Baseline C# Objects to Populate Jira DevInfo Pt. 1

Posted by Steven Maglio on Monday, June 29, 2020

Jira has this great “Development Information” (DevInfo) that can be associated with your work items. Which has an API described here. The information provided in the development tabs are for Branches, Commits, Pull Requests, Builds, Deployments and Feature Flags. Which is a way to have visibility into all the development/code activity that is related to a particular work item. It’s a great way to connect everything together.

It really is great, but there are some pieces of the puzzle that can be improved. For example:

  • Currently, github also associates code commits, pull requests, and build/action information into an issues history. But, github’s layout intermingles those changes within the history of an issue to create a timeline. This allows for a reviewer of an issue, to visually see when a change was made, what the context was surrounding that change. Maybe there was a compelling argument made by a team member half way through an issue being worked on. And, that argument resulted in 5 files changing; you can see that in the github history.

    But, Jira’s history won’t show you that because the conversation history (Jira Comments) do not intermingle the code commits, pull requests, builds or deployments to create a timeline history.

    That would be a really nice improvement. And, on a personal note, if would make reviewing my coworkers work items a lot easier.
  • The Commits display (screenshot above) has a weird little bug in it. The Files Count Column (right side) should be able to display a count of all the files within a commit. The File Details Display, the list of files associated with a commit (“MODIFIED  PullRequest/Send-AzDPRStatusUpdates.ps1/” in the screenshot), will only show the first 10 files from the commit. But the File Count Column isn’t showing the total count of files, it only showing the count of files in the File Details Display that number (“1 file” in the screenshot). This seems to be a bug, but I haven’t reported it yet.

    (PS. Why is there a ‘/’ on the end of “PullRequest/Send-AzDPRStatusUpdates.ps1/”? The information submitted to the API did not have a slash on the end.)
  • The Documentation is REALLY CONFUSING when it comes urls. All of the examples in the documentation present url structures that look like this:

    https://your-domain.atlassian.net/rest/devinfo/0.10/bulk

    Except, that’s not the right url!!

    All the APIs have an “Authorization” section in their documentation, which has a link to Integrate JSW Cloud with On-Premise Tools. And BURIED in that documentation is this quick note:

    The root URL for OAuth 2.0 operations is: https://api.atlassian.com/jira/<entity type>/0.1/cloud/<cloud ID>/

    Note that this URL is different to the URLs used in the documentation. However, you easily translate from one to the other. For example, POST /rest/builds/0.1/bulk translates to POST https://api.atlassian.com/jira/builds/0.1/cloud/<cloud ID>/bulk.

    And I agree that it’s easy to translate. But, you have to first know that you need to translate it. Maybe, an alternative direction to take is to update the OAuth 2.0 APIs documentation to use the correct urls? Or, explicitly state it on all the API documentation, so that you don’t have to find it in a separate page?

Atlassian/Jira does provide this really great C# SDK for working/reading Jira issues. But, the SDK doesn’t contain any objects/code to work with the “DevInfo”. So, I want to post a couple baseline objects which can be used in an aspnetcore/netstandard application to push information to the DevInfo endpoint in Atlassian/Jira Cloud …

But, before doing that, this post will be of a few baseline objects to authenticate with the Atlassian/Jira OAuth 2.0 endpoint.

The next post will contain objects to use with the “DevInfo” API.







using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Threading.Tasks;
using Atlassian.Jira;
using Microsoft.ApplicationInsights.Extensibility;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
namespace YourProject
{
public static class IServiceCollectionExtensions
{
public static IServiceCollection AddSaEnterpriseAzDPullRequestsWeb(
this IServiceCollection services,
Action<AzDPullRequestOptions> configure = null
)
{
services.TryAddTransient<JiraOAuthDelegatingHandler>();
services.TryAddScoped<IAtlassianOAuthenticator, AtlassianOAuthenticator>();
services.AddHttpClient();
services.TryAddTransient<HttpClient>(s =>
{
var factory = s.GetService<IHttpClientFactory>();
return factory.CreateClient();
});
services.AddHttpClient<IJiraDevInfoHttpClient, JiraDevInfoHttpClient>()
.AddHttpMessageHandler<JiraOAuthDelegatingHandler>();
return services;
}
}
}
view raw IServiceCollectionExtensions.cs hosted with ❤ by GitHub
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading;
using System.Threading.Tasks;
namespace YourProject
{
public class JiraOAuthDelegatingHandler : DelegatingHandler
{
private readonly IAtlassianOAuthCredentialsManager _manager;
public JiraOAuthDelegatingHandler(
IAtlassianOAuthCredentialsManager manager
)
{
_manager = manager;
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var headers = request.Headers;
if (string.IsNullOrWhiteSpace(headers.Authorization?.Parameter))
{
var jwt = await _manager.GetJwtAsync();
headers.Authorization = new AuthenticationHeaderValue("Bearer", jwt);
}
var retries = 0;
HttpResponseMessage response;
do
{
response = await base.SendAsync(request, cancellationToken);
// unauthorized responses should have the JWT token refreshed and then try again.
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
await _manager.RefreshJwtAsync();
var jwt = await _manager.GetJwtAsync();
headers.Authorization = new AuthenticationHeaderValue("Bearer", jwt);
}
retries++; // this could go in the if statement, but it works here too
} while (response.StatusCode == HttpStatusCode.Unauthorized && retries < 2);
if (!response.IsSuccessStatusCode)
{
var body = await response.Content.ReadAsStringAsync();
var message = $"{(int)response.StatusCode} ({response.StatusCode}) - {body}";
throw new HttpRequestException(message);
}
return response;
}
}
}
view raw JiraOAuthDelegatingHandler.cs hosted with ❤ by GitHub
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.IdentityModel.JsonWebTokens;
using Nito.AsyncEx;
namespace YourProject
{
public interface IAtlassianOAuthCredentialsManager
{
Task<string> GetJwtAsync();
Task RefreshJwtAsync();
}
private readonly IAtlassianOAuthenticator _authenticator;
private readonly AsyncReaderWriterLock _jwtLock = new AsyncReaderWriterLock();
private AtlassianOAuthTokenResponse _tokenResponse = null;
private DateTime? _validTo = null;
public AtlassianOAuthCredentialsManager(
IAtlassianOAuthenticator authenticator
)
{
_authenticator = authenticator;
}
public async Task<string> GetJwtAsync()
{
if (await ShouldRefreshJwtAsync())
{
await RefreshJwtAsync();
}
string result;
using (await _jwtLock.ReaderLockAsync())
{
result = _tokenResponse.access_token; // should make an immutable copy
}
return result;
}
public async Task<AtlassianOAuthTokenResponse> GetCurrentTokenResponse()
{
using (await _jwtLock.ReaderLockAsync())
{
var result = new AtlassianOAuthTokenResponse()
{
access_token = _tokenResponse.access_token,
scope = _tokenResponse.scope,
expires_in = _tokenResponse.expires_in,
token_type = _tokenResponse.token_type
};
return result;
}
}
private async Task<bool> ShouldRefreshJwtAsync()
{
using(await _jwtLock.ReaderLockAsync()) {
if (_tokenResponse == null) return true;
if (_validTo == null) return true;
if (DateTime.Now >= _validTo.Value) return true;
return false;
}
}
public async Task RefreshJwtAsync()
{
using(await _jwtLock.WriterLockAsync()) {
var response = await _authenticator.AuthenticateAsync();
SetJwt(response);
}
}
private void SetJwt(AtlassianOAuthTokenResponse tokenResponse)
{
_tokenResponse = tokenResponse;
var jwtHandler = new JsonWebTokenHandler();
var token = jwtHandler.ReadJsonWebToken(_tokenResponse.access_token);
// https://developer.atlassian.com/cloud/jira/software/integrate-jsw-cloud-with-onpremises-tools/
// Write your code to anticipate that a granted token might no longer work. For example,
// track the expiration time and request a new token before the existing one expires
// (at least 30-60 seconds prior).
_validTo = token.ValidTo.AddMinutes(-1);
}
}
}
view raw AtlassianOAuthCredentialsManager.cs hosted with ❤ by GitHub
using System;
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.Extensions.Options;
namespace YourProject
{
public interface IAtlassianOAuthenticator
{
HttpClient Client { get; }
Task<AtlassianOAuthTokenResponse> AuthenticateAsync();
}
public interface IPasswordRetriever // you have to implement this class
{
string GetPassword(string key);
}
public class AtlassianOAuthenticator : IAtlassianOAuthenticator
{
private readonly YourProjectOptions _options;
private readonly IPasswordRetriever _passwordRetriever;
public HttpClient Client { get; }
public AtlassianOAuthenticator(
IOptions<YourProjectOptions> options,
IPasswordRetriever passwordRetriever,
HttpClient client
)
{
_options = options.Value;
_passwordRetriever = passwordRetriever;
Client = client;
client.BaseAddress = AtlassianConstants.AtlassianApiRootUri;
}
internal string GetPassword(string nameExt)
{
var name = _options.ApplicationName + nameExt;
var password = _passwordRetriever.GetPassword(name); // you write this one
return password;
}
public async Task<AtlassianOAuthTokenResponse> AuthenticateAsync()
{
var credentials = new AtlassianOAuthCredentials()
{
audience = AtlassianConstants.YourInstanceRootUrl,
grant_type = "client_credentials",
client_id = GetPassword(".JiraOAuth2ClientId"),
client_secret = GetPassword(".JiraOAuth2ClientSecret")
};
var response = await Client.PostAsJsonAsync("oauth/token", credentials);
response.EnsureSuccessStatusCode();
var result = await response.DeserializeAsync<AtlassianOAuthTokenResponse>();
return result;
}
}
}
view raw AtlassianOAuthenticator.cs hosted with ❤ by GitHub
using System;
using Ucsb.Sa.Enterprise.AzDPullRequests.Web.Models.Atlassian;
namespace Ucsb.Sa.Enterprise.AzDPullRequests.Web.Models
{
public static class AtlassianConstants
{
public static string YourInstanceRootUrl = "https://your-domain.atlassian.net/";
public static string AtlassianApiRootUrl = "https://api.atlassian.com/";
public const string YourInstanceCloudId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
public static Uri YourInstanceRootUri = new Uri(YourInstanceRootUrl);
public static Uri AtlassianApiRootUri = new Uri(AtlassianApiRootUrl);
public static JiraProviderMetadata YourInstanceProviderMetadata = new JiraProviderMetadata()
{
Product = "<Where you get your data from. Bitbucket? AzureDevOps?>"
};
}
}
view raw AtlassianConstants.cs hosted with ❤ by GitHub

comments (0)

Labels: ,

Powershell for working with AzureDevOps Web Hooks

Posted by Steven Maglio on Monday, June 22, 2020

Recently, I was working with the AzureDevOps Web Hooks infrastructure and I really enjoyed the tooling that they had provided. In particular, I liked the interface they provide which shows:

  • The number of successful and failed requests sent to a web hook/service,
  • The history of those requests,
  • And the details of what was actually sent and received (the payloads)

This visibility provided by the tooling was tremendously helpful in developing, debugging and monitoring.

There’s also a fair amount of documentation put together by the AzureDevOps team to make using these services easier.

However, I have two gripes about the documentation.

  • It took me a while to find the documentation because I didn’t know the exact search terms to look for. A generalized search for “azuredevops api .net client” will land you in the “Integrate Application” area of the documentation, rather than the desired “Service hooks” area.
  • When it got down to the details of which libraries to use and how to use them, the documentation became a bit thin. For example, the AzureDevOps website has a really cool piece of functionality where they hide the “git” event types when the project has no git repositories within it. So, I was thinking about “querying the possible input values” on a particular project to see if the response limited the values similarly. To do that, I originally looked in the .NET API browser for a ServiceHooks*HttpClient object. But, that doesn’t exist. So, I looked at the Publishers – Query Input Values api from the REST documentation. And, the first property I should put in the request body is “currentValues”, which is of type object (what are the details on that?), and has no description given. If I’m trying to query for the current values, what should I put in for “currentValues” and in what format? It becomes apparent that the request and response are using the same object, and that property is only used in the response. So you can ignore that property on the request. But, why doesn’t the documentation state that?

Enough with my tribulations, here’s the results:

  • These are a set of functions for working with Web Hooks (even though it’s misnamed as ServiceHook).
  • These Web Hooks are created for the very specific needs that I wanted. Which were to create Web Hook integrations with a webservice I built for analyzing code commits, pull requests, and builds.
  • The powershell is a wrapper aroound the .NET Client library (nuget) Microsoft.VisualStudio.Service.ServiceHooks.WebApi version 15.131.1, which isn’t the latest version. Since it’s not the latest version of the library, that difference might account for the documentation on the .NET Client libraries not lining up with it. For example, the ServiceHooksPublisherHttpClient does not exist in the .NET API browser.
# see https://docs.microsoft.com/en-us/azure/devops/integrate/concepts/dotnet-client-libraries?view=azure-devops
# for links to some of the nuget packages which contain these (this code was written against version 15.131.1)
Add-Type -Path "C:\YourPath\Newtonsoft.Json.dll"
Add-Type -Path "C:\YourPath\Microsoft.TeamFoundation.Client.dll"
Add-Type -Path "C:\YourPath\System.Net.Http.Formatting.dll"
Add-Type -Path "C:\YourPath\Microsoft.VisualStudio.Services.Common.dll"
Add-Type -Path "C:\YourPath\Microsoft.VisualStudio.WebApi.dll"
Add-Type -Path "C:\YourPath\Microsoft.VisualStudio.Services.ServiceHooks.dll"
$pat = "your-personal-access-token"
$global:AzDModule = @{}
$global:AzDModule.Uri = "https://dev.azure.com/{your-organization}"
$vssBasicCredential = New-Object -TypeName Microsoft.VisualStudio.Services.Common.VssBasicCredential "", $pat
$global:AzDModule.VssConnection = New-Object `
-TypeName Microsoft.VisualStudio.Services.WebApi.VssConnection `
-ArgumentList @($global:AzDModule.Uri, $vssBasicCredential)
$global:AzDModule.ServiceHooksPublisherClient = $global:AzDModule.VssConnection.GetClient([Microsoft.VisualStudio.Services.ServiceHooks.WebApi.ServiceHooksPublisherHttpClient])
view raw AzDModule.psm1 hosted with ❤ by GitHub
function Get-AzDServiceHook {
[CmdletBinding(DefaultParameterSetName = "ProjectName")]
param(
[Parameter(ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectName = $null,
[Parameter(ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectId = $null,
[Parameter(ValueFromPipelineByPropertyName = $true)]
[ValidateSet("git.push","git.pullrequest.created","git.pullrequest.updated","build.complete")]
[string] $EventType = $null,
[Parameter(ValueFromPipelineByPropertyName = $true)]
[string] $ToUrl = $null,
[Parameter(ValueFromPipelineByPropertyName = $true)]
[switch] $Exact
)
$shpClient = $global:AzDModule.ServiceHooksPublisherClient
$inputFilters = New-Object 'System.Collections.Generic.List[Microsoft.VisualStudio.Services.FormInput.InputFilter]'
$response = $shpClient.QuerySubscriptionsAsync("tfs", $inputFilters, $null)
if($null -ne $response.Exception) {
if($null -ne $response.Exception.InnerException) {
throw $response.Exception.InnerException.Message
} else {
throw $response.Exception.Message
}
}
$serviceHooks = $response.Result
if(-not [string]::IsNullOrWhitespace($EventType)) {
$serviceHooks = $serviceHooks |? { $_.EventType -eq $EventType }
}
if(-not [string]::IsNullOrWhitespace($ToUrl)) {
if(-not $Exact) {
if(-not $ToUrl.StartsWith("*")) { $ToUrl = "*" + $ToUrl }
if(-not $ToUrl.EndsWith("*")) { $ToUrl = $ToUrl + "*" }
}
$serviceHooks = $serviceHooks |? { $_.ConsumerInputs.url -like $ToUrl }
}
if(-not [string]::IsNullOrWhitespace($ProjectName)) {
$project = Get-AzDProject -ProjectName $ProjectName
$ProjectId = $project.Id.ToString()
}
if(-not [string]::IsNullOrWhitespace($ProjectId)) {
$serviceHooks = $serviceHooks |? { $_.PublisherInputs.projectId -eq $ProjectId }
}
return $serviceHooks
}
view raw Get-AzDServiceHook.ps1 hosted with ❤ by GitHub
function New-AzDServiceHook {
[CmdletBinding(DefaultParameterSetName = "ProjectName")]
param(
[Parameter(Mandatory = $true, ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectId,
[Parameter(Mandatory = $true, ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectName,
[Parameter(Mandatory = $true, ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[Parameter(Mandatory = $true, ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[ValidateSet("git.push","git.pullrequest.created","git.pullrequest.updated","build.complete")]
[string] $EventType,
[Parameter(Mandatory = $true, ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[Parameter(Mandatory = $true, ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[string] $ToUrl,
[Parameter(Mandatory = $true, ParameterSetName = "SubscriptionObject", ValueFromPipelineByPropertyName = $true)]
[Microsoft.VisualStudio.Services.ServiceHooks.WebApi.Subscription] $Subscription
)
if($PSCmdlet.ParameterSetName -ne "SubscriptionObject") {
$uri = New-Object System.Uri $ToUrl
if([string]::IsNullOrEmpty($ProjectId)) {
$project = Get-AzDProject -ProjectName $ProjectName
$projectId = $project.Id.ToString()
}
$newSub = New-Object Microsoft.VisualStudio.Services.ServiceHooks.WebApi.Subscription
$newSub.PublisherId = "tfs"
$newSub.EventType = $eventType
$newSub.EventDescription = "Any branch on any repository."
$newSub.ResourceVersion = "1.0"
$newSub.ConsumerId = "webHooks"
$newSub.ConsumerActionId = "httpRequest"
$newSub.ActionDescription = "To host $($uri.Host)"
$publisherInputs = New-Object 'System.Collections.Generic.Dictionary[System.String, System.String]'
$publisherInputs.Add("projectId", $projectId)
$publisherInputs.Add("tfsSubscriptionId", "")
switch($EventType) {
"git.push" {
$publisherInputs.Add("branch", "")
$publisherInputs.Add("repository", "")
$publisherInputs.Add("pushedBy", "")
}
"git.pullrequest.created" {
$publisherInputs.Add("branch", "")
$publisherInputs.Add("repository", "")
$publisherInputs.Add("pullrequestCreatedBy", "")
$publisherInputs.Add("pullrequestReviewersContains", "")
}
"git.pullrequest.updated" {
$publisherInputs.Add("branch", "")
$publisherInputs.Add("repository", "")
$publisherInputs.Add("pullrequestCreatedBy", "")
$publisherInputs.Add("pullrequestReviewersContains", "")
$publisherInputs.Add("notificationType", "")
}
"build.complete" {
$publisherInputs.Add("definitionName", "")
$publisherInputs.Add("buildStatus", "")
}
}
$newSub.PublisherInputs = $publisherInputs
$securityHeaderValue = Get-AzDSecurityHeaderValue # you'll come up with something
$consumerInputs = New-Object 'System.Collections.Generic.Dictionary[System.String, System.String]'
$consumerInputs.Add("acceptUntrustedCerts", "true")
$consumerInputs.Add("httpHeaders", "your-security-header:$securityHeaderValue")
$consumerInputs.Add("url", $ToUrl)
$newSub.ConsumerInputs = $consumerInputs
$Subscription = $newSub
}
$output = ($Subscription | ft -AutoSize Id, EventType, ConsumerId, Status, ActionDescription | Out-String) -split [Environment]::NewLine
Write-Verbose "Creating: $($output[3])"
$shpClient = $global:AzDModule.ServiceHooksPublisherClient
$response = $shpClient.CreateSubscriptionAsync($Subscription)
if($null -ne $response.Exception) {
if($null -ne $response.Exception.InnerException) {
throw $response.Exception.InnerException.Message
} else {
throw $response.Exception.Message
}
}
$result = $response.Result
return $result
}
view raw New-AzDServiceHook.ps1 hosted with ❤ by GitHub
function Update-AzDServiceHook {
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[Microsoft.VisualStudio.Services.ServiceHooks.WebApi.Subscription] $Subscription,
[Parameter(ValueFromPipelineByPropertyName = $true)]
[switch] $Enable,
[Parameter(ValueFromPipelineByPropertyName = $true)]
[switch] $Disable
)
if($Enable) {
$Subscription.Status = [Microsoft.VisualStudio.Services.ServiceHooks.WebApi.SubscriptionStatus]::Enabled
}
if($Disable) {
$Subscription.Status = [Microsoft.VisualStudio.Services.ServiceHooks.WebApi.SubscriptionStatus]::DisabledByUser
}
$output = ($Subscription | ft -AutoSize Id, EventType, ConsumerId, Status, ActionDescription | Out-String) -split [Environment]::NewLine
Write-Verbose "Updating: $($output[3])"
$shpClient = $global:AzDModule.ServiceHooksPublisherClient
$response = $shpClient.UpdateSubscriptionAsync($Subscription, $null)
if($null -ne $response.Exception) {
if($null -ne $response.Exception.InnerException) {
throw $response.Exception.InnerException.Message
} else {
throw $response.Exception.Message
}
}
return $response.Result
}
view raw Update-AzDServiceHook.ps1 hosted with ❤ by GitHub
function Remove-AzDServiceHook {
[CmdletBinding(DefaultParameterSetName = "ProjectName")]
param(
[Parameter(ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[Parameter(ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[ValidateSet($null, "git.push","git.pullrequest.created","git.pullrequest.updated","build.complete")]
[string] $EventType = $null,
[Parameter(ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[Parameter(ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[string] $ToUrl = $null,
[Parameter(ParameterSetName = "ProjectId", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectId = $null,
[Parameter(ParameterSetName = "ProjectName", ValueFromPipelineByPropertyName = $true)]
[string] $ProjectName = $null,
[Parameter(Mandatory = $true, ParameterSetName = "SubscriptionObject", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[Microsoft.VisualStudio.Services.ServiceHooks.WebApi.Subscription] $Subscription
)
$subscriptions = @()
if($PSCmdlet.ParameterSetName -eq "SubscriptionObject") {
$subscriptions = @($Subscription)
} else {
$subscriptions = Get-AzDServiceHook @PSBoundParameters
if($null -eq $subscriptions) { $subscriptions = @() }
}
foreach($sub in $subscriptions) {
$output = ($sub | ft -AutoSize Id, EventType, ConsumerId, Status, ActionDescription | Out-String) -split [Environment]::NewLine
Write-Verbose "Removing: $($output[3])"
$shpClient = $global:AzDModule.ServiceHooksPublisherClient
$response = $shpClient.DeleteSubscriptionAsync($sub.Id, $null)
if($null -ne $response.Exception) {
if($null -ne $response.Exception.InnerException) {
throw $response.Exception.InnerException.Message
} else {
throw $response.Exception.Message
}
}
}
}
view raw Remove-AzDServiceHook.ps1 hosted with ❤ by GitHub

comments (0)

Labels:

Record Request Body in ASP.NET Core 3.0

Posted by Steven Maglio on Monday, June 15, 2020

Application Insights is a great tool, but it doesn’t record the body of a request by default. This is for good reason, payloads can be large and can sometimes contain sensitive information. But … sometimes you just need to record them.

When you do a google search there’s a great StackOverflow post (View POST request body in Application Insights) which gives you a lot of hope that it can be setup easily. But, with all the advancements in ASP.NET Core 3.0, it’s not quiet as easy as that post makes it look.

Here’s the obstacles you may need to overcome:

  • In ASP.NET Core 3.0, the request’s Body is no longer available to be read after a particular point in the application pipeline. You will need to create a middleware component to “EnableBuffering”. (This was done for purposes of speed as the underlying layers of the stack were replaced with Span’s. There’s a new Request.BodyReader that works with the spans for high performance, but it’s also not available to be read after a particular point in the application pipeline.)
  • The ITelemetryInitializer runs after a request completes. This means that the request’s body is disposed of by the time the initializer runs and records the event. You will have to record the body somewhere after “EnableBuffering” is enabled and before the Action completes. Like inside of an IActionFilter.
  • You may not want to record the body of everything that flows through your website, so an ActionFilterAttribute can make it easy to select which action you would like to record.

So, here’s some code that can help accomplish that:

using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features;
namespace YourNamespace
{
public class EnableBufferingMiddleware
{
private readonly RequestDelegate _next;
public EnableBufferingMiddleware(
RequestDelegate next
)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
var request = context.Request;
if (request.CanReadBody())
{
//var syncIOFeature = context.Features.Get<IHttpBodyControlFeature>();
//if (syncIOFeature != null)
//{
// syncIOFeature.AllowSynchronousIO = true;
//}
request.EnableBuffering();
}
await _next(context);
}
}
}
view raw EnableBufferingMiddleware.cs hosted with ❤ by GitHub
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Threading.Tasks;
using Microsoft.ApplicationInsights;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace YourNamespace
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseMiddleware<EnableBufferingMiddleware>();
// use that middleware before everything else
}
}
}
view raw Startup.cs hosted with ❤ by GitHub
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace YourNamespace
{
public class TrackConstants
{
public const string JsonBody = "JsonBody";
}
}
view raw TrackConstants.cs hosted with ❤ by GitHub
using System.IO;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc.Filters;
namespace YourNamespace
{
public class TrackRequestBodyAttribute : ActionFilterAttribute
{
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var request = context.HttpContext.Request;
request.Body.Position = 0;
using var stream = new StreamReader(request.Body, Encoding.UTF8, false, 1024, true);
var body = await stream.ReadToEndAsync();
request.Body.Position = 0;
context.HttpContext.Items.Add(TrackConstants.JsonBody, body);
await base.OnActionExecutionAsync(context, next);
}
}
}
view raw TrackRequestBodyAttribute.cs hosted with ❤ by GitHub
using Microsoft.ApplicationInsights.Channel;
using Microsoft.ApplicationInsights.DataContracts;
using Microsoft.ApplicationInsights.Extensibility;
using Microsoft.AspNetCore.Http;
namespace YourNamespace
{
// https://stackoverflow.com/questions/42686363/view-post-request-body-in-application-insights
public class TrackRequestBodyInitializer : ITelemetryInitializer
{
private readonly IHttpContextAccessor httpContextAccessor;
public TrackRequestBodyInitializer(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor;
}
public void Initialize(ITelemetry telemetry)
{
if (telemetry is RequestTelemetry requestTelemetry)
{
var context = httpContextAccessor.HttpContext;
var request = context.Request;
if (request.CanReadBody())
{
const string jsonBody = TrackConstants.JsonBody;
if (!context.Items.ContainsKey(jsonBody))
{
return;
}
if (requestTelemetry.Properties.ContainsKey(jsonBody))
{
return;
}
var body = context.Items[jsonBody] as string;
requestTelemetry.Properties.Add(jsonBody, body);
}
}
}
}
}
view raw TrackRequestBodyInitializer.cs hosted with ❤ by GitHub
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace YourNamespace
{
[ApiController]
[Route("[controller]")]
public class YourController : ControllerBase
{
private readonly ILogger<YourController> _logger;
public PullRequestUpdatedController(
ILogger<YourController> logger
)
{
_logger = logger;
}
[TrackRequestBody]
public async Task<IActionResult> PostAsync([FromBody] YourObjectModel model)
{
// do stuff
return Ok();
}
}
}
view raw YourController.cs hosted with ❤ by GitHub

comments (0)

Labels: ,

What’s an Andon Cord?

Posted by Steven Maglio on Monday, June 8, 2020

I’ve seen a couple of great explanations of an Andon Cord, but I feel like there’s another side to them. Something that hasn’t already been written about in John Willis’ The Andon Cord, Six Sigma Daily’s The Andon Cord: A Way to Stop Work While Boosting Productivity, or even Amazon’s Andon Cord for their distributed supply chain (example 1, 2).

Personally, I’ve heard two descriptions of the Andon Cord and one of them makes a lot of sense to me, and the other one is the popular definition. The popular definition is that an Andon Cord is the capability to pause/halt any manufacturing line in order to ensure quality control and understanding. Anyone can pull the Andon Cord and review a product that they are unsure about. Which intuitively makes sense.

The second definition I heard was from Mike Rother’s book, Toyota Kata, and wasn’t so much of a definition as a small glimpse into the history the Andon Cord. The concept that we know today started at Toyota before they made cars. This was back when they were making sewing machines. And, you need to imagine that the sewing machine manufacturing line was modeled off of Henry Ford’s Model T production lines. So there was a belt that ran across the factory floor and in between stations that people worked at. The Sewing Machines would be mounted to the line and would move from one station to the next on a timed interval (lets say every 5 minutes). So, each person would be working at their station and they would have 5 minutes to complete the work of their station; which was usually installing a part and then some sort of testing. If the person on the line felt that they couldn’t complete their work on time, then they should pull the Andon Cord to freeze the line. This ensured that no defective part/installation continued on down the factory line. The underlying purpose of not having a bad part go down the line is that disassembling and reassembling a machine to replace a defective part is very expensive compared to stopping the line and fixing it while the machine is at the proper assembly level. This makes complete sense to me.

The second definition makes a lot more sense to me than the first because of one unspoken thing:

Anyone on the assembly line can pull the Andon Cord. The Andon Cord can be pulled by anyone, but it’s supposed to be for the people who are actually on the assembly and have expert knowledge about their step within the overall process. It’s their experience and knowledge on that particular product line which makes them the correct person to pull the cord. It’s not for people from other product lines to come over and pull their lines cord.

This is a classic problem that I’ve run into time and again. On multiple occassions, I have seen the Ops and Management side of businesses hear that “anyone can pull the Andon Cord” and immediately start contemplating how they can use the cord to add Review Periods into process lines and allow anyone to put the brakes on a production deployment if anyone doesn’t understand it.

But those ideas seems counter-productive to the overall goals of DevOps. You don’t want to add a Review Period as that just delays the business value from getting to the end customer. And you don’t want to stop a release because someone who isn’t an expert on a product has a question about it; you want that person to go ask the experts, and then you want the experts on a Product Line to pull the Andon Cord.

Now, in an idealized world, all the people involved in a products deployment process would all be on the same Product Team. That team would be made up of Dev, Ops, and other team members. And all of those team members would be experts on the product line and would be the right people to pull the cord.

However, the majority of businesses I’ve talked with have separate Devs and Ops/Engineering teams. Simply because that structure has been lauded as a very cost effective way to reduce the companies expenditure on Ops and allow for their knowledge to be centralized and therefore non-redundant. But, when the Ops team is separate from the Dev team then the Ops team has a sense that they are a part of every product line; and they should have ownership over allowing any release to go to production. Even when they are not experts on the product line and have no knowledge of what a change actually does.

This sense of ownership that Ops (and to some degree Management) have often manifest in the form of asking for a review period between the time a deployment has passed all of it’s testing requirements and it actually goes out to production. This review period should start with a notification to the customers and usually end a few hours/or a day later so that Operations, Management, and Customers all have time to review the change and pull the cord if they have concerns about the change. Except, the Customer and the Product Team are the only ones on that line who are really experts on the product. And for customers that work alongside their product teams, they usually know what’s coming long before scheduling; and customers that don’t work alongside their product teams usually won’t be involved at all at this point.

So, if the above is true, then Operations (and Management) wouldn’t be experts on the product line at this point in the release process, so why would they be pulling the cord at this point?

For Management, I’m not sure. But, for Operations, they are experts on the Production environment that the deployment will be going into. Ops should be aware if there are any current issues in the production environment and be able to stop a deployment from making a bad situation worse. But, that isn’t a product line Andon Cord. That’s an Andon Cord for an entire environment (or a subsection of an environment). The Operations team should have an Andon Cord to pause/halt all deployments from going into Production if something is wrong with that environment. Once the environment has been restored to a sense of stability, then Operations should be able to release the cord and let the queued deployments roll out again. (sidenote: Many companies that are doing DevOps have communication channels setup where everyone should be aware of a Production environment problem; this should allow for “anyone” to pull the Environment Andon Cord and pause deployments for a little while.)

Finally, in the popular definition of the Andon Cord there is a lot of attention paid to human beings pulling the Andon Cord, but not a lot of explicit statements about machines pulling the Andon Cord. For me, I see it as both groups can pull the Andon Cord. It seems like everyone intuitively understands that if unit tests, or smoke tests, or a security scan fails then the process should stop and the product should go back to the developer to fix it. What I don’t think people connect is that that’s an Andon Cord pull. It’s an automated pull to stop the process and send the product back to the station that can fix the problem with the least amount of rework required. To see that though, you have to first recognize that a CI/CD automated build and deployment process is the digital transformation of a factory floors product line. Your product moves from station to station through human beings and automated tooling alike (manual commit, CI build, CI unit tests, manual code review, manual PR approval, CI merge, CI packaging, CD etc.), and at every station there is a possibility of an Andon Cord pull.

comments (0)

Labels:

AzureDevOps PR Policies with Powershell

Posted by Steven Maglio on Monday, June 1, 2020

After tinkering with AzureDevOps Pull Request Statuses, I started thinking about automating the creation of the policies. The build policies need to be setup on an individual repository basis because it requires a build definition to be associated with it. Some policies could be moved to the Project level (like the Minimum Number of Reviewers or Merge Strategy policies). But, I’m not sure if you can override a Project level policy in an individual branch.

So, I went searching to see if anyone had already done it and Jesse Houwing had: Configuring standard policies for all repositories in Azure Repos. I really liked his approach to exploring the API and using the json created by AzureDevOps to help construct his solution. I also was really interested by the idea of using the Azure CLI to perform the updates.

However, I was still pretty enamored with how easy the .NET SDK libraries were to use and thought I could continue to use them with Powershell to perform similar updates. So, here’s some sample code which can create a simple policy like: At least one reviewer is required on a Pull Request and that reviewer can be the requestor.

# Use the connection code from http://stevenmaglio.blogspot.com/2020/05/update-azuredevops-pr-status-with.html
# to setup your $projectName, $repoName, and $vssConnection variable
$gitClient = $vssConnection.GetClient([Microsoft.TeamFoundation.SourceControl.WebApi.GitHttpClient])
$policyClient = $vssConnection.GetClient([Microsoft.TeamFoundation.Policy.WebApi.PolicyHttpClient])
##### Get the RepoId guid
# https://docs.microsoft.com/en-us/dotnet/api/microsoft.teamfoundation.sourcecontrol.webapi.githttpclientbase.getrepositoriesasync?view=azure-devops-dotnet#Microsoft_TeamFoundation_SourceControl_WebApi_GitHttpClientBase_GetRepositoriesAsync_System_String_System_Nullable_System_Boolean__System_Nullable_System_Boolean__System_Nullable_System_Boolean__System_Object_System_Threading_CancellationToken_
$repositories = $gitClient.GetRepositoriesAsync($projectName).Result
$repo = $repositories |? { $_.Name -eq $repoName }
Write-Host "RepositoryId: $($repo.Id)"
$project = $repo.ProjectReference
##### Get the list of policie types for a Project
# https://docs.microsoft.com/en-us/dotnet/api/microsoft.teamfoundation.policy.webapi.policyhttpclient.getpolicytypesasync?view=azure-devops-dotnet#Microsoft_TeamFoundation_Policy_WebApi_PolicyHttpClient_GetPolicyTypesAsync_System_Guid_System_Object_System_Threading_CancellationToken_
$policyTypes = $policyClient.GetPolicyTypesAsync($project.Id).Result
$minReviewersPolicyType = $policyTypes |? { $_.DisplayName -eq "Minimum number of reviewers" }
### Create a new minimum number of reviewers policy
# https://docs.microsoft.com/en-us/dotnet/api/microsoft.teamfoundation.policy.webapi.policyconfiguration?view=azure-devops-dotnet
$policyConfig = New-Object Microsoft.TeamFoundation.Policy.WebApi.PolicyConfiguration
$policyConfig.IsEnabled = $true
$policyConfig.IsBlocking = $true
# validDuration = 720, is 12 hours in minutes
$settingsJson = @"
{
"minimumApproverCount": 1,
"creatorVoteCounts": false,
"allowDownvotes": false,
"resetOnSourcePush": false,
"blockLastPusherVote": false,
"scope": [
{
"refName": "refs/heads/master",
"matchKind": "Exact",
"repositoryId": "$($repo.Id)"
}
]
}
"@
# https://www.newtonsoft.com/json/help/html/ParseJsonObject.htm
$settings = [Newtonsoft.Json.Linq.JObject]::Parse($settingsJson)
$policyConfig.Settings = $settings
$policyConfig.Type = $minReviewersPolicyType
$policyClient = $global:VstsUcsb.PolicyClient
# https://docs.microsoft.com/en-us/dotnet/api/microsoft.teamfoundation.policy.webapi.policyhttpclient.createpolicyconfigurationasync?view=azure-devops-dotnet#Microsoft_TeamFoundation_Policy_WebApi_PolicyHttpClient_CreatePolicyConfigurationAsync_Microsoft_TeamFoundation_Policy_WebApi_PolicyConfiguration_System_Guid_System_Nullable_System_Int32__System_Object_System_Threading_CancellationToken_
$policy = Invoke-AzDRequest -ScriptBlock { $policyClient.CreatePolicyConfigurationAsync($policyConfig, $project.Id) }
Write-Host "Created Minimum policy for the master branch of Repository '$($repo.Name)'"
view raw gistfile1.txt hosted with ❤ by GitHub

comments (0)

Labels:

Subscribe to: Posts (Atom)

Creative Commons License
This site uses Alex Gorbatchev's SyntaxHighlighter, and hosted by herdingcode.com's Jon Galloway.