Question 247211 in Azure Question posted in
The official documentation to get you started can be found here.

Set Azure DevOps Pipeline Permissions via API

I am trying to set Azure DevOps Pipeline permission using the following API from Powershell:

PATCH https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions?api-version=7.0-preview.1

I have successfully achieved this for most resource types (Environments, Service Connections, and Variable Groups, however when I try to use it to set permission for repositories, I get the following error:

Invoke-RestMethod : {"$id":"1","innerException":null,"message":"Invalid resource id. a0946c7f-e505-48be-ba1b-1044d4128a4e","typeName":"System.ArgumentException, mscorlib","typeKey":"ArgumentException","errorCode":0,"eventId":0}

My Json body is as follows:

[ { "resource": { "type": "repository", "id": "a0946c7f-e505-48be-ba1b-1044d4128a4e", "name": "Source" }, "pipelines": [ { "id": 2436, "authorized": true } ] } ]

Any help would be much appreciated.

###Additional details:

Using the following api (replacing {organization} and {project} with my org and project):

GET https://dev.azure.com/{organization}/{project}/_apis/git/repositories?api-version=7.0

I get (replacing {organization} and {project} with my org and project):

{
    "value": [
        {
            "id": "a0946c7f-e505-48be-ba1b-1044d4128a4e",
            "name": "Source",
            "url": "https://dev.azure.com/{organization}/70a034e6-3c03-47c3-bec1-4f6094e46519/_apis/git/repositories/a0946c7f-e505-48be-ba1b-1044d4128a4e",
            "project": {
                "id": "70a034e6-3c03-47c3-bec1-4f6094e46519",
                "name": "{project}",
                "description": "This Azure DevOps project is for the {project} development team",
                "url": "https://dev.azure.com/{organization}/_apis/projects/70a034e6-3c03-47c3-bec1-4f6094e46519",
                "state": "wellFormed",
                "revision": 3597,
                "visibility": "private",
                "lastUpdateTime": "2023-09-01T13:00:04.513Z"
            },
            "defaultBranch": "refs/heads/main",
            "size": 741,
            "remoteUrl": "https://{organization}@dev.azure.com/{organization}/{project}/_git/Source",
            "sshUrl": "[email protected]:v3/{organization}/{project}/Source",
            "webUrl": "https://dev.azure.com/{organization}/{project}/_git/Source",
            "isDisabled": false,
            "isInMaintenance": false
        },
        {
            "id": "ad4906a1-db58-4c6d-ae17-1d49d56b5abe",
            "name": "Pipelines",
            "url": "https://dev.azure.com/{organization}/70a034e6-3c03-47c3-bec1-4f6094e46519/_apis/git/repositories/ad4906a1-db58-4c6d-ae17-1d49d56b5abe",
            "project": {
                "id": "70a034e6-3c03-47c3-bec1-4f6094e46519",
                "name": "{project}",
                "description": "This Azure DevOps project is for the {project} development team",
                "url": "https://dev.azure.com/{organization}/_apis/projects/70a034e6-3c03-47c3-bec1-4f6094e46519",
                "state": "wellFormed",
                "revision": 3597,
                "visibility": "private",
                "lastUpdateTime": "2023-09-01T13:00:04.513Z"
            },
            "defaultBranch": "refs/heads/main",
            "size": 1291,
            "remoteUrl": "https://{organization}@dev.azure.com/{organization}/{project}/_git/Pipelines",
            "sshUrl": "[email protected]:v3/{organization}/{project}/Pipelines",
            "webUrl": "https://dev.azure.com/{organization}/{project}/_git/Pipelines",
            "isDisabled": false,
            "isInMaintenance": false
        }
    ],
    "count": 2
}

Using the following api (replacing {organization} and {project} with my org and project)::

GET https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions/{resourceType}/{resourceId}?api-version=7.0-preview.1

GET https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions/repository/a0946c7f-e505-48be-ba1b-1044d4128a4e?api-version=7.0-preview.1

I get the following:

{
    "$id": "1",
    "innerException": null,
    "message": "Invalid resource id. a0946c7f-e505-48be-ba1b-1044d4128a4e",
    "typeName": "System.ArgumentException, mscorlib",
    "typeKey": "ArgumentException",
    "errorCode": 0,
    "eventId": 0
}
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    When using:

    https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions/{resourceType}/{resourceId}?api-version=7.0-preview.1

    It turns out that for the {resourceType} repository, you need to concatenate the {project.Id} and the {repository.Id} as the {resourceId}, both of which are GUIDs:

    For the:

    https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions?api-version=7.0-preview.1

    The Json should be as follows:

    [ 
    { 
        "resource": { 
            "type": "repository", 
            "id": "{project.Id}.{repository.Id}", 
            "name": "{repository.Name}" 
        }, 
        "pipelines": [ 
            { 
                "id": {pipeline.Id}, 
                "authorized": true 
            } 
        ] 
    } 
]

    Once again, thanks for your help :)


  2. 0

    Invoke-RestMethod {"$id":"1","innerException":null,"message":"Invalid resource id.a0946c7f-e505-48be-ba1b-1044d4128a4e","typeName":"System.ArgumentException,
    mscorlib","typeKey":"ArgumentException","errorCode":0,"eventId":0}

    It looks like you are using an invalid resource id in your request body.

    To get the correct resource id and resource type, refer this SO-Thread to get all the resource list present in your pipeline and then you can get resource information and associated pipelines in that resource id by using below url.

    URL-

    GET https://dev.azure.com/{organization}/{project}/_apis/pipelines/pipelinepermissions/{resourceType}/{resourceId}?api-version=7.0-preview.1

    Try to check if your resource id is exist by using the above URL.

    I am using the following Powershell script to make the PATCH call-

    $connectionToken="PAT"
    
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($connectionToken)"))
    
$url="https://dev.azure.com/{Org-name}/{project-name}/_apis/pipelines/pipelinepermissions?api-version=7.0-preview.1"
    
$body=@"
[
  {
    "resource": {
      "type": "endpoint",
      "id": "<resource id>",
      "name": "Default"
    },
    "pipelines": [
      {
        "id": <pipeline id>,
        "authorized": true
      }
    ]
  }
]
"@
    
$response = Invoke-RestMethod -Uri $url -Headers @{Authorization = "Basic $token"} -Method PATCH -Body $body -ContentType application/json

$response | ConvertTo-Json -Depth 4

    Output:

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search