Driving the Citrix Cloud REST API with PowerShell

Transcript

1. Driving the Citrix Cloud REST API
   with PowerShell
   Guy Leech @guyrleech
   Freelance Consultant-cum-Developer
   Date
   1
   

   View Slide

2. Who is this Guy Leech person anyway?
   • 25+ years of hands-on working with Citrix & other EUC products
   • C/C++ developer prior to that
   • 1st ever code written in 1980 (BASIC on Commodore PET, age 13)
   • Vendor awards from Microsoft, Citrix, VMware and Parallels
   • Wannabe comedian
   • @guyrleech
   

   View Slide

3. Citrix Cloud CVAD REST API
   • Automate deployment, changes, etc using code to CVAD running in Citrix Cloud
   • If you can do it in the web console, you can do it via REST (and more)
   • REST API usage workflow
   • Authenticate
   • Get API client & store securely (once)
   • Generate bearer token (OAuth 2.0)
   • Do stuff
   • Get/Set/New/Remove
   • Not available on-premises
   • Use PowerShell cmdlets with CVAD ISO or Studio (not Remote PoSH SDK)
   

   View Slide

4. Getting the Bearer Token
   • Create API Client in Identity & Access Management in cloud.com portal
   • Save csv file or client id and secret (securely!)
   • POST https://trust.citrixworkspacesapi.net//tokens/clients
   • Body contains ClientId & ClientSecret in JSON
   • JSON response contains 'token'
   • Add to headers for subsequent calls
   • Authorization = "CwsAuth Bearer "
   • Citrix-CustomerId =
   • Pass –SessionVariable and pass returned variable via –WebSession (cookies)
   

   View Slide

5. Performing Operations aka Doing Stuff
   • RTFM
   • Form your URL
   • Form your body
   • Is a body required – generally not needed for queries
   • Hashtable | ConvertTo-Json
   • Invoke-RestMethod
   • Assign result to variable (if expecting output as per documentation)
   • Wrap in try/catch and catch exception – report & remediate – retry ?
   • Repeat previous steps as required
   • Watch for bearer token expiring (default 1 hour)
   • Respect rate limits (10 per second per customer)
   

   View Slide

6. Using REST instead of Citrix Remote PowerShell SDK
   • No pre-requisites such as the PowerShell SDK
   • Platform & coding language independent
   • Need to know the API calls, headers and parameters
   • Documentation is comprehensive
   • Calls may change but should be backwardly compatible
   • Keep the base URL in a variable so only needs changing in one place
   • No versioning like with Azure REST API calls
   • Easy to reuse code/knowledge for other REST APIs
   • Authentication is often different
   • Can use with PowerShell 7.x
   • Invoke-RestMethod has –ResponseHeadersVariable to return response headers
   

   View Slide

7. API Client Scope and Permissions
   • API clients in Citrix Cloud are always tied to one administrator and one customer
   • API client details are not visible to other administrators
   • To access more than one customer create API clients within each customer
   • API client gets same permissions as user creating it
   • Q. What happens when the person who set up your automation leaves?
   

   View Slide

8. Potentially Useful Stuff
   • https://www.citrix.com/blogs/2021/10/18/announcing-remote-powershell-sdk-record-limits/
   • https://developer.cloud.com/citrixworkspace/virtual-apps-and-desktops/cvad-rest-apis/docs/overview
   • https://github.com/guyrleech/Citrix/blob/master/CVAD%20REST.ps1
   • Call rates are limited to 10 launches per second per customerId
   • Via web search engines*
   *Unlikely to be Bing🙂
   

   View Slide

9. View Slide