Set-IpsCredentials.ps1
|
<# .SYNOPSIS Update a credential in a customer's credential wallet. .DESCRIPTION Updates a credential in a customer's credential wallet. .PARAMETER CustomerId Specifies the customer id of the Citrix customer running this command. .PARAMETER SecureClientId Specifies the client id of the Citrix customer's API client. .PARAMETER SecureSecret Specifies the client secret of the Citrix customer's API client. .PARAMETER CredentialId Specifies the id of the credential being updated. .PARAMETER CredentialType Specifies the type of the credential being updated. .PARAMETER AwsKey Specifies the AWS secret access key when creating an 'Aws' credential. .PARAMETER AwsKeyId Specifies the AWS access key id when creating an 'Aws' credential. .PARAMETER AwsSessionToken Specifies an AWS temporary credential session token when creating an 'Aws' credential. .PARAMETER AzureTenantId Specifies the Azure user or service principal tenant id when creating an 'Azure' credential. .PARAMETER AzureClientId Specifies the Azure user or service principal client id when creating an 'Azure' credential. .PARAMETER AzureSecret Specifies the Azure user or service principal secret when creating an 'Azure' credential. .PARAMETER GcpServiceAccountKeyFile Specifies the name of a file containing the service account key when creating a 'Gcp' credential. .PARAMETER UserDomain Specifies the user account domain when creating a 'UsernamePassword' credential. .PARAMETER UserName Specifies the user account name when creating a 'UsernamePassword' credential. .PARAMETER UserPassword Specifies the user account password when creating a 'UsernamePassword' credential. .PARAMETER Deployment Specifies the service address to send the job request to. It defaults to api.layering.cloud.com. This can be used if necessary to send the request to a geo specific deployment such as api.eu.layering.cloud.com. .PARAMETER LogFileDir Specifies the path to the file to log to. The local directory is the default. .PARAMETER LogFileName Specifies the name of the file to log to. .PARAMETER OverwriteLog If specified the log file is overwritten otherwise it is appended to. .INPUTS None. .OUTPUTS None. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Aws' CredentialId = 'example-aws-credential' AwsKey = 'ASIAIOSFODNN7EXAMPLE' AwsKeyId = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' } PS> Set-IpsCredentials @CredParams Update a 'Aws' credential. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Azure' CredentialId = 'example-azure-credential' AzureTenantId = '0a3f5021-4135-40b6-a3f8-3eac08e7f279' AzureClientId = 'a431afd8-b5c8-4331-b930-ad419c52a302' AzureSecret = 'b9P4PQ~zb3XJAMOKzlrZayDcOZ2k5QAexample' } PS> Set-IpsCredentials @CredParams Update a 'Azure' credential. .EXAMPLE PS> Get-Content gcp-sa-key.json { "type": "service_account", "project_id": "ipsexample", "private_key_id": "af94daab30a19cea7578c689651003a16example", ... "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ipsexample%40ipsexample.iam.gserviceaccount.com" } PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'Gcp' CredentialId = 'example-gcp-credential' GcpServiceAccountKeyFile = 'gcp-sa-key.json' } PS> Set-IpsCredentials @CredParams Update a 'Gcp' credential. .EXAMPLE PS> $CredParams = @{ CustomerId = 'a7f4wb1example' SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395' SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe' CredentialType = 'UsernamePassword' CredentialId = 'example-user-credential' UserDomain = 'example' UserName = 'user1' UserPassword = 'vJahrX%example' } PS> Set-IpsCredentials @CredParams Update a 'UsernamePassword' credential. #> Function Set-IpsCredentials { [CmdletBinding()] Param( # Citrix Cloud customer id. [Parameter(Mandatory = $true)] [string]$CustomerId, [Parameter(Mandatory = $false)] [string]$SecureClientId, [Parameter(Mandatory = $false)] [string]$SecureSecret, [Parameter(Mandatory = $true)] [string]$CredentialId, [Parameter(Mandatory = $true)] [ValidateSet("Aws", "Azure", "Gcp", "UsernamePassword")] [string]$CredentialType, # AWS credentials to update an Aws Credential Wallet entry with. [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKey, [Parameter(Mandatory = $true, ParameterSetName = 'Aws')] [string]$AwsKeyId, [Parameter(Mandatory = $false, ParameterSetName = 'Aws')] [string]$AwsSessionToken, # Azure credentials to update an Azure Credential Wallet entry with. [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureTenantId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureClientId, [Parameter(Mandatory = $true, ParameterSetName = 'Azure')] [string]$AzureSecret, # GCP JSON credentials file to update an GCP Credential Wallet entry with. [Parameter(Mandatory = $true, ParameterSetName = 'Gcp')] [string]$GcpServiceAccountKeyFile, # SMB, XenServer or vSphere Credentials. [Parameter(Mandatory = $false, ParameterSetName = 'UsernamePassword')] [string]$UserDomain, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserName, [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')] [string]$UserPassword, [Parameter(Mandatory = $false)] [string]$LogFileDir, [Parameter(Mandatory = $false)] [string]$LogFileName = 'Credentials.log', [Parameter(Mandatory = $false)] [string]$Deployment, [Parameter(Mandatory = $false)] [switch]$OverwriteLog ) Begin { Add-PSSnapin Citrix.* } Process { # Initialize Logger # Set parameter 'Verbose' by internal parameter 'VerbosePreference', since the option -Verbose is occupied by powershell cmdlet if ($VerbosePreference -eq 'Continue') { $Verbose = $True } else { $Verbose = $False } LogInit $null $LogFileDir $LogFileName $OverwriteLog $Verbose VersionCheck $Deployment $CustomerId # Check Credential Type if ($PSCmdlet.ParameterSetName -ne $CredentialType) { LogFatal "CredentialType $CredentialType does not match the type of selected parameter set $PSCmdlet.ParameterSetName" } try { # Authenticate to Citrix Cloud $parameters = AuthToCitrixCloud $CustomerId $SecureClientId $SecureSecret if ([string]::IsNullOrWhiteSpace($SecureClientId) -Or [string]::IsNullOrWhiteSpace($SecureSecret)) { $SecureClientId = $parameters.ApiKey $SecureSecret = $parameters.SecretKey } } catch { LogFatal "Failed to authenticate to Citrix Cloud" } # Update Credential Data switch ($CredentialType) { 'Aws' { $credentialData = @{ key = $AwsKey keyId = $AwsKeyId sessionToken = $AwsSessionToken } } 'Azure' { $credentialData = @{ tenantId = $AzureTenantId clientId = $AzureClientId clientSecret = $AzureSecret } } 'Gcp' { $gcpJson = Get-Content -Raw -Path $GcpServiceAccountKeyFile | ConvertFrom-Json $credentialData = @{ serviceAccountKey = $gcpJson } } 'UsernamePassword' { $credentialData = @{ username = $UserName password = $UserPassword } if (-not [string]::IsNullOrWhiteSpace($UserDomain)) { $credentialData['domain'] = $UserDomain } } } # Convert the object to JSON to use in the PUT body (Note: Default depth is 2 when serializing) $json = $credentialData | ConvertTo-Json -Depth 10 # Send the PUT try { LogIt "Updating $CredentialType credential $CredentialId" $response = Invoke-CCRestMethod 'Put' $Deployment "credentials/$CredentialId" $CustomerId $SecureClientId $SecureSecret @{} $json LogIt "Updated credential id $CredentialId" } catch { LogFatal "Failed to update credentials: $_" } } } |