我们正在使用REST API方法(PUT(,通过向PAT分配最低级别的访问(范围(来更新ADO环境中现有的AWS服务连接。
访问级别为
- 服务连接(读取、查询和管理(
- 令牌(读取、更新和撤销(
在过去几天之前,这并没有任何问题。我们能够使用Azure Pipelines按计划更新服务连接。但从过去几天开始,它开始抛出401未经授权的错误。但它以前运行得很好。不确定他们(Azure(是否在最新版本中更改了某些内容。
我试图通过一个接一个地增加访问作用域的级别来解决这个问题(在某个时候分配了所有作用域(,但没有成功。但是,如果我将访问级别更改为完全访问,而不是自定义的,我能够更新服务连接。但是,为个人访问令牌提供完全级别的访问权限并不是一个好主意。
我是不是遗漏了什么,或者有没有办法用最低级别的访问控制来更新服务连接?
此外,完全访问与使用所有作用域定义的自定义之间的区别是什么,因为完全访问可以正常工作,但使用所有作用范围定义的自定义不起作用。
以下是供您参考的代码片段
$OrganizationName = ""
$ProjectName = ""
$PAT = ""
$AccessKeyID = ""
$SecretAccessKey = ""
$Serviceconnectionname = ""
function Update-AWSServiceConnection {
Write-Host "Executing the Update Service Connection Script.."
# Create the header to authenticate to Azure DevOps
Write-Host "Create the header to authenticate to Azure DevOps"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($PAT)"))
$Headers = @{
Authorization = "Basic $token"
}
# Get the Project ID
Write-Host "Construct the API URL to get the project ID.."
$project = "https://dev.azure.com/" + "$OrganizationName/_apis/projects/$ProjectName ?api-version=6.0"
Write-Host "Project API URL :: $project"
try {
Write-Host "Get the Project [$ProjectName] ID.."
$response = Invoke-RestMethod -Uri $project -Headers $Headers -Method GET
$ProjectID = $response.id
if (!$ProjectID) {
Write-Host "ProjectID value is null"
Write-Error "Script step has been aborted." -ErrorAction stop
} else {
Write-Host "Project ID :: $ProjectID"
}
}
catch {
$ErrorMessage = $_ | ConvertFrom-Json
throw "Could not Get the project [$ProjectName] ID: $($ErrorMessage.message)"
}
# Get Endpoint ID Details
$endpoint = "https://dev.azure.com/" + "$OrganizationName/$ProjectName/_apis/serviceendpoint/endpoints?endpointNames=$Serviceconnectionname&api-version=6.0-preview.4"
try {
Write-Host "Get the Service Connection [$Serviceconnectionname] ID.."
$response = Invoke-RestMethod -Uri $endpoint -Headers $Headers -Method GET
$endpointId = $response.value.id
if (!$endpointId) {
Write-Host "Service Endpoint ID value is null"
Write-Error "Script step has been aborted." -ErrorAction stop
} else {
Write-Host "Service Endpoint ID :: $endpointId"
}
}
catch {
$ErrorMessage = $_ | ConvertFrom-Json
throw "Could not Get the service connection [$Serviceconnectionname] ID: $($ErrorMessage.message)"
}
# Create a body for the API call
$url = "https://dev.azure.com/" + "$OrganizationName/_apis/serviceendpoint/endpoints/$endpointId ?api-version=6.1-preview.4"
$body = @"
{
"data": {},
"id": "$endpointId",
"name": "UpdatedServiceEndpoint",
"type": "AWS",
"url": "https://aws.amazon.com/",
"description": null,
"authorization": {
"parameters": {
"username": "$AccessKeyId",
"password": "$SecretAccessKey"
},
"scheme": "UsernamePassword",
},
"isShared": false,
"isReady": true,
"owner": "Library",
"serviceEndpointProjectReferences": [
{
"name": "$Serviceconnectionname",
"projectReference": {
"id": "$ProjectID",
"name": "$ProjectName"
}
}
]
}
"@
try {
Write-Host "Updating the Service Connection [$Serviceconnectionname]"
$response = Invoke-RestMethod -Uri $url -Headers $Headers -Method PUT -Body $body -ContentType application/json
Write-Host "Connection Updated"
$response
}
catch {
Write-Host "An error occurred:"
Write-Host $_
}
}
Update-AWSServiceConnection
如有任何建议或意见,我们将不胜感激。
我转载了你的问题。
我的解决方案是在5.1-preview.2版本中使用RESTneneneba API,而不是6.0-preview.4版本。
PUT https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints/{endpointId}?api-version=5.1-preview.2
然后我可以用访问级别更新我的服务端点:
- 服务连接:读取、查询和;管理
- 令牌:读取&管理