AzSDK

2.1.0

SubscriptionSecurity/RBAC.ps1

                                Set-StrictMode -Version Latest

function Set-AzSDKSubscriptionRBAC 

{

    <#

    .SYNOPSIS

    This command would help in setting up the RBAC rules for a given Subscription

    .DESCRIPTION

    This command would help in setting up the RBAC rules for a given Subscription

    .LINK

    https://aka.ms/azsdkdocs

    #>

    Param(

        [string]

        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the security evaluation has to be performed.")]

        [ValidateNotNullOrEmpty()]

        $SubscriptionId,

        [string] 

        [Parameter(Mandatory = $false, HelpMessage = "Provide tag names for processing specific policies. Comma seperated values are supported.")]

        $Tags,

        [switch]

        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]

        $DoNotOpenOutputFolder

    )

    Begin

    {

        [ListenerHelper]::RegisterListeners();

    }

    Process

    {

����    try 

        {

            # Adding all mandatory tags 

            $modifiedTags = [string]::Join(",", [ConfigurationManager]::GetAzSdkConfigData().SubscriptionMandatoryTags);

            if(-not [string]::IsNullOrWhiteSpace($Tags))

            {

                $modifiedTags = $modifiedTags + "," +$Tags;

            }

            $rbac = [RBAC]::new($SubscriptionId, $PSCmdlet.MyInvocation, $modifiedTags);

            if ($rbac) 

            {

                return $rbac.InvokeFunction($rbac.SetRBACAccounts);

            }

        }

        catch 

        {

            [EventBase]::PublishGenericException($_);

        }          

    }

    End

    {

        [ListenerHelper]::UnregisterListeners();

    }

}

function Remove-AzSDKSubscriptionRBAC 

{

    <#

    .SYNOPSIS

    This command clears all RBAC Rules set up by AzSDK.

    .DESCRIPTION

    This command clears all RBAC Rules set up by AzSDK.

    .LINK

    https://aka.ms/azsdkdocs

    #>

    [CmdletBinding(SupportsShouldProcess = $true)] 

    Param(

        [string]

        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the security evaluation has to be performed.")]

        [ValidateNotNullOrEmpty()]

        $SubscriptionId,

        [string] 

        [Parameter(Mandatory = $true, HelpMessage = "Provide tag names for processing specific policies. Comma seperated values are supported.")]

        $Tags,

        [switch]

        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]

        $DoNotOpenOutputFolder

    )

    Begin

    {

        [ListenerHelper]::RegisterListeners();

    }

    Process

    {

����    try 

        {

            $rbac = [RBAC]::new($SubscriptionId, $PSCmdlet.MyInvocation, $Tags);

            if ($rbac) 

            {

                return $rbac.InvokeFunction($rbac.RemoveRBACAccounts);

            }

        }

        catch 

        {

            [EventBase]::PublishGenericException($_);

        }          

    }

    End

    {

        [ListenerHelper]::UnregisterListeners();

    }

}