I am developing Azure DevOps extension which contain service endpoint to hold secret ID/KEY. My requirement is to have endpoint just consist of Connection name, ID ,and Key in it.I have gone trough list of provided endpoints in Microsoft but I couldn't find suitable option to satisfy my requirement.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=vsts#sep-ssh
closest solution I found is as below . But it contains input box for server URL(Which I need to omit (in this example though I don't define server URL it displays in popup dialog)). Please refer below image.
Is it possible to remove Server URL from above dialog box Or it there better endpoint type I can use for this requirement? please be kind enough to share some light with me.
You'll need to create a custom service type, that will allow you to show/hide the individual text boxes. You can find an example in the Azure DevOps Extension Tasks which I maintain.
You define custom service endpoint types in the vss-extension.json along with your other extension points:
{
"id": "vsts-marketplace-endpoint-type",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "VstsMarketplacePublishing",
"displayName": "Visual Studio Marketplace",
"url": {
"displayName": "Marketplace URL",
"value": "https://marketplace.visualstudio.com",
"isVisible": "false"
},
"helpMarkDown": "Required permissions: <ul><li><b>Publish</b>: All accessible organisations, Marketplace (Publish)</li><li><b>Share</b>: All accessible organisations, Marketplace Publish</li><li><b>Install</b>: All accessible organisations or a specific organisation, Extensions (read and manage), Marketplace (acquire)</li><li><b>Query Version</b>: All accessible organisations, Marketplace (read)</li><li><b>Is Valid Extension</b>: All accessible organisations, Marketplace (read)</li></ul><br/><a href='https://www.visualstudio.com/docs/setup-admin/team-services/use-personal-access-tokens-to-authenticate'>More information</a>.",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-basic",
"inputDescriptors": [
{
"id": "username",
"name": "Username",
"description": "Username",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": false,
"dataType": "string",
"maxLength": 300
},
"values": {
"inputId": "username",
"isDisabled": true,
"defaultValue": ""
}
},
{
"id": "password",
"name": "Personal access token",
"description": "Azure DevOps personal access token.",
"inputMode": "passwordbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
}
}
]
}
]
}
},
You may find other extensions that set or configure the authentication dialog on GitHub, there are quite a few. Useful docs are here in an old blog post.
Related
So I've been trying to get email addresses of people that have access to certain files in a Sharepoint document library of a site through the use of the Microsoft Graph API. Below is an example of how my permission object looks like, which is retrieved from https://graph.microsoft.com/v1.0/sites/<site id>/drives/<drive id>/items/<item id>/permissions.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('...')/drives('...')/items('...')/permissions",
"value": [
{
"id": "...",
"roles": ["owner"],
"grantedTo": { "user": { "displayName": "testsite - Eigenaars" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["read"],
"grantedTo": { "user": {"displayName": "testsite - Bezoekers"} },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["write"],
"grantedTo": { "user": { "displayName": "testsite - Leden" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": [
"write"
],
"grantedToV2": {
"siteGroup": {
"displayName": "Developers",
"id": "120",
"loginName": "Developers"
}
},
"grantedTo": {
"user": {
"displayName": "Developers"
}
},
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["owner"],
"grantedTo": {
"user": {
"email": "testsite#mysharepoint",
"id": "uuid",
"displayName": "testsite - Eigenaars"
}
},
"inheritedFrom": {}
}
]
}
I assume the testsite in the displayName property is a group name (probably the group that belongs to the site the file resides in), but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
You can also see the group Developers, which I haven't managed to find in the full group list retrieved from /groups.
The documentation around this is quite vague and unclear to me. Somewhere I read that this lack of data could be due to authentication scopes, but I have "god mode" administrator rights in this Sharepoint environment, so that would seem strange to me.
My main goal is to be able to get all users that have access to a specific file.
Thanks in advance!
1. I assume the testsite in the displayName property is a group name, but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
This is because as per Drive Item Permission >> Identity Set >> Identity resource type Quoting
The identity's display name. Note that this may not always be available or up to date. For example, if a user changes their display name, the API may show the new value in a future response, but the items associated with the user won't show up as having changed when using
This can explain why sometimes you don't see the group name in your groups.
I suggest you use the id.
2. My main goal is to be able to get all users that have access to a specific file.
Do you have any users that appear on the Has Access section of the drive item on sharepoint? For users you should be able to get permissions and use the ids to Get directoryObject using the id values from grantedToIdentitiesV2 or grantedToV2 which will return odate type.
GET https://graph.microsoft.com/v1.0/directoryObjects/{id}?$select=id
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects(id)/$entity",
"#odata.type": "#microsoft.graph.group or user or application",
"id": "id"
}
For groups, the users would be the members of the group.
I want to be able to have a list of all users who can view a certain mail item. As an admin on the frontend on exchange online, I can view all my users mail, but when i call to the API I only return my mail. I want to be able to make calls to see exactly who has permission to view each mail item, and cannot find a way through the api.
I can get a list of all users, and a list of all mail for each user, a list of all mailboxes, a list of all groups, but not permissions on each mail item
GET /users/{id | userPrincipalName}/messages
returns all the mail, but mail items come with the following structure:
{
"bccRecipients": [{"#odata.type": "microsoft.graph.recipient"}],
"body": {"#odata.type": "microsoft.graph.itemBody"},
"bodyPreview": "string",
"categories": ["string"],
"ccRecipients": [{"#odata.type": "microsoft.graph.recipient"}],
"changeKey": "string",
"conversationId": "string",
"createdDateTime": "String (timestamp)",
"flag": {"#odata.type": "microsoft.graph.followupFlag"},
"from": {"#odata.type": "microsoft.graph.recipient"},
"hasAttachments": true,
"id": "string (identifier)",
"importance": "String",
"inferenceClassification": "String",
"internetMessageHeaders": [{"#odata.type": "microsoft.graph.internetMessageHeader"}],
"internetMessageId": "String",
"isDeliveryReceiptRequested": true,
"isDraft": true,
"isRead": true,
"isReadReceiptRequested": true,
"lastModifiedDateTime": "String (timestamp)",
"parentFolderId": "string",
"receivedDateTime": "String (timestamp)",
"replyTo": [{"#odata.type": "microsoft.graph.recipient"}],
"sender": {"#odata.type": "microsoft.graph.recipient"},
"sentDateTime": "String (timestamp)",
"subject": "string",
"toRecipients": [{"#odata.type": "microsoft.graph.recipient"}],
"uniqueBody": {"#odata.type": "microsoft.graph.itemBody"},
"webLink": "string",
"attachments": [{"#odata.type": "microsoft.graph.attachment"}],
"extensions": [{"#odata.type": "microsoft.graph.extension"}],
"multiValueExtendedProperties": [{"#odata.type": "microsoft.graph.multiValueLegacyExtendedProperty"}],
"singleValueExtendedProperties": [{"#odata.type": "microsoft.graph.singleValueLegacyExtendedProperty"}]
}
this doesnt contain anything about the full permissions on the item. Does anyone know of a way to get this?
You can't get item level permission as item doesn't store ACL associated with it. You can, however, get Folder level permission by querying PR_NT_SECURITY_DESCRIPTOR (0x0E270102) on the folder.
I actually wrote script for this based on my old REST API client engine: Start-MailboxFolderPermissionReport
I can, if script isn't enough, write C# way of doing it through Graph Managed API
There doesn't appear to be a way to expose mailbox or folder permissions through the Graph API. These are available through the Exchange Online PowerShell module e.g. Get-MailboxFolderPermission.
i wanted to modify task.json on runtime means when i configure my CI task in vsts or tfs.
I created an extension that contribute a build task.
Through this build task i wanted to do something like this, i have done in jenkins. Please Refer screenshot:
1-Requirement) in this image we add global variable(fields) at runtime on clicking Add Global Variables button. It generates two fields one for GVName and another for its value.
2-Requirement) When we select global variable then respective value field change at runtime means it can be dropbox(picklist) or input field that depends on GV type.
3-Requirement) On Job design time we make an ajax call to server that return true/false on based of value we shows error like in image 2.
Is these requirements are feasible in VSTS task.json? If yes, can you help me to solve this.
No, but it can list the available items that returned from the server.
For example:
"inputs": [
{
"name": "APIURL",
"type": "connectedService:Generic",
"label": "API URL",
"required": true,
"helpMarkDown": ""
},
{
"name": "List1",
"type": "pickList",
"label": "List4",
"defaultValue": "",
"required": false,
"helpMarkDown": ""
}
],
"sourceDefinitions": [
{
"target": "List1",
"endpoint": "home/jsontest",
"selector": "jsonpath:$[*].id",
"authKey": "$(APIURL)"
}
],
A thread that may benefit you: Using a web API in task.json to fill picklists buildtask
I'm observing a change in functionality in Microsoft Graph. When requesting a list of drives from a SharePoint site, I used to see a driveItem attribute that no longer seems to be present as of Nov 14.
The site documentation mentions the relationship to the drives collection.
The drive documentation describes the driveType attribute as:
Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only.
Here is an example call:
https://graph.microsoft.com/v1.0/sites/{site-id}/drives
Response:
client-request-id →d822c749-baf6-4857-abd9-6d80f70823d9
request-id →d822c749-baf6-4857-abd9-6d80f70823d9
x-ms-ags-diagnostic →{"ServerInfo":{"DataCenter":"EastUS","Slice":"SliceB","Ring":"NA","ScaleUnit":"003","Host":"AGSFE_IN_28","ADSiteName":"EST"}}
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives",
"value": [
{
"createdBy": {
"user": {
"displayName": "System Account"
}
},
"createdDateTime": "2015-05-22T17:21:01Z",
"description": "This system library was created by the PointPublishing feature to store application pages.",
"id": "b!a4YqXM4QKkOPmOj73xfdss5bbYPr7MlFlXKVhtK0Dpjf4OJPyoBFQo2-YK5095t1",
"lastModifiedDateTime": "2015-05-22T17:21:03Z",
"name": "AppPages",
"webUrl": "https://mysharepoint.sharepoint.com/portals/hub/AppPages",
"quota": {
"deleted": 0,
"remaining": 0,
"total": 0,
"used": 0
}
}
<snipped a few values>
]
}
Is the change in functionality I am seeing here by design or non-intended?
Edit: When attempting the call:
https://graph.microsoft.com/v1.0/sites/root/drives?$select=id,driveType,Name
The driveType is returned
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives(id,driveType,name)",
"value": [
{
"id": "fakeId",
"name": "Documents",
"driveType": "documentLibrary"
}
]
}
When requesting drives for a site based on the site-id (/sites/{site-id}/drives) we see different attributes returned.
Just closing the loop on this. As Brad mentioned, an issue has been identified. A fix is currently in the pipeline and should be rolling out soon.
I've upgraded to Cloud Endpoints 2.0 which no longer supports RPC. Therefore, I generated a new discovery document and used the service generator with the REST discovery doc as input in order to generate the client library for my iOS app.
Using the new REST discovery doc I am getting the following error when trying to generate the library:
~/workspace/google-api-objectivec-client-for-rest/Source/Tools/ServiceGenerator/build/Release/ServiceGenerator discovery/servUsApi-v1-rest.discovery --outputDir GTLAPI --gtlrFrameworkName GoogleAPIClientForREST
ERROR: Failure, exception: Looking at parameter 'creditKickbackKash:creditAmount', found a type/format pair of 'number/(null)', and don't how to map that to Objective-C
I was able to manually fix this by adding (in numerous places) in the discovery doc, the "format": "double" key and value for all double parameters. Notice creditAmount below is missing a format, like all other doubles.
The generated discovery doc looks like this:
"creditKickbackKash": {
"httpMethod": "PUT",
"id": "servUsApi.admin.creditKickbackKash",
"parameterOrder": [
"userId",
"creditAmount"
],
"parameters": {
"userId": {
"format": "int64",
"location": "path",
"required": true,
"type": "string"
},
"creditAmount": {
"location": "path",
"required": true,
"type": "number"
}
},
"path": "creditKickbackKash/{userId}/{creditAmount}",
"response": {
"$ref": "ResultDTO"
},
"scopes": [
"https://www.googleapis.com/auth/userinfo.email"
]
}
Is anyone else having this issue? How can I get the discovery document generation to properly format the document including double number types?
I had the same problem. I rolled back from 1.9.50 to 1.9.48 and the problem is gone.