There is a method available for deleting a target machine from an azure deployment group using the API and its documentation can be seen here.
Is there a similar functionality available as a powershell script?
There isn't a PowerShell module available for Azure DevOps. However, you can invoke the same Azure DevOps REST APIs through the Invoke-RestMethod cmdlet.
Here is how:
$Username =""
$Password="<Personal-Access-Token>"
$Tokens = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $Username,$Password)))
$Authheader = #{Authorization = 'Basic ' + $Tokens }
# Targets - Delete REST API
$Uri = "https://dev.azure.com/{organization}/{project}/_apis/distributedtask/deploymentgroups/{deploymentGroupId}/targets/{targetId}?api-version=6.0-preview.1"
Invoke-RestMethod -Uri $Uri -Method delete -Headers $Authheader
Related
im trying to write a backend program that will get all of Azure Security Center tasks (Recommendation) with no browser authorization involved.
As far as i saw, Graph API does not have an end point for Security tasks and the only endpoint i could find is https://learn.microsoft.com/en-us/rest/api/securitycenter/tasks/list which supports only Implicit flow authorization.
Is there a way to get authorization without using consent window in the browser, or to get the tasks via different endpoint?
You can use the below Powershell script which is using the REST API to get all the tasks:
$subscriptionId = "yoursubid"
$context = Get-AzContext
$profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($profile)
$token = $profileClient.AcquireAccessToken($context.Subscription.TenantId)
$authHeader = #{
'Content-Type' = 'application/json'
'Authorization' = 'Bearer ' + $token.AccessToken
}
$uri = "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Security/tasks?api-version=2015-06-01-preview"
$response = Invoke-RestMethod -Uri $uri `
-Method Get `
-Headers $authHeader
$response.value | ConvertTo-Json
OR
You can directly use Azure CLI to get directly .
Command:
az security task list
Reference:
az security task | Microsoft Docs
Install the Azure Az PowerShell module with PowerShellGet | Microsoft Docs
Output for the above powershell script:
For those who will need this in the future,
it is possible.
It didnt work for me because i requested the bearer token from the wrong address, use the following url for the bearer token request:
https://login.microsoftonline.com/{tenantId}/oauth2/token
And NOT:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
(This is the azure AD typical bearer token request url)
If you would rather not mess around with getting the bearer token (and you want to go the powershell route) you can also use Invoke-AzRestMethod
# Capture everything MDC can do from a REST API
$Capabilities = (Invoke-AzRestMethod -ApiVersion "2022-09-01" -ResourceProviderName 'Microsoft.Security').Content | ConvertFrom-Json
$Capabilities.resourceTypes
I am working on automating Azure Active Directory App Registrations and Azure Devops Service Connections, and have hit a wall.
I want to query Azure DevOps service connections (service endpoints) by Service Principal ID (or at least get the id). This is possible when using Azure CLI:
az devops service-endpoint list --query "[?authorization.parameters.serviceprincipalid=='xxx']"
But since I am running this in Azure automation account as a powershell runbook, the Azure CLI is not supported.
Then I tried the Azure DevOps REST API, and called it from powershell, but the response does not contain the service principal ID, but just this:
authorization : #{parameters=; scheme=ServicePrincipal}
Does anyone have an idea on how to solve this?
UPDATE
I am calling the rest API like this:
$uriAccount = $UriOrg + "_apis/serviceendpoint/endpoints?endpointNames={name}&api-version=6.1-preview.4"
$result = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader
And $result.value gives me this:
authorization : #{parameters=; scheme=ServicePrincipal}
You can try the REST API Endpoints - Get Service Endpoints By Names.
GET https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4
In this REST API, you can find the id and details by the name of a service connection.
Here is an example to use the REST API in PowerShell:
$token = "{pat}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
$head = #{ Authorization =" Basic $token" }
Invoke-RestMethod -Uri $url -Method GET -Headers $head
Update:
The cause for this question is that you output result in the wrong way.
For JSON response bodies, there is no intuitive way to get results without specifying the final layer.
Here is my modified code, notice how I print result:
$token = "{pat}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
$head = #{ Authorization =" Basic $token" }
$reslut = Invoke-RestMethod -Uri $url -Method GET -Headers $head
echo $result.value.authorization.parameters
I know it's possible to get all packages contained in a single Artifact Feed using the link below:
https://feeds.dev.azure.com/{organization}/{project}/_apis/packaging/Feeds/{feedId}/packages?api-version=6.0-preview.1
I noticed in Azure DevOps that the search bar has the ability to look into ALL feeds inside a project. Thus, my question is: Is it possible to achieve the same functionality through the API, and get all packages from all feeds instead of one.
Is it possible to achieve the same functionality through the API, and get all packages from all feeds instead of one.
As far as I know, this is achievable.
You could use the Rest API -Feed Management - Get Feeds to get All feeds in Project level.
Then you could use the Rest API to get the packages. You can execute these two apis simultaneously through powershell.
Here is the Powershell sample:
$token = "PAT"
$url="https://feeds.dev.azure.com/{Organization Name}/{Project Name}/_apis/packaging/feeds?api-version=6.0-preview.1"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$response = Invoke-RestMethod -Uri $url -Headers #{Authorization = "Basic $token"} -Method Get -ContentType application/json
ForEach( $feedid in $response.value.id )
{
echo $feedid
$url1="https://feeds.dev.azure.com/{Organization Name}/{Project Name}/_apis/packaging/Feeds/$($feedid)/packages?api-version=6.0-preview.1"
$response1 = Invoke-RestMethod -Uri $url1 -Headers #{Authorization = "Basic $token"} -Method Get -ContentType application/json
Write-Host "Package = $($response1 | ConvertTo-Json -Depth 100)"
}
In this case, you can get alls feeds of project scope in a project, and then get all the packages in it.
By the way, if you want to get all organization scope feeds, you only need to delete the project parameter in the URL.
I have checked How to delete multiple test cases in Azure DevOps
It not works for me.
Using PowerShell scripts alone, I want to delete multiple test cases in one go in Azure DevOps. Currently, portal only allows to delete one at a time.
I have tried like below way, and throws exceptions.
$url = "https://dev.azure.com/testarulmouzhie/testDemo_Project/_apis/test/testcases/21?api-version=5.0-preview.1"
Invoke-RestMethod -Uri $url -Method Delete -ContentType application/json
it throws error like below one-
Even tried with the new api version, same error comes-
$url = "https://dev.azure.com/testarulmouzhie/testDemo_Project/_apis/test/testcases/21?api-version=5.1-preview.1"
Invoke-RestMethod -Uri $url -Method Delete -ContentType application/json
Attached the error for ref-
Invoke-RestMethod :
Azure DevOps
Service Status Support #AzureDevOps
At line:1 char:1
+ Invoke-RestMethod -Uri $url -Method Delete -ContentType application/json
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Can anyone help to solve this?
Thanks in advance.
For ref, anyway simple GET rest api calls works fine. i have tried below one and those are working fine.
$AzureDevOpsPAT = "a2wzly2bsirXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$OrganizationName = "testarulmouzhie"
$AzureDevOpsAuthenicationHeader = #{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($AzureDevOpsPAT)")) }
$UriOrga = "https://dev.azure.com/$($OrganizationName)/"
$uriAccount = $UriOrga + "_apis/projects?api-version=5.1"
Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader
Even used fiddler and tried to capture error logs- attached those too
not able to delete test cases in azure devops through powershell scripts
It seems you do not have the Test Plans license to use the REST API Test Cases - Delete.
Azure Test Plans uses an access level called Basic + Test Plans, you need a Basic + Test Plans license to manage the test plans and test suites, etc. Please check the following link:
Manual test permissions and access
Here are two ways of ensuring you have the right license.
1) The user is assigned a test manager extension license - https://marketplace.visualstudio.com/items?itemName=ms.vss-testmanager-web
2) The user has a VS Enterprise or Test Professional subscription
You can do this by accessing test hub and trying to add test cases directly there with the same user (account create the PAT)as is used in the REST API.
Check this thread for some details.
Hope this helps.
Ah I think you have missed your the autorizationheader in your delete Invoke API
Please include the -Headers $AzureDevOpsAuthenicationHeader like below
--give below your pat access token
$AzureDevOpsPAT = "ukcvd42u5rXXXXXXXXXXXXXXXXXXX";
$AzureDevOpsAuthenicationHeader = #{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($AzureDevOpsPAT)")) };
$url = "https://dev.azure.com/testarulmouzhie/testDemo_Project/_apis/test/testcases/21?api-version=5.0-preview.1"
Invoke-RestMethod -Uri $url -Method Delete -ContentType application/json -Headers $AzureDevOpsAuthenicationHeader;
As Leo suggested it also maybe with the license, so how to check your license for the test cases?
How to get the access token to start or shut down VMs on azure classic portal, I have tried multiple links for the same such as https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-api-authentication, also whatever access token I m getting using that I can only start, shutdown ARM vms, not classic VMs. Can somebody please help me on this ?
I'm very lazy, so I'm using arm token to startup\shutdown classic vms :). sample code:
$header = #{ Authorization = "Bearer $token" }
$uri = "https://management.azure.com{0}/{1}?api-version={2}" -f $vmId, $action, $apiVer
Invoke-WebRequest -Headers $header -Method Post -Uri $uri -UseBasicParsing
to start use $action = 'start'
to shutdown use $action = 'shutdown'
for apiVersion use $apiVer = '2017-04-01'
for ID, just use classic VM resource id, example:
/subscriptions/GUID/resourceGroups/rgName/providers/Microsoft.ClassicCompute/virtualMachines/vmName
you would need to grant yourself (or the entity you are getting script on behalf of) proper rights. I'm using these:
"Microsoft.ClassicCompute/virtualMachines/read"
"Microsoft.ClassicCompute/virtualMachines/start/action"
"Microsoft.ClassicCompute/virtualMachines/shutdown/action"
"Microsoft.ClassicCompute/virtualMachines/operationStatuses/read"