Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run Get-AzSKAzureDevOpsSecurityStatus throwing an error #328

Open
kiruthigavasu opened this issue May 6, 2020 · 2 comments
Open

Unable to run Get-AzSKAzureDevOpsSecurityStatus throwing an error #328

kiruthigavasu opened this issue May 6, 2020 · 2 comments

Comments

@kiruthigavasu
Copy link

kiruthigavasu commented May 6, 2020
edited
Loading

Hello Team,
When i try to run the command, Get-AzSKAzureDevOpsSecurityStatus to ControlAttest , i am unable to do so. I see the attached error.
Steps to reproduce:
Open a new PS-Core session.
Install-Module AzSK.AzureDevOps -Scope CurrentUser -AllowClobber
Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization

Error: As attached.
image

And i even tried using PAT

Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization
-PATToken $Secure_PAT

and this didnt work either. I get the below error.

image

When i run the GET command, it pops up a browser window to let me login with the AzureDevops username and password. Then the PS session resumes execution, and then i see this error. Btw, I am the Project admin and Org admin.

BUt not sure what this means from your doc:

Permissions required for attesting controls:
Attestation is currently supported only for organization and project controls with admin privileges on organization and project, respectively.

Can someone plz help me out. TY
@abhaydaga
Copy link
Contributor

@kiruthigavasu

  1. Please ensure you are using the latest version of AzSK.AzureDevOps (v.0.9.12). Also please ensure you are explicitly importing the module in the session. See the example below:
#Installation command
Install-Module AzSK.AzureDevOps -Scope CurrentUser -AllowClobber -Force
#Import command
Import-Module AzSK.AzureDevOps
Get-AzSKAzureDevOpsSecurityStatus -OrganizationName 'eviCoreDev' -ControlsToAttest NotAttested -ResourceTypeName Organization

  1. In order to attest organization/project control - you need to be Project Collection Administrator and Project Admin respectively. Attestation for org/project controls is not allowed using PAT.

  2. Also, whenever you want to attest organization/project control - ensure you are using your login credentials to authenticate. If PAT is already used in the session before attestation workflow begins, please attest the control in a new session.

@marian-craciunescu
Copy link

@kiruthigavasu please use powershell 7 or pwsh core
There is a bug with converting SecureString

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marian-craciunescu @abhaydaga @kiruthigavasu