问题描述
使用 VSTS API,我试图获得一个列表,列出谁可以访问我们在 VSTS 中的每个 git 存储库.
Using VSTS APIs, I'm trying to get a list of who has what access to each of our git repositories in VSTS.
我有 Git 的 security namespaceId,我将这个 namespaceId 传递给 Security -> 此处描述的访问控制列表 API:https://www.visualstudio.com/en-us/docs/integrate/api/security/acls
I have the security namespaceId for Git and I pass this namespaceId to the Security -> Access Control List API described here:https://www.visualstudio.com/en-us/docs/integrate/api/security/acls
GET https://xxxxxxxx.visualstudio.com/DefaultCollection/_apis/accesscontrollists/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/?api-version=1.0&recurse=true&includeExtendedInfo=false
深入研究响应,我可以看到它列出了每个存储库的权限以及引用和标签.
Drilling into the response, I can see it is listing the permissions for each repo, along with ref and tags.
每个对象都包含acesDictionary",它本身就是一个带有如下所示键的对象:
Each object contains "acesDictionary", which itself is an object with keys that look like this:
Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\[email protected]
如何破译 ClaimsIdentity?我的第一个想法是 ClaimsIdentity 中的 UUID 是我的 VSTS 项目中用户的 UUID,但事实并非如此.我知道电子邮件地址在那里,所以我想我可以使用它,但现在我很好奇 ClaimsIdentity 中的 UUID 代表什么.VSTS API 文档没有提到这一点.
How do I decipher a ClaimsIdentity? My first thought was that the UUID in the ClaimsIdentity is the UUID of the user in my VSTS project, but it is not. I know the email address is there so I suppose I could use that, but now I'm curious what the UUID in ClaimsIdentity represent. The VSTS API docs dont mention this.
安全 -> 访问控制列表是否是我应该查看的正确位置?我的主要目标是尝试获取谁可以访问 VSTS git 存储库的列表.
Is Security -> Access Control Lists even the right place where I should be looking? My main goal is trying to get a list of who has what access to VSTS git repositories.
推荐答案
通过技术支持,我能够联系到一位 Microsoft 代表,他与我分享了映射标识描述符的文档尚不可用,但有望发布很快.与此同时,人行横道身份描述符有一个端点,看起来像这样:
Through tech support, I was able to reach a Microsoft representative who shared with me that the documentation for mapping identity descriptors isn't available yet but will hopefully be released soon. In the meantime, there is an endpoint to crosswalk identity descriptors which looks something like this:
GET {account}.vssps.visualstudio.com/_apis/identities?descriptors={commaSeparatedDescriptorsList}&api-version={apiVersion}
请注意,此调用是通过 SPS {account}.vssps.visualstudio.com 进行的,而不是通过您的帐户实例 {account}.visualstudio.com
Note that this call is made through SPS {account}.vssps.visualstudio.com and not through your account instance {account}.visualstudio.com
以我的示例为例,它看起来像这样(uuid 混淆):
Using my example, it would look something like this (uuid obfuscated):
此外,如果描述符的类型为 Microsoft.IdentityModel.Claims.ClaimsIdentity,那么您可能在描述符中转义了反斜杠,您需要取消转义.例如,如果您有:
Also, if the descriptor is of type Microsoft.IdentityModel.Claims.ClaimsIdentity, then you'll likely have escaped backslashes in your descriptor which you'll need to un-escape. For example, if you have:
"Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\[email protected]"
"Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\[email protected]"
您需要取消转义此描述符,使其看起来像这样:
You'll need to un-escape this descriptor so that it looks like this:
"Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]"
"Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]"
这篇关于获取谁有权访问 git 存储库的列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!