search

MethodsAndPractices / vsteam

PowerShell module for accessing Azure DevOps Services and Azure DevOps Server (formerly VSTS or TFS)
https://methodsandpractices.github.io/vsteam-docs/
MIT License
442 stars 155 forks source link

Add Get-VSTeamAadGroupMembers to the module #441

Open SebastianSchuetze opened 2 years ago

SebastianSchuetze commented 2 years ago

Add the following API to the cmdlets:

https://stackoverflow.com/questions/65710580/cannot-find-aad-group-using-identities-ado-api/65715362#65715362

It allowed to query members of an AAD group within AzDO

Execute the below API to search and get the details of the AAD group you want to add. Request URI:

POST https://dev.azure.com/{organization}/_apis/IdentityPicker/Identities?api-version=5.0-preview.1

Request body:

{
    "query": "{AAD group name}",
    "identityTypes": ["user", "group"],
    "operationScopes": ["ims", "source"],
    "options": {
        "MinResults": 5,
        "MaxResults": 40
    },
    "properties": [
        "DisplayName",
        "IsMru",
        "ScopeName",
        "SamAccountName",
        "Active",
        "SubjectDescriptor",
        "Department",
        "JobTitle",
        "Mail",
        "MailNickname",
        "PhysicalDeliveryOfficeName",
        "SignInAddress",
        "Surname",
        "Guest",
        "TelephoneNumber",
        "Manager",
        "Description"
    ]
}

Response body:

{
    "results": [
        {
            "queryToken": "addtovsts",
            "identities": [
                {
                    "entityId": "{entityId}",
                    "entityType": "Group",
                    "originDirectory": "aad",
                    "originId": "{AAD group ID}",
                    "localDirectory": null,
                    "localId": null,
                    "displayName": "{AAD group name}",
                    "scopeName": "{AAD name}",
                    "samAccountName": null,
                    "active": null,
                    "subjectDescriptor": null,
                    "department": null,
                    "jobTitle": null,
                    "mail": "{mail}",
                    "mailNickname": "{mailNickname}",
                    "physicalDeliveryOfficeName": null,
                    "signInAddress": null,
                    "surname": null,
                    "guest": false,
                    "telephoneNumber": null,
                    "description": null,
                    "isMru": false
                }
            ],
            "pagingToken": ""
        }
    ]
}

With the details returned from previous API, execute the below API to add the AAD group to the Pull Request. Request URI:

PUT https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{repositoryId}/pullRequests/{pullRequestId}/reviewers?api-version=5.0

Request body:

{
    "entityId": "{entityId}",
    "entityType": "Group",
    "active": null,
    "department": null,
    "description": null,
    "displayName": "{AAD group name}",
    "guest": false,
    "id": "{AAD group ID}",
    "isAadIdentity": true,
    "isContainer": true,
    "isHosted": true,
    "isMru": false,
    "isRequired": false,  // 'true' will set the group as the Required Reviewer, 'false' is Optional Reviewer
    "jobTitle": null,
    "localDirectory": null,
    "localId": null,
    "mail": "{mail}",  // if you did not set mail, set the value same as 'mailNickname'
    "mailNickname": "{mailNickname}",
    "originDirectory": "aad",
    "originId": "{AAD group ID}",
    "physicalDeliveryOfficeName": null,
    "samAccountName": null,
    "scopeName": "{AAD name}",
    "signInAddress": null,
    "subjectDescriptor": null,
    "surname": null,
    "telephoneNumber": null,
    "vote": 0
}