azdev-automation
Version:
Azure DevOps automation framework enables access control automation of projects, pipelines and repositories configuration in Azure DevOps Services
31 lines (30 loc) • 1.64 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.BuildUpdater = void 0;
class BuildUpdater {
constructor(buildHelper, securityHelper, commonHelper, logger) {
this.logger = logger;
this.debugLogger = logger.extend(this.constructor.name);
this.buildHelper = buildHelper;
this.securityHelper = securityHelper;
this.commonHelper = commonHelper;
}
async updatePermissions(project, policy) {
const debug = this.debugLogger.extend(this.updatePermissions.name);
this.logger.log(`Applying <${policy.name}> build permissions policy`);
const namespace = await this.securityHelper.getNamespace("Build");
const permissionSetId = namespace.namespaceId;
const permissionSetToken = project.id;
const existingIdentities = await this.securityHelper.getExplicitIdentities(project.id, permissionSetId, permissionSetToken);
await Promise.all(policy.definition.map(async (group) => {
const groupName = `[${project.name}]\\${group.name}`;
this.logger.log(`Assigninig <${groupName}> group permissions`);
// Slow down parallel calls to address
// Intermittent API connectivity issues
await this.commonHelper.wait(500, 3000);
const targetIdentity = await this.securityHelper.getExistingIdentity(groupName, project.id, existingIdentities);
await this.securityHelper.updateIdentityPermissions(project.id, targetIdentity, group.permissions, permissionSetId, permissionSetToken);
}));
}
}
exports.BuildUpdater = BuildUpdater;