How to call VSTS REST API to get list of artifacts for release definition in a web extension?

0
votes

I'm implementing web extension for VSTS for specific release management. From that extension I need to start a new release for specific release definition. The prerequisite for creating the release is concrete set of used artifacts and their correct versions. And that's my pain.

There is a RESP API call (undocumented) which provides list of artifacts with set of versions for each of them and also with pre-selected default artifact version to be used by new release. Such API is called by VSTS itself when you open the dialog (or side panel) for new release creation. It is also defined in VSTS Release API (ReleaseManagement/Core/RestClient), the name of function is getArtifactVersions.

The underlying request look like https://{collectionName}.vsrm.visualstudio.com/{projectId}/_apis/Release/artifacts/versions?releaseDefinitionId={releaseDefinitionId}.

When I run the request directly in the browser, I'm getting the correct answer (list of artifact and their available versions). But when I run it from the web extension, I'm getting 401 error: TF400813: The user '7a6b0fe0-56fd-61f5-9a78-2e170802ac50' is not authorized to access this resource.

I'm quite sure that problem is located somewhere in the scopes set in the vss-extension.json manifest file. I have put there all possible scopes defined in the documentation, but still no success. The user identity from the error message is my identity and I have admin rights to our collection. When I run the request personally (using personal access token or just logging in the browser) the result is served correctly. But same user using generated Bearer token is then unauthorized. So from that behavior my guess is coming. Something is missing in the manifest scopes.

U put all scopes from documentation (the highest ones from each scope group) and still no success. Here is the list of them:

"vso.agentpools",
"vso.build_execute",
"vso.release_manage",
"vso.code_manage",
"vso.packaging_manage",
"vso.work_write",
"vso.agentpools_manage",
"vso.chat_manage",
"vso.dashboards_manage",
"vso.entitlements",
"vso.extension_manage",
"vso.extension.data_write",
"vso.gallery_manage",
"vso.identity",
"vso.notification_manage",
"vso.profile_write",
"vso.project_manage",
"vso.symbols_manage",
"vso.test_write"

Any idea, which scope I'm missing?

1
azure-devopsazure-pipelines-release-pipelineazure-devops-extensionsazure-devops-rest-api

1 Answers

1
votes

I reported an issue here: VSTS extension ReleaseManagement/Core/RestClient api 401 error, that you can follow.

You may send the http request with Personal Access Token to retrieve necessary data.

You also can get the release definition, then get each artifact version through corresponding REST API, such as Get a list of commits, Get a list of builds.