Fix feature #48 - pipeline settings REST (#50)

src/PSRule.Rules.AzureDevOps/Functions/DevOps.Pipelines.Settings.ps1

@@ -31,27 +31,10 @@ Function Get-AzDevOpsPipelinesSettings {
         $Project
     )
     $header = Get-AzDevOpsHeader -PAT $PAT
-    $uri = "https://dev.azure.com/$Organization/_apis/Contribution/HierarchyQuery?api-version=5.0-preview.1"
+    $uri = "https://dev.azure.com/$Organization/$Project/_apis/build/generalsettings?api-version=7.1-preview.1"
     Write-Verbose "URI: $uri"
-    $postObject = @{
-        contributionIds = @('ms.vss-build-web.pipelines-general-settings-data-provider')
-        dataProviderContext = @{
-            properties = @{
-                sourcePage = @{
-                    routeId = "ms.vss-admin-web.project-admin-hub-route"
-                    url = "https://dev.azure.com/$Organization/$Project/_settings/settings"
-                    routeValues = @{
-                        project = $Project
-                        action = "Execute"
-                        adminPivot = "settings"
-                        controller = "ContributedPage"
-                    }
-                }
-            }
-        }
-    }
     try {
-        $pipelinesSettings = Invoke-RestMethod -Uri $uri -Method Post -Headers $header -Body ($postObject | ConvertTo-Json -Depth 100) -ContentType 'application/json'
+        $pipelinesSettings = Invoke-RestMethod -Uri $uri -Method Get -Headers $header -ContentType 'application/json'
         # if the response is not an object but a string, the authentication failed or the pipeline was not found
         if ($pipelinesSettings -is [string]) {
             throw "Authentication failed or pipeline not found"
@@ -60,7 +43,7 @@ Function Get-AzDevOpsPipelinesSettings {
     catch {
         throw $_.Exception.Message
     }
-    return $pipelinesSettings.dataProviders.'ms.vss-build-web.pipelines-general-settings-data-provider'
+    return $pipelinesSettings
 }
 Export-ModuleMember -Function Get-AzDevOpsPipelinesSettings
 # End of Function Get-AzDevOpsPipelinesSettings

src/PSRule.Rules.AzureDevOps/rules/AzureDevOps.Pipelines.Settings.Rule.ps1

@@ -10,8 +10,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime' `
         Reason 'The projects settings do not limit setting variables at queue time.'
         Recommend 'Enable `Limit variables that can be set at queue time` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#policies
-        $Assert.HasField($TargetObject, "enforceSettableVar.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enforceSettableVar.enabled", $true)
+        $Assert.HasField($TargetObject, "enforceSettableVar", $true)
+        $Assert.HasFieldValue($TargetObject, "enforceSettableVar", $true)
 }
 
 # Synopsis: Job authorization scope should be limited to current project for non-release pipelines
@@ -24,8 +24,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope' `
         Reason 'The projects settings do not limit job authorization scope to current project for non-release pipelines.'
         Recommend 'Enable `Limit job authorization scope to current project for non-release pipelines` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#tasks
-        $Assert.HasField($TargetObject, "enforceJobAuthScope.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enforceJobAuthScope.enabled", $true)
+        $Assert.HasField($TargetObject, "enforceJobAuthScope", $true)
+        $Assert.HasFieldValue($TargetObject, "enforceJobAuthScope", $true)
 }
 
 # Synopsis: Limit job authorization scope to current project for release pipelines
@@ -38,8 +38,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipeli
         Reason 'The projects settings do not limit job authorization scope to current project for release pipelines.'
         Recommend 'Enable `Limit job authorization scope to current project for release pipelines` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#tasks
-        $Assert.HasField($TargetObject, "enforceJobAuthScopeForReleases.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enforceJobAuthScopeForReleases.enabled", $true)
+        $Assert.HasField($TargetObject, "enforceJobAuthScopeForReleases", $true)
+        $Assert.HasFieldValue($TargetObject, "enforceJobAuthScopeForReleases", $true)
 }
 
 # Synopsis: Limit job authorization scope to defined repositories in YAML pipelines
@@ -52,8 +52,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines
         Reason 'The projects settings do not limit job authorization scope to defined repositories in YAML pipelines.'
         Recommend 'Enable `Limit job authorization scope to defined repositories in YAML pipelines` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#tasks
-        $Assert.HasField($TargetObject, "enforceReferencedRepoScopedToken.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enforceReferencedRepoScopedToken.enabled", $true)
+        $Assert.HasField($TargetObject, "enforceReferencedRepoScopedToken", $true)
+        $Assert.HasFieldValue($TargetObject, "enforceReferencedRepoScopedToken", $true)
 }
 
 # Synopsis: A comment should be required before building a pull request from a fork
@@ -66,8 +66,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork' `
         Reason 'The projects settings do not require a comment before building a pull request from a fork.'
         Recommend 'Enable `Require a comment before building a pull request from a fork` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#policies
-        $Assert.HasField($TargetObject, "isCommentRequiredForPullRequest.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "isCommentRequiredForPullRequest.enabled", $true)
+        $Assert.HasField($TargetObject, "isCommentRequiredForPullRequest", $true)
+        $Assert.HasFieldValue($TargetObject, "isCommentRequiredForPullRequest", $true)
 }
 
 # Synopsis: Forks should not have access to secrets
@@ -80,8 +80,8 @@ Rule 'Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork' `
         Reason 'The projects settings do not restrict secrets for pull requests from forks.'
         Recommend 'Enable `Restrict secrets for pull requests from forks` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#policies
-        $Assert.HasField($TargetObject, "enforceNoAccessToSecretsFromForks.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enforceNoAccessToSecretsFromForks.enabled", $true)
+        $Assert.HasField($TargetObject, "enforceNoAccessToSecretsFromForks", $true)
+        $Assert.HasFieldValue($TargetObject, "enforceNoAccessToSecretsFromForks", $true)
 }
 
 # Synopsis: Shell tasks arguments should be sanitized
@@ -94,6 +94,6 @@ Rule 'Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments' `
         Reason 'The projects settings do not sanitize shell task arguments.'
         Recommend 'Enable `Sanitize shell task arguments` in Project settings.'
         # Links: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#tasks
-        $Assert.HasField($TargetObject, "enableShellTasksArgsSanitizing.enabled", $true)
-        $Assert.HasFieldValue($TargetObject, "enableShellTasksArgsSanitizing.enabled", $true)
+        $Assert.HasField($TargetObject, "enableShellTasksArgsSanitizing", $true)
+        $Assert.HasFieldValue($TargetObject, "enableShellTasksArgsSanitizing", $true)
 }