获取访问控制的分支 ID
Getting the Branch ID for Accesscontrol
我正在尝试在分支级别限制特定 AD 组的权限。之前我曾询问过 Microsoft Azure DevOps 团队他们是否有针对此请求的任何端点 URI REST API,但我得到的答复是目前不可用。但是,我已经设法使用 chrome 开发人员工具获得了 API,它是
https://dev.azure.com/{organization}/_apis/accesscontrolentries/{namespacetoken}?api-version=5.1
然后,我将使用下面的正文提出 POST 请求,
branchPermissionbody = {
"token": "{}".format(permissionToken),
"merge": True,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.Identity;{}".format(descriptorIdentifier),
"deny": 4,
"extendedinfo": {}
}
]
}
权限令牌,格式为,
repoV2/{projectID}/{repositoryID}/refs/heads/{branchID}/
我们可以获得描述符标识符。
在这里,我一直在获取branchID。例如,如果我们试图限制的分支是 master、support%5E,我们如何使用开发者工具获取这些分支 ID?
This blog post explains it all.
我的一位读者刚刚弄清楚您遇到的问题并将解决方案作为评论发布:
Pickle Rick Guest • 2 days ago
Sorry, this is take 2 of the same thing as I got it a bit wrong before, but my current understanding is:
Using az to update permissions for a specific branch requires each
part of the branch name to be hex encoded in unicode. By part, I mean
if you're using feature/branchname as a convention its hex/hex rather
than the slashes being encoded. It's all a bit crazy.
Using powershell I've ended up with:
function hexify($string) { return ($string | Format-Hex -Encoding
Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f
$_ }) -join '' }
$branch = "feature/*" $split = $branch.Split("/") $hexBranch = ($split
| ForEach-Object { hexify -string $_ }) -join "/"
You can then use the string to generate a token, like:
repoV2/daec401a-49b6-4758-adb5-3f65fd3264e3/f59f38e0-e8c4-45d5-8dee-0d20e7ada1b7/refs/heads/6600650061007400750072006500/2a00
What an absolute mess! I have no idea why both the refs/heads/ and the
other /'s are not encoded. maybe I'm missing something but hey it
seems to work.
Thanks for your examples pointing me in the right direction.
令牌有点像噩梦。例如,没有一致的 API 来获取分支的令牌。我还看到了以下格式:
Because a / is a token separator, a branch reference is escaped by replacing / with ^. Thus refs/heads/master becomes: refs^heads^master
不确定为什么代码对您不起作用,这可能与您的控制台的代码页或输入数据的 unicode king 有关。
这是我在 运行 代码示例时得到的:
function hexify($string) {
return ($string | Format-Hex -Encoding Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join ''
}
$branch = "feature/mine"
$split = $branch.Split("/")
$hexBranch = ($split | ForEach-Object { hexify -string $_ }) -join "/"
write-host "refs/heads/$hexBranch"
refs/heads/6600650061007400750072006500/6d0069006e006500
您可以使用此工具将您的分支名称自动转换为分支ID。 https://onlineunicodetools.com/convert-unicode-to-hex
为了测试,我从 Developer 工具中获取了我的主分支 ID,它是 6d0061007300740065007200,如下所示。
然后用这个工具把master转成十六进制。
这些值相同。那么support%5E呢
希望这会有所帮助。
我正在尝试在分支级别限制特定 AD 组的权限。之前我曾询问过 Microsoft Azure DevOps 团队他们是否有针对此请求的任何端点 URI REST API,但我得到的答复是目前不可用。但是,我已经设法使用 chrome 开发人员工具获得了 API,它是
https://dev.azure.com/{organization}/_apis/accesscontrolentries/{namespacetoken}?api-version=5.1
然后,我将使用下面的正文提出 POST 请求,
branchPermissionbody = {
"token": "{}".format(permissionToken),
"merge": True,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.Identity;{}".format(descriptorIdentifier),
"deny": 4,
"extendedinfo": {}
}
]
}
权限令牌,格式为,
repoV2/{projectID}/{repositoryID}/refs/heads/{branchID}/
我们可以获得描述符标识符。
在这里,我一直在获取branchID。例如,如果我们试图限制的分支是 master、support%5E,我们如何使用开发者工具获取这些分支 ID?
This blog post explains it all.
我的一位读者刚刚弄清楚您遇到的问题并将解决方案作为评论发布:
Pickle Rick Guest • 2 days ago
Sorry, this is take 2 of the same thing as I got it a bit wrong before, but my current understanding is:
Using az to update permissions for a specific branch requires each part of the branch name to be hex encoded in unicode. By part, I mean if you're using feature/branchname as a convention its hex/hex rather than the slashes being encoded. It's all a bit crazy.
Using powershell I've ended up with:
function hexify($string) { return ($string | Format-Hex -Encoding Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join '' } $branch = "feature/*" $split = $branch.Split("/") $hexBranch = ($split | ForEach-Object { hexify -string $_ }) -join "/"You can then use the string to generate a token, like:
repoV2/daec401a-49b6-4758-adb5-3f65fd3264e3/f59f38e0-e8c4-45d5-8dee-0d20e7ada1b7/refs/heads/6600650061007400750072006500/2a00What an absolute mess! I have no idea why both the refs/heads/ and the other /'s are not encoded. maybe I'm missing something but hey it seems to work.
Thanks for your examples pointing me in the right direction.
令牌有点像噩梦。例如,没有一致的 API 来获取分支的令牌。我还看到了以下格式:
Because a
/is a token separator, a branch reference is escaped by replacing/with^. Thusrefs/heads/masterbecomes:refs^heads^master
不确定为什么代码对您不起作用,这可能与您的控制台的代码页或输入数据的 unicode king 有关。
这是我在 运行 代码示例时得到的:
function hexify($string) {
return ($string | Format-Hex -Encoding Unicode | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join ''
}
$branch = "feature/mine"
$split = $branch.Split("/")
$hexBranch = ($split | ForEach-Object { hexify -string $_ }) -join "/"
write-host "refs/heads/$hexBranch"
refs/heads/6600650061007400750072006500/6d0069006e006500
您可以使用此工具将您的分支名称自动转换为分支ID。 https://onlineunicodetools.com/convert-unicode-to-hex
为了测试,我从 Developer 工具中获取了我的主分支 ID,它是 6d0061007300740065007200,如下所示。
然后用这个工具把master转成十六进制。
这些值相同。那么support%5E呢
希望这会有所帮助。