前端之家

  1. 首页
  2. 问答

如何以编程方式将Azure AD用户添加到Azure DevOps组织

问答

我的组织已连接到Azure AD。

我想使用C#或通过microsoft REST / Graph API将AD用户添加到我的Azure DevOps组织中。

如何以编程方式将Azure AD用户添加到Azure DevOps组织

ma_jing2004 回答:如何以编程方式将Azure AD用户添加到Azure DevOps组织

您可以使用User Entitlements - Add Rest API:

POST https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=5.1-preview.2

json正文示例:

{
  "accessLevel": {
    "accountLicenseType": "express"
  },"extensions": [
    {
      "id": "ms.feed"
    }
  ],"user": {
    "principalName": "newuser@fabrikam.com","subjectKind": "user"
  },"projectEntitlements": [
    {
      "group": {
        "groupType": "projectContributor"
      },"projectRef": {
        "id": "e5943a98-a842-4001-bd3b-06e756a7dfac"
      }
    }
  ]
}
,

您可以使用Shayki提到的User Entitlements - Add API,但是,我想共享与Azure函数一起使用的代码,

public static async Task<string> AddUserEntitlment(
            [ActivityTrigger] VSTSIntegrationContext vstsIntegrationContext,ILogger log
        )
        {
            try
            {
                var accountName = vstsIntegrationContext.VstsInstance;
                string Url = string.Format(@"https://{0}.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview",vstsIntegrationContext.VstsInstance);
                var content = JsonConvert.SerializeObject(
                    new
                    {
                        accessLevel = new
                        {
                            accountLicenseType = "express"
                        },user = new
                        {
                            principalName = vstsIntegrationContext.Email,subjectKind = "user"
                        }
                    });
                    log.LogInformation("===========PAT: vstsIntegrationContext.VstsPAT");
                var response = await VSTSHelpers.CallVSTSAPI(vstsIntegrationContext.VstsInstance,vstsIntegrationContext.VstsPAT,Url,"POST",content);
                log.LogInformation("====response:" + response);
                response.EnsureSuccessStatusCode();                
                dynamic data = await response.Content.ReadAsAsync<object>();
                return data.operationResult.userId;
            }
            catch (Exception ex)
            {
                log.LogError(ex.ToString());
                throw;
            }
        }

Powershell脚本 

function Add-UserEntitlement {
    [OutputType([int])]
    Param
    (
        [String]$userEmail,[String]$projAccessLevel,[String]$projId


    )

    Begin {
        $creds = Import-Clixml -Path creds.xml
        [string]$AccName = $creds.AccountName
        [string]$userName = $creds.UserName
        [string]$vstsToken = $creds.Token
        $VstsAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $userName,$vstsToken)))
    }
    Process {

        $vstsUri = "https://$AccName.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
        $vstsUEBody = @{
            accessLevel = @{ accountLicenseType = "express" }
            user = @{ principalName = $userEmail; subjectKind = "user" }
            projectEntitlements = @{ 
                group = @{ groupType = $projAccessLevel }
                projectRef = @{ id = $projId }
            } 
        }

        $RestParams = @{
            ContentType = "application/json"
            Method = 'Post'
            URI = $vstsUserUri
            Body = $vstsUEBody | ConvertTo-Json
            Headers = @{Authorization=("Basic {0}" -f $VstsAuth)}
        }

        $vstsUpdateResult = Invoke-RestMethod @RestParams

    }
    End {
    }
}
azureazure-active-directoryazure-ad-graph-apiazure-devopsazure-devops-rest-api
本文链接:https://www.f2er.com/3160259.html

大家都在问