diff --git a/README.md b/README.md index 8b4c1f421..7edb340fb 100644 --- a/README.md +++ b/README.md @@ -107,14 +107,69 @@ end ### Available Resources -- `azurevm_image` - This resource reads information about a virtual machine in the specified resource group +- `azure_vm` - This resource reads information about a virtual machine in the specified resource group + +| Resource Name | Resources | Description | +|---------------|-----------|-------------| +| azure_vm | publisher | Publisher that provided the image in the marketplace | +| | offer | The offer of the image | +| | sku | The SKU being used | + +- `azure_vm_datadisks` - Resource to read the data disks for a machine and check that they are of the correct size etc + +| Resource Name | Resources | Description | +|---------------|-----------|-------------| +| azure_vm_datadisks | has_disks? | Boolean test to see if a machine has datadisks | +| | count | Returns the number of data disks attached to the machine | +| | where | Filter that allows for different tests to be performed, see examples below | + +When data disks are retrieved from a machine they are given as an array. The `where` filter will interogate the array according the criteria it is given. The followin attributes are available in the filter: + + - `disk` - Disk number (0 index based) + - `caching` - What sort of caching is enabled on the data disk + - `create_option` - How the disk was created + - `size` - The size of the disk in GB + - `lun` - The LUN number + - `name` - Name of the disk + - `uri` - Full URI to the disk in Blob storage + - `storage_account` - The name of the storage account in which the Blob storage exists + +**Note: This does not yet work with Managed Disks** + +## Examples + +### Test for 1 disk with a size greater than 10gb + +```ruby +control 'azure-1' do + impact 1.0 + title 'Checks that the machine has exactly one data disk and it is over 10gb in size' + + describe azurevm_image(host: 'example-01', resource_group: 'MyResourceGroup') do + its('has_disks?') { should be true } + its('count') { should eq 1 } + end + + describe azurevm_image(host: 'example-01', resource_group: 'MyResourceGroup').where { disk == 0 and size > 10 } do + its('entries') { should_not be_empty } + end +end +``` + +### Using the example controls + +There a number of example controls that have been added to this resource. They are driven by environment variables to make them easier to run. For example the following would test a machine called `example-01` in the resource group `exmaple-rg`. + +```bash +$> AZURE_VM_NAME='example-01' AZURE_RESOURCE_GROUP_NAME='example-rg' bundle exec inspec exec . +``` ## License | | | | ------ | --- | | **Author:** | Russell Seymour () | -| **Copyright:** | Copyright (c) 2016 Chef Software Inc. | +| **Copyright:** | Copyright (c) 2017 Chef Software Inc. | | **License:** | Apache License, Version 2.0 | Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/controls/example_vm_datadisks.rb b/controls/example_vm_datadisks.rb index 7a63aa2b9..afb58a8cf 100644 --- a/controls/example_vm_datadisks.rb +++ b/controls/example_vm_datadisks.rb @@ -3,9 +3,17 @@ title 'Sample profile to test the data disks of a vm' control 'azure-vm-datadisks-1.0' do impact 1.0 - title 'Ensure that the machine has 1 data disk of greater than or equal to 10gb' + title 'Ensure that the machine has 1 data disk' - describe azure_vm_datadisks(host: 'AutomateServer-VM', resource_group: 'rjs-automate-09').where { (disk == 1 and size >= 10) } do + hostname = ENV['AZURE_VM_NAME'] + resource_group_name = ENV['AZURE_RESOURCE_GROUP_NAME'] + + describe azure_vm_datadisks(host: hostname, resource_group: resource_group_name) do + its('has_disks?') { should be true } + its('count') { should eq 1 } + end + + describe azure_vm_datadisks(host: hostname, resource_group: resource_group_name).where { disk == 0 and size > 10 } do its('entries') { should_not be_empty } end end diff --git a/controls/example_vm_image.rb b/controls/example_vm_image.rb index d654cb1d4..d4fc0baea 100644 --- a/controls/example_vm_image.rb +++ b/controls/example_vm_image.rb @@ -1,11 +1,15 @@ title 'Sample profile to test the Image SKU of a vm' -control 'azurevm-image-1.0' do +control 'azure-vm-1.0' do impact 1.0 title 'Ensure that the machine has an image SKU of 16.04.0-LTS' - describe azurevm_image(host: 'exmaple-01', resource_group: 'MyResourceGroup') do - its('sku') { should eq '16.04.0-LTS' } + + hostname = ENV['AZURE_VM_NAME'] + resource_group_name = ENV['AZURE_RESOURCE_GROUP_NAME'] + + describe azure_vm(host: hostname, resource_group: resource_group_name) do + its('sku') { should eq '16.04-LTS' } its('publisher') { should eq 'Canonical' } its('offer') { should eq 'UbuntuServer' } end diff --git a/libraries/azure_vm.rb b/libraries/azure_vm.rb index d8a5d830c..a53168d9e 100644 --- a/libraries/azure_vm.rb +++ b/libraries/azure_vm.rb @@ -51,21 +51,4 @@ class AzureVm < Inspec.resource(1) end end - def has_data_disks? - vm = @helpers.get_vm(@opts[:host], @opts[:resource_group]) - - if vm.instance_of?(String) - vm - else - vm.storage_profile.data_disks.length > 0 - end - end - - def data_disk - - vm = @helpers.get_vm(@opts[:host], @opts[:resource_group]) - - dd = DataDisks.new(vm) - end - end diff --git a/libraries/azure_vm_datadisks.rb b/libraries/azure_vm_datadisks.rb index 972ce7c8e..14a8bba58 100644 --- a/libraries/azure_vm_datadisks.rb +++ b/libraries/azure_vm_datadisks.rb @@ -34,6 +34,8 @@ class AzureVmDataDisks < Inspec.resource(1) filter = FilterTable.create filter.add_accessor(:where) .add_accessor(:entries) + .add_accessor(:count) + .add_accessor(:has_disks?) .add(:disk, field: 'disk') .add(:caching, field: 'caching') .add(:create_option, field: 'create_option') @@ -45,6 +47,14 @@ class AzureVmDataDisks < Inspec.resource(1) filter.connect(self, :params) + def count + entries.length + end + + def has_disks? + entries.length > 0 + end + private def parse_data_disks(data_disks)