Skip to content

Commit 207bb40

Browse files
committed
adding automatic authorization of pipelines to environments
1 parent fb0ed59 commit 207bb40

3 files changed

Lines changed: 47 additions & 7 deletions

File tree

src/templates/shared/identity-setup-azure-devops-core.md

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -397,6 +397,40 @@ done
397397
rm -f env-body.json
398398
```
399399

400-
**Note:** Environment approvals and checks must be configured via the Azure DevOps UI.
400+
Authorize each environment for all pipelines (prevents first-run permission prompts):
401+
402+
**PowerShell:**
403+
```powershell
404+
$ADO_RESOURCE = "499b84ac-1321-427f-aa17-267ca6975798"
405+
$TOKEN = az account get-access-token --resource $ADO_RESOURCE --query accessToken -o tsv
406+
407+
foreach ($env in $ENVIRONMENTS) {
408+
$envId = az devops invoke --area environments --resource environments --route-parameters project=$AZDO_PROJECT --query-parameters "api-version=7.1" --query "value[?name=='$env'].id | [0]" -o tsv
409+
if ($envId) {
410+
$url = "$AZDO_ORG/$AZDO_PROJECT/_apis/pipelines/pipelinePermissions/environment/$envId?api-version=7.1-preview.1"
411+
$body = '{"allPipelines":{"authorized":true}}'
412+
Invoke-RestMethod -Method Patch -Uri $url -Headers @{ Authorization = "Bearer $TOKEN" } -ContentType "application/json" -Body $body | Out-Null
413+
}
414+
}
415+
```
416+
417+
**Git Bash:**
418+
```bash
419+
ADO_RESOURCE="499b84ac-1321-427f-aa17-267ca6975798"
420+
TOKEN=$(az account get-access-token --resource "$ADO_RESOURCE" --query accessToken -o tsv)
421+
422+
for env in "${ENVIRONMENTS[@]}"; do
423+
env_id=$(az devops invoke --area environments --resource environments --route-parameters project="$AZDO_PROJECT" --query-parameters "api-version=7.1" --query "value[?name=='$env'].id | [0]" -o tsv)
424+
if [[ -n "$env_id" ]]; then
425+
curl -sS -X PATCH \
426+
-H "Authorization: Bearer $TOKEN" \
427+
-H "Content-Type: application/json" \
428+
"$AZDO_ORG/$AZDO_PROJECT/_apis/pipelines/pipelinePermissions/environment/$env_id?api-version=7.1-preview.1" \
429+
-d '{"allPipelines":{"authorized":true}}' >/dev/null
430+
fi
431+
done
432+
```
433+
434+
**Note:** Environment approvals and checks still must be configured via the Azure DevOps UI.
401435

402436
---

tests/unit/services/identity-guide-service.test.ts

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -143,8 +143,7 @@ describe('identity-guide-service', () => {
143143

144144
it('should render all template placeholders', () => {
145145
const guide = identityGuideService.generateAzureDevOpsGuide(['dev']);
146-
expect(guide).not.toContain('{{');
147-
expect(guide).not.toContain('}}');
146+
expect(guide).not.toMatch(/\{\{[^}]+\}\}/);
148147
});
149148

150149
});

tests/unit/templates/copilot/identity-setup-prompt.test.ts

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -150,8 +150,7 @@ describe('copilot/identity-setup-prompt', () => {
150150

151151
it('should render all template placeholders', () => {
152152
const prompt = generateIdentitySetupPrompt({ environments: ['dev', 'prod'] });
153-
expect(prompt).not.toContain('{{');
154-
expect(prompt).not.toContain('}}');
153+
expect(prompt).not.toMatch(/\{\{[^}]+\}\}/);
155154
});
156155

157156
it('should generate Azure DevOps instructions when ciProvider is azure-devops', () => {
@@ -219,6 +218,15 @@ describe('copilot/identity-setup-prompt', () => {
219218
expect(prompt).toContain('for env in "${ENVIRONMENTS[@]}"; do');
220219
});
221220

221+
it('should authorize environments for pipeline access in ADO prompt', () => {
222+
const prompt = generateIdentitySetupPrompt({
223+
environments: ['dev', 'prod'],
224+
ciProvider: 'azure-devops',
225+
});
226+
expect(prompt).toContain('pipelinePermissions/environment');
227+
expect(prompt).toContain('"allPipelines":{"authorized":true}');
228+
});
229+
222230
it('should render environment arrays for PowerShell and Git Bash in ADO prompt', () => {
223231
const prompt = generateIdentitySetupPrompt({
224232
environments: ['dev', 'prod'],
@@ -233,8 +241,7 @@ describe('copilot/identity-setup-prompt', () => {
233241
environments: ['dev', 'prod'],
234242
ciProvider: 'azure-devops',
235243
});
236-
expect(prompt).not.toContain('{{');
237-
expect(prompt).not.toContain('}}');
244+
expect(prompt).not.toMatch(/\{\{[^}]+\}\}/);
238245
});
239246
});
240247
});

0 commit comments

Comments
 (0)