Set-IpsCredentials.ps1

<#
.SYNOPSIS
Update a credential in a customer's credential wallet.

.DESCRIPTION
Updates a credential in a customer's credential wallet.

.PARAMETER CustomerId
Specifies the customer id of the Citrix customer running this command.

.PARAMETER SecureClientId
Specifies the client id of the Citrix customer's API client.

.PARAMETER SecureSecret
Specifies the client secret of the Citrix customer's API client.

.PARAMETER CredentialId
Specifies the id of the credential being updated.

.PARAMETER CredentialType
Specifies the type of the credential being updated.

.PARAMETER AwsKey
Specifies the AWS secret access key when creating an 'Aws' credential.

.PARAMETER AwsKeyId
Specifies the AWS access key id when creating an 'Aws' credential.

.PARAMETER AwsSessionToken
Specifies an AWS temporary credential session token when creating an 'Aws' credential.

.PARAMETER AzureTenantId
Specifies the Azure user or service principal tenant id when creating an 'Azure' credential.

.PARAMETER AzureClientId
Specifies the Azure user or service principal client id when creating an 'Azure' credential.

.PARAMETER AzureSecret
Specifies the Azure user or service principal secret when creating an 'Azure' credential.

.PARAMETER GcpServiceAccountKeyFile
Specifies the name of a file containing the service account key when creating a 'Gcp' credential.

.PARAMETER UserDomain
Specifies the user account domain when creating a 'UsernamePassword' credential.

.PARAMETER UserName
Specifies the user account name when creating a 'UsernamePassword' credential.

.PARAMETER UserPassword
Specifies the user account password when creating a 'UsernamePassword' credential.

.PARAMETER Deployment
Specifies the service address to send the job request to. It defaults to api.layering.cloud.com. This can be used if necessary to send the request to a geo specific deployment such as api.eu.layering.cloud.com.

.PARAMETER LogFileDir
Specifies the path to the file to log to. The local directory is the default.

.PARAMETER LogFileName
Specifies the name of the file to log to.

.PARAMETER OverwriteLog
If specified the log file is overwritten otherwise it is appended to.

.INPUTS
None.

.OUTPUTS
None.

.EXAMPLE
PS> $CredParams = @{
    CustomerId = 'a7f4wb1example'
    SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
    SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
    CredentialType = 'Aws'
    CredentialId = 'example-aws-credential'
    AwsKey = 'ASIAIOSFODNN7EXAMPLE'
    AwsKeyId = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
}
PS> Set-IpsCredentials @CredParams

Update a 'Aws' credential.

.EXAMPLE
PS> $CredParams = @{
    CustomerId = 'a7f4wb1example'
    SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
    SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
    CredentialType = 'Azure'
    CredentialId = 'example-azure-credential'
    AzureTenantId = '0a3f5021-4135-40b6-a3f8-3eac08e7f279'
    AzureClientId = 'a431afd8-b5c8-4331-b930-ad419c52a302'
    AzureSecret = 'b9P4PQ~zb3XJAMOKzlrZayDcOZ2k5QAexample'
}
PS> Set-IpsCredentials @CredParams

Update a 'Azure' credential.

.EXAMPLE
PS> Get-Content gcp-sa-key.json
{
  "type": "service_account",
  "project_id": "ipsexample",
  "private_key_id": "af94daab30a19cea7578c689651003a16example",
  ...
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/ipsexample%40ipsexample.iam.gserviceaccount.com"
}
PS> $CredParams = @{
        CustomerId = 'a7f4wb1example'
        SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
        SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
        CredentialType = 'Gcp'
        CredentialId = 'example-gcp-credential'
        GcpServiceAccountKeyFile = 'gcp-sa-key.json'
    }
PS> Set-IpsCredentials @CredParams

Update a 'Gcp' credential.

.EXAMPLE
PS> $CredParams = @{
        CustomerId = 'a7f4wb1example'
        SecureClientId = '7fed2a1e-1495-46b7-8fd3-5644764af395'
        SecureSecret = '9T.3Q~MGlnB6NNgpNUUWrcquVzODrdGK~eXampLe'
        CredentialType = 'UsernamePassword'
        CredentialId = 'example-user-credential'
        UserDomain = 'example'
        UserName = 'user1'
        UserPassword = 'vJahrX%example'
    }
PS> Set-IpsCredentials @CredParams

Update a 'UsernamePassword' credential.
#>


Function Set-IpsCredentials
{
    [CmdletBinding()]
    Param(
        # Citrix Cloud customer id.
        [Parameter(Mandatory = $true)]
        [string]$CustomerId,
        [Parameter(Mandatory = $false)]
        [string]$SecureClientId,
        [Parameter(Mandatory = $false)]
        [string]$SecureSecret,
        [Parameter(Mandatory = $true)]
        [string]$CredentialId,
        [Parameter(Mandatory = $true)]
        [ValidateSet("Aws", "Azure", "Gcp", "UsernamePassword")]
        [string]$CredentialType,
        # AWS credentials to update an Aws Credential Wallet entry with.
        [Parameter(Mandatory = $true, ParameterSetName = 'Aws')]
        [string]$AwsKey,
        [Parameter(Mandatory = $true, ParameterSetName = 'Aws')]
        [string]$AwsKeyId,
        [Parameter(Mandatory = $false, ParameterSetName = 'Aws')]
        [string]$AwsSessionToken,
        # Azure credentials to update an Azure Credential Wallet entry with.
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureTenantId,
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureClientId,
        [Parameter(Mandatory = $true, ParameterSetName = 'Azure')]
        [string]$AzureSecret,
        # GCP JSON credentials file to update an GCP Credential Wallet entry with.
        [Parameter(Mandatory = $true, ParameterSetName = 'Gcp')]
        [string]$GcpServiceAccountKeyFile,
        # SMB, XenServer or vSphere Credentials.
        [Parameter(Mandatory = $false, ParameterSetName = 'UsernamePassword')]
        [string]$UserDomain,
        [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')]
        [string]$UserName,
        [Parameter(Mandatory = $true, ParameterSetName = 'UsernamePassword')]
        [string]$UserPassword,
        [Parameter(Mandatory = $false)]
        [string]$LogFileDir,
        [Parameter(Mandatory = $false)]
        [string]$LogFileName = 'Credentials.log',
        [Parameter(Mandatory = $false)]
        [string]$Deployment,
        [Parameter(Mandatory = $false)]
        [switch]$OverwriteLog
    )
    Begin
    {
        Add-PSSnapin Citrix.*
    }
    Process
    {
        # Initialize Logger
        # Set parameter 'Verbose' by internal parameter 'VerbosePreference', since the option -Verbose is occupied by powershell cmdlet
        if ($VerbosePreference -eq 'Continue')
        {
            $Verbose = $True
        } else {
            $Verbose = $False
        }
        LogInit $null $LogFileDir $LogFileName $OverwriteLog $Verbose

        VersionCheck $Deployment $CustomerId

        # Check Credential Type
        if ($PSCmdlet.ParameterSetName -ne $CredentialType) {
            LogFatal "CredentialType $CredentialType does not match the type of selected parameter set $PSCmdlet.ParameterSetName"
        }

        try {
            # Authenticate to Citrix Cloud
            $parameters = AuthToCitrixCloud $CustomerId $SecureClientId $SecureSecret
            if ([string]::IsNullOrWhiteSpace($SecureClientId) -Or [string]::IsNullOrWhiteSpace($SecureSecret)) {
                $SecureClientId = $parameters.ApiKey
                $SecureSecret = $parameters.SecretKey
            }
        }
        catch {
            LogFatal "Failed to authenticate to Citrix Cloud"
        }

        # Update Credential Data
        switch ($CredentialType)
        {
            'Aws' {
                $credentialData = @{
                    key = $AwsKey
                    keyId = $AwsKeyId
                    sessionToken = $AwsSessionToken
                }
            }
            'Azure' {
                $credentialData = @{
                    tenantId = $AzureTenantId
                    clientId = $AzureClientId
                    clientSecret = $AzureSecret
                }
            }
            'Gcp' {
                $gcpJson = Get-Content -Raw -Path $GcpServiceAccountKeyFile | ConvertFrom-Json
                $credentialData = @{
                    serviceAccountKey = $gcpJson
                }
            }
            'UsernamePassword' {
                $credentialData = @{
                    username = $UserName
                    password = $UserPassword
                }
                if (-not [string]::IsNullOrWhiteSpace($UserDomain))
                {
                    $credentialData['domain'] = $UserDomain
                }
            }
        }

        # Convert the object to JSON to use in the PUT body (Note: Default depth is 2 when serializing)
        $json = $credentialData | ConvertTo-Json -Depth 10
        # Send the PUT
        try {
            LogIt "Updating $CredentialType credential $CredentialId"
            $response = Invoke-CCRestMethod 'Put' $Deployment "credentials/$CredentialId" $CustomerId $SecureClientId $SecureSecret @{} $json
            LogIt "Updated credential id $CredentialId"
        }
        catch {
            LogFatal "Failed to update credentials: $_"
        }
    }
}