ }
+ ],
+ "assignableScopes": [
+ "[variables('templateImageResourceGroupId')]"
+ ]
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2020-04-01-preview",
+ "name": "[guid(resourceGroup().id, resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage'))), parameters('principalId'))]",
+ "properties": {
+ "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage')))]",
+ "principalId": "[parameters('principalId')]"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Authorization/roleDefinitions', guid(parameters('roleNameGalleryImage')))]"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/docs/examples/index.json b/docs/examples/index.json
index ec57ea6e397..48cb0a159a2 100644
--- a/docs/examples/index.json
+++ b/docs/examples/index.json
@@ -375,6 +375,10 @@
"filePath": "201/vm-windows10-with-nvidia-gpu-extension-and-condition/main.bicep",
"description": "201/vm-windows10-with-nvidia-gpu-extension-and-condition"
},
+ {
+ "filePath": "201/shared-image-gallery-with-image-defintition-and-role-assignment/main.bicep",
+ "description": "201/shared-image-gallery-with-image-defintition-and-role-assignment"
+ },
{
"filePath": "301/function-app-with-custom-domain-managed-certificate/main.bicep",
"description": "301/function-app-with-custom-domain-managed-certificate"