我的组织已连接到Azure AD。
我想使用C#或通过microsoft REST / Graph API将AD用户添加到我的Azure DevOps组织中。
您可以使用User Entitlements - Add Rest API:
POST https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=5.1-preview.2
json正文示例:
{
"accessLevel": {
"accountLicenseType": "express"
},"extensions": [
{
"id": "ms.feed"
}
],"user": {
"principalName": "newuser@fabrikam.com","subjectKind": "user"
},"projectEntitlements": [
{
"group": {
"groupType": "projectContributor"
},"projectRef": {
"id": "e5943a98-a842-4001-bd3b-06e756a7dfac"
}
}
]
}
,
您可以使用Shayki提到的User Entitlements - Add API
,但是,我想共享与Azure函数一起使用的代码,
public static async Task<string> AddUserEntitlment(
[ActivityTrigger] VSTSIntegrationContext vstsIntegrationContext,ILogger log
)
{
try
{
var accountName = vstsIntegrationContext.VstsInstance;
string Url = string.Format(@"https://{0}.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview",vstsIntegrationContext.VstsInstance);
var content = JsonConvert.SerializeObject(
new
{
accessLevel = new
{
accountLicenseType = "express"
},user = new
{
principalName = vstsIntegrationContext.Email,subjectKind = "user"
}
});
log.LogInformation("===========PAT: vstsIntegrationContext.VstsPAT");
var response = await VSTSHelpers.CallVSTSAPI(vstsIntegrationContext.VstsInstance,vstsIntegrationContext.VstsPAT,Url,"POST",content);
log.LogInformation("====response:" + response);
response.EnsureSuccessStatusCode();
dynamic data = await response.Content.ReadAsAsync<object>();
return data.operationResult.userId;
}
catch (Exception ex)
{
log.LogError(ex.ToString());
throw;
}
}
Powershell脚本
function Add-UserEntitlement {
[OutputType([int])]
Param
(
[String]$userEmail,[String]$projAccessLevel,[String]$projId
)
Begin {
$creds = Import-Clixml -Path creds.xml
[string]$AccName = $creds.AccountName
[string]$userName = $creds.UserName
[string]$vstsToken = $creds.Token
$VstsAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $userName,$vstsToken)))
}
Process {
$vstsUri = "https://$AccName.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
$vstsUEBody = @{
accessLevel = @{ accountLicenseType = "express" }
user = @{ principalName = $userEmail; subjectKind = "user" }
projectEntitlements = @{
group = @{ groupType = $projAccessLevel }
projectRef = @{ id = $projId }
}
}
$RestParams = @{
ContentType = "application/json"
Method = 'Post'
URI = $vstsUserUri
Body = $vstsUEBody | ConvertTo-Json
Headers = @{Authorization=("Basic {0}" -f $VstsAuth)}
}
$vstsUpdateResult = Invoke-RestMethod @RestParams
}
End {
}
}