Publishing release notes to TFS/VSTS Wiki during Release - azure-devops

My mission is to generate and publish release notes on WIKI automatically when ever the release triggered, for this I am following this Blog, its very handy blog, but my bad luck still not able to create wiki page with release template. (using both Azure DevOps and TFS)
Template:
**Build Number** : $($build.buildnumber)
**Build started** : $("{0:dd/MM/yy HH:mm:ss}" -f [datetime]$build.startTime)
**Source Branch** : $($build.sourceBranch)
###Associated work items
##WILOOP##
* #$($widetail.id)
##WILOOP##
###Associated change sets/commits
##CSLOOP##
* **ID $($csdetail.changesetid)$($csdetail.commitid)**
>$($csdetail.comment)
##CSLOOP##
PowerShell Script
$content = [IO.File]::ReadAllText("$(System.DefaultWorkingDirectory)\releasenotes.md")
$data = #{content=$content;} | ConvertTo-Json;
$params = #{uri = '$(WikiPath)';
Method = 'PUT';
Headers = #{Authorization = "Bearer $(System.AccessToken)" };
ContentType = "application/json";
Body = $data;
}
Invoke-WebRequest #params
Please guide me what I am doing wrong

After testing, we find that the PowerShell script in your mentioned blog uses this Rest API: Pages - Create Or Update, thus the wikipath is the requested url like below format:
https://dev.azure.com/{organization}/{project}/_apis/wiki/wikis/{wikiIdentifier}/pages?path={path}&api-version=6.0
For example, we create a project wiki named scrum-test.wiki, and want to create a new wiki page named Release notes, the url would like below
https://dev.azure.com/{organization}/{project}/_apis/wiki/wikis/scrum-test.wiki/pages?path=Release notes&api-version=6.0
If we now want to create a child wiki page named 0.1.0 under Release notes page, the url would be like below
https://dev.azure.com/{organization}/{project}/_apis/wiki/wikis/scrum-test.wiki/pages?path=Release notes/0.1.0&api-version=6.0
In addition, using AccessToken we always get error which says that "The wiki page operation failed with message : User does not have write permissions for this wiki." even we grant full wiki permissions for identity: {project name} Build Service ({organization name}), so we use PAT authentication with full access and it works fine with below PowerShell script.
$content = [IO.File]::ReadAllText("$(System.DefaultWorkingDirectory)\releasenotes.md")
$data = #{content=$content;} | ConvertTo-Json;
$connectionToken="PAT here"
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($connectionToken)"))
$params = #{uri = '$(WikiPath)';
Method = 'PUT';
Headers = #{Authorization = "Basic $base64AuthInfo" };
ContentType = "application/json";
Body = $data;
}
Invoke-WebRequest #params

Check access to System.AccessToken on the job level: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=classic
Additionally, check permissions on your wiki

Related

Teams Webhook error: Invoke-RestMethod: Bad payload received by generic incoming webhook

I'm using configured Teams webhook in my Powershell script and keep encountering the mentioned error message. What's strange, is that this exact method of configuring Webhook worked a few months ago on a different script.
Here's what I'm trying to do:
#Set URI of the Teams channel Webhook
$URI = 'https:....'
#Define Rest Method Parameters for the Teams Webhook sending
$RestMethodParameters = #{
"URI" = $URI
"Method" = 'POST'
"Body" = $null
"ContentType" = 'application/json'
}
$JSONBody = #{
"#type" = "MessageCard"
"#context" = "http://schema.org/extensions"
"themeColor" = '0078D7'
}
#Adding text to title and body
$JSONBody += #{
"title" = "'costReport-func' Function for connecting AzAccount has failed"
"text" = "Function failed at connection to AzAccount step."
}
#Sending the message to Teams
($RestMethodParameters).Body += ConvertTo-Json $JSONBody
Invoke-RestMethod #RestMethodParameters
And with this I'm getting "Bad payload received by generic incoming webhook." error message. What is causing the issue here?
Update: Microsoft has released a preview version (2.1.0) of the Teams PowerShell module which works properly with modern authentication. It’s likely that this version will be pushed through to general availability quite quickly.
Please go through this link for more information.

Getting restrictions from Confluence page

I'm not very savvy with web API calls, but I've been using the following powershell code (this site in this example is one I found that has some public data... my site is internal and requires I pass the credential, which has been working for me without issue):
If(-not (Get-InstalledModule -Name 'ConfluencePS')){Install-Module ConfluencePS}
Import-Module ConfluencePS
Set-ConfluenceInfo -BaseUri "https://wiki.opnfv.org"
$space = Get-confluencepage -Spacekey ds
ForEach($item in $space)
{
$splatParams = #{
Uri = "https://wiki.opnfv.org/rest/api/content/$($item.ID)/restriction"
ContentType = 'application/json'
method = 'GET'
}
#reference https://developer.atlassian.com/cloud/confluence/rest/#api-api-content-id-restriction-get
Invoke-RestMethod #splatParams
}
The documentation for the ConfluencePS shows that restrictions is still an open feature request but I need to get this working for a project.
I put a breakpoint in on line 982 from ConfluencePS.psm1 and was able to see the various calls and how the params are structured but when I try to mimic it (and change the URI based on the confluence documentation) I get an error "HTTP error 405 - MethodNotAllowed". Anyone have suggestions on how I can get this working? I'm trying to return back the permissions applied for all pages in a specific space.
Get Restrictions by Content ID
As you found out by yourself, it is required to add "byOperation".
I was able to get the restrictions of a specific page with the following code:
# for testing purposes ONLY, I've specified the URL and ID
$wikiUrl = "https://wiki.opnfv.org"
$itemId = "6820746"
$splatParams = #{
Uri = "$wikiUrl/rest/api/content/$itemId/restriction/byOperation"
ContentType = 'application/json'
method = 'GET'
}
$result = Invoke-RestMethod #splatParams
Tested on version 6.0.4 and 6.15.9
Filter by user name
If you like to filter the result by a specific username, you can use the following URI:
"$wikiUrl/rest/api/content/$itemId/restriction/byOperation/.../user?userName=".
Bt, there's an open bug on this way of action:
restriction returns ambiguous responses

Encrypt JSON Web Token as RSA RS256 in Powershell with a RSA private key

I am stuck, I am trying to sign a Json Web Token for Docusign. https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken Docusign just provides a RSA private and public key hash. That's it. The JWT must signed using RS256.
I found a JWT module https://www.powershellgallery.com/packages/JWT/1.1.0 but that requires that I have the certificate installed. But all I have is the key hash.
Levering some other code I found I was able to create a JWT token , although with the wrong algorithm. https://www.reddit.com/r/PowerShell/comments/8bc3rb/generate_jwt_json_web_token_in_powershell/
I've been trying modify it to use the RSACryto provider by creating a new object but ive been unsuccessful.
I tried to create a new object and see if I can some how import the key so that I can sign the token. But I cant seem to be able to do that.
$rsa = New-Object -TypeName System.Security.Cryptography.RSACryptoServiceProvider
$keyhash = "-----BEGIN RSA PRIVATE KEY-----
XXXXXX
-----END RSA PRIVATE KEY-----"
$blob = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($keyhash))
I tried to use the ImportCspBlob method but it requires that the string is converted to bytes but I cant seem to do that either.
Im not sure if I am even approaching this int he correct fashion. Ive been getting errors of either
Exception calling "ImportCspBlob" with "1" argument(s): "Bad Version of provider.
or
Cannot convert value to type "System.Byte". Error: "Input string was not in a correct format."
EDIT:
I have a work around using Node.js, although id still like to see if it is possible to do what I am trying to do natively in Powershell . This work aroun might be useful for some as there does not seem to be many references for using Powershell and Docusign API.
I found a node.JS script here that creates a JWT Token using the RS256 algorithm. https://github.com/BlitzkriegSoftware/NodejwtRSA ,
I stripped out all the extra stuff so the output to the console is only the token, and added the relevant scope to the "payload data" and under the sign options updated the sub, aud, and iss. The my RSA Private key was stored locally on the system in a file.
nodejs script - My modified version below
'use strict';
const path = require('path');
const fs = require('fs');
// https://github.com/auth0/node-jsonwebtoken
var jwt = require('jsonwebtoken');
// Private Key (must read as utf8)
var privateKey = fs.readFileSync('./rsatest.pk','utf8');
// Sample claims payload with user defined fields (this can be anything, but briefer is better):
var payload = { };
// Populate with fields and data
payload.scope = "signature impersonation";
// Values for the rfc7519 fields
var iss = "XXXXX-XXXX-XXX-XXX-XXX";
var sub = "XXXXX-XXXX-XXX-XXX-XXX";
var aud = "account-d.docusign.com";
// Expiration timespan: https://github.com/auth0/node-jsonwebtoken#token-expiration-exp-claim
var exp = "1h";
// JWT Token Options, see: https://tools.ietf.org/html/rfc7519#section-4.1 for the meaning of these
// Notice the `algorithm: "RS256"` which goes with public/private keys
var signOptions = {
issuer : iss,
subject: sub,
audience: aud,
expiresIn: exp,
algorithm: "RS256"
};
var token = jwt.sign(payload, privateKey, signOptions);
console.log(token)
process.exitCode = 0;
I called it from Powershell and feed the access token back into my script so i can then get my access token and start making my API calls.
#get the JWT token
$token = & node C:\temp\nodejwt.js
# Generate Header for API calls.
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/x-www-form-urlencoded")
$body ="grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$token"
$authuri = "https://account-d.docusign.com/oauth/token"
#send the JWT and get the access token
$accesstoken = Invoke-RestMethod -Method post -Uri $authuri -Headers $headers -Body $body -Verbose
$getheaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$getheaders.Add("Content-Type", "application/json")
$getheaders.Add('Authorization','Bearer ' + $accesstoken.access_token)
$geturi = "https://account-d.docusign.com/oauth/userinfo"
#use the access token to make api calls
Invoke-RestMethod -Method get -Uri $geturi -Headers $getheaders
I also had the same problem and was stuck.I used Python to get JWT. Be sure to install PyJWT and cryptography library.
$ pip install PyJWT
$ pip install pyjwt[crypto]
import time
import jwt
from datetime import datetime, timedelta
private_key= b'-----BEGIN PRIVATE KEY-----
`-----END PRIVATE KEY-----\n'
encoded_jwt = jwt.encode({
"iss":"<service account e-mail>",
"scope":"",
"aud":"",
"exp":int(time.time())+3600,
"iat":int(time.time())
}, private_key, algorithm='RS256')
encoded_jwt

Can ExtensionDataService be used from a PowerShell-based VSTS build task?

I have created a PowerShell-based build task for Visual Studio Team Services (formerly Visual Studio Online). I have implemented the majority of the functionality I need, but for the last bit of functionality I need to be able to persist a small amount of data between builds.
The ExtensionDataService seems like exactly what I want (in particular, the setValue and getValue methods), but the documentation and examples I have found are for node.js-based build tasks:
VSS.getService(VSS.ServiceIds.ExtensionData).then(function(dataService) {
// Set a user-scoped preference
dataService.setValue("pref1", 12345, {scopeType: "User"}).then(function(value) {
console.log("User preference value is " + value);
});
The previous page also has a partial example of calling the REST API, but I have gotten 404 errors when trying to use it to either save or retrieve values:
GET _apis/ExtensionManagement/InstalledExtensions/{publisherName}/{extensionName}/Data/Scopes/User/Me/Collections/%24settings/Documents
{
"id": "myKey",
"__etag": -1,
"value": "myValue"
}
Can PowerShell be used to access the ExtensionDataService, either by using a library or by calling the REST API directly?
You can call REST API through PowerShell.
Set value (Put request):
https://[vsts name].extmgmt.visualstudio.com/_apis/ExtensionManagement/InstalledExtensions/{publisherName}/{extension id}/Data/Scopes/User/Me/Collections/%24settings/Documents?api-version=3.1-preview.1
Body (Content-Type:application/json)
{
"id": "myKey",
"__etag": -1,
"value": "myValue"
}
Get value (Get request):
https://[vsts name].extmgmt.visualstudio.com/_apis/ExtensionManagement/InstalledExtensions/{publisherName}/{extension id}/Data/Scopes/User/Me/Collections/%24settings/Documents/mykey?api-version=3.1-preview.1
The publisher name and extension id could be get in package json file (e.g. vss-extension.json)
Regarding call REST API through PowerShell, you can refer to this article: Calling VSTS APIs with PowerShell
Simple sample to call REST API:
Param(
[string]$vstsAccount = "<VSTS-ACCOUNT-NAME>",
[string]$projectName = "<PROJECT-NAME>",
[string]$buildNumber = "<BUILD-NUMBER>",
[string]$keepForever = "true",
[string]$user = "",
[string]$token = "<PERSONAL-ACCESS-TOKEN>"
)
# Base64-encodes the Personal Access Token (PAT) appropriately
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$token)))
$uri = "https://$($vstsAccount).visualstudio.com/DefaultCollection/$($projectName)/_apis/build/builds?api-version=2.0&buildNumber=$($buildNumber)"
$result = Invoke-RestMethod -Uri $uri -Method Get -ContentType "application/json" -Headers #{Authorization=("Basic {0}" -f $base64AuthInfo)}
PowerShell script to get the base URL:
Function GetURL{
param([string]$url)
$regex=New-Object System.Text.RegularExpressions.Regex("https:\/\/(.*).visualstudio.com")
$match=$regex.Match($url)
if($match.Success)
{
$vstsAccount=$match.Groups[1]
$resultURL="https://$vstsAccount.extmgmt.visualstudio.com"
}
}
GetURL "https://codetiger.visualstudio.com/"

How to add a text file or xml content to a TFS WorkItem description in Powershell?

I want to add some description in a TFS Workitem using powershell.
I wrote following code:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Client")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.WorkItemTracking.Client")
# Get TFS server and query from WIQ file
[xml]$WiqlXML = Get-Content $WiqPath
[String]$TFSservername = $WiqlXML | % {$_.WorkItemQuery.TeamFoundationServer}
[String]$queryString = $WiqlXML | % {$_.WorkItemQuery.Wiql}
$teamProjectCollection = [Microsoft.TeamFoundation.Client.TfsTeamProjectCollectionFactory]::GetTeamProjectCollection($TFSservername)
# Get workitem collection from TFS Project
$ws = $teamProjectCollection.GetService([type][Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore])
$wis = $ws.Query($queryString);
[Net.WebClient] $request = New-Object Net.WebClient
$request.UseDefaultCredentials = $true
foreach($wi in $wis)
{
$wi.Description += "`r`n========================================================"
$wi.Description += "<xml>content</xml>"
}
But, in the workitem only ======================================================== is added
All of your content is added, however as it is an HTML box it is not rendered and disappears.
You need to HTML encode your xml before adding it to the description field.