New-IpsCredentials.ps1

<#
.SYNOPSIS
Create a new credential in a customer's credential wallet.

.DESCRIPTION
Creates a new credential in a customer's credential wallet.

.PARAMETER CustomerId
Specifies the customer id of the Citrix customer running this command.

.PARAMETER SecureClientId
Specifies the client id of the Citrix customer's API client.

.PARAMETER SecureSecret
Specifies the client secret of the Citrix customer's API client.

.PARAMETER CredentialId
Specifies the id for the created credential.

.PARAMETER CredentialType
Specifies the type of credential to create. This must be one of 'Aws', 'Azure', 'Gcp', or 'UsernamePassword'.

.PARAMETER AwsKey
Specifies the AWS secret access key when creating an 'Aws' credential.

.PARAMETER AwsKeyId
Specifies the AWS access key id when creating an 'Aws' credential.

.PARAMETER AwsSessionToken
Specifies an AWS temporary credential session token when creating an 'Aws' credential.

.PARAMETER AzureTenantId
Specifies the Azure user or service principal tenant id when creating an 'Azure' credential.

.PARAMETER AzureClientId
Specifies the Azure user or service principal client id when creating an 'Azure' credential.

.PARAMETER AzureSecret
Specifies the Azure user or service principal secret when creating an 'Azure' credential.

.PARAMETER GcpServiceAccountKeyFile
Specifies the name of a file containing the service account key when creating a 'Gcp' credential.

.PARAMETER UserDomain
Specifies the user account domain when creating a 'UsernamePassword' credential.

.PARAMETER UserName
Specifies the user account name when creating a 'UsernamePassword' credential.

.PARAMETER UserPassword
Specifies the user account password when creating a 'UsernamePassword' credential.

.PARAMETER Deployment
Specifies the service address to send the job request to. It defaults to api.layering.cloud.com. This can be used if necessary to send the request to a geo specific deployment such as api.eu.layering.cloud.com.

.PARAMETER LogFileDir
Specifies the path to the file to log to. The local directory is the default.

.PARAMETER LogFileName
Specifies the name of the file to log to.

.PARAMETER OverwriteLog
If specified the log file is overwritten otherwise it is appended to.

.INPUTS
None.

.OUTPUTS
string. The credential id.

.EXAMPLE
PS> $CredParams = @{
    CustomerId = 'a7f4wb1example'
    SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
    SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
    CredentialType = 'Aws'
    CredentialId = 'example-aws-credential'
    AwsKey = 'ASIAIOSFODNN7EXAMPLE'
    AwsKeyId = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
}
PS> New-IpsCredentials @CredParams

Create a 'Aws' credential.

.EXAMPLE
PS> $CredParams = @{
    CustomerId = 'a7f4wb1example'
    SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
    SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
    CredentialType = 'Azure'
    CredentialId = 'example-azure-credential'
    AzureTenantId = '0a3f5021-4135-40b6-a3f8-3eac08e7f279'
    AzureClientId = 'a431afd8-b5c8-4331-b930-ad419c52a302'
    AzureSecret = 'b9P4PQ~zb3XJAMOKzlrZayDcOZ2k5QAexample'
}
PS> New-IpsCredentials @CredParams

Create a 'Azure' credential.

.EXAMPLE
PS> Get-Content gcp-sa-key.json
{
  "type": "service_account",
  "project_id": "ipsexample",
  "private_key_id": "af94daab30a19cea7578c689651003a16example",
  ...
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ipsexample%40ipsexample.iam.gserviceaccount.com"
}
PS> $CredParams = @{
        CustomerId = 'a7f4wb1example'
        SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
        SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
        CredentialType = 'Gcp'
        CredentialId = 'example-gcp-credential'
        GcpServiceAccountKeyFile = 'gcp-sa-key.json'
    }
PS> New-IpsCredentials @CredParams

Create a 'Gcp' credential.

.EXAMPLE
PS> $CredParams = @{
        CustomerId = 'a7f4wb1example'
        SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
        SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
        CredentialType = 'UsernamePassword'
        CredentialId = 'example-user-credential'
        UserDomain = 'example'
        UserName = 'user1'
        UserPassword = 'vJahrX%example'
    }
PS> New-IpsCredentials @CredParams

Create a 'UsernamePassword' credential.
#>


Function New-IpsCredentials
{
    [CmdletBinding()]
    Param(
        # Citrix Cloud customer id.
        [Parameter(Mandatory = $true)]
        [string]$CustomerId,
        [Parameter(Mandatory = $false)]
        [string]$SecureClientId,
        [Parameter(Mandatory = $false)]
        [string]$SecureSecret,
        [Parameter(Mandatory = $true)]
        [string]$CredentialId,
        [Parameter(Mandatory = $true)]
        [ValidateSet("Aws", "Azure", "Gcp", "UsernamePassword")]
        [string]$CredentialType,
        # AWS credentials to create an Aws Credential Wallet entry from.
        [Parameter(Mandatory = $true, ParameterSetName = 'Aws')]
        [string]$AwsKey,
        [Parameter(Mandatory = $true, ParameterSetName = 'Aws')]
        [string]$AwsKeyId,
        [Parameter(Mandatory = $false, ParameterSetName = 'Aws')]
        [string]$AwsSessionToken,
        # Azure credentials to create an Azure Credential Wallet entry from.
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureTenantId,
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureClientId,
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureSecret,
        # GCP JSON credentials file to create an GCP Credential Wallet entry from.
        [Parameter(Mandatory = $true, ParameterSetName = 'Gcp')]
        [string]$GcpServiceAccountKeyFile,
        # SMB, XenServer or vSphere Credentials.
        [Parameter(Mandatory = $false, ParameterSetName = 'UsernamePassword')]
        [string]$UserDomain,
        [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')]
        [string]$UserName,
        [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')]
        [string]$UserPassword,
        [Parameter(Mandatory = $false)]
        [string]$LogFileDir,
        [Parameter(Mandatory = $false)]
        [string]$LogFileName = 'Credentials.log',
        [Parameter(Mandatory = $false)]
        [string]$Deployment,
        [Parameter(Mandatory = $false)]
        [switch]$OverwriteLog
    )
    Begin
    {
        Add-PSSnapin Citrix.*
    }
    Process
    {
        # Initialize Logger
        # Set parameter 'Verbose' by internal parameter 'VerbosePreference', since the option -Verbose is occupied by powershell cmdlet
        if ($VerbosePreference -eq 'Continue')
        {
            $Verbose = $True
        } else {
            $Verbose = $False
        }
        LogInit $LogFileDir $LogFileName $OverwriteLog $Verbose
        # Check Credential Type
        if ($PSCmdlet.ParameterSetName -ne $CredentialType) {
            LogFatal "CredentialType $CredentialType does not match the type of selected parameter set $PSCmdlet.ParameterSetName"
        }

        try {
            # Authenticate to Citrix Cloud
            $parameters = AuthToCitrixCloud $CustomerId $SecureClientId $SecureSecret
            if ([string]::IsNullOrWhiteSpace($SecureClientId) -Or [string]::IsNullOrWhiteSpace($SecureSecret)) {
                $SecureClientId = $parameters.ApiKey
                $SecureSecret = $parameters.SecretKey
            }
        }
        catch {
            LogFatal "Failed to authenticate to Citrix Cloud"
        }

        # Create Credential
        switch ($CredentialType)
        {
            'Aws' {
                $credentialCreate = @{
                    id   = $CredentialId
                    type = $CredentialType
                    key = $AwsKey
                    keyId = $AwsKeyId
                    sessionToken = $AwsSessionToken
                }
            }
            'Azure' {
                $credentialCreate = @{
                    id   = $CredentialId
                    type = $CredentialType
                    tenantId = $AzureTenantId
                    clientId = $AzureClientId
                    clientSecret = $AzureSecret
                }
            }
            'Gcp' {
                $gcpJson = Get-Content -Raw -Path $GcpServiceAccountKeyFile | ConvertFrom-Json
                $credentialCreate = @{
                    id   = $CredentialId
                    type = $CredentialType
                    serviceAccountKey = $gcpJson
                }
            }
            'Usernamepassword' {
                $credentialCreate = @{
                    id   = $CredentialId
                    type = $CredentialType
                    username = $UserName
                    password = $UserPassword
                }
                if (-not [string]::IsNullOrWhiteSpace($UserDomain))
                {
                    $credentialCreate['domain'] = $UserDomain
                }
            }
        }

        # Convert the object to JSON to use in the POST body (Note: Default depth is 2 when serializing)
        $json = $credentialCreate | ConvertTo-Json -Depth 10
        # Send the POST
        try {
            LogIt "Creating new $CredentialType credential $CredentialId"
            $response = Invoke-CCRestMethod 'Post' $Deployment 'credentials' $CustomerId $SecureClientId $SecureSecret @{} $json
            $credentialId = $response.id
            LogIt "Created credential id $credentialId for name $CredentialId"
            Write-Output $CredentialId
        }
        catch {
            LogFatal "Failed to create credentials: $_"
        }
    }
}