I want to know how to create several repos with their respective branches, but the branches created do not respect the hierarchy example:
DEV based on PRD(master)
FTR based on DEV
DEV-based REL
EXCUSE THE ENGLISH, USE A TRANSLATOR
$repository = "ECOMP_CORE_LG"
$newBranch = "REL/ECOMP_CORE_PDF/ECOMP_CORE_PDF-4080-re"
$baseBranch = "DEV/ECOMP_CORE_PDF/ECOMP_CORE_PDF-dev"
$organization = "XXXXXXX"
$project = "XXXXXX"
$pat = "TOKEN"
$base64AuthInfo =
[System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$pat"))
$headers = #{ Authorization = "Basic $base64AuthInfo" }
# Get ID of the base branch
$url = "https://dev.azure.com/$organization/$project/_apis/git/repositories/$repository/refs?
filter=heads/$baseBranch&api-version=5.1"
$baseBranchResponse = Invoke-RestMethod -Uri $url -ContentType "application/json" -headers
$headers -Method GET
# Create a new branch
$url = "https://dev.azure.com/$organization/$project/_apis/git/repositories/$repository/refs?
api-version=5.1"
$body = ConvertTo-Json #(
#{
name = "refs/heads/$newBranch"
newObjectId = $baseBranchResponse.value.objectId
oldObjectId = "0000000000000000000000000000000000000000"
})
$response = Invoke-RestMethod -Uri $url -ContentType "application/json" -Body $body -headers
$headers -Method POST
Related
Trying to use the Databricks API to work with resources programmatically. I am using this microsoft documentto authenticate with a service principal.
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token
But I'm getting the following error
"Invoke-RestMethod : {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named
https://management.core.azure.com was not found in the tenant"
This is my full script. What am I missing?
$ApiCommand = "clusters/get"
$DataBrick = "https://adb-3522222096750220.0.azuredatabricks.net"
$DataBricksResourceID = ""
$VaultName = ""
$KeyName = ""
$apiEndpointUri = "https://management.core.azure.com"
$tenantId = ""
$applicationId = ""
$secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name $KeyName -AsPlainText
$RequestAccessTokenUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = "grant_type=client_credentials&client_id=$applicationId&client_secret=$secret&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
$Managementbody = "grant_type=client_credentials&client_id=$applicationId&client_secret=$secret&resource=$apiEndpointUri"
$contentType = 'application/x-www-form-urlencoded'
$AccessToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType $contentType
Write-Output $AccessToken
$ManagementToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $Managementbody -ContentType $contentType
Write-Output $ManagementToken
$apiuri = $DataBrick +"/api/2.0/$ApiCommand"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $AccessToken.access_token)
$headers.Add("X-Databricks-Azure-SP-Management-Token", $ManagementToken.access_token)
$headers.Add("X-Databricks-Azure-Workspace-Resource-Id", $DataBricksResourceID)
Invoke-RestMethod -Uri $apiuri -Headers $headers
The trailing / character in the management endpoint URI is really important - you need to specify it as in the documentation: https://management.core.windows.net/
You can also add this SP into the workspace itself, then you will need to get only one AAD token (see the docs).
I'm trying to get a list of all the secrets in each of my key vaults and I'm using Microsofts documentation at this URL.
https://learn.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets#secretlistresult
It states that if you do not set maxresults it will default to 25. It does however throw this error in my powershell script when i try to set it higher than 25.
{"error":{"code":"BadParameter","message":"invalid maxresults"}}
From the documentation the endpoint does not appear to contain any pagination or way to get more than 25 random secrets. This seems to make the endpoint pretty useless as there are no ways to filter the listings.
The command I'm using to get the list is this.
$uri = ""https://$($Vault).vault.azure.net/secrets?api-version=7.1&maxresults=26""
Invoke-RestMethod -Method Get -Uri $uri -Headers $headers
As Gaurav said in the comment, you need to use nextLink to get the result of next page.
There is my test code with do-until:
$LoginUrl = "https://login.microsoft.com"
$RresourceUrl = "https://vault.azure.net/.default"
$ClientID = ""
$ClientSecret = ""
$TenantName = ""
# Compose REST request.
$Body = #{ grant_type = "client_credentials"; scope = $RresourceUrl; client_id = $ClientID; client_secret = $ClientSecret }
$OAuth = Invoke-RestMethod -Method Post -Uri $LoginUrl/$TenantName/oauth2/v2.0/token -Body $Body
# Check if authentication was successfull.
if ($OAuth.access_token) {
# Format headers.
$HeaderParams = #{
'Content-Type' = "application\json"
'Authorization' = "Bearer $($OAuth.access_token)"
}
# Create an empty array to store the result.
$QueryResults = #()
$Uri = "https://<your-key-vault-name>.vault.azure.net/secrets?api-version=7.1"
# Invoke REST method and fetch data until there are no pages left.
do {
$Results = Invoke-RestMethod -Headers $HeaderParams -Uri $Uri -UseBasicParsing -Method "GET" -ContentType "application/json"
$Results.nextLink
if ($Results.value) {
$QueryResults += $Results.value
}
else {
$QueryResults += $Results
}
$Uri = $Results.nextLink
} until (!($Uri))
# Return the result.
$QueryResults
}
else {
Write-Error "No Access Token"
}
I have been working on a requirement with a release API to retain all the production releases.
Code -
param (
[string]$token="",
[string]$collection="",
[string]$projectName =""
)
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $token)))
$response = Invoke-RestMethod "https://vsrm.dev.azure.com/$collection/$projectName/_apis/release/definitions?`$expand=Environments&`$top=1000&api-version=6.0" -Method 'GET' -Headers #{Authorization = ("Basic {0}" -f $base64AuthInfo)}
foreach ($releaseDefinition in $response.value){
write-host $releaseDefinition.name
write-host $releaseDefinition.id
$releaseDefinitionid = [convert]::ToInt32($releaseDefinition.id)
write-host "--------------------------------------------------"
[string] $releases = "https://vsrm.dev.azure.com/$collection/$projectName/_apis/release/releases?definitonid="
[string] $defid = $releaseDefinitionid
[string] $geturl = $releases + $defid + "&api-version=6.0"
$releaseresult = Invoke-RestMethod $geturl -Method 'GET' -Headers #{Authorization = ("Basic {0}" -f $base64AuthInfo)}
#Write-Host $releaseresult.value
#Write-host $releaseresult.keepForever
foreach ($retain in $releaseresult.value)
{
Write-host $retain.id
$temp = $retain.id.ToString()
$id = "https://vsrm.dev.azure.com/$collection/$projectName/_apis/release/releases/$temp/?api-version=6.0"
$retainrelease = Invoke-RestMethod $id -Method 'GET' -Headers #{Authorization = ("Basic {0}" -f $base64AuthInfo)}
if( $retainrelease.environments.name -eq 'PRD' -and $retainrelease.environments.status -eq 'succeeded')
{
if([string]$retainrelease.keepForever -eq 'False')
{
$keepforever = #{
keepforever='true'}
$jsonKeepForever = $keepforever | ConvertTo-Json -Depth 100
$uriForBuildUpdate = "https://vsrm.dev.azure.com/$collection/$projectName/_apis/release/releases/$temp/?api-version=6.0"
$patchreq = Invoke-RestMethod -Uri $uriForBuildUpdate -Method Patch -Body $jsonKeepForever -ContentType "application/json" -Headers #{Authorization = ("Basic {0}" -f $base64AuthInfo)}
Write-Verbose "Result: $patchreq" -Verbose
}
}
else
{
}
}
}
It retains the releases, but the requirement is to retain only release definitions created in the last 60 days (or a particular date) and retain only releases happened in last 10 days to prod.
I couldn't find any querystring param to filter it by. How can I do this?
I found that you can get a list of associated environments like prod/stage/dev (for each definition) by adding the $expand=environments to query string.
https://vsrm.dev.azure.com/{organization}/{project}/_apis/release/deployments?$expand=environments&api-version=6.0
So you'll get the list of all environments and their ids for each definition. The ids can be used as definitionEnvironmentId for the other endpoints that seem to have what you're looking for (e.g.: maxCreatedTime or minCreatedTime) like this one for Releases:
https://learn.microsoft.com/en-us/rest/api/azure/devops/release/releases/list?view=azure-devops-rest-6.0#uri-parameters
Reference:
List of properties that can be expanded - https://learn.microsoft.com/en-us/rest/api/azure/devops/release/definitions/list?view=azure-devops-rest-6.0#releasedefinitionexpands
I'm using below code to update the Release definition in Powershell,
PowerShell_1:
Write-Host ">>>>>>>>>Start in Task 1: "$(pos)
Write-Host "##vso[task.setvariable variable=pos;]Yes"
PowerShell_2
$url = "$($env:SYSTEM_TEAMFOUNDATIONSERVERURI)$env:SYSTEM_TEAMPROJECTID/_apis/Release/definitions/$($env:RELEASE_DEFINITIONID)?api-version=5.0-preview.3"
$pipeline = Invoke-RestMethod -Uri $url -Headers #{
Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
}
Write-Host "Pipeline = $($pipeline | ConvertTo-Json -Depth 100)"
$pipeline.variables.pos.value = "$(pos)"
$json = #($pipeline) | ConvertTo-Json -Depth 99
$updatedef = Invoke-RestMethod -Uri $url -Method Put -Body $json -ContentType "application/json" -Headers #{Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"}
Write-Host "After in Task 2: "$(pos)
But issue is, i'm using the above code in two Tasks in a Release Pipeline,
The above code is passes in Task 1, but the same code throws below error on Task 2,
Release Variable:
Please Help me to get out of this.
Thanks in advance.
Something must have changed here 2021, reference to this developer community article.
I am trying to update my Azure DevOps Pipeline Variable via PowerShell task in YAML.
All authorizations are present. Here is my PowerShell task:
$url = "$($env:SYSTEM_TEAMFOUNDATIONSERVERURI)$env:SYSTEM_TEAMPROJECTID/_apis/Release/definitions/$($env:RELEASE_DEFINITIONID)?api-version=5.0"
Write-Host "URL: $url"
$pipeline = Invoke-RestMethod -Uri $url -Headers #{
Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
}
Write-Host "Pipeline = $($pipeline | ConvertTo-Json -Depth 100)"
$pipeline.variables.test.value = "0"
####****************** update the modified object **************************
$json = #($pipeline) | ConvertTo-Json -Depth 99
$updatedef = Invoke-RestMethod -Uri $url -Method Put -Body $json -ContentType "application/json" -Headers #{Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"}
write-host "=========================================================="
Write-host "The value of Varialbe 'test' is updated to" $updatedef.variables.test.value
write-host "=========================================================="
Unfortunately I get the following error: The property 'value' cannot be found on this object. Verify that the property exists and can be set.
Any ideas?
I have found a solution for myself.
#Azure DevOps Personal Access Token
$MyPat = '*****';
$B64Pat = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(":$MyPat"));
#DevOps API
$url = 'https://dev.azure.com/<Organisation>/<Project>/_apis/distributedtask/variablegroups?api-version=6.0-preview.2';
$pipeline = Invoke-RestMethod -Uri $url -Headers #{
Authorization = "Basic $B64Pat"
}
#complete output as JSON
Write-Host "Pipeline = $($pipeline | ConvertTo-Json -Depth 100)";
#my value in JSON
$variable = $pipeline.value.variables.MyVariable.value;
Because your answer in the $pipeline variable contains the source code of the error page.
I think, you use the wrong URL:
$url = "$($env:SYSTEM_TEAMFOUNDATIONSERVERURI)$env:SYSTEM_TEAMPROJECTID/_apis/Release/definitions/$($env:RELEASE_DEFINITIONID)?api-version=5.0-preview.3"
You may try to use of the following for inline script:
$url = "$(System.TeamFoundationServerUri)/$(System.TeamProjectId)/_apis/Release/definitions/$(Release.DefinitionId)?api-version=5.0-preview.3"
or for PS file:
$serverUrl = $env:SYSTEM_TEAMFOUNDATIONSERVERURI
$teamProjectID = $env:SYSTEM_TEAMPROJECTID
$releaseID = $env:RELEASE_DEFINITIONID
$url = "$serverUrl/$teamProjectID/_apis/Release/definitions/$releaseID?api-version=5.0-preview.3"
I have tested it with the code you shared and the details steps as below.
Create a new release definition->add variable pos and set the value to No
Add task power shell to set variable as env variable.
Write-Host ">>>>>>>>>Start in Task 1: "$(pos)
Write-Host "##vso[task.setvariable variable=pos;]Yes"
Result:
Add task bash and enter the script printenv to print all env variable to check it.
Add task power shell and enter below script to update the release variable.
$url = "$($env:SYSTEM_TEAMFOUNDATIONSERVERURI)$env:SYSTEM_TEAMPROJECTID/_apis/Release/definitions/$($env:RELEASE_DEFINITIONID)?api-version=5.0-preview.3"
$pipeline = Invoke-RestMethod -Uri $url -Headers #{
Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
}
Write-Host "Pipeline = $($pipeline | ConvertTo-Json -Depth 100)"
$pipeline.variables.pos.value = $($env:POS)
Write-Host "The variable pos value is" $pipeline.variables.pos.value
$json = #($pipeline) | ConvertTo-Json -Depth 99
$updatedef = Invoke-RestMethod -Uri $url -Method Put -Body $json -ContentType "application/json" -Headers #{Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"}
Write-Host "After in Task 2: "$(pos)
Result:
This is a two-part question. I am in the process of automating tasks that a) require information from my Azure table and b) need to update specific entities in my Azure table. I've currently been able to accomplish this by using either of the 2 provided access keys but think this is an unsafe practice and want to define individual policies for different groups and so want to transition into using generated SAS keys.
a) I can currently use SAS policies to retrieve the whole table and find the information I need but I think a better method is to perform an individual query that only pulls the single entity that matches a specific property I'm looking for (e.g. pull all properties of an entity that matches a customer ID: "000000001"). How can I change my code to accomplish this?
$tableName = "accountTD"
$sasReadToken = '<SAS token here>'
$tableUri = "https://$storageAccount.table.core.windows.net/$tableName$sasReadToken"
$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$header = #{
'x-ms-date' = $GMTTime;
Accept = 'application/json;odata=nometadata'
}
$finalResult = Invoke-WebRequest -Uri $tableUri -Headers $header -UseBasicParsing
$finalResult = $finalResult.Content | ConvertFrom-Json
$finalResult.value
b) I also need to update the same entity in the table and can't seem to figure out how to authorize it with my generated SAS key. I'm not sure whether to use Invoke-WebRequest or Invoke-RestMethod or how to go about either of them. Here's what I have so far based on my research.
function addUpdateEntity ($tableName, $PartitionKey, $RowKey, $entity){
$sasReadToken = '<SAS token here>'
$resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
$tableUri = "https://$storageAccount.table.core.windows.net/$tableName$sasReadToken"
$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$header = #{
'x-ms-date' = $GMTTime;
Accept = 'application/json;odata=nometadata'
}
$body = $entity | ConvertTo-Json
$item = Invoke-RestMethod -Method PUT -Uri $tableUri -Headers $headers -Body $body -ContentType application/json
}
$mBody = #{
PartitionKey = "MPS02000"
RowKey = "2019-000101"
appUpdateMode = "1"
m_CustID = "000000001"
}
addUpdateEntity -TableName "atdMachines" -PartitionKey $mBody.PartitionKey -RowKey $mBody.RowKey -entity $mBody
Q1. Pull all properties of an entity that matches a customer ID
Answer: You can use $filter query expression. For example, I have 2 entities in my testTable:
I can get the entity whose Id equals to 00001 by making a request as following:
GET https://storagetest789.table.core.windows.net/testTable?{sastoken}&$filter=(Id eq '00001')
$storageAccount = "storagetest789"
$tableName = "testTable"
$sasReadToken = "?sv=2019-02-02&ss=t&sr***************D"
$filter = "`$filter=(Id eq '00001')"
$tableUri = "https://$storageAccount.table.core.windows.net/$tableName$sasReadToken&$filter"
$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$header = #{
'x-ms-date' = $GMTTime;
Accept = 'application/json;odata=nometadata'
}
$finalResult = Invoke-WebRequest -Uri $tableUri -Headers $header -UseBasicParsing
$finalResult = $finalResult.Content | ConvertFrom-Json
$finalResult.value
Result:
Q2. Update the same entity in the table
Answer: Both Invoke-WebRequest and Invoke-RestMethod are suitable for making a HTTP request here. I find some mistakes in your scripts, here is the fixed one:
function addUpdateEntity ($tableName, $PartitionKey, $RowKey, $entity){
$storageAccount = "storagetest789"
$tableName = "testTable"
# Need write access
$sasWriteToken = "?sv=2019-02-02&ss=t&s*****************************D"
$resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
# should use $resource, not $tableNmae
$tableUri = "https://$storageAccount.table.core.windows.net/$resource$sasWriteToken"
# should be headers, because you use headers in Invoke-RestMethod
$headers = #{
Accept = 'application/json;odata=nometadata'
}
$body = $entity | ConvertTo-Json
$item = Invoke-RestMethod -Method PUT -Uri $tableUri -Headers $headers -Body $body -ContentType application/json
}
$mBody = #{
PartitionKey = "p1"
RowKey = "r1"
Id = "00001"
Value = "new value"
}
addUpdateEntity -TableName "atdMachines" -PartitionKey $mBody.PartitionKey -RowKey $mBody.RowKey -entity $mBody
Result: