fmt

0.4.7

Public/New-FMTFlexVnetRole.ps1

                                function New-FMTFlexVnetRole {

    param(

        [parameter()]

        [string] $name = "flex-vnet-contributor",

        [parameter()]

        [string] $description = 'Needed permissions for Silk Flex to operate inside an existing VNET'

    )

    $azcontext = Get-AzContext

    $scope = [System.Collections.ArrayList]@()

    $scopestring = "/subscriptions/" + $azcontext.Subscription

    $scope.Add($scopestring)

    # $rolescope = New-Object psobject    

    $rolescope = New-Object Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition

    $actions = @(

        "Microsoft.Network/loadBalancers/read"

        "Microsoft.Network/loadBalancers/write"

        "Microsoft.Network/loadBalancers/delete"

        "Microsoft.Network/loadBalancers/backendAddressPools/read"

        "Microsoft.Network/loadBalancers/backendAddressPools/write"

        "Microsoft.Network/loadBalancers/backendAddressPools/delete"

        "Microsoft.Network/loadBalancers/backendAddressPools/join/action"

        "Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read"

        "Microsoft.Network/loadBalancers/frontendIPConfigurations/read"

        "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action"

        "Microsoft.Network/virtualNetworks/read"

        "Microsoft.Network/virtualNetworks/write"

        "Microsoft.Network/virtualNetworks/joinLoadBalancer/action"

        "Microsoft.Network/virtualNetworks/join/action"

        "Microsoft.Network/virtualNetworks/peer/action"

        "Microsoft.Network/virtualNetworks/subnets/read"

        "Microsoft.Network/virtualNetworks/subnets/write"

        "Microsoft.Network/virtualNetworks/subnets/delete"

        "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action"

        "Microsoft.Network/virtualNetworks/subnets/join/action"

        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"

        "Microsoft.Network/networkSecurityGroups/read"

        "Microsoft.Network/networkSecurityGroups/write"

        "Microsoft.Network/networkSecurityGroups/delete"

        "Microsoft.Network/networkSecurityGroups/join/action"

        "Microsoft.Network/networkInterfaces/read"

        "Microsoft.Network/networkInterfaces/write"

        "Microsoft.Network/networkInterfaces/join/action"

        "Microsoft.Network/networkInterfaces/delete"

        "Microsoft.Network/networkInterfaces/effectiveRouteTable/action"

        "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action" 

    )

    $rolescope.Name = $name

    $rolescope.IsCustom = $true

    $rolescope.Description = $description

    $rolescope.Actions = $actions

    $rolescope.AssignableScopes = $scope

    $rolescope | write-verbose

    New-AzRoleDefinition -Role $rolescope

}