functions/public/New-PermissionRoleAuthorization.ps1

function New-PermissionRoleAuthorization {
    param (
        [Parameter(Mandatory = $true)] [string] $authUrl,
        [Parameter(Mandatory = $true)] [string] $roleId,
        [Parameter(Mandatory = $true)] [string] $roleName,
        [Parameter(Mandatory = $true)] $body,
        [Parameter(Mandatory = $true)] [string] $accessToken
    )

    $url = "$($authUrl.TrimEnd("/"))/roles/$roleId/permissions"

    if (!($body -is [string])) {
        $clientObject = $body
        $body = ConvertTo-Json $body
    }
    else {
        $clientObject = ConvertFrom-Json -InputObject $body
    }

    $headers = @{"Accept" = "application/json"}
    if ($accessToken) {
        $headers.Add("Authorization", "Bearer $accessToken")
    }

    # attempt to add
    try {
        $response = Invoke-RestMethod -Method Post -Uri ([System.Uri]::EscapeUriString($url)) -Body $body -ContentType "application/json" -Headers $headers
        Write-DosMessage -Level "Information" -Message """$($clientObject.name)"" permission associated with ""$($roleName)"" role"
        return $response
    }
    catch {
        $exception = $_.Exception
        if ((Assert-WebExceptionType -exception $exception -typeCode 409)) {
            Write-DosMessage -Level "Information" -Message """$($clientObject.name)"" permission already associated with ""$($roleName)"" role"
        }
        else {
            $error = "Unknown error attempting to post"
            $exception = $_.Exception
            if ($null -ne $exception -and $null -ne $exception.Response) {
                $error = Get-ErrorFromResponse -response $exception.Response
            }
            throw ( New-Object -TypeName "System.Net.WebException" "There was an error creating ""$($clientObject.name)"" permission to ""$($roleName)"" role association: $error, halting installation.", $exception)
        }
    }
}