I want to create azure ad groups and a DevOps project. Then I want to grand azure ad group permission. But I understood that they don't sync instantly.
import json
PAT = 'MY_PAT'
cred = HTTPBasicAuth({mymail}, PAT)
#create AAD groups
projectName = 'projectdeploy6'
URL = "https://graph.microsoft.com/v1.0/groups"
headers = {"Authorization": f"Bearer {JWT}"}
data= {
'displayName': f'AAD_{projectName}_reader',
'mailEnabled': 'false',
'mailNickname': 'none',
'securityEnabled': 'true'
}
r = requests.post(URL, json=data,headers=headers)
string = r.content.decode('utf-8')
readerId=json.loads(string)['id']
data['displayName'] = f'AAD_{projectName}_ProjectAdmin'
r = requests.post(URL, json=data,headers=headers)
string = r.content.decode('utf-8')
adminId=json.loads(string)['id']
data['displayName'] = f'AAD_{projectName}_Contributor'
r = requests.post(URL, json=data,headers=headers)
string = r.content.decode('utf-8')
contrId=json.loads(string)['id']
# create project
requesturl = f"https://dev.azure.com/{org}/_apis/projects?api-version=6.0"
data = {
"name": projectName,
"description": "description is requred",
"capabilities": {
"versioncontrol": {
"sourceControlType": "Git"
},
"processTemplate": {
"templateTypeId": "6b724908-ef14-45cf-84f8-768b5384da45"
}
}
}
r = requests.post(requesturl, json = data, auth=cred)
time.sleep(15)
url = f"https://dev.azure.com/{org}/_apis/projects/{projectName}?api-version=6.0"
r = requests.get(url, auth=cred)
project = json.loads(r.content)
url= f"https://vssps.dev.azure.com/{org}/_apis/graph/descriptors/{project['id']}"
r = requests.get(url, auth=cred)
projectScp =json.loads(r.content)['value']
#get AAD groups
url = 'https://vssps.dev.azure.com/{org}/_apis/graph/groups?api-version=5.1-preview.1'
r = requests.get(url, auth=cred)
d = json.loads(r.content)
adminAADGroup =[group for group in d['value'] if group['originId'] == adminId][0]
readerAADGroup =[group for group in d['value'] if group['originId'] == readerId][0]
contrAADGroup =[group for group in d['value'] if group['originId'] == contrId][0]
# get ADO groups
url = f"https://vssps.dev.azure.com/{org}/_apis/graph/groups?api-version=6.0-preview.1&scopeDescriptor={projectScp}&$search='displayName:projectdeploy1 Team'"
r = requests.get(url, auth=cred)
d = json.loads(r.content)
adminADOGroup = [group for group in d['value'] if group['displayName'] == 'Project Administrators'][0]
contrADOGroup = [group for group in d['value'] if group['displayName'] == 'Contributors'][0]
readerADOGroup = [group for group in d['value'] if group['displayName'] == 'Readers'][0]
url = f"https://vssps.dev.azure.com/{org}/_apis/graph/memberships/{adminAADGroup['descriptor']}/{adminADOGroup['descriptor']}?api-version=6.1-preview.1"
r = requests.put(url, auth=cred)
json.loads(r.content)
It fails at this line:
adminAADGroup =[group for group in d['value'] if group['originId'] == adminId][0]
I captured the call in postman:
{
"$id": "1",
"innerException": null,
"message": "TF400898: An Internal Error Occurred. Activity Id: GUID.",
"typeName": "Microsoft.VisualStudio.Services.IdentityPicker.IdentityPickerArgumentException, Microsoft.TeamFoundation.Framework.Server",
"typeKey": "IdentityPickerArgumentException",
"errorCode": 0,
"eventId": 0
}
Can someone help me solve this issue?
