mirror of
https://github.com/inspec/inspec
synced 2024-12-25 04:23:15 +00:00
40888db8c5
Updated README and documentation Closes #25 Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
145 lines
No EOL
3.7 KiB
Markdown
145 lines
No EOL
3.7 KiB
Markdown
---
|
|
title: About the azure_resource_group Resource
|
|
---
|
|
|
|
# azure_resource_group
|
|
|
|
Use the `azure_resource_group` InSpec audit resource to ensure that an Azure Resource group has the correct resources.
|
|
|
|
## References
|
|
|
|
- [Azure Ruby SDK - Resources](https://github.com/Azure/azure-sdk-for-ruby/tree/master/management/azure_mgmt_resources)
|
|
|
|
## Syntax
|
|
|
|
The name of the resource group is specified as an attribute on the resource:
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'MyResourceGroup') do
|
|
its('matcher') { should eq 'value' }
|
|
end
|
|
```
|
|
|
|
where
|
|
|
|
* `MyResourceGroup` is the name of the resource group being interrogated
|
|
* `matcher` is one of
|
|
- `total`
|
|
- `count`
|
|
- `nic_count`
|
|
- `vm_count`
|
|
- `vnet_count`
|
|
- `sa_count`
|
|
- `public_ip_count`
|
|
- `contains`
|
|
- `managed_disk_image_count`
|
|
- `managed_disk_count`
|
|
* `value` is the expected output from the matcher
|
|
|
|
For example:
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'ChefAutomate') do
|
|
its('total') { should eq 7}
|
|
its('nic_count') { should eq 1 }
|
|
its('vm_count') { should eq 1 }
|
|
end
|
|
```
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following matchers:
|
|
|
|
### eq
|
|
|
|
Use the `eq` matcher to test the equality of two values: `its('Port') { should eq '22' }`.
|
|
|
|
Using `its('Port') { should eq 22 }` will fail because `22` is not a string value! Use the `cmp` matcher for less restrictive value comparisons.
|
|
|
|
### total
|
|
|
|
The total number of resources in the resource group
|
|
|
|
### nic_count
|
|
|
|
The number of network interface cards in the resource group
|
|
|
|
### vm_count
|
|
|
|
The number of virtual machines in the resource group
|
|
|
|
### vnet_count
|
|
|
|
The number of virtual networks in the resource group
|
|
|
|
### sa_count
|
|
|
|
The number of storage accounts in the resource group
|
|
|
|
### public_ip_count
|
|
|
|
The number of Public IP Addresses in the resource group
|
|
|
|
### managed_disk_image_count
|
|
|
|
The number of managed disk images that are in the resource group.
|
|
|
|
These are the items from which managed disks are created which are attached to machines. Generally the images are created from a base image or a custom image (e.g. Packer)
|
|
|
|
### managed_disk_count
|
|
|
|
The number of managed disks in the resource group.
|
|
|
|
If a resource group contains one virtual machine with an OS disk and 2 data disks that are all Managed Disks, then the count would be 3.
|
|
|
|
### contains
|
|
|
|
The `contains` filter allows testing of resources that are not directly supported by the resource pack:
|
|
|
|
```ruby
|
|
its('contains') { should be true }
|
|
```
|
|
|
|
This matcher is best used in conjunction with filters, for example the following tests that a Managed Disk image exists in the resource group
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'MyResourceGroup').where { type: 'Microsoft.Compute/images' } do
|
|
its('contains') { should be true }
|
|
end
|
|
```
|
|
|
|
### count
|
|
|
|
The `count` filter allows testing for the number of resources that are not directly supported by the resource pack:
|
|
|
|
As before it is best used in conjunction with a filter. The following checks that there is at least 1 Managed Disk Image in the resource group.
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'MyResourceGroup').where { type: 'Microsoft.Compute/images' } do
|
|
its('count') { should > 1 }
|
|
end
|
|
```
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource
|
|
|
|
### Test Resource Group has the correct number of resources
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'ChefAutomate') do
|
|
its('total') { should eq 7}
|
|
```
|
|
|
|
### Ensure that the Resource Group contains the correct resources
|
|
|
|
```ruby
|
|
describe azure_resource_group(name: 'ChefAutomate') do
|
|
its('total') { should eq 7 }
|
|
its('vm_count') { should eq 2 }
|
|
its('nic_count') { should eq 2 }
|
|
its('public_ip_count') { should eq 1 }
|
|
its('sa_count') { should eq 1 }
|
|
its('vnet_count') { should eq 1 }
|
|
end
|
|
``` |