src/Private/arm.ps1
|
function addAADRole { [CmdletBinding()] param( [string]$ObjectId, [string]$Scope, [string]$RoleDefinitionName ) Write-Verbose "addAADRole - checking for objectId: $ObjectId, role: $RoleDefinitionName, scope: $Scope" $Exists = Get-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleDefinitionName -Scope $Scope if ($Exists) { Write-Verbose "Assignment for objectId: $ObjectId, role: $RoleDefinitionName, scope: $Scope already exists" } else { New-AzRoleAssignment -ObjectId $ObjectId -RoleDefinitionName $RoleDefinitionName -Scope $Scope | Out-Null } } function validateRole { [CmdletBinding()] param([string]$RoleDefinitionName) if (!(Get-AzRoleDefinition -Name $RoleDefinitionName)) { throw "Role $RoleDefinitionName is not valid" } else { return $true } } function getResourceMSI { [CmdletBinding()] param([string]$ResourceId) $App = Get-AzResource -ResourceId $ResourceId if (!($App)) { throw "Resource $ResourceId not found" } return $App.Identity.PrincipalId } function applyRbacPermission { [CmdletBinding()] param([PSCustomObject]$Permission) Write-Host "Attempting applyRbacPermission: Type: '$($Permission.principalType)', Name: '$($Permission.principalName)', Role: '$($Permission.role)', Scope: '$($Permission.scope)'" $objectId = Get-RedkiteAadObjectId -ObjectType $Permission.principalType -DisplayName $Permission.principalName if ($objectId) { validateRole $Permission.role | Out-Null $exists = Confirm-RedkiteArmResourceIdExists $Permission.scope if ($exists -eq $true){ addAADRole -ObjectId $objectId -RoleDefinitionName $Permission.role -Scope $Permission.scope } } else { Write-Warning "Object not found ($($Permission.principalType) $($Permission.principalName))" } } |