public async Task ReconcileIntegrationTest()
{
var project = await _client.GetAsync(Project.ProjectById(_config.Project));
var buildPipeline = await _client.GetAsync(Builds.BuildDefinition(project.Id, "2"))
.ConfigureAwait(false);
await ManagePermissions
.ForBuildPipeline(_client, project.Id, buildPipeline.Id, buildPipeline.Path)
.Permissions(Build.DeleteBuilds)
.SetToAsync(PermissionId.Allow);
var rule = new NobodyCanDeleteBuilds(_client);
(await rule.EvaluateAsync(project, buildPipeline))
.ShouldBe(false);
await rule.ReconcileAsync(project.Id, buildPipeline.Id);
await Policy
.Handle <Exception>()
.WaitAndRetryAsync(Constants.NumRetries, t => TimeSpan.FromSeconds(t))
.ExecuteAsync(async() =>
{
(await rule.EvaluateAsync(project, buildPipeline)).ShouldBe(true);
});
}
public async Task QueryProject()
{
var project = await _client.GetAsync(Project.ProjectById(_config.Project));
project.ShouldNotBeNull();
project.Id.ShouldNotBeNull();
project.Name.ShouldNotBeNull();
}
public async Task QueryApplicationGroupsOrganization()
{
var identity = await _client.GetAsync(Requests.ApplicationGroup.ApplicationGroups());
identity.ShouldNotBeNull();
identity.Identities.ShouldNotBeEmpty();
var group = identity.Identities.First();
group.DisplayName.ShouldNotBeNullOrEmpty();
}
private static void SetupClient(IVstsRestClient client, IFixture fixture)
{
client
.GetAsync(Arg.Any <IVstsRequest <ReleaseDefinition> >())
.Returns(fixture.Create <ReleaseDefinition>());
client
.GetAsync(Arg.Any <IVstsRequest <ReleaseSettings> >())
.Returns(fixture.Create <ReleaseSettings>());
client
.GetAsync(Arg.Any <IVstsRequest <JObject> >())
.Returns(new JObject());
}
public async Task QueryReleaseDefinitionDetails()
{
var definition = await _client.GetAsync(Requests.ReleaseManagement.Definition(_config.Project, _config.ReleaseDefinitionId));
definition.Name.ShouldBe(_config.ReleaseDefinitionName);
definition.Links.ShouldNotBeNull();
definition.Environments.ShouldNotBeEmpty();
definition.Artifacts.ShouldNotBeEmpty();
var environment = definition.Environments.First();
environment.Name.ShouldNotBeEmpty();
environment.DeployPhases.ShouldNotBeEmpty();
var phase = environment.DeployPhases.First();
phase.WorkflowTasks.ShouldNotBeEmpty();
var task = phase.WorkflowTasks.First();
task.Name.ShouldNotBeEmpty();
var artifact = definition.Artifacts.First();
artifact.Type.ShouldNotBeEmpty();
artifact.DefinitionReference.Definition.Id.ShouldNotBeEmpty();
}
public async Task <HttpResponseMessage> RunAsync(
[HttpTrigger(AuthorizationLevel.Anonymous, Route = "scan/{organization}/{projectName}/{scope}")]
HttpRequestMessage request, string organization, string projectName, string scope,
[DurableClient] IDurableOrchestrationClient starter)
{
if (starter == null)
{
throw new ArgumentNullException(nameof(starter));
}
if (_tokenizer.IdentifierFromClaim(request) == null)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
var project = await _azuredo.GetAsync(Project.ProjectByName(projectName));
if (project == null)
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
// clear cache for manual scan
_policiesResolver.Clear(project.Id);
var scanDate = DateTime.UtcNow;
var instanceId = await starter.StartNewAsync <object>(nameof(ProjectScanOrchestrator), (project, scope, scanDate));
return(await starter.WaitForCompletionOrCreateCheckStatusResponseAsync(request, instanceId,
TimeSpan.FromSeconds(TimeOut)));
}
public async Task QueryEnvironment()
{
var environment = await _client.GetAsync(Requests.ReleaseManagement.Environment(_project, "5", "7"));
environment.ShouldNotBeNull();
environment.DeployPhasesSnapshot.ShouldNotBeEmpty();
var snapshot = environment.DeployPhasesSnapshot.First();
snapshot.WorkflowTasks.ShouldNotBeEmpty();
var task = snapshot.WorkflowTasks.First();
task.TaskId.ShouldNotBe(Guid.Empty);
task.Inputs.ShouldNotBeEmpty();
var preApprovalSnapshot = environment.PreApprovalsSnapshot;
preApprovalSnapshot.ShouldNotBeNull();
preApprovalSnapshot.ApprovalOptions.ShouldNotBeNull();
preApprovalSnapshot.ApprovalOptions.ReleaseCreatorCanBeApprover.ShouldBeTrue();
var approval = preApprovalSnapshot.Approvals.FirstOrDefault();
approval.ShouldNotBeNull();
approval.IsAutomated.ShouldBeFalse();
}
public async Task GetTaskGroupById()
{
var response = await _client.GetAsync(Requests.TaskGroup.TaskGroupById(_config.Project, "df6aa8e5-82dc-468c-a794-a7990523363d"));
response.ShouldNotBeNull();
response.Value.FirstOrDefault().Tasks.ShouldNotBeNull();
response.Value.FirstOrDefault().Tasks.FirstOrDefault().Task.Id.ShouldNotBeNull();
}
private async Task <bool> HasPermissionToReconcileAsync(string project, string id, string userId = null)
{
var permissions = await _vstsClient.GetAsync(Requests.Permissions.PermissionsGroupProjectId(project, id)).ConfigureAwait(false);
if (permissions == null)
{
permissions = await _vstsClient.GetAsync(Requests.Permissions.PermissionsGroupProjectId(project, userId)).ConfigureAwait(false);
if (permissions == null)
{
return(false);
}
}
return(permissions.Security.Permissions.Any(x =>
x.DisplayName == "Manage project properties" && x.PermissionId == PermissionBit));
}
private static void InitializeApplicationGroupsLookup(IVstsRestClient client, params ApplicationGroup[] groups)
{
client
.GetAsync(Arg.Is <IVstsRequest <ApplicationGroups> >(x =>
x.Resource.Contains("ReadScopedApplicationGroupsJson")))
.Returns(new ApplicationGroups
{
Identities = groups
});
}
public async Task ReadGroupMembers()
{
var projectId = _client
.Get(Requests.Project.Projects())
.Single(x => x.Name == "SOx-compliant-demo").Id;
var groupId = (await _client
.GetAsync(Requests.Security.Groups(projectId)))
.Identities
.Single(x => x.FriendlyDisplayName == "Project Administrators")
.TeamFoundationId;
Guid.TryParse(groupId, out _).ShouldBeTrue();
var groupMembers = await _client
.GetAsync(Requests.Security.GroupMembers(projectId, groupId));
groupMembers.TotalIdentityCount.ShouldNotBe(0);
}
private static void InitializeMembersLookup(IVstsRestClient client, params ApplicationGroup[] members)
{
client
.GetAsync(Arg.Is <IVstsRequest <ApplicationGroups> >(x =>
x.Resource.Contains("ReadGroupMembers")))
.Returns(new ApplicationGroups
{
Identities = members
});
}
private static void InitializePermissions(IVstsRestClient client, params Permission[] permissions)
{
client.GetAsync(Arg.Any <IVstsRequest <PermissionsProjectId> >())
.Returns(new PermissionsProjectId
{
Security = new PermissionsSetId {
Permissions = permissions
}
});
}
private void InitializeLookupData(IVstsRestClient client, int permissionId)
{
var fixture = new Fixture();
fixture.Customize(new AutoNSubstituteCustomization());
client.GetAsync(Arg.Any <IVstsRequest <ProjectProperties> >()).Returns(fixture.Create <ProjectProperties>());
client.GetAsync(Arg.Any <IVstsRequest <ApplicationGroups> >()).Returns(fixture.Create <ApplicationGroups>());
client.GetAsync(Arg.Any <IVstsRequest <PermissionsSetId> >()).Returns(new PermissionsSetId
{
Permissions = new[]
{
new Permission
{
DisplayName = "Delete repository", PermissionBit = 512, PermissionId = permissionId,
PermissionToken = "repoV2/53410703-e2e5-4238-9025-233bd7c811b3/123"
}
}
});
}
public async Task QueryBuild()
{
var build = await _client.GetAsync(Requests.Builds.Build(_config.Project, _config.BuildId));
build.ShouldNotBeNull();
build.Id.ShouldNotBe(0);
build.Definition.ShouldNotBeNull();
build.Project.ShouldNotBeNull();
build.Result.ShouldNotBeNull();
}
public async Task QueryEnvironmentSecurityGroups()
{
var projectId = (await _client.GetAsync(Project.ProjectById(_config.Project)).ConfigureAwait(false)).Id;
var environmentId = _client.Get(Requests.Environments.All(_config.Project)).First().Id;
var groups = _client.Get(Requests.Environments.Security(projectId, environmentId));
groups.ShouldNotBeEmpty();
var group = groups.First();
group.Identity.ShouldNotBeNull();
group.Identity.DisplayName.ShouldNotBeNull();
group.Identity.Id.ShouldNotBeNull();
group.Role.ShouldNotBeNull();
group.Role.Name.ShouldNotBeNull();
}
public async Task ReconcileAsync(string projectId, string itemId)
{
if (projectId == null)
{
throw new ArgumentNullException(nameof(projectId));
}
if (itemId == null)
{
throw new ArgumentNullException(nameof(itemId));
}
var releasePipeline = await _client.GetAsync(ReleaseManagement.Definition(projectId, itemId))
.ConfigureAwait(false);
await Permissions(projectId, itemId, releasePipeline.Path)
.SetToAsync(PermissionId.Deny)
.ConfigureAwait(false);
}
public async Task GetSingle_ShouldReturnWorkItem()
{
// Arrange
var queryResult = await _client.PostAsync(WorkItemTracking.QueryByWiql(_config.Project, 1),
new QueryByWiql($"select [System.Id] from WorkItems"));
var workItem = queryResult.WorkItems.First();
var fields = new[] { FieldNames.TeamProject };
// Act
var result =
await _client.GetAsync(WorkItemTracking.GetWorkItem(_config.Project, workItem.Id, fields,
queryResult.AsOf));
// Assert
result.ShouldNotBeNull();
result.Id.ShouldBe(workItem.Id);
result.Fields.ShouldNotBeNull();
result.Fields.ShouldContainKey(FieldNames.TeamProject);
result.Fields[FieldNames.TeamProject].ShouldNotBeNull();
}
public async Task CreateAndDeleteEndpoint()
{
var fixture = new Fixture();
var name = fixture.Create <string>().Substring(0, 10);
var endpoint = await _vsts.PostAsync(Requests.ServiceEndpoint.Endpoint(_config.Project), new Response.ServiceEndpoint
{
Name = name,
Type = "generic",
Url = new Uri("https://localhost"),
Authorization = new Response.UsernamePassword("", null)
});
endpoint.Name.ShouldBe(name);
endpoint.Type.ShouldBe("generic");
endpoint.Url.ToString().ShouldBe("https://localhost/");
await _vsts.DeleteAsync(Requests.ServiceEndpoint.Endpoint(_config.Project, endpoint.Id));
await Task.Delay(TimeSpan.FromSeconds(10));
var deletedEndpoint = await _vsts.GetAsync(Requests.ServiceEndpoint.Endpoint(_config.Project, endpoint.Id));
deletedEndpoint.ShouldBeNull();
}
public Task <Response.ApplicationGroups> IdentitiesAsync() => _client.GetAsync(Requests.ApplicationGroup.ExplicitIdentitiesPipelines(_projectId, _namespaceId, _itemId));
public async Task QueryPermissionsGroupRepositorySetReturnsPermissions()
{
var namespaceId = _client.Get(SecurityNamespace.SecurityNamespaces())
.First(ns => ns.DisplayName == "Git Repositories").NamespaceId;
var applicationGroupId = (await _client.GetAsync(Requests.ApplicationGroup.ApplicationGroups(_config.Project))).Identities
.First(gi => gi.DisplayName == $"[{_config.Project}]\\Project Administrators").TeamFoundationId;
var projectId = (await _client.GetAsync(Project.Properties(_config.Project))).Id;
var permissionsGitRepositorySet = await _client.GetAsync(Requests.Permissions.PermissionsGroupRepositorySet(
projectId, namespaceId, applicationGroupId));
permissionsGitRepositorySet.ShouldNotBeNull();
permissionsGitRepositorySet.Permissions.First().ShouldNotBeNull();
}
public async Task RestRequestResultAsJsonObject()
{
var endpoints = await _vsts.GetAsync(Requests.ServiceEndpoint.Endpoints(_config.Project).Request.AsJson());
endpoints.SelectToken("value[?(@.data.subscriptionId == '45cfa52a-a2aa-4a18-8d3d-29896327b51d')]").ShouldNotBeNull();
}
public Task <Response.ApplicationGroups> IdentitiesAsync() => _client.GetAsync(Requests.ApplicationGroup.ApplicationGroups(_projectId));
public Task <Response.ApplicationGroups> IdentitiesAsync() => _client.GetAsync(ApplicationGroup.ExplicitIdentitiesRepos(_projectId, SecurityNamespaceIds.GitRepositories, _itemId));
public async Task QueryPolicy()
{
var result = await _client.GetAsync(Requests.Policies.Policy(_config.Project, 28));
result.ShouldNotBeNull();
}
public Task <ApplicationGroups> IdentitiesAsync() => _client.GetAsync(Requests.ApplicationGroup.ExplicitIdentitiesMasterBranch(_projectId, SecurityNamespaceIds.GitRepositories, _itemId));
public async Task CheckForCredentialsAndOtherSecrets()
{
var settings = await _client.GetAsync(ReleaseManagement.Settings(_project));
settings.ComplianceSettings.CheckForCredentialsAndOtherSecrets.ShouldBeTrue();
}
public async Task GetAgentPool()
{
var agentPool = await _client.GetAsync(Requests.DistributedTask.AgentPool(_config.AgentPoolId));
agentPool.Name.ShouldBe(_config.ExpectedAgentPoolName);
}
public async Task QueryTimeline()
{
var timeline = await _client.GetAsync(Requests.Builds.Timeline(_config.Project, _config.BuildId));
timeline.ShouldNotBeNull();
}