[Bug] "--area is not present in current organization" error during "az devops invoke --area Security" execution

[DariuszPorowski]

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Azure Cli Version: 2.70
Azure-Devops extension version: 0.18.0

Steps to reproduce the behavior:
run:
az devops invoke --organization "https://dev.azure.com/myorg" --area "Security" --resource "SecurityNamespaces"
and see error:
--area is not present in current organization

Expected behavior
Results the same as using GET rest call:
https://dev.azure.com/myorg/_apis/securitynamespaces?api-version=5.1

Debug logs
cli.azure.cli.core.util : --area is not present in current organization
--area is not present in current organization

Additional context
Add any other context about the problem here.

[jdholbrook81]

Also getting this trying to register a web hook:

az devops invoke --organization $organization --http-method POST --area hooks --resource subscriptions --in-file $webhookJsonPath

Result: --area is not present in current organization

[tasb]

I'm having the same issue too. Any update on this?

[ashishonce]

I see that command
az devops invoke --organization "https://dev.azure.com/" --area "Security" --resource "SecurityNamespaces"

has two step process

first step :
is invoking below API
https://dev.azure.com/yourorg/_apis/ResourceAreas
to get list of all resource areas, and only when provided area is found in the list

it proceeds with particular url for resource within that area. That will be like
https://dev.azure.com/yourorg/_apis/securitynamespaces?api-version=5.1

I see that for the first request area name "Security" is not present and thus the logic fails citing that "Security" is not present in available areas.

I am not sure why this API https://dev.azure.com/yourorg/_apis/ResourceAreas will not return full list of Areas which is provided by
az devops invoke --organization "https://dev.azure.com/yourorg"

you can verify this my running below command to check that when all areas are scanned separately, we do get "Security" as available area.

az devops invoke --organization "https://dev.azure.com/yourorg" --query "[?contains(area,'Security')]"

@narula0781 can we connect with API team for this bug?
I will connect with the API team to know more around this.

[rhatfield-bushel]

So I ran into this issue, and "fixed" it locally, but could use some guidance on how to properly implement the fix in this repo.

So first, I don't code in python very often so I probably shouldn't be writing the fix.

There's two bugs here causing this behavior:

• not accounting for resource version in version string
  • Currently this fails when trying to parse a float
  • This one seems like an easy fix but I don't really want to look up how to do it in python
  • the trailing .1 from 6.0-preview.1 needs to be accounted for. It's still being passed correctly to the end web request, but the float bug doesn't let us call the correct version of the API
• not correctly resolving the base url
  • the way the area is found here is very basic. I would suggest defaulting to the core URL, as that's the correct URL from the documentation for me.
  • I updated the code as follows to work for me, though I'm sure there's much better ways to write this:

if not client_url:
    for resource_area in resource_areas:
        if resource_area.name.lower() == 'core':
            client_url = resource_area.location_url

So, all the parts to fix this should be here. With a little guidance on this I could make a PR with a VERY basic fix, but I won't have the time to contribute any tests for this.

With the above fixes in place, I'm able to call this with the correct API resource and area:

az devops invoke \
  --organization "https://dev.azure.com/yourorg" \
  --area "Security" \
  --resource "SecurityNamespaces" \
  --api-version 6.1.1

I got the appropriate endpoint version from the az devops invoke details:

{
    "area": "Security",
    "id": "ce7b9f95-fde9-4be8-a86d-83b366f0b87a",
    "maxVersion": 6.1,
    "minVersion": 1.0,
    "releasedVersion": "6.0",
    "resourceName": "SecurityNamespaces",
    "resourceVersion": 1,
    "routeTemplate": "_apis/{resource}/{securityNamespaceId}"
}

[tobylo]

Any update on this? Also getting the same error when trying to invoke the securityroles area (to update/set permissions on an environment).

[stevenoneill]

Getting this error when trying to use --area Contribution. Any update?

[kvakulo]

Also hit by this error for --scope securityroles 😞

[silverscout]

@rhatfield-bushel this like I am getting this error on --area processes. I did your fix of updating the invoke.py file and it resolved the issue. Hopefully one day this will get merged in.

[SaurabhSharma-MSFT]

@gauravsaralMs Can you please look into this.

[dimangulov]

Also hit by this error for --scope securityroles

[micwiec]

Issue still exists

[lukecalderon]

Currently having the same issue with the following:

Command

az devops invoke --area "securityRoles" --resource "roleassignments" `
  --route-parameters scopeId="distributedtask.agentpoolrole" resource="$adoAgentPoolId" `
  --detect true `
  --http-method PUT `
  --api-version "7.2-preview" `
  --in-file agentPoolBody.json `
  -o json

Response

ERROR: --area is not present in current organization

[Albert0sans]

any updates?