New-IpsCredentials.ps1
|
<# .Synopsis Create new credential in customer's credential wallet. .Description Create new credential in customer's credential wallet. This function supports Creating different types of credential in customer's credential wallet. #> Function New-IpsCredentials { [CmdletBinding()] Param( # Citrix Cloud customer id. [Parameter(Mandatory = $true)] [string]$CustomerId, # Credential type of target platform. [Parameter(Mandatory = $true)] [ValidateSet("Azure", "Gcp", "UsernamePassword", "Aws")] [string]$CredentialType, [Parameter(Mandatory = $false)] [string]$SecureClientId = "", [Parameter(Mandatory = $false)] [string]$SecureSecret = "", [Parameter(Mandatory = $true)] [string]$CredentialId, # Aws credentials to create an Aws Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKey, [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKeyId, [Parameter(Mandatory = $false, ParameterSetName = 'Aws')] [string]$AwsSessionToken, # Azure credentials to create an Azure Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureTenantId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureClientId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureSecret, # GCP JSON credentials file to create an GCP Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Gcp')] [string]$GcpServiceAccountKeyFile, # SMB or vSphere Credentials. [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserDomain, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserName, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserPassword, [Parameter(Mandatory = $false)] [string]$LogFileDir = "", [Parameter(Mandatory = $false)] [string]$LogFileName = 'Credentials.log', [Parameter(Mandatory = $false)] [string]$Deployment, [Parameter(Mandatory = $false)] [switch]$OverwriteLog ) Begin { Add-PSSnapin Citrix.* } Process { # Initialize Logger # Set parameter 'Verbose' by internal parameter 'VerbosePreference', since the option -Verbose is occupied by powershell cmdlet if ($VerbosePreference -eq 'Continue') { $Verbose = $True } else { $Verbose = $False } LogInit $LogFileDir $LogFileName $OverwriteLog $Verbose # Check Credential Type if ($PSCmdlet.ParameterSetName -ne $CredentialType) { LogFatal "CredentialType $CredentialType does not match the type of selected parameter set $PSCmdlet.ParameterSetName" } try { # Authenticate to Citrix Cloud $parameters = AuthToCitrixCloud $CustomerId $SecureClientId $SecureSecret if ([string]::IsNullOrWhiteSpace($SecureClientId) -Or [string]::IsNullOrWhiteSpace($SecureSecret)) { $SecureClientId = $parameters.ApiKey $SecureSecret = $parameters.SecretKey } } catch { LogFatal "Failed to authenticate to Citrix Cloud" } # Create Credential switch ($CredentialType) { 'Aws' { $credentialCreate = @{ id = $CredentialId type = $CredentialType key = $AwsKey keyId = $AwsKeyId sessionToken = $AwsSessionToken } } 'Azure' { $credentialCreate = @{ id = $CredentialId type = $CredentialType tenantId = $AzureTenantId clientId = $AzureClientId clientSecret = $AzureSecret } } 'Gcp' { $gcpJson = Get-Content -Raw -Path $GcpServiceAccountKeyFile | ConvertFrom-Json $credentialCreate = @{ id = $CredentialId type = $CredentialType serviceAccountKey = $gcpJson } } 'Usernamepassword' { $credentialCreate = @{ id = $CredentialId type = $CredentialType domain = $UserDomain username = $UserName password = $UserPassword } } } # Convert the object to JSON to use in the POST body (Note: Default depth is 2 when serializing) $json = $credentialCreate | ConvertTo-Json -Depth 10 # Send the POST try { LogIt "Creating new $CredentialType credential $CredentialId" $response = Invoke-CCRestMethod 'Post' $Deployment 'credentials' $CustomerId $SecureClientId $SecureSecret @{} $json $credentialId = $response.id LogIt "Created credential id $credentialId for name $CredentialId" } catch { LogFatal "Failed to create credentials: $_" } } } |