How to Query Azure DevOps

107
7 min to read

Mastering Azure DevOps Queries: A Complete Guide to Query Pipelines, Files, and Users

If you're managing a project in Azure DevOps, chances are you've needed to query pipelines, explore repository files, or audit user details. Understanding how to efficiently query Azure DevOps can save time and provide valuable insights into your workflows. In this guide, I’ll show you how to query various Azure DevOps items, including YAML pipelines, repository files, and user stores, using both the Azure CLI and REST API.

Whether you're new to Azure DevOps or looking to optimize your skills, this guide has everything you need!

Why You Need Azure DevOps Queries

Here’s why querying Azure DevOps can be a game-changer:

  • Streamline Debugging: Quickly locate specific pipelines or files when troubleshooting.
  • Optimize Workflow: Understand how your resources are connected and make informed decisions.
  • Ensure Compliance: Audit pipelines, files, and user access for security and regulatory compliance.

Table of Contents

  1. Prerequisites and Permissions
  2. Querying Pipelines
  3. Querying Repository Files
  4. Querying Users and Access Control
  5. Tips for Optimized Queries
  6. Conclusion

Prerequisites and Permissions

Before you start querying Azure DevOps, make sure you have the following:

1. Azure DevOps Access

  • Access to the Azure DevOps organization and project.
  • Permissions for the specific resources you want to query.

2. Personal Access Token (PAT)

A Personal Access Token (PAT) is required to authenticate API requests. You can create one as follows:

  1. Go to Azure DevOps > User Settings > Personal Access Tokens.
  2. Click New Token and configure the required permissions.

Required PAT Permissions:

  • Pipelines: Read access under "Build and Release".
  • Repositories: Read access under "Code".
  • Users and Groups: Read access under "Graph".

3. Tools and Software

  • Azure CLI: Install the Azure CLI and the Azure DevOps extension. 
    az extension add --name azure-devops
  • REST API Tools: Use curl or Python for API queries.
  • Optional: Install jq for processing JSON data in Bash scripts.

4. Project Setup

Ensure you know:

  • Your organization name.
  • The project name or ID.
  • Repository names and folder paths, if querying files.

1. Querying Pipelines

Using Azure CLI

Step 1: Set Defaults

First, configure the CLI to use your organization and project:

az devops configure --defaults organization=https://dev.azure.com/<your-organization> project=<your-project>

Step 2: List All Pipelines

Run this command to list all pipelines:

az pipelines list --query "[].{Name:name, ID:id, Path:folder}" -o table

Step 3: Filter YAML Pipelines

To display only pipelines that use YAML files:

az pipelines list --query "[?configuration.type == 'yaml'].{Name:name, ID:id, YAMLFile:configuration.yamlFilename}" -o table

Using REST API

Step 1: Get All Pipelines

Use the following curl command:

curl -s \
  -H "Authorization: Basic $(echo -n ':<your-pat>' | base64)" \
  "https://dev.azure.com/<organization>/<project>/_apis/pipelines?api-version=7.1-preview.1" | jq '.value[] | {name, id, yamlFilename}'

Step 2: Filter YAML Pipelines

Add a filter to include only YAML-based pipelines:

jq '.value[] | select(.configuration.type == "yaml") | {name, id, yamlFilename}'

2. Querying Repository Files

Using Azure CLI

Step 1: List All Repositories

az repos list --query "[].{Name:name, ID:id}" -o table

Step 2: Query a Specific Repository

To get details about a specific repository:

az repos show --repository "<repo-name>" --query "{DefaultBranch:defaultBranch, ID:id}" -o json

Step 3: List Files in a Repository

To list files in a specific branch:

az repos ref list --repository "<repo-name>" --path "/path/to/folder" -o table

Using REST API

Step 1: Get File List

curl -s \
  -H "Authorization: Basic $(echo -n ':<your-pat>' | base64)" \
  "https://dev.azure.com/<organization>/<project>/_apis/git/repositories/<repo-id>/items?scopePath=/path/to/folder&api-version=7.1-preview.1"

Step 2: Get File Content

curl -s \
  -H "Authorization: Basic $(echo -n ':<your-pat>' | base64)" \
  "https://dev.azure.com/<organization>/<project>/_apis/git/repositories/<repo-id>/items?path=/path/to/file.yaml&api-version=7.1-preview.1"

3. Querying Users and Access Control

Using Azure CLI

Step 1: List All Users

az devops user list --query "[].{Name:displayName, Email:mailAddress}" -o table

Step 2: Query Specific Users

To get details about a specific user:

az devops user show --user "<email-or-id>"

Step 3: List Security Groups

az devops security group list --query "[].{Name:principalName, Members:members}" -o json

Using REST API

Step 1: List All Users

curl -s \
  -H "Authorization: Basic $(echo -n ':<your-pat>' | base64)" \
  "https://vssps.dev.azure.com/<organization>/_apis/graph/users?api-version=6.0-preview"

Step 2: List Group Memberships

curl -s \
  -H "Authorization: Basic $(echo -n ':<your-pat>' | base64)" \
  "https://vssps.dev.azure.com/<organization>/_apis/graph/memberships?api-version=6.0-preview"

4. Tips for Optimized Queries

  1. Combine CLI and REST API: Use the CLI for quick queries and the API for complex filtering or automation.

  2. Use Filters Effectively: Both CLI and API allow filtering—use them to narrow down results and save time.

  3. Automate Queries: Create reusable scripts to query pipelines, files, or users regularly.

  4. Process Results Locally: Tools like jq and Python make it easy to manipulate JSON results for reporting.

  5. Secure Your PAT: Store your PAT securely (e.g., use environment variables) and avoid hardcoding it in scripts.

5. PowerShell Script: List YAML Pipelines Across All Repositories in a Project

Here’s a PowerShell script that uses the Azure DevOps REST API to list all existing YAML pipelines across all repositories in a single Azure DevOps project. The script authenticates with a Personal Access Token (PAT) and retrieves the necessary information.

# Variables
$organization = "https://dev.azure.com/your-organization"   # Replace with your organization URL
$project = "your-project"                                   # Replace with your project name
$personalAccessToken = "your-pat"                           # Replace with your Personal Access Token

# Base64 encode the PAT for Authorization
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$personalAccessToken"))

# Function to call the Azure DevOps REST API
function Invoke-AzDevOpsApi {
    param (
        [string]$Uri
    )

    $response = Invoke-RestMethod -Uri $Uri -Method Get -Headers @{
        Authorization = "Basic $base64AuthInfo"
    }
    return $response
}

# Get all pipelines in the project
$uri = "$organization/$project/_apis/pipelines?api-version=7.1-preview.1"
$allPipelines = Invoke-AzDevOpsApi -Uri $uri

# Filter pipelines that use YAML configuration
$yamlPipelines = $allPipelines.value | Where-Object { $_.configuration.type -eq "yaml" }

# Display the YAML pipelines
if ($yamlPipelines.Count -eq 0) {
    Write-Host "No YAML pipelines found in the project '$project'." -ForegroundColor Yellow
} else {
    Write-Host "YAML Pipelines in project '$project':" -ForegroundColor Green
    foreach ($pipeline in $yamlPipelines) {
        Write-Host "Pipeline Name: $($pipeline.name)"
        Write-Host "Pipeline ID: $($pipeline.id)"
        Write-Host "YAML File Path: $($pipeline.configuration.yamlFilename)"
        Write-Host "======================================="
    }
}

How the Script Works

  1. Authentication:

    • Uses a PAT to authenticate with the Azure DevOps REST API.
    • Encodes the PAT in Base64 for use in the Authorization header.

  2. Get Pipelines:

    • Calls the Azure DevOps REST API to retrieve all pipelines in the specified project.

  3. Filter YAML Pipelines:

    • Filters the pipelines where the configuration.type is yaml.

  4. Display Results:

    • Outputs the name, ID, and YAML file path of each pipeline to the console.

Running the Script

  1. Save the Script: Save the script as List-YamlPipelines.ps1.

  2. Run the Script: Open PowerShell and execute the script:

    .\List-YamlPipelines.ps1

  3. View Output: The script will display a list of all YAML pipelines in the specified project, including their names, IDs, and file paths.

Example Output

YAML Pipelines in project 'your-project':
Pipeline Name: Build Pipeline
Pipeline ID: 12
YAML File Path: /builds/build-pipeline.yaml
=======================================
Pipeline Name: Deploy Pipeline
Pipeline ID: 34
YAML File Path: /deploy/deploy-pipeline.yaml
=======================================

This script is easy to customize and can be expanded to include additional pipeline metadata or support querying multiple projects. Let me know if you’d like help tailoring it further!

Conclusion

Querying Azure DevOps is a vital skill for managing resources efficiently. Whether you're tracking YAML pipelines, inspecting repository files, or auditing user access, the tools and methods outlined here will help you stay in control.

Now that you’ve learned how to query pipelines, files, and users, why not start automating your workflows? If you have questions or want to share your own Azure DevOps tips, leave a comment below!

About me

Azure Cloud Solutions Engineer with a passion for cloud automation, DevOps, Kubernetes , monitoring, identity management (IAM), cloud security and O365. Working with Azure, Amazon AWS, System Center, OMS/Log Analytics and related cloud services and software.

My certifications
Recent articles
Custom Rules for PSRule and Bicep pipeline
Custom Rules for PSRule and Bicep pipeline
Bicep Module Testing PSRule Pipeline
Bicep Module Testing PSRule Pipeline
Should You Use a Separate Stage for Bicep Linting in Your CI/CD Pipeline?
Should You Use a Separate Stage for Bicep Linting in Your CI/CD Pipeline?
How To Share Bicep Templates and Modules
How To Share Bicep Templates and Modules
Topics
Tags