Refactor Azure DevOps Health Monitoring Scripts to Enhance Error Handling and Authentication#626
Conversation
…ling and Authentication - Consolidated authentication setup across multiple scripts by introducing a common `setup_azure_auth` function, improving code maintainability and clarity. - Enhanced error handling for Azure DevOps API calls, providing clearer feedback on failures and next steps for users. - Updated scripts to utilize a consistent method for retrieving data, ensuring better reliability and reducing the likelihood of errors during execution. - Improved documentation and output messages to reflect changes in functionality and enhance user understanding of monitoring processes.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
- Improved error handling in the `az_with_retry` function by capturing the exit code after executing the Azure command, ensuring that error messages are logged and processed correctly. - Streamlined the removal of the error log file to occur only when the command succeeds, enhancing clarity in error reporting.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| echo "$AZURE_DEVOPS_PAT" | az devops login --organization "$org_url" | ||
| else | ||
| echo "Using service principal authentication..." | ||
| fi |
There was a problem hiding this comment.
AUTH_TYPE validation silently removed from shared auth function
Medium Severity
The new setup_azure_auth function treats any AUTH_TYPE value that isn't "pat" as service principal authentication without error. The old code in five scripts (agent-pools, pipeline-logs, queued-pipelines, service-connections, discover-projects) explicitly validated AUTH_TYPE and exited with an error for invalid values. Now, a misconfigured AUTH_TYPE (e.g., "pat_token") silently proceeds without the intended PAT login, causing subsequent API calls to fail with unclear auth errors instead of an immediate actionable message.
Additional Locations (1)
1 participant
setup_azure_authfunction, improving code maintainability and clarity.Note
Medium Risk
Touches many runbook scripts and changes how all Azure DevOps API calls are executed (timeouts/retries and auth setup), which could alter behavior in edge cases or environments missing
timeout/with different CLI auth state.Overview
Improves reliability of Azure DevOps health checks by introducing shared script helpers (
_az_helpers.sh) that centralize Azure DevOps CLI extension setup + PAT/SP auth (setup_azure_auth) and wrapazcalls with per-call timeouts, exponential-backoff retries, and standardized stdout capture (az_with_retry).Updates the existing health scripts to use these helpers instead of ad-hoc
azinvocations and error-log parsing, and tweaks issue messages to explicitly call out API unavailability/timeouts and suggest network/service-health checks.Adds a new
preflight-check.shand wires it intorunbook.robotsuite initialization to report identity + per-scope access results; the runbook also now emits explicit issues when downstream scripts fail to produce valid JSON, including the preflight summary for troubleshooting.Written by Cursor Bugbot for commit de8f2d7. This will update automatically on new commits. Configure here.