Setting "Allow all pipelines" when creating a service endpoint through DevOps API Create Endpoint

Question

I am attempting to create a service endpoint through the Azure DevOps Rest API but cannot set the "Allow all pipelines to use this service connection" option. I cannot find documentation on the json structure to accomplish this.

https://learn.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/create?view=azure-devops-rest-5.0#endpointauthorization

Current snippet for creating the connection:

$baseUri = "https://dev.azure.com/org/proj/";
$createEndpointUri = "$($baseUri)_apis/serviceendpoint/endpoints?api-version=5.0-preview.2";


$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("token:{0}" -f $devOpsPAT)))
$DevOpsHeaders = @{Authorization = ("Basic {0}" -f $base64AuthInfo)};

$AzureSubscriptionData = New-Object PSObject -Property @{            
                            authorizationType = "AzureSubscription"
                            azureSubscriptionId = $SubscriptionId
                            azureSubscriptionName = $subscriptionName
                            clusterId = $clusterId
                            };
$Authorization = New-Object PSObject -Property @{
                            parameters = New-Object PSObject -Property @{            
                                azureEnvironment = "AzureCloud"
                                azureTenantId = "$tenantID"
                                };
                            scheme = "Kubernetes"
                            };

$ServiceEndpointBody = New-Object PSObject -Property @{            
                            authorization =$Authorization
                            data = $AzureSubscriptionData
                            name = $serviceConnectionName
                            type = "kubernetes"
                            url = $k8sUrl
                            isReady = "true"
                            };

$jsonbody = $ServiceEndpointBody | ConvertTo-Json -Depth 100


Invoke-RestMethod -UseBasicParsing -Uri $createEndpointUri -Method Post -ContentType "application/json" -Headers $DevOpsHeaders -Body $jsonbody;

Answer 1

You can usually figure this stuff out by doing the operation in the Azure DevOps UI and inspecting the HTTP requests it makes using (for example) Chrome debugging tools.

In this case, I think you first need to create the service connection and then make a PATCH request to the pipelinePermissions endpoint, setting the allPipelines.authorized flag to true.

URI

PATCH https://dev.azure.com/{organisation}/{project}/_apis/pipelines/pipelinePermissions/endpoint/{endpointId}?api-version=5.1-preview.1

Patch Request Body

{
    "allPipelines": {
        "authorized": true,
        "authorizedBy": null,
        "authorizedOn": null
    },
    "pipelines": null,
    "resource": {
        "id": "{endpointid}",
        "type": "endpoint"
    }
}

Powershell

Invoke-RestMethod -Method PATCH -Uri "{uriasabove}" -Headers $headers -Body "{patchbodyasabove}" -ContentType "application/json"