Set-MOAzureDevOpsModusRepoPermission
SYNOPSIS
Grants an identity (default: the project Build Service) repository permissions via the Security ACL API - so CI pipelines can push tags and post PR comments.
SYNTAX
Set-MOAzureDevOpsModusRepoPermission [-OrganizationUri] <String> [-Credential] <PSCredential>
[-RepositoryName] <String> [[-ProjectName] <String>] [[-IdentityName] <String>] [[-Allow] <Int32>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Resolves the project, repository, and identity, then sets an allow ACE on the Git Repositories security namespace for token `repoV2/{projectId}/{repoId}`. Uses `merge` so existing permissions are preserved; re-running is safe (sets the same allow bits).
Default allow bits - Contribute (4) + PullRequestContribute (16384) = 16388 - are exactly what `tagOnMerge` (push a tag) and `prValidation` (post a PR comment) need.
EXAMPLES
EXAMPLE 1
Set-MOAzureDevOpsModusRepoPermission -OrganizationUri 'https://dev.azure.com/myorg' -Credential $pat `
-RepositoryName modusOpsTemplates -Verbose
DESCRIPTION
Grants ‘modusOps Build Service (myorg)’ Contribute + Contribute-to-PRs on the repo.
PARAMETERS
-OrganizationUri
Organisation URI, e.g. https://dev.azure.com/myorg
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Credential
PAT credential - the PAT is the password (username is ignored)
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-RepositoryName
Repository to set the permission on
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ProjectName
Project that owns the repository
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: ModusOps
Accept pipeline input: False
Accept wildcard characters: False
-IdentityName
Identity to grant. Defaults to the project Build Service.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Allow
Allow bitmask. Default Contribute(4) + PullRequestContribute(16384) = 16388
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: 16388
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
OUTPUTS
NOTES
Author: Adrian Andersson PAT scope: Code (Read, write & manage) - managing permissions is a Code-manage operation. Git Repositories security namespace id: 2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87. Git permission bits: Contribute=4, PullRequestContribute=16384 (combined allow = 16388).