In order to verify that the protection for our Azure devops environment are set properly we would like to build in a scheduled automated check.
But it seems that the REST api that describes environments does not give any information about approvals and checks, is there any way to obtain programmatically branch control and other protections of an Azure DevOps environment?
Example output from REST API call:
{
"id": 123,
"name": "BranchFilter",
"description": "Deploy DEV for subscription XXX",
"createdBy": {
"displayName": "Name Name",
"url": "https://etcetc",
"_links": {
"avatar": {
"href": "https://dev.azure.com/org/prj/_apis etcetc"
}
},
"id": "someid",
"uniqueName": "uniquename",
"imageUrl": "https://dev.azure.com/etc",
"descriptor": "something"
},
"createdOn": "2024-02-28T12:00:00.0000000Z",
"lastModifiedBy": {
"displayName": "Name",
"url": "https://etcetc",
"_links": {
"avatar": {
"href": "https://dev.azure.com/etcetc"
}
},
"id": "someid",
"uniqueName": "uniquename",
"imageUrl": "https://dev.azure.com/etcetc",
"descriptor": "something"
},
"lastModifiedOn": "2024-02-28T12:01:01.00Z",
"project": {
"id": "someid",
"name": null
}
}
This output shows nothing about existing branch control, that is visible in portal:
To get the info about the "approvals and checks" for one environment, you can use REST API Check Configurations - List.
GET https://dev.azure.com/{organization}/{project}/_apis/pipelines/checks/configurations?resourceType={resourceType}&resourceId={resourceId}&api-version=7.1-preview.1
Replace the parameters below with your actual values.
You can see information similar to the following.
{
"count": 3,
"value": [
{
...
"id": 47,
"version": 2,
"type": {
"id": "fe1de3ee-a436-41b4-bb20-f6eb4cb879a7",
"name": "Task Check"
},
...
"resource": {
"type": "environment",
"id": "***",
"name": "DEV"
}
},
{
...
"id": 48,
"version": 1,
"type": {
"id": "8c6f20a7-a545-4486-9777-f762fafe0d4d",
"name": "Approval"
},
...
},
{
...
"id": 50,
"version": 1,
"type": {
"id": "2ef31ad6-baa0-403a-8b45-2cbc9b4e5563",
"name": "ExclusiveLock"
},
...
}
...
]
}
Update
We can get more detailed info using parameter $expand=settings
.
The request URL: GET https://dev.azure.com/{organization}/{project}/_apis/pipelines/checks/configurations?resourceType=environment&resourceId={resourceId}&$expand=settings&api-version=7.1-preview.1
The sample response body:
{
"settings": {
"displayName": "Branch control",
"definitionRef": {
"id": "***",
"name": "evaluatebranchProtection",
"version": "0.0.1"
},
"inputs": {
"allowedBranches": "feature",
"ensureProtectionOfBranch": "true",
"allowUnknownStatusBranch": "true",
"displayName": "Branch control",
"retryInterval": "0",
"timeout": "1440",
"linkedVariableGroup": ""
},
"retryInterval": 0
},
...
"id": 47,
"version": 4,
"type": {
"id": "fe1de3ee-a436-41b4-bb20-f6eb4cb879a7",
"name": "Task Check"
},
...