Add privileges in Roles

prathwagh · 10 May 2019 13:44

I want to select/add privileges in Roles/CustomRoles in Octopus using Powershell. My team is utilizing so much time clicking the checkboxes beside the privileges. I need to achieve that using Powershell script. I have to update/create custom roles for each Octopus server.
Can you please help me with the cmdlets or the powershell command for this activity?

Kenneth_Bates · 13 May 2019 04:28

Hi Prathamesh,

Thanks for getting in touch! This is certainly possible, however we don’t have any specific examples of adding individual permissions to a user role via the API. The closest I think we have in our sample script repository is to add an environment scope to a team.

github.com

OctopusDeploy/OctopusDeploy-Api/blob/master/Octopus.Client/PowerShell/Teams/AddEnvironmentToTeam.ps1

# You can this dll from your Octopus Server/Tentacle installation directory or from
# https://www.nuget.org/packages/Octopus.Client/
Add-Type -Path 'Octopus.Client.dll' 

$apikey = 'API-MCPLE1AQM2VKTRFDLIBMORQHBXA' # Get this from your profile
$octopusURI = 'http://localhost' # Your server address

$endpoint = new-object Octopus.Client.OctopusServerEndpoint $octopusURI,$apikey 
$repository = new-object Octopus.Client.OctopusRepository $endpoint

$teamId = "Teams-1" # Get this from /api/teams
$environmentId = "Environments-1" # Get this from /api/environments

$team = $repository.Teams.Get($teamID)

$team.EnvironmentIds.Add($environmentId)

$repository.Teams.Modify($team)

You can see the permissions granted to an existing team at OctoURL/api/userroles/userroles-ID which shows the GrantedPermissions array consisting of each individual permission. When adding a permission to a user role via the web portal, a POST is done adding to this array. (You can reference the API calls Octopus makes when performing actions in the web portal by viewing the network tab in your dev tools.)

I hope this helps get you going! Let me know how you go, or if you have any further questions or concerns moving forward.

Best regards,

Kenny

prathwagh · 13 May 2019 07:42

Thank you @Kenneth_Bates. The sample script helped me to create the PS script for privilege add/edit operation.

Kenneth_Bates · 14 May 2019 01:32

Hi Prathamesh,

Thanks for following up and letting me know! That’s great to hear that helped you write the PS script. If you’re feeling inclined to do so, feel free to add this to our sample script repo for others looking to do the same thing!

Don’t hesitate to reach out if you have any further questions or concerns in the future.

Best regards,

Kenny

prathwagh · 14 May 2019 11:10

Sure, here it is!
GitHub Octopus Deploy

Kenneth_Bates · 15 May 2019 06:53

Hi Prathamesh,

Thanks so much for sharing! I’m sure it’ll help someone in the future.

Let me know if you have any questions or concerns down the track.

Best regards,

Kenny

sgoldman · 15 May 2019 08:55

Hi Prathamesh,

recently we migrated to latest octopus server (2019.3.3 on prem) and upgraded our PS script to use Octopus.Client 6.1.3.0 from 4.42.5.0

since upgrade we have issue to maintain teams environments

during environment assignment script, we getting following error:

You cannot call a method on a null-valued expression.
At line:2 char:1

$devTeam.EnvironmentIds.Add(“Environments-3”)

  + CategoryInfo          : InvalidOperation: (:) [], ParentContainsErrorRecordException
  + FullyQualifiedErrorId : InvokeMethodOnNull

the script looks like:

$devTeam = $repository.Teams.Get(“Teams-21”)
$devTeam.EnvironmentIds.Add(“Environments-3”)
$repository.Teams.Modify($devTeam)

after some investigation we found that “TeamResource” under the “Octopus.Client.Model” was changed and doesn’t contain any more “EnvironmentIds” property (and more other)

it broke all our automation for auto create/delete environments

any ideas/suggestions?

Thanks in advance,

Stan

prathwagh · 16 May 2019 07:40

Hi Stan,

Please try this and let me know if it works.

$Environment = Get-OctopusEnvironment -EnvironmentName “Enter Environment name here”

Write-Output $Environment

$team = Get-OctopusTeam -TeamName “Enter team name here”

Write-Output $team #Before adding environment

$team.Environments.Add($environmentId)

Write-Output $team #After adding environment

sgoldman · 16 May 2019 09:31

Hi Prathamesh,

Thank you for reply!!!

after installing Octoposh and executing flowing command

Get-OctopusTeam (on any team name)

i getting error:

Get-OctopusTeam : Object reference not set to an instance of an object.
At line:1 char:1

Get-OctopusTeam

  + CategoryInfo          : NotSpecified: (:) [Get-OctopusTeam], NullReferenceException
  + FullyQualifiedErrorId : System.NullReferenceException,Octoposh.Cmdlets.GetOctopusTeam

What can be cause for this error?
The Get-OctopusEnvironment cmdlet works fine

PS:
in general, we are using Octopus.Client

Add-Type -Path “$ScriptDirectory\Octopus.Client.dll”
$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURI,$apikey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint

that we have compatibility issue with it.

Looking forward to hearing from you and thanks in advance,

Stan

prathwagh · 16 May 2019 09:47

Get-OctopusTeam : Object reference not set to an instance of an object. - This error means you do not have access to the Octopus. Try not to use API key of administrator user. Create your user and give privileges to your user and use your API key.

sgoldman · 16 May 2019 10:38

Thanks for reply Prathamesh!
Still no luck…
looks like bug - i can get every resource (machine, environment, role etc.) but no the team…

the new user (and service account) both in sys admins team with sys admin role and space manager role

any ideas?

thanks in advance,

Stan

system · 15 June 2019 10:38

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.