-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.bicep
69 lines (64 loc) · 1.85 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
param azureSubscriptionID string
param sigName string
param sigLocation string
param imagePublisher string
param imageDefinitionName string
param imageOffer string
param imageSKU string
param imageLocation string
param roleNameGalleryImage string
param principalId string
param templateImageResourceGroup string
var templateImageResourceGroupId = '/subscriptions/${azureSubscriptionID}/resourcegroups/${templateImageResourceGroup}'
//Create Shard Image Gallery
resource wvdsig 'Microsoft.Compute/galleries@2020-09-30' = {
name: sigName
location: sigLocation
}
//Create Image definition
resource wvdid 'Microsoft.Compute/galleries/images@2020-09-30' = {
parent: wvdsig
name: imageDefinitionName
location: imageLocation
properties: {
osState: 'Generalized'
osType: 'Windows'
identifier: {
publisher: imagePublisher
offer: imageOffer
sku: imageSKU
}
}
}
//create role definition
resource gallerydef 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
name: guid(roleNameGalleryImage)
properties: {
roleName: roleNameGalleryImage
description: 'Custom role for network read'
permissions: [
{
actions: [
'Microsoft.Compute/galleries/read'
'Microsoft.Compute/galleries/images/read'
'Microsoft.Compute/galleries/images/versions/read'
'Microsoft.Compute/galleries/images/versions/write'
'Microsoft.Compute/images/write'
'Microsoft.Compute/images/read'
'Microsoft.Compute/images/delete'
]
}
]
assignableScopes: [
templateImageResourceGroupId
]
}
}
//create role assignment
resource galleryass 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(resourceGroup().id, gallerydef.id, principalId)
properties: {
roleDefinitionId: gallerydef.id
principalId: principalId
}
}