Search code examples
azurepowershellazure-devopsazure-automationserviceconnection

Get Azure DevOps service connection service principal id with powershell


I am working on automating Azure Active Directory App Registrations and Azure Devops Service Connections, and have hit a wall.

I want to query Azure DevOps service connections (service endpoints) by Service Principal ID (or at least get the id). This is possible when using Azure CLI:

az devops service-endpoint list --query "[?authorization.parameters.serviceprincipalid=='xxx']"

But since I am running this in Azure automation account as a powershell runbook, the Azure CLI is not supported.

Then I tried the Azure DevOps REST API, and called it from powershell, but the response does not contain the service principal ID, but just this:

authorization : @{parameters=; scheme=ServicePrincipal}

Does anyone have an idea on how to solve this?

UPDATE

I am calling the rest API like this:

$uriAccount = $UriOrg + "_apis/serviceendpoint/endpoints?endpointNames={name}&api-version=6.1-preview.4"
$result = Invoke-RestMethod -Uri $uriAccount -Method get -Headers $AzureDevOpsAuthenicationHeader 

And $result.value gives me this:

authorization : @{parameters=; scheme=ServicePrincipal}

Solution

  • You can try the REST API Endpoints - Get Service Endpoints By Names.

    GET https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4
    

    In this REST API, you can find the id and details by the name of a service connection.

    Here is an example to use the REST API in PowerShell:

    $token = "{pat}"
    $token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
    $url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
    $head = @{ Authorization =" Basic $token" }
    Invoke-RestMethod -Uri $url -Method GET -Headers $head
    

    Update:

    The cause for this question is that you output result in the wrong way.

    For JSON response bodies, there is no intuitive way to get results without specifying the final layer. Here is my modified code, notice how I print result:

    $token = "{pat}"
    $token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
    $url="https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.0-preview.4"
    $head = @{ Authorization =" Basic $token" }
    $reslut = Invoke-RestMethod -Uri $url -Method GET -Headers $head
    echo $result.value.authorization.parameters