I have one Azure DevOps build pipeline which deploy few alerts on Azure Cloud with ARM template. I want to deploy alerts on different azure cloud accounts and prior to deploy the alerts I need to list few things as those information is required to deploy the code.
my question is, to get details from another account I need to execute Azure DevOps pipeline with different user which has additional privileges. When I trigger a job it use my credentials so how can I switch user to execute that privileged user to deploy the alerts. Is there any way where I can configure that user in pipeline?
I suggest you can use REST API to run your builds. You can ask other users to provide you with a Personal Access Token, and then you can use this Personal Access Token as credentials to run the REST API.
Here is the document about queue a build: https://learn.microsoft.com/en-us/rest/api/azure/devops/build/builds/queue?view=azure-devops-rest-6.1 .
Here is a sample I tested in postman:
You only need to change the Personal Access Token here to use a different account to run builds.
You can also run this REST API in a PowerShell task. Here is a sample:
$url = "https://dev.azure.com/{organization name}/{project name}/_apis/pipelines/{build id}/runs?api-version=5.1-preview.1"
$contentType = "application/json"
$user="user"
$token="$(PAT)"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$token)))
$body= #'
{
"definition":
{
"id":172
}
}
'#
Invoke-RestMethod -Uri $url -Method Post -ContentType $contentType -Headers #{Authorization=("Basic {0}" -f $base64AuthInfo)} -Body $body
You can change the PAT in the variables.
Related
Good morning Azure expert,
I configured a service connexion with Azure cloud environment in my Azure DevOps server like below
Then in my release I have a Powershell script which need to retrieve some information like TenantID/ SP id / SP secret / Subscription ID.
I do not want to create release variable to avoid duplication.
I'm pretty sure these variables could be retrieve with powershell but I have totally no idea on how to do it. Do you have any idea - suggestions - recommendation ?
Regards,
Terry
You can use the below script to get the service connection details which will use the RestAPI,
For example:
$token = "{pat}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
$head = #{ Authorization =" Basic $token" }
Invoke-RestMethod -Uri $url -Method GET -Headers $head
SOURCE| SO THREAD as suggested by #Jane Ma-MSFT.
For more information please refer the below links:
MICROSOFT DOCUMENT|Manage service connections
Developer Community|Get ftp service connection credentials from Powershell in Azure DevOps
I'm trying to invoke Azure REST API from Powershell to start/stop a classic service.
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $($token.Token)")
$headers.Add("Content-Type", "application/json")
$response = Invoke-RestMethod "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$rscGrp/providers/Microsoft.ClassicCompute/domainNames/$serviceName/slots/production/$action?api-version=2020-02-01" -Method 'POST' -Headers $headers
$response | ConvertTo-Json
When $action="start", the command works perfectly and the service starts all instances as required.
However, when $action="stop", the command deletes the whole service all together. The whole deployment slot is deleted instead of simply stopping the instances.
Basically, I want it to behave exactly like clicking on the "stop" button in Azure Portal.
You can use this Rest API, to Power off the cloud service. Note that resources are still attached and you are getting charged for the resources
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/cloudServices/{cloudServiceName}/poweroff?api-version=2021-03-01
I am working on automating Azure Active Directory App Registrations and Azure Devops Service Connections, and have hit a wall.
I want to query Azure DevOps service connections (service endpoints) by Service Principal ID (or at least get the id). This is possible when using Azure CLI:
az devops service-endpoint list --query "[?authorization.parameters.serviceprincipalid=='xxx']"
But since I am running this in Azure automation account as a powershell runbook, the Azure CLI is not supported.
Then I tried the Azure DevOps REST API, and called it from powershell, but the response does not contain the service principal ID, but just this:
authorization : #{parameters=; scheme=ServicePrincipal}
Does anyone have an idea on how to solve this?
UPDATE
I am calling the rest API like this:
$uriAccount = $UriOrg + "_apis/serviceendpoint/endpoints?endpointNames={name}&api-version=6.1-preview.4"
$result = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader
And $result.value gives me this:
authorization : #{parameters=; scheme=ServicePrincipal}
You can try the REST API Endpoints - Get Service Endpoints By Names.
GET https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4
In this REST API, you can find the id and details by the name of a service connection.
Here is an example to use the REST API in PowerShell:
$token = "{pat}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
$head = #{ Authorization =" Basic $token" }
Invoke-RestMethod -Uri $url -Method GET -Headers $head
Update:
The cause for this question is that you output result in the wrong way.
For JSON response bodies, there is no intuitive way to get results without specifying the final layer.
Here is my modified code, notice how I print result:
$token = "{pat}"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
$head = #{ Authorization =" Basic $token" }
$reslut = Invoke-RestMethod -Uri $url -Method GET -Headers $head
echo $result.value.authorization.parameters
I have a problem where if I provide a build id and use 'LIST Release Azure DevOps API' it is fetching all the releases present in that build. But here the problem is that the 'LIST API' is not providing details of the environments present in the list of releases. I need to make another request with the release id to fetch the environment details for every release. Is there any option that will combine both these operations?
You can provide the $expand=environments parameter in the List release API to include the details of environments in the response result. See here.
https://vsrm.dev.azure.com/{org}/{proj}/_apis/release/releases?sourceId={projectGuid}:{BuildDefinitionId}&$expand=environments&api-version=6.1-preview.8
See below example in powershell scripts:
$url = "https://vsrm.dev.azure.com/{org}/{proj}/_apis/release/releases?sourceId={projectGuid}:{BuildDefinitionId}&`$expand=environments&api-version=6.1-preview.8"
$PAT = "Personal access token"
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($PAT)"))
Invoke-RestMethod -Uri $reurl -Headers #{authorization = "Basic $base64AuthInfo"} -Method get
Deployment of webjobs in a web app
$t=Invoke-RestMethod -Uri $Url -Headers $Headers -UserAgent $userAgent -Method PUT -InFile $f
You can use following Azure Rest API to get the deployment status of Azure Web App resources.
https://learn.microsoft.com/en-us/rest/api/appservice/webapps/getdeployment
There's a nice "Try it" section, where you can play this API, live with your subscription.
Edit 1
Please follow here on how to call Azure Rest APIs via Powershell:
https://blog.tekspace.io/access-azure-rest-api-using-powershellhttps://blog.tekspace.io/access-azure-rest-api-using-powershell/
Let me know if that helps!