Updated README and documentation Closes #25 Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
3.7 KiB
title |
---|
About the azure_resource_group Resource |
azure_resource_group
Use the azure_resource_group
InSpec audit resource to ensure that an Azure Resource group has the correct resources.
References
Syntax
The name of the resource group is specified as an attribute on the resource:
describe azure_resource_group(name: 'MyResourceGroup') do
its('matcher') { should eq 'value' }
end
where
MyResourceGroup
is the name of the resource group being interrogatedmatcher
is one oftotal
count
nic_count
vm_count
vnet_count
sa_count
public_ip_count
contains
managed_disk_image_count
managed_disk_count
value
is the expected output from the matcher
For example:
describe azure_resource_group(name: 'ChefAutomate') do
its('total') { should eq 7}
its('nic_count') { should eq 1 }
its('vm_count') { should eq 1 }
end
Matchers
This InSpec audit resource has the following matchers:
eq
Use the eq
matcher to test the equality of two values: its('Port') { should eq '22' }
.
Using its('Port') { should eq 22 }
will fail because 22
is not a string value! Use the cmp
matcher for less restrictive value comparisons.
total
The total number of resources in the resource group
nic_count
The number of network interface cards in the resource group
vm_count
The number of virtual machines in the resource group
vnet_count
The number of virtual networks in the resource group
sa_count
The number of storage accounts in the resource group
public_ip_count
The number of Public IP Addresses in the resource group
managed_disk_image_count
The number of managed disk images that are in the resource group.
These are the items from which managed disks are created which are attached to machines. Generally the images are created from a base image or a custom image (e.g. Packer)
managed_disk_count
The number of managed disks in the resource group.
If a resource group contains one virtual machine with an OS disk and 2 data disks that are all Managed Disks, then the count would be 3.
contains
The contains
filter allows testing of resources that are not directly supported by the resource pack:
its('contains') { should be true }
This matcher is best used in conjunction with filters, for example the following tests that a Managed Disk image exists in the resource group
describe azure_resource_group(name: 'MyResourceGroup').where { type: 'Microsoft.Compute/images' } do
its('contains') { should be true }
end
count
The count
filter allows testing for the number of resources that are not directly supported by the resource pack:
As before it is best used in conjunction with a filter. The following checks that there is at least 1 Managed Disk Image in the resource group.
describe azure_resource_group(name: 'MyResourceGroup').where { type: 'Microsoft.Compute/images' } do
its('count') { should > 1 }
end
Examples
The following examples show how to use this InSpec audit resource
Test Resource Group has the correct number of resources
describe azure_resource_group(name: 'ChefAutomate') do
its('total') { should eq 7}
Ensure that the Resource Group contains the correct resources
describe azure_resource_group(name: 'ChefAutomate') do
its('total') { should eq 7 }
its('vm_count') { should eq 2 }
its('nic_count') { should eq 2 }
its('public_ip_count') { should eq 1 }
its('sa_count') { should eq 1 }
its('vnet_count') { should eq 1 }
end