GTRekter/setup.sh

## setup.sh
PAT=""
ORG_NAME="ivanporta"
PROJECT_NAME="Sample"
DEFAULT_JSON='{
    "pipeline": {
        "environments": [
            {
                "name": "Connectivity",
                "description": "Connectivity production environment",
                "security_groups_name": [
                    {
                        "name": "Connectivity administators",
                        "role_name": "Administrator"
                    },
                    {
                        "name": "Connectivity users",
                        "role_name": "User"
                    }
                ]
            },
            {
                "name": "Identity",
                "description": "Identity production environment",
                "security_groups_name": [
                    {
                        "name": "Identity administators",
                        "role_name": "Administrator"
                    },
                    {
                        "name": "Identity users",
                        "role_name": "User"
                    }
                ]
            }
        ]
    }
}'
echo "Assign security groups to environments in $PROJECT_NAME project"
for ENVIRONMENT in $(echo "$DEFAULT_JSON" | jq -r '.pipeline.environments[] | @base64'); do
    ENVIRONMENT_JSON=$(echo "$ENVIRONMENT" | base64 --decode | jq -r '.')
    ENVIRONMENT_NAME=$(echo "$ENVIRONMENT_JSON" | jq -r '.name')
    PROJECT_ID=$(az devops project show --project $PROJECT_NAME | jq -r '.id')
    for SECURITY_GROUP in $(echo "${ENVIRONMENT_JSON}" | jq -r '.security_groups_name[] | @base64'); do
        SECURITY_GROUP_JSON=$(echo "${SECURITY_GROUP}" | base64 --decode)
        NAME=$(echo "${SECURITY_GROUP_JSON}" | jq -r '.name')
        ROLE=$(echo "${SECURITY_GROUP_JSON}" | jq -r '.role_name')
        echo "Get security group ID for $NAME"
        SECURITY_GROUP_ID=$(az devops security group list --project $PROJECT_NAME --org https://dev.azure.com/$ORG_NAME --output json | jq -r '.graphGroups[] | select(.displayName == "'"$NAME"'") | .originId')
        echo "Get evnironment ID by $ENVIRONMENT_NAME"
        RESPONSE=$(curl --silent \
            --write-out "\n%{http_code}" \
            --header "Authorization: Basic $(echo -n :$PAT | base64)" \
            --header "Content-Type: application/json" \
            "https://dev.azure.com/$ORG_NAME/$PROJECT_NAME/_apis/distributedtask/environments?api-version=5.0-preview.1")
        HTTP_STATUS=$(tail -n1 <<< "$RESPONSE")
        RESPONSE_BODY=$(sed '$ d' <<< "$RESPONSE")
        if [ $HTTP_STATUS != 200 ]; then
            echo "Failed to get the $NAME environment ID. $RESPONSE"
            exit 1;
        else
            echo "The ID of the $ENVIRONMENT_NAME environment was succesfully retrieved"
        fi
        ENVIRONMENT_ID=$(echo "$RESPONSE_BODY" | jq '.value[] | select(.name == "'"$ENVIRONMENT_NAME"'") | .id' | tr -d '"')
        RESPONSE=$(curl --silent \
            --write-out "\n%{http_code}" \
            --request PUT \
            --header "Authorization: Basic $(echo -n :$PAT | base64)" \
            --header "Content-Type: application/json" \
            --data-raw '[{"roleName": "'"$ROLE"'","userId": "'"$SECURITY_GROUP_ID"'"}]' \
            "https://dev.azure.com/$ORG_NAME/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/$PROJECT_ID"_"$ENVIRONMENT_ID?api-version=5.0-preview.1")
        HTTP_STATUS=$(tail -n1 <<< "$RESPONSE")
        RESPONSE_BODY=$(sed '$ d' <<< "$RESPONSE")
        if [ $HTTP_STATUS != 200 ]; then
            echo "Failed to associate the $NAME security group to the $ENVIRONMENT_NAME environment. $RESPONSE"
            exit 1;
        else
            echo "The $NAME security group was successfully associated to the $ENVIRONMENT_NAME environment"
        fi
    done
done
	PAT=""
	ORG_NAME="ivanporta"
	PROJECT_NAME="Sample"
	DEFAULT_JSON='{
	"pipeline": {
	"environments": [
	{
	"name": "Connectivity",
	"description": "Connectivity production environment",
	"security_groups_name": [
	{
	"name": "Connectivity administators",
	"role_name": "Administrator"
	},
	{
	"name": "Connectivity users",
	"role_name": "User"
	}
	]
	},
	{
	"name": "Identity",
	"description": "Identity production environment",
	"security_groups_name": [
	{
	"name": "Identity administators",
	"role_name": "Administrator"
	},
	{
	"name": "Identity users",
	"role_name": "User"
	}
	]
	}
	]
	}
	}'
	echo "Assign security groups to environments in $PROJECT_NAME project"
	for ENVIRONMENT in $(echo "$DEFAULT_JSON" \| jq -r '.pipeline.environments[] \| @base64'); do
	ENVIRONMENT_JSON=$(echo "$ENVIRONMENT" \| base64 --decode \| jq -r '.')
	ENVIRONMENT_NAME=$(echo "$ENVIRONMENT_JSON" \| jq -r '.name')
	PROJECT_ID=$(az devops project show --project $PROJECT_NAME \| jq -r '.id')
	for SECURITY_GROUP in $(echo "${ENVIRONMENT_JSON}" \| jq -r '.security_groups_name[] \| @base64'); do
	SECURITY_GROUP_JSON=$(echo "${SECURITY_GROUP}" \| base64 --decode)
	NAME=$(echo "${SECURITY_GROUP_JSON}" \| jq -r '.name')
	ROLE=$(echo "${SECURITY_GROUP_JSON}" \| jq -r '.role_name')
	echo "Get security group ID for $NAME"
	SECURITY_GROUP_ID=$(az devops security group list --project $PROJECT_NAME --org https://dev.azure.com/$ORG_NAME --output json \| jq -r '.graphGroups[] \| select(.displayName == "'"$NAME"'") \| .originId')
	echo "Get evnironment ID by $ENVIRONMENT_NAME"
	RESPONSE=$(curl --silent \
	--write-out "\n%{http_code}" \
	--header "Authorization: Basic $(echo -n :$PAT \| base64)" \
	--header "Content-Type: application/json" \
	"https://dev.azure.com/$ORG_NAME/$PROJECT_NAME/_apis/distributedtask/environments?api-version=5.0-preview.1")
	HTTP_STATUS=$(tail -n1 <<< "$RESPONSE")
	RESPONSE_BODY=$(sed '$ d' <<< "$RESPONSE")
	if [ $HTTP_STATUS != 200 ]; then
	echo "Failed to get the $NAME environment ID. $RESPONSE"
	exit 1;
	else
	echo "The ID of the $ENVIRONMENT_NAME environment was succesfully retrieved"
	fi
	ENVIRONMENT_ID=$(echo "$RESPONSE_BODY" \| jq '.value[] \| select(.name == "'"$ENVIRONMENT_NAME"'") \| .id' \| tr -d '"')
	RESPONSE=$(curl --silent \
	--write-out "\n%{http_code}" \
	--request PUT \
	--header "Authorization: Basic $(echo -n :$PAT \| base64)" \
	--header "Content-Type: application/json" \
	--data-raw '[{"roleName": "'"$ROLE"'","userId": "'"$SECURITY_GROUP_ID"'"}]' \
	"https://dev.azure.com/$ORG_NAME/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/$PROJECT_ID"_"$ENVIRONMENT_ID?api-version=5.0-preview.1")
	HTTP_STATUS=$(tail -n1 <<< "$RESPONSE")
	RESPONSE_BODY=$(sed '$ d' <<< "$RESPONSE")
	if [ $HTTP_STATUS != 200 ]; then
	echo "Failed to associate the $NAME security group to the $ENVIRONMENT_NAME environment. $RESPONSE"
	exit 1;
	else
	echo "The $NAME security group was successfully associated to the $ENVIRONMENT_NAME environment"
	fi
	done
	done