azurepowershellazure-devopsazure-repos
Unable to copy and apply a branch policy from one repo to another repo in azure devops
Not able to copy the azure branch policy from one repo to another repo using the below PowerShell script
PowerShell script
[CmdletBinding()]
param([Parameter(Mandatory=$true)][string] $AzureDevOpsPAT,[Parameter(Mandatory=$true)][string] $OrganizationName,[Parameter(Mandatory=$true)][string] $SourceProjectName,[Parameter(Mandatory=$true)][string] $SourcerepositoryName,[Parameter(Mandatory=$true)][string] $SourceBranch,[Parameter(Mandatory=$true)][string] $TargetProjectName,[Parameter(Mandatory=$true)][string] $TargetrepositoryName,[Parameter(Mandatory=$true)][string] $TargetBranch)
$ErrorActionPreference = ‘Stop’;
$User=“”;
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes((“{0}:{1}” -f $User,$AzureDevOpsPAT)));$header = @{Authorization=(“Basic {0}” -f $base64AuthInfo)};
Get Source repository
$sourceurl = ‘https://dev.azure.com/'+ $OrganizationName + ‘/’ + $SourceProjectName + ‘/_apis/git/repositories/’ + $SourcerepositoryName +’?api-version=5.1’$sourcerepository = Invoke-RestMethod -Uri $sourceurl -Method Get -ContentType application/json -Headers $header
$sourcepolicy = 'https://dev.azure.com/'+ $OrganizationName + ‘/’ + $teamProjectName +‘/_apis/git/policy/configurations?repositoryId=’ + $sourcerepository.id + ‘&refName=refs/heads/’ + $SourceBranch + ‘&api-version=5.1-preview.1’
Get Target repository
$targeturl = ‘https://dev.azure.com/'+ $OrganizationName + ‘/’ + $TargetProjectName + ‘/_apis/git/repositories/’ + $TargetrepositoryName +’?api-version=5.1’$targetpository = Invoke-RestMethod -Uri $targeturl -Method Get -ContentType application/json -Headers $headerWrite-Output $targetpository
get policies
$Url = 'https://dev.azure.com/'+ $OrganizationName + ‘/’ + $SourceProjectName + ‘/_apis/policy/configurations?api-version=5.1’;$policies = Invoke-RestMethod -Uri $Url -Method Get -ContentType application/json -Headers $header
$policies.value | ConvertTo-Json
foreach($policy in $policies.value){if ($policy.type.id -eq ‘0517f88d-4ec5-4343-9d26-9930ebd53069’){continue; # skipping GitRepositorySettingsPolicyName}
# remove properties from policy so it can be applied to target branch
$props = $policy.PSObject.Properties
$props.remove('createdBy');
$props.remove('createdDate');
$props.remove('revision');
$props.remove('id');
$props.remove('url');
$policy._links.PSObject.Properties.Remove('self')
# set target branch
if (($null -ne $policy.settings.scope[0].refname))
{
$policy.settings.scope[0].refName = 'refs/heads/' + $TargetBranch;
}
if (($null -ne $policy.settings.searchBranches))
{
$policy.settings.searchBranches[0] = 'refs/heads/' + $TargetBranch;
}
# create policy in target branch
$body = $policy | ConvertTo-Json -Depth 10
$policyCreateResponse = Invoke-RestMethod -Uri $Url -Method Post -Body $body -ContentType application/json -Headers $header
$policyCreateResponse
}
The error
Invoke-RestMethod : {"$id":"1","innerException":null,"message":"The update is rejected by
policy.","typeName":"Microsoft.TeamFoundation.Policy.Server.PolicyChangeRejectedByPolicyException,
Microsoft.TeamFoundation.Policy.Server","typeKey":"PolicyChangeRejectedByPolicyException","errorCode":0,"eventId":3000}
I am seeking a solution to copy a branch policy from one repository to another using either a script or an Azure pipeline. Can you please assist me with this task?
Solution
According to my testing, the reason you encounter the error "The update is rejected by policy" is that you are creating a branch policy on the source branch, which already has such a branch policy. $Url is your source project.
$policyCreateResponse = Invoke-RestMethod -Uri $Url -Method Post -Body $body -ContentType application/json -Headers $header
I made some modifications based on your scripts and it works fine.
$AzureDevOpsPAT = '{PAT}'
$OrganizationName = '{Org name}'
$SourceProjectName = '{Source Proj}'
$SourcerepositoryName = '{Source repo}'
$SourceBranch = '{Source branch}'
$SourceRefName = 'refs/heads/' + $SourceBranch
$TargetProjectName = '{Target Proj}'
$TargetrepositoryName = '{Target repo}'
$TargetBranch = '{Target branch}'
$TargetRefName = 'refs/heads/' + $TargetBranch
$ErrorActionPreference = ‘Stop’;
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($AzureDevOpsPAT)"))
$header = @{ Authorization =" Basic $token" }
#Get Source repository
$sourceurl = ‘https://dev.azure.com/'+ $OrganizationName + ‘/’ + $SourceProjectName + ‘/_apis/git/repositories/' + $SourcerepositoryName +'?api-version=5.1’
$sourcerepository = Invoke-RestMethod -Uri $sourceurl -Method Get -ContentType application/json -Headers $header
$sourcerepository | ConvertTo-Json
$sourcerepositoryid = $sourcerepository.id
#Get Target repository
$targeturl = ‘https://dev.azure.com/'+ $OrganizationName + ‘/’ + $TargetProjectName + ‘/_apis/git/repositories/’ + $TargetrepositoryName +’?api-version=5.1’
$targetrepository = Invoke-RestMethod -Uri $targeturl -Method Get -ContentType application/json -Headers $header
$targetrepository| ConvertTo-Json
$targetrepositoryid = $targetrepository.id
#Get policies
$URL1 = 'https://dev.azure.com/'+ $OrganizationName + ‘/’ + $SourceProjectName + ‘/_apis/policy/configurations?api-version=5.1’
$policies = Invoke-RestMethod -Uri $URL1 -Method Get -ContentType application/json -Headers $header
#Target project URL
$URL2 = 'https://dev.azure.com/'+ $OrganizationName + ‘/’ + $TargetProjectName + ‘/_apis/policy/configurations?api-version=5.1’
foreach($policy in $policies.value){
if ($policy.settings.scope.repositoryId -eq $sourcerepositoryid -and $policy.settings.scope.refName -eq $SourceRefName )
{
if ($policy.type.id -in "fa4e907d-c16b-4a4c-9dfa-4916e5d171ab", "c6a1889d-b943-4856-b76f-9e46bb6b0df2", "40e92b44-2fe1-4dd6-b3d8-74a9c21d0c6e", "fa4e907d-c16b-4a4c-9dfa-4906e5d171dd")
{
$policy.settings.scope[0].repositoryId = $targetrepositoryid
$policy.settings.scope[0].refName = $TargetRefName
$body = $policy | ConvertTo-Json -Depth 10
Write-Host 'Create policy in the target branch'
$policyCreateResponse = Invoke-RestMethod -Uri $URL2 -Method Post -Body $body -ContentType application/json -Headers $header
$policyCreateResponse | ConvertTo-Json
}
else
{
Write-Host 'There is no target policy type.'
}
}
}
Based on the policy.type.id in my script if ($policy.type.id -in "fa4e907d-c16b-4a4c-9dfa-4916e5d171ab", "c6a1889d-b943-4856-b76f-9e46bb6b0df2", "40e92b44-2fe1-4dd6-b3d8-74a9c21d0c6e", "fa4e907d-c16b-4a4c-9dfa-4906e5d171dd"), it works for the following branch policies.
- Can't signin into microsoft account
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Azure Function App Kudu Functions API with empty response
- Get Azure Active Directory password expiry date in PowerShell
- Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
- Azure Logic App HTTP Request Authentication Scope
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Privileged Identity Management - My roles
- Creating a VM in Azure using Powershell
- Creating multiple function apps with one Flex Consumption plan
- Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
- Trigger azure function on user registration in b2c
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure DevOps Pipeline Expression Evaluation
- Using Event Hubs binding for Azure Functions with managed identities?
- How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
- Cosmos DB for MongoDB private endpoint requests blocked by network firewall
- Specifying SAS Token Authorization header with Azure REST API
- Databricks ui is different between different Azure Tenants with activated SCIM Integration
- Download large files in Azure image builder process
- TriggerBuild Could not queue the build because there were validation errors or warnings
- How to filter users in directory by company name with Microsoft Graph Java SDK?
- How to get the azure subscription current cost using PowerShell
- How to automate Azure Data Factory (ADF) credential updates from development to production using Azure DevOps?
- Azure Form Recognizer Set API Version
- Is there a way to deploy a azure function directly to a storage account with private endpoint
- How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?