Remove Login Enterprise Apps in Bulk

At Rightworks, we are currently in the middle of rebuilding our entire Login Enterprise environment from scratch. Our existing infrastructure consists of 3 appliances, 94 launchers and 1300 Continuous tests connecting to RDSH servers with RDP.

As part of the rebuild, we are breaking of the largest appliance (running 822 continuous tests) into 4 separate pods. This means that we are building 6 pods from scratch, deploying new appliances.

As we are starting from scratch, we are taking the time to establish naming conventions, clean up items no longer be used such as accounts, launchers and applications.

One thing that we don’t like is all of the “out-of-the-box” applications that are pre-installed, which, in the current versions, includes 20 applications and 2 application groups. As we not using these, they just add noise.

Since there isn’t any way to clean these up in bulk and we don’t want to sit there deleting them manually, I knocked up this quick Powershell script to use the API to enumerate and then delete all of the Application Groups and then all of the Applications.

It’s worth noting that you cannot delete an application if it is included in an Application Group, even with the API.

The Code

So, here is the code to enumerate and delete Apps and App Groups. It does not prompt you for which to delete, so I would only run this when deploying a new appliance to delete the stock apps/app groups or if you are starting from scratch.

The first section sets up the parameters to establish connection with the API. The FQDN of you appliance and the API key are required. Please see this page Public API – Login VSI to see how to get your API key.

Add-Type -AssemblyName PresentationFramework

$global:fqdn = "appliance.domain"
$global:token = '<api key>' 
$global:response = " "

We use four (4) API functions, Get-ApplicationGroups, Remove-ApplicationGroups, Get-Applications and Remove-Applications.

Get-ApplicationGroups

This function will retrieve a paginated list of Application Groups so that we can delete them. To use this, we will store the results in a Powershell object so that we can iterate through them to delete each one.

function Get-LeApplicationGroups {
    # this is only required for older version of PowerShell/.NET
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11

    # WARNING: ignoring SSL/TLS certificate errors is a security risk
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLHandler]::GetSSLHandler()

    $Header = @{
        "Accept"        = "application/json"
        "Authorization" = "Bearer $global:token"
    }

    $Body = @{
        orderBy   = "Name"
        direction = "Asc"
        count     = "5000"
        include   = "none" 
    } 

    $Parameters = @{
        Uri         = 'https://' + $global:fqdn + '/publicApi/v7-preview/application-groups'
        Headers     = $Header
        Method      = 'GET'
        body        = $Body
        ContentType = 'application/json'
    }

    $Response = Invoke-RestMethod @Parameters
    $Response.items 
}

Remove-ApplicationGroups

The Remove-ApplicationGroups function requires an input of the Application Group’s GUID or ID. This is gathered from the Get-ApplicationGroups function.

function Remove-LeApplicationGroups {
    Param (
        [Parameter(Mandatory = $true)]
        $ids
    )

    # this is only required for older version of PowerShell/.NET
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11

    # WARNING: ignoring SSL/TLS certificate errors is a security risk
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLHandler]::GetSSLHandler()
    
    $Body = ConvertTo-Json @($ids) 

    $Header = @{
        "Accept"        = "application/json"
        "Authorization" = "Bearer $global:token"
    }

    $Parameters = @{
        Uri         = 'https://' + $global:fqdn + '/publicApi/v7-preview/application-groups'
        Headers     = $header
        Method      = 'DELETE'
        Body        = $Body
        ContentType = 'application/json'
    }

    $Response = Invoke-RestMethod @Parameters
    $Response.id
}

Get-Applications

Just like the Get-ApplicationGroups function, Get-Applications retrieves a paginated list of Applications. Again, this will be stored in a PS object so that we can iterate through the list.

function Get-LeApplications {
    # this is only required for older version of PowerShell/.NET
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11

    # WARNING: ignoring SSL/TLS certificate errors is a security risk
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLHandler]::GetSSLHandler()

    $Header = @{
        "Accept"        = "application/json"
        "Authorization" = "Bearer $global:token"
    }

    $Body = @{
        orderBy   = "Name"
        direction = "Asc"
        count     = "5000"
        include   = "none" 
    } 

    $Parameters = @{
        Uri         = 'https://' + $global:fqdn + '/publicApi/v7-preview/applications'
        Headers     = $Header
        Method      = 'GET'
        body        = $Body
        ContentType = 'application/json'
    }

    $Response = Invoke-RestMethod @Parameters
    $Response.items 
}

Remove-Applications

The Remove-Applications function will delete the application specified by the Application ID that you pass to it.

function Remove-LeApplications {
    Param (
        [Parameter(Mandatory = $true)]
        $ids
    )

    # this is only required for older version of PowerShell/.NET
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11

    # WARNING: ignoring SSL/TLS certificate errors is a security risk
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLHandler]::GetSSLHandler()
    
    $Body = ConvertTo-Json @($ids) 

    $Header = @{
        "Accept"        = "application/json"
        "Authorization" = "Bearer $global:token"
    }

    $Parameters = @{
        Uri         = 'https://' + $global:fqdn + '/publicApi/v7-preview/applications'
        Headers     = $header
        Method      = 'DELETE'
        Body        = $Body
        ContentType = 'application/json'
    }

    $Response = Invoke-RestMethod @Parameters
    $Response.id
}

Using the functions

Finally, we put this all together.

First, we call the Get-ApplicationGroups function and place it in the $Appgrps object.

$Appgrps = Get-LeApplicationGroups

Then we use a ForEach loop to address each line in the object. Each Application Group will be a record in the $Appgrps array and that will be placed in the $Appgrp object. This object will have the following values.

id          : 9b0bb72d-22da-43e7-8b66-168e68629858
name        : AppGrp2
description : 
memberCount : 3
steps       : 

So we can use the id value by specifying the ID value in this format.

So the ForEach loop looks like this:

ForEach ($appGrp in $Appgrps) {
    Remove-LeApplicationGroups $appGrp.id
    }

Now that the Application Groups no longer exist, the Applications can be deleted. We use the same logic for the Applications that we did for the Application Groups using the other functions. That looks like this:

$apps = Get-LeApplications

ForEach ($app in $apps) {
Remove-LeApplications $app.id
}

And that’s it. It’s a quick tool to just clean up our new appliances, but also shows some basic examples on using the Login Enterprise API.