Public/ResourceProviders/Microsoft.KeyVault/Add-ArmKeyVaultAccessPolicy.ps1
|
function Add-ArmKeyVaultAccessPolicy { [CmdletBinding(SupportsShouldProcess = $true)] [OutputType("KeyVault")] Param( [PSTypeName("KeyVault")] [Parameter(Mandatory, ValueFromPipeline)] $KeyVault, [string] $ObjectId, [string[]] [ValidateSet( "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover", "purge")] $KeysPermissions = @(), [string[]] [ValidateSet( "get", "list", "set", "delete", "backup", "restore", "recover", "purge")] $SecretsPermissions = @(), [string[]] [ValidateSet( "get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover", "purge")] $CertificatesPermissions = @() ) If ($PSCmdlet.ShouldProcess("Adding Key Vault access policy")) { $accessPolicyEntry = @{ tenantId = $KeyVault.properties.tenantId objectId = $ObjectId permissions = @{ keys = $KeysPermissions secrets = $SecretsPermissions certificates = $CertificatesPermissions storage = @() } } $KeyVault.properties.accessPolicies += $accessPolicyEntry return $KeyVault } } |