Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
singhgss committed Nov 17, 2023
1 parent 6ceb9d0 commit 0d12e24
Showing 1 changed file with 8 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -182,9 +182,9 @@ Function Confirm-GSAPrerequisites {
$uri = 'https://management.azure.com/providers/Microsoft.Management/managementGroups/{0}/providers/Microsoft.Authorization/roleAssignments/{1}?&api-version=2015-07-01' -f $lighthouseTargetManagementGroupID, '2cb8e1b1-fcf1-439e-bab7-b1b8b008c294'
$roleAssignments = Invoke-AzRestMethod -Uri $uri -Method GET | Select-Object -Expand Content | ConvertFrom-Json
If ($roleAssignments.id) {
Write-Verbose "role assignment: $(($roleAssignments).id)"
Write-Verbose "role assignment: '$roleAssignments.id'"
Write-Verbose "Removing role assignment: $(($roleAssignments).id)"
Remove-AzRoleAssignment -RoleDefinitionName '2cb8e1b1-fcf1-439e-bab7-b1b8b008c294'
Remove-AzRoleAssignment -RoleDefinitionName '2cb8e1b1-fcf1-439e-bab7-b1b8b008c294' -ObjectId $roleAssignments.id

# Write-Error "A role assignment exists with the name '2cb8e1b1-fcf1-439e-bab7-b1b8b008c294' at the Management group '$lighthouseTargetManagementGroupID'. This was likely
# created by a previous Guardrails deployment and must be removed. Navigate to the Managment Group in the Portal and delete the Owner role assignment listed as 'Identity Not Found'"
Expand All @@ -198,10 +198,12 @@ Function Confirm-GSAPrerequisites {

Write-Verbose "Found '$($roleDef.count)' role definitions with name 'Custom-RegisterLighthouseResourceProvider'. Verifying assignable scopes includes '$targetAssignableScope'"
If ($roleDef -and $roleDef.AssignableScopes -notcontains $targetAssignableScope) {
# Remove-AzRoleDefinition -Id "52a6cc13-ff92-47a8-a39b-2a8205c3087e"
Write-Error "Role definition name 'Custom-RegisterLighthouseResourceProvider' already exists and has an assignable scope of '$($roleDef.AssignableScopes)'. Assignable scopes
should include '$targetAssignableScope'. Delete the role definition (and any assignments) and run the script again."
Exit
Write-Verbose "Removing role definition with name 'Custom-RegisterLighthouseResourceProvider'"
Remove-AzRoleDefinition $roleDef
# # Remove-AzRoleDefinition -Id "52a6cc13-ff92-47a8-a39b-2a8205c3087e"
# Write-Error "Role definition name 'Custom-RegisterLighthouseResourceProvider' already exists and has an assignable scope of '$($roleDef.AssignableScopes)'. Assignable scopes
# should include '$targetAssignableScope'. Delete the role definition (and any assignments) and run the script again."
# Exit
}

# check if a lighthouse Azure Automation MSI role assignment to register the Lighthouse resource provider already exists - assignment name always 5de3f84b-8866-4432-8811-24859ccf8146
Expand Down

0 comments on commit 0d12e24

Please sign in to comment.