Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
ARO-RP/deploy/rbac-development.json

131 строка
6.4 KiB
JSON
Исходник Ответственный История

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"armServicePrincipalId": {
"type": "string"
},
"fpServicePrincipalId": {
"type": "string"
}
},
"resources": [
{
"name": "79ed474a-7267-4ff8-b226-96140be062a2",
"apiVersion": "2017-09-01",
"type": "Microsoft.Authorization/roleDefinitions",
"properties": {
"assignableScopes": [
"[concat('/subscriptions/', subscription().subscriptionId)]"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/write"
]
}
],
"roleName": "ARO v4 Development First Party Subscription"
}
},
{
"name": "c95361b8-cf7c-40a1-ad0a-df9f39a30225",
"apiVersion": "2017-09-01",
"type": "Microsoft.Authorization/roleDefinitions",
"properties": {
"assignableScopes": [
"[concat('/subscriptions/', subscription().subscriptionId)]"
],
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/images/read",
"Microsoft.Compute/images/write",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/write",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/privateDnsZones/A/write",
"Microsoft.Network/privateDnsZones/SRV/write",
"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write",
"Microsoft.Network/privateDnsZones/write",
"Microsoft.Network/privateLinkServices/read",
"Microsoft.Network/privateLinkServices/write",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Resources/deployments/operationStatuses/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/listAccountSas/action",
"Microsoft.Storage/storageAccounts/write"
]
}
],
"roleName": "ARO v4 Development First Party Managed Resource Group"
}
},
{
"name": "f3fe7bc1-0ef9-4681-a68c-c1fa285d6128",
"apiVersion": "2017-09-01",
"type": "Microsoft.Authorization/roleDefinitions",
"properties": {
"assignableScopes": [
"[concat('/subscriptions/', subscription().subscriptionId)]"
],
"permissions": [
{
"actions": [
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write"
]
}
],
"roleName": "ARO v4 Development Subnet Contributor"
}
},
{
"name": "[guid(subscription().id, 'FP / ARO v4 FP Subscription')]",
"apiVersion": "2017-09-01",
"type": "Microsoft.Authorization/roleAssignments",
"dependsOn": [
"[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '79ed474a-7267-4ff8-b226-96140be062a2')]"
],
"properties": {
"principalId": "[parameters('fpServicePrincipalId')]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '79ed474a-7267-4ff8-b226-96140be062a2')]",
"scope": "[subscription().id]"
}
},
{
"name": "[guid(subscription().id, 'ARM / User Access Administrator')]",
"apiVersion": "2017-09-01",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"principalId": "[parameters('armServicePrincipalId')]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
"scope": "[subscription().id]"
}
}
]
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку