通过REST API(PowerShell)邀请用户加入Azure DevOps项目

fnvucqvd  于 2023-03-31  发布在  Shell
关注(0)|答案(2)|浏览(117)

该脚本的目标是通过REST邀请用户到Azure DevOps中的特定项目。调用请求用于添加具有适当权限的用户。
我可以通过下面的脚本成功检索项目ID:

$OrganizationName = "ExampleOrg"
$projectName = "ExampleProject"

$AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:AZ_Dev)")) }

$UriOrga = "https://$($OrganizationName).visualstudio.com/" 
$UriOrga
$uriAccount = $UriOrga + "_apis/projects?api-version=6.0"
$response = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader 

$Project = $response.value | where { $_.Name -eq $projectName }

$ProjectID = $Project.id

echo $ProjectID

但是,使用新获取的项目ID发送邀请不成功。

$AZurl = 'https://vsaex.dev.azure.com/ExampleOrg/_apis/userentitlements?api-version=7.0'
$AZbase64AuthInfo = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:AZ_Dev)")) }

$AZbody =
@{
  accessLevel = @{
   accountLicenseType = "Stakeholder";
  }
  extensions =  @{
      id = "ms.feed"
    }
  user = @{
     principalName=  "example@gmail.com";
     subjectKind =  "user";
  }
  projectEntitlements =  @{
      group = @{
        groupType = "Contributors";
      }
      projectRef = @{
        id = $ProjectID
      }
    } 
} | ConvertTo-Json

$AZresponse = Invoke-RestMethod -Uri $AZurl -Method Post -ContentType "application/json" -Body $AZbody -Headers $AZbase64AuthInfo

$AZresponse

任何人都可以提供一些见解,为什么会发生这种情况,什么是修复可能是?任何援助是非常感谢!

5uzkadbs

5uzkadbs1#

当我执行你的代码时,我也遇到了同样的问题。然后我将身份验证方法修改为PAT令牌,如下所示,它工作了。

$OrganizationName = "vijxxxxx17"
$projectName = "testproj"

$PAT = "hwjsqvunxxxxxxxxxxxegy3tnnxw4uov5yqpb5a"

$AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$PAT")) }

$UriOrga = "https://$($OrganizationName).visualstudio.com/" 
$UriOrga
$uriAccount = $UriOrga + "_apis/projects?api-version=6.0"
$response = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader 

$Project = $response.value | where { $_.Name -eq $projectName }

$ProjectID = $Project.id

echo $ProjectID

$AZurl = 'https://vsaex.dev.azure.com/vijaytcs17/_apis/userentitlements?api-version=7.0'

$AZbase64AuthInfo = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$PAT")) }

$AZbody = 
@{
  accessLevel = @{
   accountLicenseType = "Stakeholder";
  }
  extensions =  @{
      id = "ms.feed"
    }
  user = @{
     principalName=  "xyz333@gmail.com";
     subjectKind =  "user";
  }
  projectEntitlements =  @{
      group = @{
        groupType = "Contributors";
      }
      projectRef = @{
        id = $ProjectID
      }
    } 
} | ConvertTo-Json

$AZresponse = Invoke-RestMethod -Uri $AZurl -Method Post -ContentType "application/json" -Body $AZbody -Headers $AZbase64AuthInfo

$AZresponse

输出:

omjgkv6w

omjgkv6w2#

一旦选择了正确的作用域,代码将按预期工作。更改与PAT关联的“成员权利管理”作用域可使代码成功运行。
Required Scope
如果可能的话,使用完全访问进行测试也将防止此问题发生。

相关问题