-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Expand file tree
/
Copy pathNew-AzManagedServicesEligibleAuthorizationObject.ps1
More file actions
75 lines (67 loc) · 4.23 KB
/
New-AzManagedServicesEligibleAuthorizationObject.ps1
File metadata and controls
75 lines (67 loc) · 4.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# ----------------------------------------------------------------------------------
#
# Copyright Microsoft Corporation
# Licensed under the Apache License, Version 2.0 (the \"License\");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an \"AS IS\" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ----------------------------------------------------------------------------------
<#
.Synopsis
Create a in-memory object for EligibleAuthorization
.Description
Create a in-memory object for EligibleAuthorization
.Outputs
Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Models.Api20200201Preview.EligibleAuthorization
.Link
https://learn.microsoft.com/powershell/module/az.ManagedServices/new-AzManagedServicesEligibleAuthorizationObject
#>
function New-AzManagedServicesEligibleAuthorizationObject {
[OutputType('Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Models.Api20200201Preview.EligibleAuthorization')]
[CmdletBinding(PositionalBinding=$false)]
Param(
[Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Runtime.ParameterBreakingChangeAttribute("JustInTimeAccessPolicyManagedByTenantApprover", "16.0.0", "9.0.0", "May 2026", OldParamaterType="Array", NewParameterType="List")]
[Parameter(HelpMessage="The list of managedByTenant approvers for the eligible authorization.")]
[Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Models.Api20200201Preview.IEligibleApprover[]]
$JustInTimeAccessPolicyManagedByTenantApprover,
[Parameter(HelpMessage="The maximum access duration in ISO 8601 format for just-in-time access requests.")]
[System.TimeSpan]
$JustInTimeAccessPolicyMaximumActivationDuration,
[Parameter(HelpMessage="The multi-factor authorization provider to be used for just-in-time access requests.")]
[Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Support.MultiFactorAuthProvider]
[ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Support.MultiFactorAuthProvider])]
$JustInTimeAccessPolicyMultiFactorAuthProvider,
[Parameter(Mandatory, HelpMessage="The identifier of the Azure Active Directory principal.")]
[string]
$PrincipalId,
[Parameter(HelpMessage="The display name of the Azure Active Directory principal.")]
[string]
$PrincipalIdDisplayName,
[Parameter(Mandatory, HelpMessage="The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope.")]
[string]
$RoleDefinitionId
)
process {
$Object = [Microsoft.Azure.PowerShell.Cmdlets.ManagedServices.Models.Api20200201Preview.EligibleAuthorization]::New()
$Object.JustInTimeAccessPolicyManagedByTenantApprover = $JustInTimeAccessPolicyManagedByTenantApprover
if ($PSBoundParameters.ContainsKey("JustInTimeAccessPolicyMaximumActivationDuration")) {
$Object.JustInTimeAccessPolicyMaximumActivationDuration = $JustInTimeAccessPolicyMaximumActivationDuration
} else {
$Object.JustInTimeAccessPolicyMaximumActivationDuration = New-TimeSpan -Hours 8
}
if ($PSBoundParameters.ContainsKey("JustInTimeAccessPolicyMultiFactorAuthProvider")) {
$Object.JustInTimeAccessPolicyMultiFactorAuthProvider = $JustInTimeAccessPolicyMultiFactorAuthProvider
} else {
$Object.JustInTimeAccessPolicyMultiFactorAuthProvider = 'None'
}
$Object.PrincipalId = $PrincipalId
$Object.PrincipalIdDisplayName = $PrincipalIdDisplayName
$Object.RoleDefinitionId = $RoleDefinitionId
return $Object
}
}