Setting “Allow all pipelines” when creating a service endpoint through DevOps API Create Endpoint

3
votes

I am attempting to create a service endpoint through the Azure DevOps Rest API but cannot set the "Allow all pipelines to use this service connection" option. I cannot find documentation on the json structure to accomplish this.

https://docs.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/create?view=azure-devops-rest-5.0#endpointauthorization

Current snippet for creating the connection:


$baseUri = "https://dev.azure.com/org/proj/";
$createEndpointUri = "$($baseUri)_apis/serviceendpoint/endpoints?api-version=5.0-preview.2";


$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("token:{0}" -f $devOpsPAT)))
$DevOpsHeaders = @{Authorization = ("Basic {0}" -f $base64AuthInfo)};

$AzureSubscriptionData = New-Object PSObject -Property @{            
                            authorizationType = "AzureSubscription"
                            azureSubscriptionId = $SubscriptionId
                            azureSubscriptionName = $subscriptionName
                            clusterId = $clusterId
                            };
$Authorization = New-Object PSObject -Property @{
                            parameters = New-Object PSObject -Property @{            
                                azureEnvironment = "AzureCloud"
                                azureTenantId = "$tenantID"
                                };
                            scheme = "Kubernetes"
                            };

$ServiceEndpointBody = New-Object PSObject -Property @{            
                            authorization =$Authorization
                            data = $AzureSubscriptionData
                            name = $serviceConnectionName
                            type = "kubernetes"
                            url = $k8sUrl
                            isReady = "true"
                            };

$jsonbody = $ServiceEndpointBody | ConvertTo-Json -Depth 100


Invoke-RestMethod -UseBasicParsing -Uri $createEndpointUri -Method Post -ContentType "application/json" -Headers $DevOpsHeaders -Body $jsonbody;
2
azureazure-devopsazure-devops-rest-api
Show your attemptsNikolai Shevchenko

2 Answers

6
votes

You can usually figure this stuff out by doing the operation in the Azure DevOps UI and inspecting the HTTP requests it makes using (for example) Chrome debugging tools.

In this case, I think you first need to create the service connection and then make a PATCH request to the pipelinePermissions endpoint, setting the allPipelines.authorized flag to true.

URI

PATCH https://dev.azure.com/{organisation}/{project}/_apis/pipelines/pipelinePermissions/endpoint/{endpointId}?api-version=5.1-preview.1

Patch Request Body

{
    "allPipelines": {
        "authorized": true,
        "authorizedBy": null,
        "authorizedOn": null
    },
    "pipelines": null,
    "resource": {
        "id": "{endpointid}",
        "type": "endpoint"
    }
}

Powershell

Invoke-RestMethod -Method PATCH -Uri "{uriasabove}" -Headers $headers -Body "{patchbodyasabove}" -ContentType "application/json"
0
votes

Thanks for the above help, however I wanted to do all of this using bash script.

patch.json

{
    "allPipelines": {
        "authorized": true,
        "authorizedBy": null,
        "authorizedOn": null
    },
    "pipelines": null,
    "resource": {
        "id": "test-service-endpoint-id",
        "type": "endpoint"
    }
}

A simple Bash Script to achieve the same.

#!/bin/bash

token=test-token
organization_name=your-azuredevops-organisation
project=test-project
user=your-user-name
connection_name=test-connection

#Get Request for endpoint ID
connection_id=$(curl -X GET \
-H "Content-Type: application/json" \
-u $user:$token \
https://dev.azure.com/$organization_name/$project/_apis/serviceendpoint/endpoints\?endpointNames\=$connection_name\&api-version\=5.1-preview.2 | jq '.value[].id' | tr -d "\"" )

#Creating newpatch.json with connection_id
cat patch.json | jq --arg conn_id "$connection_id" -r '.resource.id = $conn_id' > newpatch.json

curl --request PATCH \
-H "Content-Type: application/json" \
-u $user:$token \
-d "@newpatch.json" https://dev.azure.com/$organization_name/$project/_apis/pipelines/pipelinePermissions/endpoint/$connection_id\?api-version\=5.1-preview.1