Unable to retrieve the Azure Wiki page at 'Home Page/Page1/Page2/SpecificPage'. The returned HTTP code was '404'

0
votes

Issue:

“Unable to retrieve the Azure Wiki page at 'Home Page/Page1/Page2/SpecificPage'. The returned HTTP code was '404'.”

When this happens:

Migrating a Wiki from Azure DevOps Server 2020 to “Azure DevOps Services”. When executing the Pipeline with the exact same Jobs/Tasks Outputs this error when doing the REST API Call towards the wiki that contains the relevant information.

Solutions Offered and Applied:

Enabled a good quantity of permissions to "Azure DevOps Groups" Enabled a good quantity of permissions from the "Wiki Security"

Impact:

Blocking our migration towards Azure DevOps Services Pipeline get stuck attempting to retrieve the data from the pipeline

New API Body to meet ADO services:

Write-Host "$($env:SYSTEM_TEAMFOUNDATIONSERVERURI)"
Write-Host "$($env:SYSTEM_TEAMPROJECTID)"
Write-Host "$(wiki-identifier)"
Write-Host "$(all-sites-wiki-page-path)"
Write-Host Set authorization headers
$Header = @{
Authorization = 'Bearer ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:SYSTEM_ACCESSTOKEN)"))
}
$params = @{ 
'Uri' = 'https://dev.azure.com/MyCollection/MyProject/_apis/wiki/wikis/MyWikiIdentifier.wiki/pages?path=Home%20Page%2FMy%20Wiki%2FPage%2FSubpage&includeContent=true&api-version=5.0'
'Headers' = $Header
'Method' = 'GET'
'ContentType' = 'application/json; charset=ASCII.GetBytes'
}
Write-Host Invoke REST API
$Response = Invoke-RestMethod @params
Write-Host $Response

As a disclaimer I did test the Header part of the code with Bearer and Basic both fails:

Authorization = 'Bearer ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:SYSTEM_ACCESSTOKEN)"))

And

Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:SYSTEM_ACCESSTOKEN)"))

Error Output with "Bearer":

enter image description here

Error Output with "Basic":

Invoke-RestMethod : {"$id":"1","innerException":null,"message":"TF401019: The Git repository with name or identifier
0ea73a5d-4187-69c6-af49-d9a4573733ta does not exist or you do not have permissions for the operation you are 
attempting.","typeName":"Microsoft.TeamFoundation.Git.Server.GitRepositoryNotFoundException, 
Microsoft.TeamFoundation.Git.Server","typeKey":"GitRepositoryNotFoundException","errorCode":0,"eventId":3000}
At F:\AzureAgents\ServicesAgent01\_work\_temp\12319456-e600-1234-a872-dd6ed49e758f.ps1:18 char:13
$Response = Invoke-RestMethod @params
       ~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo          : InvalidOperation:
(System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Latest news on this ticket:

Find out that the error is coming from the Persistent value "SYSTEM_ACCESSTOKEN" I did change for a PAT and the Authentication worked well "Retrieving the wiki content" but to simplify our code it would be preferable to use Persistent Data across all our Pipelines instead of PAT, so in order to do that which security values need to be granted so that the "SYSTEM_ACCESSTOKEN" work in ADO Services?

Here our Current Security Permissions:

Pipeline Security:

Build_Administrators 2

Project_Administrators 3

Project_Collection_Administrators 4

Project_Collection_Build_Administrators 5

Project_Collection_Build_Service 6

At Collection Security Level my user is part of: "CollectionName Admins" . Therefore I should have propagated permissions across all the projects

What potentially Am I missing that the Persistent Data Token "env:SYSTEM_ACCESSTOKEN" isn't working? Really will appreciate the help of the community

2
azure-devopsazure-pipelinesazure-devops-rest-apiazure-repos
Hi, is there any updates on this question? Please let me know whether my answer can help you~ If not, could you please provide a sample of your pipeline which caused the error so that people can further investigate the question. - Jane Ma-MSFT

2 Answers

0
votes

The probable cause of this problem is that you didn't change the REST API that calls the wiki pages.

In Azure DevOps Server, the REST API Pages - Get is:

GET https://{instance}/{collection}/{project}/_apis/wiki/wikis/{wikiIdentifier}/pages?api-version=5.0

In Azure DevOps Services, the REST API Pages - Get Page is:

GET https://dev.azure.com/{organization}/{project}/_apis/wiki/wikis/{wikiIdentifier}/pages?api-version=6.0
0
votes

There are 2 settings that govern the permissions of the system access token. By default its permissions are somewhat limited to prevent people from abusing a pipeline to do actions they otherwise cannot do.

  1. The project/collection setting on the pipeline will limit the access token to either the parent project of the pipeline or the whole project collection/azure DevOps organization.
  2. The permissions of the service account. This depends on the setting you've picked in 1. For project scoped, use: Your-project-name Build Service (your-collection-name), for collection scope: Project Collection Build Service (your-collection).

You can add the abovementioned accounts to a security group to grant it additional permissions as well.

See: