Question 393277 in Azure Question posted in
The official documentation to get you started can be found here.

How to grant pipeline permissions to library variable group via Azure DevOps API?

Ive got a YML file that creates a variable group and then another pipeline needs permission to said resource, it can be easily done manually via the UI in a very simple manner (picture).

pipeline permission error

Thing is i gotta do it programatically and i’m having a hard time going through azdevops’ documentation and figuring this out. The closest i got was from "devops/approvalsandchecks/pipeline-permissions" and "devops/distributedtask/variablegroups" but i have yet to be able to actually get this thing working.

Hope i made myself clear.

Thanks in advance!

nvm… got it to work. maybe its just me but i have hard times with az docs…

PATCH https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions/{resourceType}/{resourceId}?api-version=7.1-preview.1

{
  "pipelines": [
    {
      "id": 16,
      "authorized": true
    }
  ]
}
Tags:

2

Answers


  1. 0

    azureDevopsHearderGet.ps1

    [CmdletBinding()]
param (
    [Parameter()]
    [string]$UserName,
    [string]$PersonalAccessToken
)

$basicAuth = ("{0}:{1}" -f $UserName, $PersonalAccessToken)
$basicAuth = [System.Text.Encoding]::UTF8.GetBytes($basicAuth)
$basicAuth = [System.Convert]::ToBase64String($basicAuth)
$headers = @{Authorization = ("Basic {0}" -f $basicAuth) }
return $headers

    azureDevopsPipelineVariableGroupPermission.ps1

    [CmdletBinding()]
param (
    [Parameter(Mandatory)]
    [string]$OrganizationName,
    [Parameter(Mandatory)]
    [string]$ProjectName,
    [Parameter(Mandatory)]
    [string]$VariableGroupId,
    [Parameter(Mandatory)]
    [string]$PipelineId,
    [Parameter(Mandatory)]
    [hashtable]$Headers
)
$body = @{
    pipelines = @(
        @{
            id         = $PipelineId
            authorized = $true
        }
    )
} | ConvertTo-Json -Depth 10

$uri = "https://dev.azure.com/{0}/{1}/_apis/pipelines/pipelinepermissions/variablegroup/{2}?api-version=7.0-preview.1" -f $OrganizationName, $ProjectName, $VariableGroupId

Invoke-RestMethod -Uri $uri -Method 'PATCH' -ContentType 'application/json' -Headers $headers -Body $body | Out-Null
    Login or Signup to reply.
  2. 0

    To authorizes a list of definitions for a given resource, we can use REST API Pipeline Permissions – Update Pipeline Permisions For Resource.

    If you want to use the REST API but are not sure which one to use, the easiest way is to Collect the network trace in the browser of the manual operation on the UI. For authorizing the pipeline to access the resource group, you can clearly see the API and body used in the network trace.
    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search