Installing TFS Aggregator WebHooks is a six step process:
- Grant access to VSTS/TFS
- Deploy TfsAggregator WebHooks web application
- Configure TFS Aggregator
- Define the policy
- Setup logging (optional)
- Setup the Web Hooks in TFS/VSTS
There are three possible options to grant access. In most cases you will have to change the configuration later using the values collected in this step.
a. Create a Personal Access Token
Leave All scopes select; TFS Aggregator use the old Object Model (see Authentication issue using Personal Access Token when all options of "Selected Scope" are selected). b. Capture Personal Access Token's value and store it for later
NOTE: this is per-account value you can use (User Profile/Security)
instead of a PAT, you can give permission to the account running the Application Pool (see https://github.com/tfsaggregator/tfsaggregator/wiki/Troubleshooting)
or put username and password in clear text in the /AggregatorConfiguration/runtime/authentication
node of the policy file
If you do not allow access expect a similar error
To install TfsAggregator WebHooks web application you can use the Deploy-TfsAggregatorWebHooks.ps1
as a sample script
- use SSL to avoid exposing credentials
- the account running Aggregator application pool must have proper permissions on the target TFS or you set some credentials in the policy file
Use the button. This is the simplest option for VSTS.
In the wizard specify the
Please take note of the URL for the next steps.
You can check that the deploy worked, by opening a browser to the above URL appending /api/workitem
To edit the deployed files, use Kudu console
at the https://
<name_chosen_in_previous_step>.scm.azurewebsites.net
URL. Navigate to site\wwwroot
folder via Debug console menu.
Add at least one user in the Users
section
<Users>
<add key="vsts" value="P@ssw0rd!" />
</Users>
Define the policyFilePath
in web.config
; the default value is the static path of the sample policy.
Instead of a static path you can use a variable value from the incoming request e.g. <add key="policyFilePath" value="~/App_Data/{CollectionId}.policies" />
.
The possible variables for policyFilePath
, extracted from the incoming request data are:
{EventType}
could beworkitem.created
workitem.updated
workitem.restored
orworkitem.deleted
{AccountId}
Guid of VSTS Account (TFS 2017 or later){CollectionId}
Guid of collection{TeamProject}
name of the Team Project{TfsCollectionUri}
URL of the collection
Navigate to the App_Data
folder to edit the policy files
The default HelloWorld policy works for any kind of work items.
The runtime/authentication
element accept two new options
- Explicit credentials
<authentication username="DOMAIN\user" password="***" />
not much secure, but handy for testing and some edge scenario - Personal Access Token (obtained on step 1)
<authentication personalToken="***" />
In the policies you may have to set the credentials chosen in the first step, e.g. the PAT.
This step is not mandatory, but recommended in the initial phase.
In the Azure Portal navigate to App Services and select the App Service hosting TFS Aggregator. Scroll down to Diagnostic logs and turn on Application Logging.
Select the Verbosity level and save.
You can store the logs in Azure storage for auditing.
In the Kudu console navigate to the LogFiles\Application
folder to find the log files produced by TFS Aggregator.
By opening the file you see a snapshot of log file's content.
This is the last step: setup the caller, i.e. configure VSTS/TFS to invoke TFS Aggregator (see also Web Hooks).
In the samples
folder you can find the Create-Subscriptions.ps1
Powershell script to quickly setup the subscription.
It requires six arguments and creates the subcription for create, update and restore events.
Argument | Description | Sample value |
---|---|---|
tfsURL | TFS/VSTS base URL | https://me.visualstudio.com/ |
ProjectName | TFS/VSTS project name | My Project |
PersonalAccessToken | Personal Access Token generated in step 1 | jocxco3i7twydcif25bh7yysbodwnq4ppuannhro4yryfcbab4na |
aggregatorURL | URL of TFS Aggregator WebHooks API | https://mytfsaggregator.azurewebsites.net/api/workitem/ |
aggregatorUsername | Username listed in TFS Aggregator WebHooks web.config |
vsts |
aggregatorPassword | Password for the above | P@ssw0rd! |
The
workitem.deleted
fails with errorTF26198: The work item does not exist, or you do not have permission to access it.
This is an issue with VSTS/TFS that we cannot solve.
NOTE: this is a per-project configuration (Project/Admin).
You may have to repeat this step for all four event:
- New/created
- Change/updated
- Delete
- Restore
Insert the URL, e.g. https://
<name_chosen_in_deploy_step>.azurewebsites.net/api/workitem
and one user listed in TFS Aggregator web.config
file.
NOTE the Test button above may send a well-formed document or not, so to test if everything works you really must create/modify some work item.
This is the result with a single hooked event.
And after all four events are defined.
At this point the configuration is complete and you can test, e.g. creating a new work item.
You see in the Service Hooks page
the success or failure. Remember that you can see the TFS Aggregator log to help troubleshooting.