We want to import process into or azure devops Organization (board /Process) but the feature is disabled. All permissions are set to be allowed.
Permissions list
We try to import process from rest API:
{
"$id": "1",
"innerException": null,
"message": "The feature is disabled. Contact your Azure DevOps Server administrator.",
"typeName": "Microsoft.TeamFoundation.Framework.Server.FeatureDisabledException, Microsoft.TeamFoundation.Framework.Server",
"typeKey": "FeatureDisabledException",
"errorCode": 0,
"eventId": 3000
}
How can we perform this action please or enable this feature ? An import button should be available in or organization.
We also tried to import process from witadmin but or organization is in a cloud (not on premise).
Related
I am attempting to setup inbound Network Security Group rules to permit controlled access from Azure DevOps Pipelines to Azure a public Azure vnet which interfaces with a private Azure vnet containing Azure Container Instances which are running Sonarqube. I've crafted this according to the Azure documents here.
The NSG rule for the inbound traffic from Azure DevOps is leveraging Service Tags, specifically the ‘AzureDevOps’ service tag. My ARM template currently contains these two NSG rules:
{
"name": "inbound-devops-rule",
"properties": {
"description": "Inbound Azure DevOps",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureDevOps",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "InboundRequiredGatewayPorts",
"properties": {
"description": "Inbound AZ admin",
"protocol": "TCP",
"sourcePortRange": "*",
"destinationPortRange": "65200-65535",
"sourceAddressPrefix": "GatewayManager",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 115,
"direction": "Inbound"
}
},
Currently, this does not permit traffic through the NSG rules and into the vnets. The only thing I’ve been able to do to resolve this in my testing has been to create a fully open rule allowing all traffic from all sources in my NSG…obviously not an ideal scenario from a security perspective. I have combed through the documents and attempted dozens of different configurations up to this point, and nothing but open/unprotected NSG configuration has allowed Azure DevOps traffic.
The simple error I am currently getting when attempting to connect to my containerized Azure Sonarqube resources from the Azure DevOps pipelines is:
2022-12-02T19:46:46.7098999Z ##[section]Starting: SonarQubePrepare
2022-12-02T19:46:46.7231846Z ==============================================================================
2022-12-02T19:46:46.7232191Z Task : Prepare Analysis Configuration
2022-12-02T19:46:46.7232466Z Description : Prepare SonarQube analysis configuration
2022-12-02T19:46:46.7232684Z Version : 5.8.0
2022-12-02T19:46:46.7232868Z Author : sonarsource
2022-12-02T19:46:46.7233232Z Help : Version: 5.8.0. [More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2022-12-02T19:46:46.7233633Z ==============================================================================
2022-12-02T19:47:08.4683602Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"errno":"ETIMEDOUT","code":"ETIMEDOUT","syscall":"connect","address":"<REDACTED>","port":80}
2022-12-02T19:47:08.4811763Z ##[section]Finishing: SonarQubePrepare
Based on the rule sample above, is this properly configured to allow traffic from Azure DevOps using Service Tags? Can any additional guidance be provided for setting up NSG rules to allow traffic from my Azure DevOps pipelines to Azure containerized resources?
Azure DevOps Microsoft-hosted agents are using the Service Tag AzureCloud.region instead of Azure DevOps, addressed here: doc
First check your DevOps organization region in DevOps UI.
Then check the region in this Azure Geography
Pay attention to this: To obtain the complete list of possible IP ranges for your agent, you must use the IP ranges from all of the regions that are contained in your geography.
For your reference: if your DevOps organization locates in UK, you must add the service tag for both AzureCloud.uksouth and AzureCloud.ukwest to the NSG Inbound Security Rules to ensure the MS-hosted agents have access to the Azure Resources.
I inherited an existing Azure DevOps Server with about 100 users using it. I'm trying to get an overview about the current permissions and I'm not sure, what's the best way to do that.
What I am looking for is a way to see permissions per group and per user.
I stumbled upon a "permission report", which I should be able to get by the Azure DevOps REST API, but somehow that doesn't work. Here's the response I get:
{
"$id": "1",
"innerException": null,
"message": "The method or operation is not implemented.",
"typeName": "System.NotImplementedException, mscorlib",
"typeKey": "NotImplementedException",
"errorCode": 0,
"eventId": 0
}
Is this "permission report" feature not supported by the Azure DevOps Server (on premise)? Is there another way to get what I'm looking for?
I'm using collections (not organization) in azure devops and trying to add users in teams (under project settings) through Postman REST API.
I can retrieve teams details using PAT auth:
GET https://devops.company.com/tfs/COL/_apis/projects/My-WORK/teams?api-version=6.0
Success Response:
{
"value": [
{
"id": "01xxccrayr-a443-600d-db0d-12435",
"name": "MY-WORK Team",
"url": "",
"description": "team description",
"identityUrl": "xxxx",
"projectName": "MY-WORK",
"projectId": "8540tuyfred-qawsd-fre432-fre3-57wedsa1546thyf"
}
],
"count": 1
}
but unable to add users into specific teams through Postman:
PUT https://devops.company.com/tfs/COL/_apis/GroupEntitlements/{teamID}/members/{memberId}?api-version=6.0
e.g. PUT https://devops.company.com/tfs/COL/_apis/GroupEntitlements/01xxccrayr-a443-600d-db0d-12435/members/anyemailid#not.com?api-version=6.0
Error Response:
<head>
<title>Page not found. - Azure DevOps Server</title>
<style type="text/css">
Also, I tried below urls but didn't work:
How to add team members in Azure Devops via API? Also Groups API does not work
https://learn.microsoft.com/en-us/rest/api/azure/devops/memberentitlementmanagement/members/add?view=azure-devops-rest-5.1
Any input would be helpful, Thank you.
You can use Members – Add to add users to a team in Azure DevOps
You can use below method to add users to a team:
PUT https://vsaex.dev.azure.com/{organization}/_apis/GroupEntitlements/{groupId}/members/{memberId}?api-version=6.0-preview.1
Because teams are also considered as groups in Azure DevOps
Reference: Members - Add - REST API (Azure DevOps Member Entitlement Management) | Microsoft Docs
I recall reading that AzDevOps had an OData feed on collection, project, and server level. When I hit the latter on my AzDevOps 2019.1 box at http://tfs.example.com:8080/tfs/_odata/v1.0/, I get the following error:
{
"innerException": null,
"message": "VS403514: The Analytics feature is not enabled. Details on enabling this feature are available here: https://go.microsoft.com/fwlink/?linkid=2093060.",
"typeName": "Microsoft.VisualStudio.Services.Analytics.AnalyticsNotEnabledException, Microsoft.VisualStudio.Services.Analytics.Server",
"typeKey": "AnalyticsNotEnabledException",
"errorCode": 0,
"eventId": 3000
}
Analytics is enabled for every collection on the server. All collection level OData feeds work. If there's a server-level "Enable Analytics" setting, I couldn't find it - neither in the Web UI, nor in the admin console. What am I missing?
Sorry but as I know there's no server-level Analytics.
Azure Devops Service and Azure Devops Server use organization (In Azure Devops Server it's called team collection) and project to manage the work. The server you mentions above represents all the organizations in one Azure Devops Server while all the Rest APIs and Odata tasks are for Org-level or Project-level.
Previously we have used Author deployment for authentication, but it get disabled after 14 days of inactive, So i tried service Principal authentication but is does't work and throw the below error while running activity in datafactory
Cannot resolve DataLakeAnalyticsUri '', Please change or remove DataLakeAnalyticsUri and have a try.
{
"name": "AzureDataLakeAnalyticsLinkedService",
"properties": {
"type": "AzureDataLakeAnalytics",
"typeProperties": {
"accountName": "accountName",
"dataLakeAnalyticsUri":"azuredatalakeanalytics.net",
"subscriptionId": "subscription Id",
"resourceGroupName": "resource Group Name",
"servicePrincipalId":"service Principal Id",
"servicePrincipalKey":"service Principal Key",
"tenant":"tenant id"
}
}
}
Updated answer:
Note: User accounts that are managed by Azure AD expires 14 days after the last slice run.
To avoid or resolve this error, reauthorize by selecting the Authorize permissions when the token expires. Then, redeploy the linked service.
To resolve the issue, make sure to pass the "dataLakeAnalyticsUri":"<azure data lake analytics URI>".
Example: "dataLakeAnalyticsUri": "azuredatalakeanalytics.net"
For more details, refer "Transform data by running U-SQL scripts on Azure Data Lake Analytics".
Hope this helps.