rbac-roles-generator

create-rbac-lib.ps1

param (
    [string]$Description = "Provides a mapping with friendly names resolving to build in Azure RBAC Role Ids. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for reference.",
    [string]$OutputFileUri = "$PSScriptRoot/azureBuildInRbacRoleIds.bicep",
    [string]$ExportVariableName = "azureBuildInRbacRoleIds"
)
$prefix = @"
@export()
@description('$Description')
var $ExportVariableName = {
"@
$suffix = "}"
$definitions = Get-AzRoleDefinition | `
    Select-Object -Property Id, @{Label = "Name"; Expression = { $_.Name -replace '[.,-/()_ ]', '' } } | `
    Sort-Object -Property Name
$sb = New-Object -TypeName "System.Text.StringBuilder"
$spacer = New-Object -TypeName "System.String" -ArgumentList ' ', 4
[void]$sb.AppendLine($prefix)
foreach ($role in $definitions) {
    [void]$sb.AppendFormat("{0}{1}: '{2}'{3}", `
            $spacer, `
            $role.Name, `
            $role.Id, `
            [System.Environment]::NewLine)
}
[void]$sb.AppendLine($suffix)
$sb.ToString() | Set-Content $OutputFileUri
Write-Host "$(($definitions | Measure-Object).Count) RBAC roles detected and written to $($OutputFileUri)."
Write-Host "Usage: import { $ExportVariableName } from $OutputFileUri"

Uaage

1. Store this file locally. Lets say you named it create.ps1.
2. Ensure that Get-InstalledPsResource Az returns something.
3. Ensure that your posh-session is authenticated in Azure (Connect-AzAccount).
4. Execute ./create.ps1.
5. A new file ./rbac.bicep is created in the same directory as your script.

You can change the behavior by overriding the Bicep-description, the result file name and location and the name of the exported variable.