One of the options already available using the Horizon REST API‘s is working with Instant Clone Administrators. In total there are 5 API calls available and I will give an explanation for al 5 on how to use them. As you can see you’ll run all of them against /rest/config/v1/ic-domain-accounts.
GET : for all Instant Clone Domain accounts
POST : to create a new Instant Clone Domain accounts
GET : To retreive a specific Instant Clone Domain account with it’s ID
PUT : to update an Instant Clone Domain account.
DELETE : To delete an Instant Clone Domain account
Getting Started
To start showing these I am starting with the same base that I used in my first blog post about the Horizon REST api’s:
$url = read-host -prompt "Connection server url" $username = read-host -prompt "Username" $password = read-host -prompt "Password" -AsSecureString $Domain = read-host -Prompt "Domain" $url = "https://pod1cbr1.loft.lab" $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) $UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) function Get-HRHeader(){ param($accessToken) return @{ 'Authorization' = 'Bearer ' + $($accessToken.access_token) 'Content-Type' = "application/json" } } function Open-HRConnection(){ param( [string] $username, [string] $password, [string] $domain, [string] $url ) $Credentials = New-Object psobject -Property @{ username = $username password = $password domain = $domain } return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json) } function Close-HRConnection(){ param( $accessToken, $url ) return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json) } $accessToken = Open-HRConnection -username $username -password $UnsecurePassword -domain $Domain -url $url Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
[sta_anchor id=”get” unsan=”GET” /]
GET
The regular get is really straight forward, just invoke a get and you get the results.
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
As you can see I currently have 2 accounts configured.
[sta_anchor id=”post” unsan=”POST” /]
POST
With post we can configure a new Instant Clone Domain account. Let’s see what we need. According to the API explorer it looks like we need to supply a domain ID, password and account.
To get the domain ID we’ll actually need to do a GET against another url:
$domains=Invoke-RestMethod -Method Get -uri "$url/rest/external/v1/ad-domains" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
Now I will create the json that we’ll need to configure the account. The $data variable is just a regular powershell array that afterwards convert to the actual json
$domainid=$domains |select-object -expandproperty id -first 1 $data=@{ ad_domain_id= $domainid; password= "password"; username= "username" } $body= $data | ConvertTo-Json
Now let’s use the Post method to apply this
Oops, too slow let’s authenticate and try again
Invoke-RestMethod -Method Post -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body
There are a few remarks about this: no propper error is returned when a wrong username and password is used. Wen you try to create an account that already exists it will return a 409 conflict.
[sta_anchor id=”post” unsan=”GETID” /]
GET with ID
This is straightforward again, just extend the url for the get with the ID of the account you want to get. I grabbed this from the regular pul request and filtered on the user account I just created
$icaccounts= Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) $accountid=($icaccounts | where {$_.username -eq "username"}).id Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
[sta_anchor id=”post” unsan=”PUT” /]
PUT
Put can be used to change a users password. It’s requires a combination of the url with the ID from the get with id and a body like in the Post.
$data=@{password="Demo-02"} $body = $data | ConvertTo-Json Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -Body $body
[sta_anchor id=”post” unsan=”DELETE” /]
DELETE
To delete an account simply use the url with the id in it with the DELETE method
Invoke-RestMethod -Method Delete -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
Pingback: [HorizonRestAPI] Handling Instant Clone Administrator accounts | For servers