functions/roleManagement/Invoke-AzurePIMroleManagement.ps1
|
function Invoke-AzurePIMroleManagement { <# .SYNOPSIS Performs the required actions for a resource type against the connected Tenant. .DESCRIPTION This command combines the Invoke commands of all roleManagement resources. roleAssignments, roleDefinitions, roleManagementPolicies #> Param ( [switch] $DoNotRequireTenantConfirm ) begin { Test-AzureConnection -Cmdlet $PSCmdlet $tenant = Get-AzTenant -TenantId (Get-AzContext).Tenant.Id $subscription = (Get-AzContext).Subscription $roleManagementResources = @("roleAssignments", "roleDefinitions", "roleManagementPolicies") } process { Write-PSFMessage -Level Host -FunctionName "Invoke-AzurePIMroleManagement" -String "AzurePIM.TenantandSubscriptionInformation" -StringValues $tenant.Name, $tenant.Id ,$subscription.Name, $subscription.Id if (-Not $DoNotRequireTenantConfirm) { if ((Read-Host "Is this the correct tenant and subscription? [y/n]") -notin @("y","Y")) { Write-PSFMessage -Level Error -String "AzurePIM.UserCanceled" throw "Connected to the wrong tenant or subscription." } } foreach ($resourceType in ($script:supportedResources.GetEnumerator() | Where-Object {$_.Value.invokeFunction -and $_.Name -in $roleManagementResources} | Sort-Object {$_.Value.weight})) { if ($script:desiredConfiguration[$resourceType.Name]) { Write-PSFMessage -Level Host -FunctionName "Invoke-AzurePIMroleManagement" -String "AzurePIM.StartingInvokeForResource" -StringValues $resourceType.Name & $resourceType.Value["invokeFunction"] -Cmdlet $PSCmdlet } } } end { } } |