New-IpsCredentials.ps1
|
<# .SYNOPSIS Create a new credential in a customer's credential wallet. .DESCRIPTION Creates a new credential in a customer's credential wallet. .PARAMETER CustomerId Specifies the customer id of the Citrix customer running this command. .PARAMETER SecureClientId Specifies the client id of the Citrix customer's API client. .PARAMETER SecureSecret Specifies the client secret of the Citrix customer's API client. .PARAMETER CredentialId Specifies the id for the created credential. .PARAMETER CredentialType Specifies the type of credential to create. This must be one of 'Aws', 'Azure', 'Gcp', or 'UsernamePassword'. .PARAMETER AwsKey Specifies the AWS secret access key when creating an 'Aws' credential. .PARAMETER AwsKeyId Specifies the AWS access key id when creating an 'Aws' credential. .PARAMETER AwsSessionToken Specifies an AWS temporary credential session token when creating an 'Aws' credential. .PARAMETER AzureTenantId Specifies the Azure user or service principal tenant id when creating an 'Azure' credential. .PARAMETER AzureClientId Specifies the Azure user or service principal client id when creating an 'Azure' credential. .PARAMETER AzureSecret Specifies the Azure user or service principal secret when creating an 'Azure' credential. .PARAMETER GcpServiceAccountKeyFile Specifies the name of a file containing the service account key when creating a 'Gcp' credential. .PARAMETER UserDomain Specifies the user account domain when creating a 'UsernamePassword' credential. .PARAMETER UserName Specifies the user account name when creating a 'UsernamePassword' credential. .PARAMETER UserPassword Specifies the user account password when creating a 'UsernamePassword' credential. .PARAMETER Deployment Specifies the service address to send the job request to. It defaults to api.layering.cloud.com. This can be used if necessary to send the request to a geo specific deployment such as api.eu.layering.cloud.com. .PARAMETER LogFileDir Specifies the path to the file to log to. The local directory is the default. .PARAMETER LogFileName Specifies the name of the file to log to. .PARAMETER OverwriteLog If specified the log file is overwritten otherwise it is appended to. .INPUTS None. .OUTPUTS string. The credential id. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Aws' CredentialId = 'example-aws-credential' AwsKey = 'ASIAIOSFODNN7EXAMPLE' AwsKeyId = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' } PS> New-IpsCredentials @CredParams Create a 'Aws' credential. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Azure' CredentialId = 'example-azure-credential' AzureTenantId = '0a3f5021-4135-40b6-a3f8-3eac08e7f279' AzureClientId = 'a431afd8-b5c8-4331-b930-ad419c52a302' AzureSecret = 'b9P4PQ~zb3XJAMOKzlrZayDcOZ2k5QAexample' } PS> New-IpsCredentials @CredParams Create a 'Azure' credential. .EXAMPLE PS> Get-Content gcp-sa-key.json { "type": "service_account", "project_id": "ipsexample", "private_key_id": "af94daab30a19cea7578c689651003a16example", ... "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ipsexample%40ipsexample.iam.gserviceaccount.com" } PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Gcp' CredentialId = 'example-gcp-credential' GcpServiceAccountKeyFile = 'gcp-sa-key.json' } PS> New-IpsCredentials @CredParams Create a 'Gcp' credential. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'UsernamePassword' CredentialId = 'example-user-credential' UserDomain = 'example' UserName = 'user1' UserPassword = 'vJahrX%example' } PS> New-IpsCredentials @CredParams Create a 'UsernamePassword' credential. #> Function New-IpsCredentials { [CmdletBinding()] Param( # Citrix Cloud customer id. [Parameter(Mandatory = $true)] [string]$CustomerId, [Parameter(Mandatory = $false)] [string]$SecureClientId, [Parameter(Mandatory = $false)] [string]$SecureSecret, [Parameter(Mandatory = $true)] [string]$CredentialId, [Parameter(Mandatory = $true)] [ValidateSet("Aws", "Azure", "Gcp", "UsernamePassword")] [string]$CredentialType, # AWS credentials to create an Aws Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKey, [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKeyId, [Parameter(Mandatory = $false, ParameterSetName = 'Aws')] [string]$AwsSessionToken, # Azure credentials to create an Azure Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureTenantId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureClientId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureSecret, # GCP JSON credentials file to create an GCP Credential Wallet entry from. [Parameter(Mandatory = $true, ParameterSetName = 'Gcp')] [string]$GcpServiceAccountKeyFile, # SMB, XenServer or vSphere Credentials. [Parameter(Mandatory = $false, ParameterSetName = 'UsernamePassword')] [string]$UserDomain, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserName, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserPassword, [Parameter(Mandatory = $false)] [string]$LogFileDir, [Parameter(Mandatory = $false)] [string]$LogFileName = 'Credentials.log', [Parameter(Mandatory = $false)] [string]$Deployment, [Parameter(Mandatory = $false)] [switch]$OverwriteLog ) Begin { Add-PSSnapin Citrix.* } Process { # Initialize Logger # Set parameter 'Verbose' by internal parameter 'VerbosePreference', since the option -Verbose is occupied by powershell cmdlet if ($VerbosePreference -eq 'Continue') { $Verbose = $True } else { $Verbose = $False } LogInit $null $LogFileDir $LogFileName $OverwriteLog $Verbose VersionCheck $Deployment $CustomerId # Check Credential Type if ($PSCmdlet.ParameterSetName -ne $CredentialType) { LogFatal "CredentialType $CredentialType does not match the type of selected parameter set $PSCmdlet.ParameterSetName" } try { # Authenticate to Citrix Cloud $parameters = AuthToCitrixCloud $CustomerId $SecureClientId $SecureSecret if ([string]::IsNullOrWhiteSpace($SecureClientId) -Or [string]::IsNullOrWhiteSpace($SecureSecret)) { $SecureClientId = $parameters.ApiKey $SecureSecret = $parameters.SecretKey } } catch { LogFatal "Failed to authenticate to Citrix Cloud" } # Create Credential switch ($CredentialType) { 'Aws' { $credentialCreate = @{ id = $CredentialId type = $CredentialType key = $AwsKey keyId = $AwsKeyId sessionToken = $AwsSessionToken } } 'Azure' { $credentialCreate = @{ id = $CredentialId type = $CredentialType tenantId = $AzureTenantId clientId = $AzureClientId clientSecret = $AzureSecret } } 'Gcp' { $gcpJson = Get-Content -Raw -Path $GcpServiceAccountKeyFile | ConvertFrom-Json $credentialCreate = @{ id = $CredentialId type = $CredentialType serviceAccountKey = $gcpJson } } 'Usernamepassword' { $credentialCreate = @{ id = $CredentialId type = $CredentialType username = $UserName password = $UserPassword } if (-not [string]::IsNullOrWhiteSpace($UserDomain)) { $credentialCreate['domain'] = $UserDomain } } } # Convert the object to JSON to use in the POST body (Note: Default depth is 2 when serializing) $json = $credentialCreate | ConvertTo-Json -Depth 10 # Send the POST try { LogIt "Creating new $CredentialType credential $CredentialId" $response = Invoke-CCRestMethod 'Post' $Deployment 'credentials' $CustomerId $SecureClientId $SecureSecret @{} $json $credentialId = $response.id LogIt "Created credential id $credentialId for name $CredentialId" Write-Output $CredentialId } catch { LogFatal "Failed to create credentials: $_" } } } |