Enable oauth for an organization in Azure Dev Ops

This page describes the prerequisite for enabling oauth policy on an Azure DevOps organization for it to work with Prancer. The second paragraph describes the steps involved in using the Wizard IaC to connect to an Azure DevOps repository, running test cases on it, and creating a compliance report. The user can select the security mode, schedule options, and the repository they want to work with. After selecting the repository, the wizard will create configurations, fetch resources from the cloud, run policy compliance on the fetched resources, and generate a compliance report. The user can view the report and logs in the respective screens. For oauth to work on an Azure Dev Ops, the organization that contains repositories to be accessed by Prancer need to have oauth policy enabled for the organization.

This will enable the oauth client to find all the repositories in the projects of this organization. An example shown below should help:

../img/wizard/azure/wizard_prerequisite.png

Wizard - IaC Enterprise

Using wizard IaC, you can connect to the Azure DevOps repository where the pre-deployment template files are stored. And you can run the test cases on it.

Select the "IaC" option from the list of the configuration wizard.

  • Click on the "Next" button to see the list of providers supported for IaC.

../img/wizard/iac_enterprise/iac_wizard_selection.png

  • Select "Azure DevOps" from git providers.
  • Select the security mode
  • Monitor
  • Monitor and Remediate
  • "Monitor" mode only checks for compliances, and remediation or fixes are not available
  • "Monitor and Remediate" monitors your server and provides remediation support.
  • There are two schedule options
  • One time run
  • Continuous Compliance
  • "One Time Run" will run the compliance once after the wizard creation completes
  • "Continuous Compliance" runs the compliance every day after the wizard creation completes.
  • Click on the authenticate to allow the prancer to access list all repositories available at the Azure DevOps server.

../img/wizard/iac_enterprise/Iac_provider_ado.png

  • It will ask you to grant access to the prancer-io organization. Click on the "Accept" button.

../img/wizard/iac_enterprise/grant_access_ado.png

  • Once you authorize the application, you will redirect back to the prancer application. Now you can see the Repository option, and here you can search for a particular repository and select one of the repositories.

../img/wizard/iac_enterprise/select_repository.png

  • Once you select the repository, you can click on the "Finish" button.
  • It will do the following items:
  • Create Connector Configuration
  • Create Master Snapshot Configuration
  • Create Master Compliance Configuration
  • Run the Crawler to fetch available resources from the cloud.
  • Run the policy compliance on fetched resources.

../img/wizard/iac_enterprise/finish_processing.png

  • After some time, you can see the compliance result in the Report screen and see the logs in the Log screen.