获取谁有权访问git存储库的列表 [英] Get a list of who has what access to git repositories
问题描述
使用VSTS API,我试图获取谁有权访问VSTS中的每个git存储库的列表.
Using VSTS APIs, I'm trying to get a list of who has what access to each of our git repositories in VSTS.
我具有用于Git的安全名称空间ID,并将此名称空间ID传递给此处所述的安全"->访问控制列表" API: https://www.visualstudio.com/zh-CN/docs/integrate/api/security/acls
I have the security namespaceId for Git and I pass this namespaceId to the Security -> Access Control List API described here: https://www.visualstudio.com/en-us/docs/integrate/api/security/acls
GET https://xxxxxxxx.visualstudio.com/DefaultCollection/_apis/accesscontrollists/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/?api-version=1.0&recurse=true&includeExtendedInfo=false
深入研究响应,我可以看到它正在列出每个回购的权限以及ref和标签.
Drilling into the response, I can see it is listing the permissions for each repo, along with ref and tags.
每个对象都包含"acesDictionary",该对象本身是带有如下键的对象:
Each object contains "acesDictionary", which itself is an object with keys that look like this:
Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\emailaddress@example.com
如何解密ClaimsIdentity?我首先想到的是ClaimsIdentity中的UUID是我的VSTS项目中用户的UUID,但事实并非如此.我知道那里有电子邮件地址,因此我想可以使用它,但是现在我很好奇ClaimsIdentity中的UUID代表什么. VSTS API文档没有提及这一点.
How do I decipher a ClaimsIdentity? My first thought was that the UUID in the ClaimsIdentity is the UUID of the user in my VSTS project, but it is not. I know the email address is there so I suppose I could use that, but now I'm curious what the UUID in ClaimsIdentity represent. The VSTS API docs dont mention this.
安全->访问控制是否列出了我应该寻找的正确位置?我的主要目标是尝试获取谁有权访问VSTS git存储库的列表.
Is Security -> Access Control Lists even the right place where I should be looking? My main goal is trying to get a list of who has what access to VSTS git repositories.
推荐答案
在技术支持下,我能够与一位Microsoft代表取得联系,他与我分享说尚未提供用于映射身份描述符的文档,但希望可以发布该文档.很快.同时,有一个人行横道标识描述符的端点看起来像这样:
Through tech support, I was able to reach a Microsoft representative who shared with me that the documentation for mapping identity descriptors isn't available yet but will hopefully be released soon. In the meantime, there is an endpoint to crosswalk identity descriptors which looks something like this:
获取{account} .vssps.visualstudio.com/_apis/identities?descriptors = {commaSeparatedDescriptorsList}& api-version = {apiVersion}
请注意,此调用是通过SPS {account}.vssps.visualstudio.com进行的,而不是通过您的帐户实例{account}.visualstudio.com
Note that this call is made through SPS {account}.vssps.visualstudio.com and not through your account instance {account}.visualstudio.com
使用我的示例,它看起来像这样(对uuid进行了模糊处理):
Using my example, it would look something like this (uuid obfuscated):
此外,如果描述符的类型为Microsoft.IdentityModel.Claims.ClaimsIdentity,则您可能需要在描述符中转义反斜杠,而需要取消转义.例如,如果您有:
Also, if the descriptor is of type Microsoft.IdentityModel.Claims.ClaimsIdentity, then you'll likely have escaped backslashes in your descriptor which you'll need to un-escape. For example, if you have:
"Microsoft.IdentityModel.Claims.ClaimsIdentity; xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \\ someone@example.com"
"Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\someone@example.com"
您需要取消转义该描述符,使其看起来像这样:
You'll need to un-escape this descriptor so that it looks like this:
"Microsoft.IdentityModel.Claims.ClaimsIdentity; xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ someone@example.com"
"Microsoft.IdentityModel.Claims.ClaimsIdentity;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\someone@example.com"
这篇关于获取谁有权访问git存储库的列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
