How to disable the inheritance in Azure pipelines using a Rest API?
The REST API is not documented, however you can track it by tools such as Fiddler or press F12 in Chrome browser then select Network.
e.g. I can use below REST API to disable inheritance for Azure pipeline code test-CI in below sample:
POST https://dev.azure.com/{Org name}/_apis/Contribution/HierarchyQuery/project/{Project name}?api-version=6.0-preview
Request body:
{
"contributionIds": [
"ms.vss-admin-web.security-view-update-data-provider"
],
"dataProviderContext": {
"properties": {
"changeInheritance": true,
"permissionSetId": "{permissionSetId }",
"permissionSetToken": "{project id}/{build definition ID}",
"inheritPermissions": false,
"sourcePage": {
"url": "https://dev.azure.com/{Org name}/{Project name}/_build?definitionId={Build definition ID}",
"routeId": "ms.vss-build-web.pipeline-details-route",
"routeValues": {
"project": "{Project name}",
"viewname": "details",
"controller": "ContributedPage",
"action": "Execute",
"serviceHost": "{Service account ID} (Org name)"
}
}
}
}
}
Note: If we need to enable inheritance for Azure pipelines, just change the field inheritPermissions value to true
Update1
permissionSetId is namespaceID, we could get it via below REST API:
GET https://dev.azure.com/{Org name}/_apis/securitynamespaces?api-version=6.0
And then search name": "Build" to get the namespaceId
permissionSetToken is {project id}/{build definition ID}, we could get the project id via below REST API:
GET https://dev.azure.com/{organization}/_apis/projects?api-version=6.0
serviceHost value is service account id (Org name), we could get it via below REST API:
GET https://vssps.dev.azure.com/{Org}/_apis/graph/users?api-version=6.0-preview.1
And then search Project Collection Build Service in the request body, the principalName is the service account id
Related
I'm trying to use Keycloak's admin API in order to add a client-level role to the user role mapping. For this purpose I'm using the admin endpoint :
POST /{realm}/groups/{id}/role-mappings/clients/{client}
e.g.:
http://localhost/tests/admin/realms/testrealm/users/d1a15b4c-9853-4d87-9b8d-d4cf3fac3650/role-mappings/clients/3f222762-5300-48f2-be48-32f001d5a7dc
Request body as:
[
{
"id": "32f02358-9312-4b7b-8584-85dcaf257667",
"name": "test_role_app",
"description": null,
"scopeParamRequired": false
}
]
The id in the body request, is the role ID.
Keycloak is responding with error 404 with message:
{
"error": "Role not found"
}
Not sure what is the problem here as the role exists in the system. What could be wrong here?
Turned out to be that I was using the wrong roleId. I had two roles with same name (one at realm level and another one at client level). After using the correct ID everything worked well!
Additionally the whole request body looks like:
[
{
"id": "94cf6502-0375-4b62-a3ae-465d047738c3",
"name": "test_role_app",
"composite": false,
"clientRole": true,
"containerId": "a7e640cb-751d-4caa-81a0-79d38d31e025"
}
]
I have trying this:
url="https://{localhost}/auth/admin/realms/{realm_name}/groups/{group_id}/role-mappings"
payload=[{"id":"role_id","name":"Role_name","composite":"false","clientRole":"true","containerId":"client_id"}]
But, it doesnt work, i think it may be related to the wrong payload
Any ideas pls
We can use the python-keycloak lib: https://pypi.org/project/python-keycloak/
there is a function: assign_group_client_roles
The format is correct but you make sure the client has available payloaded role.
This is example for, "Hr" group added "RomoteApp" client the "tile limit" role.
In Keycloak UI, # Client > RemoteApp > Roles
Role name
time limit
Groups > hr
Client Roles: RemoteApp
Available Roles: time limit
Assigned Roles: not yet include "time limit"
POST commend by Postman - I am not yet can attache image due to low level of stan overflow
http://127.0.0.1:8080/auth/admin/realms/Test-realm/groups/9efef6bf-7edb-496e-bc0d-a8d4f5f4e3a9/role-mappings/clients/60a19179-f244-42f8-9950-04f2119a4e5b?client=RemoteApp&id=60a19179-f244-42f8-9950-04f2119a4e5b&realm=Test-realm
in body of postman with row JSON option ( Content-Type : application/json )
[
{
"id": "e17f9f7f-62dc-4998-b058-49b845ff5cef",
"name": "time limit",
"description": "time limit",
"composite": false,
"clientRole": true,
"containerId": "60a19179-f244-42f8-9950-04f2119a4e5b"
}
]
group list
{
"id": "9efef6bf-7edb-496e-bc0d-a8d4f5f4e3a9",
"name": "hr",
"path": "/hr",
"subGroups": []
}
client list
{
"id": "60a19179-f244-42f8-9950-04f2119a4e5b",
"clientId": "RemoteApp",
...
}
also don't remember the access token called by token endpoint w/ grant_type is password
http://127.0.0.1:8080/auth/realms/Test-realm/protocol/openid-connect/token
How can we create a Azure Pipeline(yaml approach) using Azure Devops rest apis.
Basically I am trying to create a new pipeline programmatically and not through Azure Devops portal
I referred to this link below:
https://learn.microsoft.com/en-us/rest/api/azure/devops/pipelines/pipelines/create?view=azure-devops-rest-6.0
but this does not provide the exact json body format required to create and configure a new pipline pointing to code repo. Kindly help me here
You can first use the Pipelines - Get rest api to check the definition json of the pipeline, and change the fields accordingly.
You can define the request body json as below, when calling Pipelines - Create rest api:
$body = #{
configuration=#{
variables=#{
customVariable=#{
value="value"
}
};
path="azure-pipelines.yml";
repository=#{
id= "repository-id";
name="repository-name"
type= "azureReposGit"
};
type= "yaml"
};
name= "pipeline-name";
folder= "\\"
}
The variables field define the pipeline Variables in the UI Page:
The path field points to pipeline yaml file in the code repo.
The repository field defines the code repo this pipeline targets to.
The folder field defines which folder the pipeline is placed:
If you use Build Definitions - Create rest api to create the yaml pipeline. You can check below request body json example:
$body='{ "variables": {
"customVariable": {
"value": "customValue",
"allowOverride": true
}
},
"process": {
"yamlFilename": "azure-pipelines.yml",
"type": 2
},
"repository": {
"id": "repo-id",
"type": "TfsGit",
"name": "repo-Nanme",
"defaultBranch": "refs/heads/master",
"clean": null,
"checkoutSubmodules": false
},
"name": "pipeline-name",
"path": "\\",
"type": "build",
"queueStatus": "enabled",
"project": {
"id": "project-id",
"name": "project-name"
}
}'
Update:
If you code repo is Githbub. You will have to create a github service connection in your azure devops project. And then pass the connection id in your api resquest body.
$body = #{
configuration=#{
variables=#{
customVariable=#{
value="value"
}
};
path="azure-pipelines.yml";
repository=#{
FullName="githubAccount/repoName";
type= "gitHub";
Connection= #{
id= "github service connection id"
}
};
type= "yaml"
};
name= "pipeline-name";
folder= "\\"
}
You can get the service connection id in the address bar. See below:
I would like to see if there is any api that lists all the tags attached to a specific commit
if there is any api that lists all the tags attached to a specific
commit
For this issue , you can try the below rest api:
Request url:
POST https://dev.azure.com/{org}/_apis/Contribution/dataProviders/query/project/{proId}?api-version=5.1-preview.1
Sample request body:
{
"context": {"properties": {
"repositoryId": "46f31875-9df2-4cc7-9f2f-944cf7280d1c",
"searchCriteria": {
"gitCommitLookupArguments": null,
"gitHistoryQueryArguments": null,
"gitArtifactsQueryArguments": {
"fetchBuildStatuses": false,
"fetchPullRequests": false,
"fetchTags": true,
"startFromVersion": null,
"commitIds": ["1a4b0ea9b5c6fe004eb7a0df3e7fa3f146c0db27"]
},
"gitGraphQueryArguments": null
}
}},
"contributionIds": ["ms.vss-code-web.git-history-view-commits-data-provider"]
}
I catch this api in the Network of browser by pressing F12. Here is my test in postman:
I'm using the AzureRM rest api to communicate to the hypervisor. One of the things I need to do is to reset the local admin password on a VM, however I can't figure out how to reset it.
We could use the Virtual Machine Extensions REST API to do that. It works correctly for me. Following is my detail test info.
1.We need to get the authorization in the request header
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz.......
Content-Type:application/json
2.Add the following info in the request body
{
"properties": {
"publisher": "Microsoft.Compute",
"type": "VMAccessAgent",
"typeHandlerVersion": "2.0",
"autoUpgradeMinorVersion": true,
"settings": {
"UserName": "local admin" //your local admin
},
"protectedSettings": {
"Password": "your reset passord" //match the password policy
}
},
"location": "East Asia"
}
Send the http request with Fiddler.
4 . Successfully remote the VM with reset password.
We also can reset our local admin password in the Azure portal.
You can also use the Azure .NET SDK, which has a wrapper for the create or update call.
I tried and ran into an issue where the VM extension request went through fine and was installed successfully, but the password was not updated.
After attaching fiddler, I saw that my dynamic objects for settings and protectedSettings were not getting properly serialized by the library. The solution was to pass a dictionary down to the VirtualMachineExtensions() constructor instead.
Before:
proxy.VirtualMachineExtensions.BeginCreateOrUpdateWithHttpMessagesAsync(
"<resource group>",
"<vm name>",
"<you name it>",
new Microsoft.Azure.Management.Compute.Models.VirtualMachineExtension(
location: "westus",
publisher: "Microsoft.Compute",
virtualMachineExtensionType: "VMAccessAgent",
typeHandlerVersion: "2.0",
autoUpgradeMinorVersion: true,
settings: new
{
UserName: "<username>"
},
protectedSettings: new
{
Password: "<password>"
}));
After:
proxy.VirtualMachineExtensions.BeginCreateOrUpdateWithHttpMessagesAsync(
"<resource group>",
"<vm name>",
"<you name it>",
new Microsoft.Azure.Management.Compute.Models.VirtualMachineExtension(
location: "westus",
publisher: "Microsoft.Compute",
virtualMachineExtensionType: "VMAccessAgent",
typeHandlerVersion: "2.0",
autoUpgradeMinorVersion: true,
settings: new Dictionary<string, string>()
{
{ "UserName", "<username>" }
},
protectedSettings: new Dictionary<string, string>()
{
{"PassWord", "<password>" }
}));