mirror of
https://github.com/inspec/inspec
synced 2024-12-19 09:33:20 +00:00
34 lines
No EOL
1.2 KiB
Ruby
34 lines
No EOL
1.2 KiB
Ruby
|
|
title 'Check Azure Resources'
|
|
|
|
control 'azure-generic-storage-account-2.0' do
|
|
|
|
impact 1.0
|
|
title 'Check the storage account'
|
|
|
|
# Get the storage account by type, this is because in the tests
|
|
# the storage account name is randomly generated so it cannot be known to perform
|
|
# these inspec tests
|
|
describe azure_generic_resource(group_name: 'Inspec-Azure',
|
|
type: 'Microsoft.Storage/storageAccounts') do
|
|
its('total') { should be 1 }
|
|
|
|
# There should be no tags
|
|
it { should_not have_tags }
|
|
|
|
its('properties.encryption.keySource') { should cmp 'Microsoft.Storage' }
|
|
|
|
# Check that the blob and file services are enabled
|
|
its('properties.encryption.services.blob.enabled') { should be true }
|
|
its('properties.encryption.services.file.enabled') { should be true }
|
|
its('properties.encryption.keySource') { should cmp "Microsoft.Storage" }
|
|
|
|
its('properties.provisioningState') { should cmp "Succeeded" }
|
|
|
|
its("properties.primaryLocation") { should cmp "westeurope" }
|
|
its("properties.statusOfPrimary") { should cmp "available" }
|
|
|
|
# Determine if it only supports HTTPS traffic
|
|
its('properties.supportsHttpsTrafficOnly') { should be false }
|
|
end
|
|
end |