Private/Set-KeyVaultPermissionsForScaleSet.ps1
|
function Global:Set-KeyVaultPermissionsForScaleSet { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string] $ResourceGroupName, [Parameter(Mandatory = $true)] [string] $KeyVaultName, [Parameter(Mandatory = $true)] [string] $ScaleSetName ) process { Write-CustomHost -Message "Setting KeyVault policies for $ScaleSetName on $KeyVaultName ..." $VMSS = Get-AzVmss -ResourceGroupName $ResourceGroupName -VMScaleSetName $ScaleSetName -ErrorAction SilentlyContinue if (-not($VMSS)){ Write-CustomHost -Message "Scale Set $ScaleSetName does not exists. Stopping here." return } $keyVault = Get-AzKeyVault -ResourceGroupName $ResourceGroupName -VaultName $KeyVaultName -ErrorAction SilentlyContinue if (-not($keyVault)) { Write-CustomHost -Message "KeyVault $KeyVaultName does not exists. Stopping here." return } Set-AzKeyVaultAccessPolicy -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName -ObjectId $VMSS.Identity.PrincipalId -PermissionsToKeys get,list -PermissionsToSecrets get,list Write-CustomHost -Message "Done." } } |