fmt

0.6.3

Public/Test-FMTFlexVnetRole.ps1

                                function Test-FMTFlexVnetRole {

    param(

        [parameter()]

        [string] $name

    )

    $actions = @(

        "Microsoft.Network/loadBalancers/read"

        "Microsoft.Network/loadBalancers/write"

        "Microsoft.Network/loadBalancers/delete"

        "Microsoft.Network/loadBalancers/backendAddressPools/read"

        "Microsoft.Network/loadBalancers/backendAddressPools/write"

        "Microsoft.Network/loadBalancers/backendAddressPools/delete"

        "Microsoft.Network/loadBalancers/backendAddressPools/join/action"

        "Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read"

        "Microsoft.Network/loadBalancers/frontendIPConfigurations/read"

        "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action"

        "Microsoft.Network/virtualNetworks/read"

        "Microsoft.Network/virtualNetworks/write"

        "Microsoft.Network/virtualNetworks/joinLoadBalancer/action"

        "Microsoft.Network/virtualNetworks/join/action"

        "Microsoft.Network/virtualNetworks/peer/action"

        "Microsoft.Network/virtualNetworks/subnets/read"

        "Microsoft.Network/virtualNetworks/subnets/write"

        "Microsoft.Network/virtualNetworks/subnets/delete"

        "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action"

        "Microsoft.Network/virtualNetworks/subnets/join/action"

        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"

        "Microsoft.Network/networkSecurityGroups/read"

        "Microsoft.Network/networkSecurityGroups/write"

        "Microsoft.Network/networkSecurityGroups/delete"

        "Microsoft.Network/networkSecurityGroups/join/action"

        "Microsoft.Network/networkInterfaces/read"

        "Microsoft.Network/networkInterfaces/write"

        "Microsoft.Network/networkInterfaces/join/action"

        "Microsoft.Network/networkInterfaces/delete"

        "Microsoft.Network/networkInterfaces/effectiveRouteTable/action"

        "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action" 

    )

    $role = Get-AzRoleDefinition -Name $name

    if ($role.Actions -ne '*') {

        $missing = @()

        foreach ($i in $actions) {

            $actionCheck = $role.Actions | Where-Object {$_ -eq $i}

            if (!$actionCheck) {

                $missing += $i

            }

        }

        if ($missing) {

            $message = 'The following required actions ar absent from the role:'

            $message

            $missing

        } else {

            return 'All role action requirements are met'

        }

    } else {

            return 'All role action requirements are met'

        }

}