I am trying to update the variable group's variables from yml file using script as you have done here, but for authentication I am using PAT. When running the pipeline it's showing something like this.
Here is what I have tried :
$authHeader = @{Authorization = "Bearer $(accessToken)"}
$body = @{
description = "Build number"
name = "BUILD_NUMBER_GROUP"
type = "Vsts"
variables = @{
Major = @{
isSecret = "false"
isReadOnly = "false"
value = "100"
}
}
}| ConvertTo-Json
$response = Invoke-RestMethod -Uri "https://dev.azure.com/{OrganizationName}/{ProjectName}/_apis/distributedtask/variablegroups/{variableGroupId}?api-version=5.1-preview.1" -Method Put -Body $body -Headers $authHeader -ContentType "application/json"
If you are running the script in pipeline to update a variable group, it is suggested authenticating against the $(System.AccessToken)
of the pipeline service account, which can avoid leakage and expiration of the PAT and remove Azure DevOps REST API throttling issues if you run a large number of pipelines.
Here is a sample YAML pipeline with two pwsh
scripts authenticating separately against Bearer $(System.AccessToken)
and Basic
plus the BASE64 encoded PAT for your reference.
pool:
vmImage: ubuntu-latest
variables:
groupId: 38
steps:
- pwsh: |
$URL = "$(System.CollectionUri)/$(System.TeamProjectId)/_apis/distributedtask/variablegroups/$(groupId)?api-version=5.0-preview.1"
$headers = @{
'Authorization' = 'Bearer ' + "$(System.AccessToken)"
'Content-Type' = 'application/json'
}
$body = @{
description = "Build number"
name = "BUILD_NUMBER_GROUP"
type = "Vsts"
variables = @{
Major = @{
isSecret = "false"
isReadOnly = "false"
value = "100"
}
}
} | ConvertTo-Json
$response = Invoke-RestMethod -Method Put -Uri $URL -Headers $headers -Body $body
$response | ConvertTo-Json -Depth 100
displayName: Authenticate against System.AccessToken of the pipeline service account to update variable group
- pwsh: |
$B64Pat = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(":$(PAT)"))
$URL = "$(System.CollectionUri)/$(System.TeamProjectId)/_apis/distributedtask/variablegroups/$(groupId)?api-version=5.0-preview.1"
$headers = @{
'Authorization' = 'Basic ' + "$B64Pat"
'Content-Type' = 'application/json'
}
$body = @{
description = "Build number"
name = "BUILD_NUMBER_GROUP"
type = "Vsts"
variables = @{
Major = @{
isSecret = "false"
isReadOnly = "false"
value = "100"
}
Minor = @{
isSecret = "false"
isReadOnly = "false"
value = "101"
}
}
} | ConvertTo-Json
$response = Invoke-RestMethod -Method Put -Uri $URL -Headers $headers -Body $body
$response | ConvertTo-Json -Depth 100
displayName: Authenticate against BASE64 encoded PAT to update variable group