Skip to content

Instantly share code, notes, and snippets.

@sajayantony

sajayantony/role-assignment-arm.md

Created August 7, 2018 00:35
Show Gist options
  • Save sajayantony/667814186f1e37dc9bcd12bfdd24e4ec to your computer and use it in GitHub Desktop.
Save sajayantony/667814186f1e37dc9bcd12bfdd24e4ec to your computer and use it in GitHub Desktop.
Download ZIP
Role-Assignment for ACR
Raw
role-assignment-arm.md 
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "containerRegistry": {
      "type": "string"
    },
    "sourceResourceId": {
      "type": "string"
    },
    "role": {
      "type": "string",
      "allowedValues": [
        "owner",
        "push",
        "pull"
      ],
      "metadata": {
        "description": "Role to assign"
      }      
    },
    "roleNameGuid": {
      "type": "string",
      "metadata": {
        "description": "A new GUID used to identify the role"
      }      
    }
  },
  "variables": {
    "targetResourceId": "[resourceId(resourceGroup().name, 'Microsoft.ContainerRegistry/registries', parameters('containerRegistry'))]",
    "sourceResourceId": "[parameters('sourceResourceId')]",

    "owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
    "push": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
    "pull": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
    "scope": "[variables('targetResourceId')]"
  },
  "resources": [
    {
      "condition": false,
      "name": "[parameters('containerRegistry')]",
      "type": "Microsoft.ContainerRegistry/registries",
      "apiVersion": "2017-10-01"
    },
    {
      "condition": false,
      "name": "dasource",
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2017-12-01"      
    },
    {
      "condition": true,
      "type": "Microsoft.ContainerRegistry/registries/providers/roleAssignments",
      "apiVersion": "2017-05-01",
      "name": "[concat(parameters('containerRegistry'), '/Microsoft.Authorization/', parameters('roleNameGuid'))]",
      "properties": {
        "roleDefinitionId": "[variables(parameters('role'))]",
        "principalId": "[reference(variables('sourceResourceId'), '2017-12-01', 'Full').identity.principalId]"
      }
    }
  ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment