问题
I am trying to restrict the permissions for a specific AD group on a branch level. Previously I have asked the Microsoft Azure DevOps team if they had any endpoint URI REST API for this request, but the response that I have got was that it was not currently available. However, I have managed to get the API using the chrome developer tool, which was
https://dev.azure.com/{organization}/_apis/accesscontrolentries/{namespacetoken}?api-version=5.1
Then, I am making the POST request using this body below,
branchPermissionbody = {
"token": "{}".format(permissionToken),
"merge": True,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.Identity;{}".format(descriptorIdentifier),
"deny": 4,
"extendedinfo": {}
}
]
}
The Permission Token, is in the format of ,
repoV2/{projectID}/{repositoryID}/refs/heads/{branchID}/
and the descriptoridentier is something we can get.
Here, I am stuck on getting the branchID. For example, if the branch we are trying to restrict are master
, support%5E
, how do we grab these branch ID using the developer tool?
回答1:
You can use this tool to convert your branch name to branch id automatically. https://onlineunicodetools.com/convert-unicode-to-hex
For a test, I get my master branch id from Developer tool, it is 6d0061007300740065007200
like below.
And then use this tool to convert master
to hex.
These values are same. Then what about support%5E
Hope this will help.
回答2:
This blog post explains it all.
One of my readers just figured out the problem you have and posted the solution as a comment:
Pickle Rick Guest • 2 days ago
Sorry, this is take 2 of the same thing as I got it a bit wrong before, but my current understanding is:
Using az to update permissions for a specific branch requires each part of the branch name to be hex encoded in unicode. By part, I mean if you're using feature/branchname as a convention its hex/hex rather than the slashes being encoded. It's all a bit crazy.
Using powershell I've ended up with:
function hexify($string) { return ($string | Format-Hex -Encoding Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join '' } $branch = "feature/*" $split = $branch.Split("/") $hexBranch = ($split | ForEach-Object { hexify -string $_ }) -join "/"
You can then use the string to generate a token, like:
repoV2/daec401a-49b6-4758-adb5-3f65fd3264e3/f59f38e0-e8c4-45d5-8dee-0d20e7ada1b7/refs/heads/6600650061007400750072006500/2a00
What an absolute mess! I have no idea why both the refs/heads/ and the other /'s are not encoded. maybe I'm missing something but hey it seems to work.
Thanks for your examples pointing me in the right direction.
The token is a bit of a nightmare. There is no consistent API to get the token for a branch for example. I've also seen the following format:
Because a
/
is a token separator, a branch reference is escaped by replacing/
with^
. Thusrefs/heads/master
becomes:refs^heads^master
Not sure why the code won't work for you, it may have to do with the codepage of your console or the unicode king of your input data.
This is what I get when I run the code sample:
function hexify($string) {
return ($string | Format-Hex -Encoding Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join ''
}
$branch = "feature/mine"
$split = $branch.Split("/")
$hexBranch = ($split | ForEach-Object { hexify -string $_ }) -join "/"
write-host "refs/heads/$hexBranch"
refs/heads/6600650061007400750072006500/6d0069006e006500
来源:https://stackoverflow.com/questions/58529566/getting-the-branch-id-for-accesscontrol