search

azsk / DevOpsKit-docs

MIT License
497 stars 207 forks source link

Unable to run Get-AzSKAzureDevOpsSecurityStatus throwing an error #328

Open kiruthigavasu opened 4 years ago

kiruthigavasu commented 4 years ago

Hello Team, When i try to run the command, Get-AzSKAzureDevOpsSecurityStatus to ControlAttest , i am unable to do so. I see the attached error. Steps to reproduce: Open a new PS-Core session. Install-Module AzSK.AzureDevOps -Scope CurrentUser -AllowClobber Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization

Error: As attached. image

And i even tried using PAT

Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization -PATToken $Secure_PAT

and this didnt work either. I get the below error.

image

When i run the GET command, it pops up a browser window to let me login with the AzureDevops username and password. Then the PS session resumes execution, and then i see this error. Btw, I am the Project admin and Org admin.

BUt not sure what this means from your doc:

Permissions required for attesting controls: Attestation is currently supported only for organization and project controls with admin privileges on organization and project, respectively.

Can someone plz help me out. TY

abhaydaga commented 4 years ago

@kiruthigavasu

  1. Please ensure you are using the latest version of AzSK.AzureDevOps (v.0.9.12). Also please ensure you are explicitly importing the module in the session. See the example below:
#Installation command
Install-Module AzSK.AzureDevOps -Scope CurrentUser -AllowClobber -Force
#Import command
Import-Module AzSK.AzureDevOps
Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization

  1. In order to attest organization/project control - you need to be Project Collection Administrator and Project Admin respectively. Attestation for org/project controls is not allowed using PAT.

  2. Also, whenever you want to attest organization/project control - ensure you are using your login credentials to authenticate. If PAT is already used in the session before attestation workflow begins, please attest the control in a new session.

marian-craciunescu commented 4 years ago

@kiruthigavasu please use powershell 7 or pwsh core There is a bug with converting SecureString