Adding a Team Administrator through the VSTS Rest API

In many projects I come across there is a desire to add a Team Administrator to a VSTS Project. While there is allot of quality documentation, there is no clear route to add a Team Administator to a VSTS Project.

I investigated what calls the VSTS Web UI makes to add a team administrator and constructed a script that does exactly that.

The UI uses a simple method call this method: https://account.visualstudio.com/TeamPermissions/_api/_identity/AddTeamAdmins?__v=5 where it posts a piece of JSON. This basically consists of the Team ID and the user that you want to add.

However to construct this message you need to do several calls to get the required information. It involves getting all the Groups, Users and the users StorageKey to be able to add the administrator.

I created a script containing all the methods and supportive functions that can be found in my GitHub account here: https://github.com/JasperGilhuis/VSTS-RestAPI

Advertisements

Debugging packages from your VSTS Package Management Feed with Visual Studio 2017

In this blogpost I am going to show you how you can debug packages that reside in a Package Management Feed in Visual Studio Team Services (VSTS).

Setting the stage
The package represents a custom build package that can serve any generic functionality used by other applications. The package has its own solution and is automatically pushed to the Package Management feed by a CI Build.

In another solution we have an command line application that consumes this package and we like to have the ability to be able to debug through that code without having to do any other plumbing. We want to treat the package as if we don’t know where the source is.

Continue reading

Automatically retain a VSTS release

In some environments it can be convenient to retain production releases automatically. Richard Zaat and I worked on this together. Our objective was to retain a release automatically after it has been succesfully enrolled to an environment. To achieve this we wanted to utilize the PowerShell task to minimize the effort.

First we created a demo release pipeline containing one environment. The Release does not do anything and does not have any artifacts. To the environment we only added the PowerShell task.

We have configured to have it use the Preview 2.* version but this works for version 1.* too. The script we have is the following;

$baseurl = $env:SYSTEM_TEAMFOUNDATIONSERVERURI
$baseurl += $env:SYSTEM_TEAMPROJECT + "/_apis"
$uri = "$baseurl/release/releases/$($env:Release_ReleaseID)?api-version=3.0-preview.2"

$accesstoken = "Bearer $env:System_AccessToken"

Invoke-RestMethod -Uri $uri -Method Patch -ContentType "application/json" -Headers @{Authorization = $accesstoken} -Body "{keepforever:true}"

In the script we construct the URL for VSTS Release Management, together with a ‘template’ to call the Release REST API service, passing the current Release ID. It also constructs the Bearer token to be able to call the REST API authenticated. The last line invokes the contructed REST API call. The call sets the ‘KeepForever‘ attribute of the release. This will exempt it from the release retention policies.

In the release definition the “Agent Phase” needs to be configured to “Allow scripts to access OAuth token”. Listed under ‘Additional Options’ section. This will allow the script to use the $env:System_AccessToken.

The last thing to do is to make sure that the agent account has the “Manage Releases” permissions. This can be done very specifically or for all release definitions.

A few links to usefull resources

VSTS Release API overview
https://www.visualstudio.com/en-us/docs/integrate/api/rm/releases

VSTS Release Retention polocies
https://www.visualstudio.com/en-us/docs/build/concepts/policies/retention#release

Interacting with VSTS and the Rest API’s
https://roadtoalm.com/2017/05/01/only-trigger-a-release-when-the-build-changed/

Enjoy!

TechDays 2016 and Xpirit Magazine #3

Last week Xpirit was at Dutch TechDays 2016 in Amsterdam RAI. Xpirit was a Platinum Sponsor for this event. For those who have missed the event, it was a great opportunity to meet all of the Xpirit colleagues in person since we were ALL there! Xpirit hosted several sessions and also organized a very successful CTO track!

techdays2016flyer

Continue reading

Adding a DMZ server to the TrustedHosts list

Today I was working with Release Management in an On-Premise TFS 2015 situation where I had to release into server located in the DMZ.

After getting all kinds of things in place, like installing an agent, having shadow accounts setup and having validated i could reach and use the agent to install the required software I came across another issue.

The issue issue was that to be able to run a PowerShell script on the machine, WinRM is used. When running that PowerShell script from the release pipeline it blew up the pipeline with the following error:

“The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.”

As the error suggests you need to add the server to the local TrustedHosts list. I first checked the current list with the following command:

get-item wsman:\localhost\Client\TrustedHosts

That returned an empty list. And thus I decided to add the current server to the list, which can be done with the following command:

set-item wsman:\localhost\Client\TrustedHosts -value 192.168.XX.XX

The following screen shows the commands in action, actual IP’s are blurred.

dmz_powershell_trustedhosts

When re-running the deployment all was good in the “safe zone”

Updated Token Comparer

Recently i have posted a VSTS extension to the Marketplace. This extension is named Token Comparer. It allows you to compare your defined Tokens with the defined release variables.

I have updated the extension to run on on-premise TFS 2015 as well. I have also done some cleaning in the code. This resulted in a new version in the market place which is no longer in “preview”. I have also updated the underlying name of the extension and therefor it now is only available through the following URL:

https://marketplace.visualstudio.com/items?itemName=jaspergilhuis.JasperGilhuis-Xpirit-VSTS-BRM-TokenComparer

Token Comparer - Marketplace

Read more details in the previous post: https://jaspergilhuis.nl/2016/06/27/token-comparer/