Skip to content

Latest commit

 

History

History
543 lines (410 loc) · 30 KB

delivery_group.md

File metadata and controls

543 lines (410 loc) · 30 KB
page_title subcategory description
citrix_delivery_group Resource - citrix
CVAD
Manages a delivery group.

citrix_delivery_group (Resource)

Manages a delivery group.

Example Usage

resource "citrix_delivery_group" "example-delivery-group" {
    name = "example-delivery-group"
    associated_machine_catalogs = [
        {
            machine_catalog = citrix_machine_catalog.example-azure-mtsession.id
            machine_count = 1
        }
    ]
    desktops = [
        {
            published_name = "Example Desktop"
            description = "Description for example desktop"
            restricted_access_users = {
                allow_list = [
                    "user1@example.com"
                ]
                block_list = [
                    "user2@example.com",
                ]
            }
            enabled = true
            enable_session_roaming = false
        }
        
    ] 
    autoscale_settings = {
        autoscale_enabled = true
        restrict_autoscale_tag = "example-tag"
        peak_restrict_min_idle_untagged_percent = 10
        off_peak_restrict_min_idle_untagged_percent = 10
        disconnect_peak_idle_session_after_seconds = 3600
        log_off_peak_disconnected_session_after_seconds = 3600
        peak_log_off_action = "Nothing"
        power_time_schemes = [
            {
                days_of_week = [
                    "Monday",
                    "Tuesday",
                    "Wednesday",
                    "Thursday",
                    "Friday"
                ]
                name = "weekdays test"
                display_name = "weekdays schedule"
                peak_time_ranges = [
                    "09:00-17:00"
                ]
                pool_size_schedules = [
                    {
                        time_range = "00:00-00:00",
                        pool_size = 1
                    }
                ]
                pool_using_percentage = false
            },
        ]
    }
    restricted_access_users = {
        allow_list = [
            "user1@example.com"
        ]
        block_list = [
            "user2@example.com",
        ]
    }
    reboot_schedules = [
		{
			name = "example_reboot_schedule_weekly"
			reboot_schedule_enabled = true
			frequency = "Weekly"
			frequency_factor = 1
			days_in_week = [
				"Monday",
				"Tuesday",
				"Wednesday"
				]
			start_time = "12:12"
			start_date = "2024-05-25"
			reboot_duration_minutes = 0
			ignore_maintenance_mode = true
			natural_reboot_schedule = false
		},
		{
			name = "example_reboot_schedule_monthly"
			description = "example reboot schedule"
			reboot_schedule_enabled = true
			frequency = "Monthly"
			frequency_factor = 2
			week_in_month = "First"
			day_in_month = "Monday"
			start_time = "12:12"
			start_date = "2024-04-21"
			ignore_maintenance_mode = true
			reboot_duration_minutes = 120
			natural_reboot_schedule = false
			reboot_notification_to_users = {
				notification_duration_minutes = 15
				notification_message = "test message"
				notification_title = "test title"
				notification_repeat_every_5_minutes = true
			}
		}
	]
    minimum_functional_level = "L7_20"
    app_protection = {
        # apply_contextually = [
        #     {
        #         policy_name = "Citrix Gateway connections"
        #         enable_anti_key_logging = true
        #         enable_anti_screen_capture = false
        #     },
        #     {
        #         policy_name = "test_access_policy"
        #         enable_anti_key_logging = true
        #         enable_anti_screen_capture = false
        #     }
        # ]
        enable_anti_key_logging = true
        enable_anti_screen_capture = true
    }
    default_access_policies = [
        {
            name = "Citrix Gateway Connections"
            enabled = true
            allowed_connection = "ViaAG"
            enable_criteria_for_include_connections = true
            enable_criteria_for_exclude_connections = true
            include_connections_criteria_type = "MatchAny"
        },
        {
            name = "Non-Citrix Gateway Connections"
            enabled = true
            allowed_connection = "NotViaAG"
            enable_criteria_for_include_connections = false
            enable_criteria_for_exclude_connections = true
        }
    ]
    custom_access_policies = [
        {
            name = "test_access_policy"
            enabled = true
            allowed_connection = "ViaAG"
            enable_criteria_for_include_connections = true
            enable_criteria_for_exclude_connections = true
            include_connections_criteria_type = "MatchAny"
            include_criteria_filters = [
                {
                    filter_name = "test"
                    filter_value = "test"
                },
            ]
            exclude_criteria_filters = [
                {
                    filter_name = "test"
                    filter_value = "test"
                },
            ]
        }
    ]
}

Schema

Required

  • name (String) Name of the delivery group.

Optional

  • allow_anonymous_access (Boolean) Give access to unauthenticated (anonymous) users. When set to True, no credentials are required to access StoreFront.

~> Please Note This feature requires a StoreFront store for unauthenticated users.

  • app_protection (Attributes) App Protection, an add-on feature for the Citrix Workspace app, provides enhanced security for Citrix published apps and desktops. The feature provides anti-keylogging and anti-screen capture capabilities for client sessions, helping protect data from keyloggers and screen scrapers.

~> Please Note Before using the feature, make sure that these requirements are met. (see below for nested schema)

  • associated_machine_catalogs (Attributes Set) Machine catalogs from which to assign machines to the newly created delivery group. (see below for nested schema)
  • autoscale_settings (Attributes) The power management settings governing the machine(s) in the delivery group. (see below for nested schema)
  • custom_access_policies (Attributes List) Custom Access Policies for the delivery group. To manage built-in access policies use the default_access_policies instead. (see below for nested schema)
  • default_access_policies (Attributes List) Manage built-in Access Policies for the delivery group. These are the Citrix Gateway Connections (via Access Gateway) and Non-Citrix Gateway Connections (not via Access Gateway) access policies.

~> Please Note Default Access Policies can only be modified; they cannot be deleted. If using this property, both default policies have to be specified.

-> Note Use Citrix Gateway connections as the name for the default policy that is Via Access Gateway and Non-Citrix Gateway connections as the name for the default policy that is Not Via Access Gateway. (see below for nested schema)

  • default_desktop_icon (String) The id of the icon to be used as the default icon for the desktops in the delivery group.

~> Please Note This option is only supported for Citrix Cloud Customer

  • delivery_group_folder_path (String) The path of the folder in which the delivery group is located.
  • delivery_type (String) Delivery type of the delivery group. Available values are DesktopsOnly, AppsOnly, and DesktopsAndApps. Defaults to DesktopsOnly for Delivery Groups with associated Machine Catalogs that have allocation_type set to Static and for Delivery Groups that have sharing_kind set to private. Otherwise defaults to `DesktopsAndApps
  • description (String) Description of the delivery group.
  • desktops (Attributes List) A list of Desktop resources to publish on the delivery group. Only 1 desktop can be added to a Remote PC Delivery Group. (see below for nested schema)
  • enabled (Boolean) Whether the delivery group is enabled or not. Defaults to true.
  • make_resources_available_in_lhc (Boolean) In the event of a service disruption or loss of connectivity, select if you want Local Host Cache to keep resources in the delivery group available to launch new sessions. Existing sessions are not impacted.

~> Please Note This setting only impacts Single Session OS Random (pooled) desktops which are power managed. LHC is always enabled for Single Session OS static and Multi Session OS desktops.

-> Note When set to true, machines will remain available and allow new connections and changes to the machine caused by a user might be present in subsequent sessions. When set to false, machines in the delivery group will be unavailable for new connections during a Local Host Cache event.

  • metadata (Attributes List) Metadata for the Delivery Group. (see below for nested schema)
  • minimum_functional_level (String) Specifies the minimum functional level for the VDA machines in the delivery group. Defaults to L7_20.
  • reboot_schedules (Attributes List) The reboot schedule for the delivery group. (see below for nested schema)
  • restricted_access_users (Attributes) Restrict access to this Delivery Group by specifying users and groups in the allow and block list. If no value is specified, all authenticated users will have access to this Delivery Group. To give access to unauthenticated users, use the allow_anonymous_access property. (see below for nested schema)
  • scopes (Set of String) The IDs of the scopes for the delivery group to be a part of.
  • session_support (String) The session support for the delivery group. Can only be set to SingleSession or MultiSession. Specify only if you want to create a Delivery Group without any associated_machine_catalogs. Ensure session support is same as that of the prospective Machine Catalogs you will associate this Delivery Group with.
  • sharing_kind (String) The sharing kind for the delivery group. Can only be set to Shared or Private. Specify only if you want to create a Delivery Group wthout any associated_machine_catalogs.
  • storefront_servers (Set of String) A list of GUID identifiers of StoreFront Servers to associate with the delivery group.
  • tags (Set of String) A set of identifiers of tags to associate with the delivery group.

Read-Only

  • built_in_scopes (Set of String) The IDs of the built-in scopes of the delivery group.
  • id (String) GUID identifier of the delivery group.
  • inherited_scopes (Set of String) The IDs of the inherited scopes of the delivery group.
  • tenants (Set of String) A set of identifiers of tenants to associate with the delivery group.
  • total_machines (Number) The total number of machines in the delivery group.

Nested Schema for app_protection

Optional:

  • apply_contextually (Attributes List) Implement contextual App Protection using the connection filters defined in the Access Policy rule. (see below for nested schema)
  • enable_anti_key_logging (Boolean) When enabled, anti-keylogging is applied when a protected window is in focus.
  • enable_anti_screen_capture (Boolean) Specify whether to use anti-screen capture.

-> Note For Windows and macOS, only the window with protected content is blank. Anti-screen capture is only applied when the window is open. For Linux, the entire screen will appear blank. Anti-screen capture is only applied when the window is open or minimized.

Nested Schema for app_protection.apply_contextually

Required:

  • enable_anti_key_logging (Boolean) When enabled, anti-keylogging is applied when a protected window is in focus.
  • enable_anti_screen_capture (Boolean) Specify whether to use anti-screen capture.

-> Note For Windows and macOS, only the window with protected content is blank. Anti-screen capture is only applied when the window is open. For Linux, the entire screen will appear blank. Anti-screen capture is only applied when the window is open or minimized.

  • policy_name (String) The name of the policy.

-> Note To refer to default policies, use Citrix Gateway connections as the name for the default policy that is Via Access Gateway and Non-Citrix Gateway connections as the name for the default policy that is Not Via Access Gateway.

Nested Schema for associated_machine_catalogs

Required:

  • machine_catalog (String) Id of the machine catalog from which to add machines.
  • machine_count (Number) The number of machines to assign from the machine catalog to the delivery group.

Nested Schema for autoscale_settings

Required:

  • autoscale_enabled (Boolean) Whether auto-scale is enabled for the delivery group.

Optional:

  • disconnect_off_peak_idle_session_after_seconds (Number) Specifies the time in seconds after which an idle session belonging to the delivery group is disconnected during off-peak time.
  • disconnect_peak_idle_session_after_seconds (Number) Specifies the time in seconds after which an idle session belonging to the delivery group is disconnected during peak time.
  • log_off_off_peak_disconnected_session_after_seconds (Number) Specifies the time in seconds after which a disconnected session belonging to the delivery group is terminated during off peak time.
  • log_off_peak_disconnected_session_after_seconds (Number) Specifies the time in seconds after which a disconnected session belonging to the delivery group is terminated during peak time.
  • log_off_reminder_enabled (Boolean) Indicates whether log off reminder is enabled. Defaults to false.
  • log_off_reminder_message (String) The message to be displayed in the log off reminder.
  • log_off_reminder_title (String) The title of the log off reminder.
  • log_off_warning_message (String) The message to be displayed in the log off warning.
  • log_off_warning_title (String) The title of the log off warning.
  • off_peak_buffer_size_percent (Number) The percentage of machines in the delivery group that should be kept available in an idle state outside peak hours.
  • off_peak_disconnect_action (String) The action to be performed after a configurable period of a user session disconnecting outside peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • off_peak_disconnect_timeout_minutes (Number) The number of minutes before the configured action should be performed after a user session disconnectts outside peak hours.
  • off_peak_extended_disconnect_action (String) The action to be performed after a second configurable period of a user session disconnecting outside peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • off_peak_extended_disconnect_timeout_minutes (Number) The number of minutes before the second configured action should be performed after a user session disconnects outside peak hours.
  • off_peak_limit_seconds_to_force_log_off_user (Number) Limit in seconds to force log off user after user logs off from their sessions during off-peak hours. Defaults to 0.
  • off_peak_log_off_action (String) The action to be performed after a configurable period of a user session ending outside peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • off_peak_log_off_reminder_interval (Number) The interval in seconds at which the log off reminder is sent during off-peak hours. Defaults to 0.
  • off_peak_log_off_timeout_minutes (Number) The number of minutes before the configured action should be performed after a user session ends outside peak hours.
  • off_peak_restrict_min_idle_untagged_percent (Number) Specifies the percentage of remaining untagged capacity to fall below to start powering on tagged machines during off peak hours.

~> Please Note This setting is only applicable when the restrict_autoscale_tag is set.

  • peak_autoscale_assigned_power_on_idle_action (String) The action to be performed on an assigned machine previously started by autoscale that subsequently remains unused. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • peak_autoscale_assigned_power_on_idle_timeout_minutes (Number) The number of minutes before the configured action is performed on an assigned machine previously started by autoscale that subsequently remains unused.
  • peak_buffer_size_percent (Number) The percentage of machines in the delivery group that should be kept available in an idle state in peak hours.
  • peak_disconnect_action (String) The action to be performed after a configurable period of a user session disconnecting in peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • peak_disconnect_timeout_minutes (Number) The number of minutes before the configured action should be performed after a user session disconnects in peak hours.
  • peak_extended_disconnect_action (String) The action to be performed after a second configurable period of a user session disconnecting in peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • peak_extended_disconnect_timeout_minutes (Number) The number of minutes before the second configured action should be performed after a user session disconnects in peak hours.
  • peak_limit_seconds_to_force_log_off_user (Number) Limit in seconds to force log off user after user logs off from their sessions during peak hours. Defaults to 0.
  • peak_log_off_action (String) The action to be performed after a configurable period of a user session ending in peak hours. Choose between Nothing, Suspend, and Shutdown. Default is Nothing.
  • peak_log_off_reminder_interval (Number) The interval in seconds at which the log off reminder is sent during peak hours. Defaults to 0.
  • peak_log_off_timeout_minutes (Number) The number of minutes before the configured action should be performed after a user session ends in peak hours.
  • peak_restrict_min_idle_untagged_percent (Number) Specifies the percentage of remaining untagged capacity to fall below to start powering on tagged machines during peak hours.

~> Please Note This setting is only applicable when the restrict_autoscale_tag is set.

  • power_off_delay_minutes (Number) Delay before machines are powered off, when scaling down. Specified in minutes.

~> Please Note Applies only to multi-session machines.

-> Note By default, the power-off delay is 30 minutes. You can set it in a range of 0 to 60 minutes.

  • power_time_schemes (Attributes List) Power management time schemes.

~> Please Note It is not allowed to have more than one power time scheme that cover the same day of the week for the same delivery group. (see below for nested schema)

  • restrict_autoscale_tag (String) Name of the tag on the machines that autoscale will apply on.
  • timezone (String) The time zone in which this delivery group's machines reside.

Nested Schema for autoscale_settings.power_time_schemes

Required:

  • days_of_week (Set of String) The pattern of days of the week that the power time scheme covers.
  • display_name (String) The name of the power time scheme as displayed in the console.
  • peak_time_ranges (Set of String) Peak time ranges during the day. e.g. 09:00-17:00
  • pool_using_percentage (Boolean) Indicates whether the integer values in the pool size array are to be treated as absolute values (if this value is false) or as percentages of the number of machines in the delivery group (if this value is true).

Optional:

  • pool_size_schedules (Attributes List) Pool size schedules during the day. Each is specified as a time range and an indicator of the number of machines that should be powered on during that time range.

~> Please Note Do not specify schedules when no machines should be powered on. (see below for nested schema)

Nested Schema for autoscale_settings.power_time_schemes.pool_size_schedules

Required:

  • pool_size (Number) The number of machines (either as an absolute number or a percentage of the machines in the delivery group, depending on the value of PoolUsingPercentage) that are to be maintained in a running state, whether they are in use or not.
  • time_range (String) Time range during which the pool size applies.

-> Note Time range format is HH:mm-HH:mm, e.g. 09:00-17:00

Nested Schema for custom_access_policies

Required:

  • allowed_connection (String) The behavior of the include filter. Choose between Filtered, ViaAG, and NotViaAG.
  • enable_criteria_for_exclude_connections (Boolean) Whether to enable criteria for exclude connections.
  • enable_criteria_for_include_connections (Boolean) Whether to enable criteria for include connections.
  • name (String) The name of the access policy.

-> Note For default_access_policies, use Citrix Gateway connections as the name for the policy that is Via Access Gateway and Non-Citrix Gateway connections as the name for the policy that is Not Via Access Gateway.

Optional:

  • enabled (Boolean) Whether the access policy is enabled. Default is true.
  • exclude_criteria_filters (Attributes List) The list of filters that meet the criteria for exclude connections. (see below for nested schema)
  • include_connections_criteria_type (String) The type of criteria for include connections. Choose between MatchAny and MatchAll.
  • include_criteria_filters (Attributes List) The list of filters that meet the criteria for include connections. (see below for nested schema)

Read-Only:

  • id (String) ID of the resource location.

Nested Schema for custom_access_policies.exclude_criteria_filters

Required:

  • filter_name (String) The name of the filter.
  • filter_value (String) The value of the filter.

Nested Schema for custom_access_policies.include_criteria_filters

Required:

  • filter_name (String) The name of the filter.
  • filter_value (String) The value of the filter.

Nested Schema for default_access_policies

Required:

  • allowed_connection (String) The behavior of the include filter. Choose between Filtered, ViaAG, and NotViaAG.
  • enable_criteria_for_exclude_connections (Boolean) Whether to enable criteria for exclude connections.
  • enable_criteria_for_include_connections (Boolean) Whether to enable criteria for include connections.
  • name (String) The name of the access policy.

-> Note For default_access_policies, use Citrix Gateway connections as the name for the policy that is Via Access Gateway and Non-Citrix Gateway connections as the name for the policy that is Not Via Access Gateway.

Optional:

  • enabled (Boolean) Whether the access policy is enabled. Default is true.
  • exclude_criteria_filters (Attributes List) The list of filters that meet the criteria for exclude connections. (see below for nested schema)
  • include_connections_criteria_type (String) The type of criteria for include connections. Choose between MatchAny and MatchAll.
  • include_criteria_filters (Attributes List) The list of filters that meet the criteria for include connections. (see below for nested schema)

Read-Only:

  • id (String) ID of the resource location.

Nested Schema for default_access_policies.exclude_criteria_filters

Required:

  • filter_name (String) The name of the filter.
  • filter_value (String) The value of the filter.

Nested Schema for default_access_policies.include_criteria_filters

Required:

  • filter_name (String) The name of the filter.
  • filter_value (String) The value of the filter.

Nested Schema for desktops

Required:

  • published_name (String) A display name for the desktop.

Optional:

  • description (String) A description for the published desktop. The name and description are shown in Citrix Workspace app.
  • enable_session_roaming (Boolean) When enabled, if the user launches this desktop and then moves to another device, the same session is used, and applications are available on both devices. When disabled, the session no longer roams between devices.

~> Please Note Session roaming should be set to false for Remote PC Delivery Group.

  • enabled (Boolean) Specify whether to enable the delivery of this desktop. Default is true.
  • restrict_to_tag (String) Restrict session launch to machines with tag specified in GUID.
  • restricted_access_users (Attributes) Restrict access to this Desktop by specifying users and groups in the allow and block list. If no value is specified, all users that have access to this Delivery Group will have access to the Desktop.

~> Please Note For Remote PC Delivery Groups desktops, restricted_access_users has to be set. (see below for nested schema)

Nested Schema for desktops.restricted_access_users

Optional:

  • allow_list (Set of String) Users who can use this Desktop.

-> Note Users must be in DOMAIN\UserOrGroupName or user@domain.com format

  • block_list (Set of String) Users who cannot use this Desktop. A block list is meaningful only when used to block users in the allow list.

-> Note Users must be in DOMAIN\UserOrGroupName or user@domain.com format

Nested Schema for metadata

Required:

  • name (String) Metadata name.
  • value (String) Metadata value.

Nested Schema for reboot_schedules

Required:

  • frequency (String) The frequency of the reboot schedule. Can only be set to Daily, Weekly, Monthly, or Once.
  • frequency_factor (Number) Repeats every X days/weeks/months. Minimum value is 1.
  • ignore_maintenance_mode (Boolean) Whether the reboot schedule ignores machines in the maintenance mode.
  • name (String) The name of the reboot schedule.
  • natural_reboot_schedule (Boolean) Indicates whether the reboot will be a natural reboot, where the machines will be rebooted when they have no sessions. This should set to false for reboot_duration_minutes to work. Once UseNaturalReboot is set to true, RebootDurationMinutes won't have any effect.
  • reboot_schedule_enabled (Boolean) Whether the reboot schedule is enabled.
  • start_date (String) The date on which the reboot schedule starts.

-> Note The date format is YYYY-MM-DD.

  • start_time (String) The time at which the reboot schedule starts.

-> Note The time format is HH:MM.

Optional:

  • day_in_month (String) The day in the month on which the reboot schedule runs monthly. Can only be set to Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
  • days_in_week (Set of String) The days of the week on which the reboot schedule runs weekly. Can only be set to Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
  • description (String) The description of the reboot schedule.
  • reboot_duration_minutes (Number) Restart all machines within x minutes. 0 means restarting all machines at the same time. To restart machines after draining sessions, set natural_reboot_schedule to true instead.
  • reboot_notification_to_users (Attributes) The reboot notification for the reboot schedule.

~> Please Note Not available for natural reboot. (see below for nested schema)

  • restrict_to_tag (String) Restrict reboot schedule to machines with tag specified in Guid.
  • week_in_month (String) The week in the month on which the reboot schedule runs monthly. Can only be set to First, Second, Third, Fourth, or Last.

Nested Schema for reboot_schedules.reboot_notification_to_users

Required:

  • notification_duration_minutes (Number) Send notification to users X minutes before user is logged off. Can only be 0, 1, 5 or 15. 0 means no notification.
  • notification_message (String) The message to be displayed to users before they are logged off.
  • notification_title (String) The title to be displayed to users before they are logged off.

Optional:

  • notification_repeat_every_5_minutes (Boolean) Repeat notification every 5 minutes.

~> Please Note notification repeat is available only when notification_duration_minutes is set to 15.

Nested Schema for restricted_access_users

Optional:

  • allow_list (Set of String) Users who can use this Delivery Group.

-> Note Users must be in DOMAIN\UserOrGroupName or user@domain.com format

  • block_list (Set of String) Users who cannot use this Delivery Group. A block list is meaningful only when used to block users in the allow list.

-> Note Users must be in DOMAIN\UserOrGroupName or user@domain.com format

Import

Import is supported using the following syntax:

# Delivery Group can be imported by specifying the GUID
terraform import citrix_delivery_group.example-delivery-group a92ac0d6-9a0f-477a-a504-07cae8fccb81