I am trying to create GitHub service connection using azure Devops rest api -
In postman I put following Json Body-
{
"name": "release-1",
"type": "github",
"url": "https://github.com",
"authorization": {
"scheme": "PersonalAccessToken",
"parameters": {
"accessToken": "<Github_Personal_Access_Token>"
}
}
}
This Creates service connection but It gives error when I open service connection in UI and try to verify but if I edit and replace with same Github token In UI then it works. seems like its not taking token I am providing in Json body -
I also see information here on this ongoing issue - https://ljvmiranda921.github.io/notebook/2019/12/28/workaround-azure-github-pat/
I want to automate GitHub service connection creation.
How to create GitHub service connection using Azure Devops rest api ?
How to create GitHub service connection using Azure Devops rest api ?
Are you creating this GitHub service connection?
If so, you should use EndPoints-Create API and your Json Body can follow this format:
{
"authorization": {
"scheme": "Token",
"parameters": {"AccessToken": "YourGitHubPAT"}
},
"data": {},
"description": "",
"name": "YourServiceConnectionName",
"serviceEndpointProjectReferences": [{
"description": "",
"name": "YourServiceConnectionName",
"projectReference": {
"id": "YourProjectID",
"name": "YourProjectName"
}
}],
"type": "github",
"url": "https://github.com",
"isShared": false
}
We should enter the value of YourGitHubPAT, YourServiceConnectionName(twice in two points), YourProjectID and YourProjectName with your own values to make the body work. We can get YourProjectID via Projects-List API.
After running that in PostMan, I can verify it successfully without issues. I guess your issue may have something to do with your parameters. Use
"authorization": {
"scheme": "Token",
"parameters": {"AccessToken": "<Github_Personal_Access_Token>"}
},
Instead of
"authorization": {
"scheme": "PersonalAccessToken",
"parameters": {"accessToken": "<Github_Personal_Access_Token>"}
Update about how to enable grant access to all pipelines:
Dislike other elements like Token, Name and Description, Grant Access Permissions to all pipelines option is managed by another API.
API to enable this option:
https://dev.azure.com/{YourOrganizationName}/{YourProjectName}/_apis/pipelines/pipelinePermissions/endpoint/{YourEndPointID}?api-version=5.1-preview.1
Body:
{
"resource": {
"id": "YourEndPointID",
"type": "endpoint",
"name": ""
},
"pipelines": [],
"allPipelines": {
"authorized": true,
"authorizedBy": null,
"authorizedOn": null
}
}
Note: We need to enter EnterPointID in URL and Body. (Twice!)
In PostMan, you should use PATCH method and application/json type. The YourEndPointID is ServiceConnectionID, you can get this value from EndPoints-Create API's response.
So normally to create a service connection with "Grant Access to All..." enabled, we should run Endpoints-Create first and then run the second API to enable this option.
(And this is the same behavior in Web Portal. When we click Verify and Save button in web browser, it actually also calls these two APIs to complete the process.)
Related
Having looked through the Azure DevOps REST API documentation, and a few failed attempts at guessing the endpoint, there doesn't appear to be any mention of how to view or create 'Approvals and checks' associated with a given service connection:
https://learn.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints?view=azure-devops-rest-6.1
Are there any ideas on how to do this, or where the Rest API documentation for approvals/checks for service connections are?
For background information, when creating a service connection via the REST API we are aiming to assign a check to the service connection so that it uses a given YAML template, as the service connections themselves are already being created as part of an automated flow.
You can use an unrecorded REST API:
POST https://dev.azure.com/{organization}/{project}/_apis/pipelines/checks/configurations?api-version=5.2-preview.1
Here is an example of its request body:
{
"type": {
"name": "ExtendsCheck"
},
"settings": {
"extendsChecks": [
{
"repositoryType": "git",
"repositoryName": "{project}/{repository}",
"repositoryRef": "refs/heads/master",
"templatePath": "templates.yml"
}
]
},
"resource": {
"type": "endpoint",
"id": "{service connection id}",
"name": "{service connection name}"
}
}
To get the service connection id, you can use the REST API Endpoints - Get Service Endpoints or Endpoints - Get Service Endpoints By Names.
I developed a side-by-side app using Java + SAP Cloud SDK (Neo). The app adds records to a custom business object.
The app was working fine when I concluded development in February. Now, I need to do some additional improvements, but I can add records anymore.
I am getting the error SCBO_AUTHORIZATION/000 - You are not authorized to create XXXXXXX instance.
I assigned CBO to a business role, the custom communication scenario along with communication arrangement is in place. I tested already the service (metadata) and the user is not locked.
Here´s the error sent back from the backend:
2020 05 27 19:36:55#+00#ERROR#com.sap.cloud.extensibility.services.CockpitServiceImp##PHENRIQUE#https-jsse-nio-8041-exec-8#na#fzrl99axqb#csccapplication2#web#fzrl99axqb#na#na#na#na#Error building up cockpit. com.sap.cloud.sdk.s4hana.datamodel.odata.helper.ODataVdmErrorResultHandler$ErpODataException: The endpoint responded with HTTP error code 400.
You're not authorized to create CSCCOCKPIT instance.
Full error message:
{
"error": {
"code": "SCBO_AUTHORIZATION/000",
"message": {
"lang": "en",
"value": "You\\u0027re not authorized to create CSCCOCKPIT instance."
},
"innererror": {
"application": {
"component_id": "BC-ESI-ESF-GW",
"service_namespace": "/SAP/",
"service_id": "YY1_CSCCOCKPIT_CDS",
"service_version": "0001"
},
"transactionid": "338BDCAE69170270E005EC3E361F2498",
"timestamp": "20200527193655.5607910",
"Error_Resolution": {
"SAP_Transaction": "For backend administrators: use ADT feed reader \\"SAP Gateway Error Log\\" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details",
"SAP_Note": "See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)"
},
"errordetails": [
{
"code": "SCBO_AUTHORIZATION/000",
"message": "You\\u0027re not authorized to create CSCCOCKPIT instance.",
"propertyref": "",
"severity": "error",
"transition": true,
"target": ""
}
]
}
}
}
Could someone give a clue on where could the issue be?
BR,
Pietro
The error happened because all the fields in the custom business object in S/4Hana Cloud were set as "read-only".
I'm looking for help of somebody who knows something about Jira add-ons.
I'm trying to implement Jira add-on with an ability to create issues on behalf of a user.
So, I completed all steps (as I think) leading me to my goal, but I faced a problem with impersonating. When I try to create an issue using Jira REST API, I receive the following error:
{
"error": "Add-on 'com.example.myapp' disallowed to impersonate the user because 'no valid active user exists'"
}
What was done:
Folowing the getting started tutorial I created the add-on descriptor:
{
"name": "Hello World",
"description": "Atlassian Connect app",
"key": "com.example.myapp",
"baseUrl": "https://url.ngrok.io",
"vendor": {
"name": "Example, Inc.",
"url": "http://example.com"
},
"authentication": {
"type": "jwt"
},
"scopes": [
"act_as_user",
"read",
"write",
],
"lifecycle": {
"installed": "/api/created",
},
"apiVersion": 1
}
I also implemented webhook to handle 'installed' callback from add-on like described here. So, when a user installs the add-on the webhook will receive the following object:
{
'key': 'com.example.myapp',
'clientKey': '<client key>',
'oauthClientId': '<OAuth client ID>',
'publicKey': '<public key>',
'sharedSecret': '<shared secret>',
'serverVersion': '100095',
'pluginsVersion': '1.250.0',
'baseUrl': 'https://<user's domain>.atlassian.net',
'productType': 'jira',
'description': 'Description',
'eventType': 'installed'
}
Using this data I generated JWT signed with the shared secret like described in the tutorial. So, my JWT payload includes the following claims:
{
'iss': 'urn:atlassian:connect:clientid:<OAuth client ID>',
'sub': 'urn:atlassian:connect:useraccountid:<client key>',
'tnt': 'https://<user's domain>.atlassian.net',
'iss': '<created at>',
'exp': '<created at + 1 minute>'
}
The next step I performed is access token generation using auth.atlassian.io/oauth2/token endpoint and the following parameters:
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<my JWT>&scope=ACT_AS_USER READ WRITE
The result of all these actions is an access token witch I can use to perform REST API requests. But the error described above returned every time I try to create Jira issue performing POST [user's domain].atlassian.net/rest/api/2/issue/ with Authorization: Bearer [access_token] header.
What I've noticed is that account ID in installed callback object (clientKey) has 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' (uuid) format. But when I open my account in Jira (account in witch the add-on is installed) I see that the account ID in URL has 'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' format. I prepended the subject in my JWT payload with YYYYYY part:
'sub': 'urn:atlassian:connect:useraccountid:'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
and generated a new access token using this JWT. I've used new access token to create an issue and it was successfully created, the reporter of the issue is a user installed my add-on, just like I wished.
Finally, the question is: where can I find that YYYYYY part for my add-on? How to get it automatically? What I've missed following the tutorials? Any help will be appreciated.
Thank you!
to automate contract testing by leveraging pact broker webhooks, I created customized contract_content_changed event with a jenkins job. but when I was trying to add webhook for customer pipeline which is triggered by verification result publishing, it failed several times.
{"consumer": {
"name": "Consumer Service"
},
"provider": {
"name": "Provider Service"
},
"events": [
{
"name": "provider_verification_published"
}
],
"request": {
"method": "POST",
"url": "http://jenkinsserver/jobforconsumerdeployment",
"headers": {
"Accept": "application/json"
},
"body": {"VerificationResultURL","${pactbroker.verificationResultUrl}"
}
}
after removing body element, it created successfully.
by passing body to customer job, it could parse fail/pass and decide whether deployment should go or not go.
if body is not allowed, how consumer pipeline to get the result and continue next step (or stop deployment)?
I am referring to Pact Broker Webhooks.
Configure Jenkins job to "Trigger builds remotely" from Build Triggers section
Generate Jenkins-Crumb by the following link
Steps to create Jenkins-Crumb
Following post request in Pact-Broker is working fine for me on my
local jenkins setup (need to check jenkin permissions to enable
web-hook execution)
{
"events": [{
"name": "provider_verification_published"
}],
"request": {
"method": "GET",
"url": "http://username:password#jenkins_url/job/jenkin_consumer/build?token=abc",
"user" : "username:password",
"headers": {
"Jenkins-Crumb": "c787ce16220300f5ef8287a4474d9acxd"
}
}
}
if body is not allowed, how consumer pipeline to get the result and
continue next step (or stop deployment)?
Yes, body is not allowed in case of 'provider_verification_published' event. So to confirm the verification results, we need to use "can-i-deploy" cli to deply or stop the deployment can-i-deploy. More information provided on Pact Broker Webhooks
Question:
After adding a new BIM 360 Docs project using the API, how do I activate it for Document Management using the APIs? Following online tutorial does not yield expected results.
Background:
I was trying to follow a tutorial to create a BIM 360 Docs project and activate it for Document Management, as it's listed here. Project creation itself is a breeze, however the step required to activate a service does not work as outlined.
Here are my individual steps:
Create BIM 360 Project with HTTP POST https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects
Created project information is returned in the response, including new project id and status, which is pending.
Attempt to add project admin and activate a service as outlined here
i. Add Project Admin - Method 1 - Documentation here lists endpoint capable of adding a project admin to a specific BIM 360 project and service type.
HTTP POST https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users
{
"role":"project_admin",
"service_type":"doc_manager",
"company_id":"{{BIM360CompanyId}}",
"email":"user#email.com"
}
Response: HTTP 404 Not Found
{
"code": 1004,
"message": "this project doesn't exist."
}
ii. Add Project Admin - Method 2 - Documentation here lists endpoint capable of adding users (project admin and project user) to a project.
HTTP POST https://{{ForgeURL}}/hq/v2/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users/import
[
{
"email": "user#email.com",
"services": {
"document_management": {
"access_level": "admin"
},
"project_administration": {
"access_level": "admin"
}
},
"company_id": "{{BIM360CompanyId}}",
"industry_roles": []
}
]
Response: HTTP 200 OK, but... it's a failure
{
"failure": 1,
"success": 0,
"success_items": [],
"failure_items": [
{
"email": "user#email.com",
"services": {
"document_management": {
"access_level": "admin"
},
"project_administration": {
"access_level": "admin"
}
},
"company_id": "716a5472-a69c-4c07-aa0c-9e54e98ff28f",
"industry_roles": [],
"errors": [
{
"message": "Services [\"document_management\"] are not active or pending in project",
"code": 2000
}
],
"project_id": "1b6f2179-8f2f-4fa7-907b-901aee7224be",
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
]
}
One can see that it complains about Services [\"document_management\"] are not active or pending in project. project_administration had to be included, otherwise it would have also complained about service project_administration required if any access_level is set as admin.
However, I can see the project using BIM 360 Docs web app Account Admin though as Inactive.
Attempt to activate a project using HTTP PATCH https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects/{{BIM360ProjectId}} returns
{
"code": 1001,
"message": "You cannot change the status of a project that has no project admin."
}
iii. Add Project Admin - Method 3 - Documentation here lists endpoint capable of updating a user’s profile for a project, including the user’s access level for the project (admin or user).
HTTP PATCH https://{{ForgeURL}}/hq/v2/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users/{{BIM360UserId}}
{
"services": {
"document_management": {
"access_level": "user"
}
},
"company_id": "{{BIM360CompanyId}}"
}
Response: HTTP 200 OK, but it's a failure
{
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"project_id": "1b6f2179-8f2f-4fa7-907b-901aee7224be",
"error": [
{
"message": "User does not exist in project",
"code": 2000
},
{
"message": "Services [\"document_management\"] are not active or pending in project",
"code": 2000
}
]
}
Long story short, I am unable to add project admin using any of the methods available.
What's more, when I add a Project Administrator there using Project Admin \ Services \ Document Management section the project status turns into Active and I am suddenly able to activate a service as outlined here.
The endpoint documentation has incorrect information pointing to payload containing
"service_types": "field"
creating a BIM 360 project with the project information that is accessible and available for all BIM 360 services, which is not what happens. One has to explicitly specify service type, e.g.
"service_types": "doc_manager"
or according to this documentation
If nothing specified, the project will be created for all the enabled
services in the account.
This allows to add a project admin using a Method 1 outlined in my question.