Skip to content

Commit

Permalink
Merge branch 'main' into RESOURCE-534-create-the-unit-tests-and-docs-…
Browse files Browse the repository at this point in the history
…for-azure-microsoft-defender-for-cloud-resource-for-security-contact
  • Loading branch information
soumyo13 authored Nov 22, 2022
2 parents a650ec9 + 0b11b25 commit 9cf1016
Show file tree
Hide file tree
Showing 22 changed files with 355 additions and 58 deletions.
14 changes: 12 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,20 @@
# Changelog
<!-- latest_release 1.118.12 -->
<!-- latest_release 1.118.14 -->
## [v1.118.14](https://github.com/inspec/inspec-azure/tree/v1.118.14) (2022-11-22)

#### Merged Pull Requests
- RESOURCE-536 azure-storage-account-resource-attribute-has-infrastructure-encryption-enabled-attribute [#697](https://github.com/inspec/inspec-azure/pull/697) ([sa-progress](https://github.com/sa-progress))
<!-- latest_release -->

## [v1.118.13](https://github.com/inspec/inspec-azure/tree/v1.118.13) (2022-11-22)

#### Merged Pull Requests
- RESOURCE-532 create the unit tests and docs for azure my sql database server configuration [#690](https://github.com/inspec/inspec-azure/pull/690) ([soumyo13](https://github.com/soumyo13))

## [v1.118.12](https://github.com/inspec/inspec-azure/tree/v1.118.12) (2022-11-14)

#### Merged Pull Requests
- RESOURCE-501 servervulnerabilityassessment in azure sql database resource [#677](https://github.com/inspec/inspec-azure/pull/677) ([soumyo13](https://github.com/soumyo13))
<!-- latest_release -->

## [v1.118.11](https://github.com/inspec/inspec-azure/tree/v1.118.11) (2022-11-14)

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.118.12
1.118.14
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
+++
title = "azure_mysql_database_configuration Resource"
platform = "azure"
draft = false
gh_repo = "inspec-azure"

[menu.inspec]
title = "azure_mysql_database_configuration"
identifier = "inspec/resources/azure/azure_mysql_database_configuration Resource"
parent = "inspec/resources/azure"
+++

Use the `azure_mysql_database_configuration` InSpec audit resource to test the properties of an Azure MySQL Database Configuration on a MySQL Database Server.

## Syntax

`resource_group`, `server_name` and `name`, or the `resource_id` are required parameters.

```ruby
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do
it { should exist }
end
```

```ruby
describe azure_mysql_database_configuration(resource_id: 'RESOURCE_ID') do
it { should exist }
end
```

## Parameters

`resource_group`
: Azure resource group where the targeted resource resides.

`server_name`
: The name of the server on which the database resides.

`name`
: The unique name of the database configuration.

`resource_id`
: The unique resource ID.

Either one of the parameter sets can be provided for a valid query:

- `resource_id`
- `resource_group`, `server_name`, and `name`

## Properties

`id`
: The id of the resource.

`name`
: The name of the resource.

`type`
: The type of the resource.

`properties.allowedValues`
: Allowed values of the configuration.

`properties.dataType`
: Data type of the configuration.

`properties.defaultValue`
: Default value of the configuration.

`properties.description`
: Description of the configuration.

`properties.source`
: Source of the configuration.

`properties.value`
: Value of the configuration.


For properties applicable to all resources, such as `type`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}).

Also, refer to [Azure documentation](https://learn.microsoft.com/en-us/rest/api/mysql/singleserver/configurations/get?tabs=HTTP) for other properties available.
Any attribute in the response may be accessed with the key names separated by dots (`.`).

## Examples

### Test the resource name

```ruby
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do
its('name') { should be 'CONFIGURATION_NAME' }
end
```

```ruby
describe azure_mysql_database_configuration(resource_id: 'RESOURCE_ID') do
its('name') { should be 'CONFIGURATION_NAME' }
end
```

## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/).

### exists

```ruby
# If we expect the resource to always exist.
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do
it { should exist }
end
```

```ruby
# If we expect the resource to never exist.
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME', name: 'CONFIGURATION_NAME') do
it { should_not exist }
end
```

## Azure Permissions

{{% azure_permissions_service_principal role="contributor" %}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
+++
title = "azure_mysql_database_configurations Resource"
platform = "azure"
draft = false
gh_repo = "inspec-azure"

[menu.inspec]
title = "azure_mysql_database_configurations"
identifier = "inspec/resources/azure/azure_mysql_database_configurations Resource"
parent = "inspec/resources/azure"
+++

Use the `azure_mysql_database_configurations` InSpec audit resource to test the properties of an Azure MySQL Database Configuration on a MySQL Database Server.

## Azure REST API Version, Endpoint, and HTTP Client Parameters

{{% inspec_azure_common_parameters %}}

## Installation

{{% inspec_azure_install %}}

## Syntax

The `resource_group` and `server_name` are required parameters.

```ruby
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
```

## Parameters

`resource_group`
: Azure resource group where the targeted resource resides.

`server_name`
: The name of the server in which the database resides.

## Properties

`ids`
: A list of the unique resource IDs.

: **Field**: `id`

`names`
: A list of names of all the resources being interrogated.

: **Field**: `name`

`types`
: A list of the types of resources being interrogated.

: **Field**: `type`

`properties`
: A list of properties for all the resources being interrogated.

: **Field**: `properties`

{{% inspec_filter_table %}}

## Examples

### Check resources are present

```ruby
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
its('names') { should include 'my-db' }
end
```

### Filter the results to include only those with names match the specified string value

```ruby
describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME').where{ name.eql?('user-override') } do
it { should exist }
end
```

## Matchers

{{% inspec_matchers_link %}}

### exists

The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches.

```ruby
# If we expect resources to exist.

describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
```

```ruby
# If we expect resources not to exist.

describe azure_mysql_database_configuration(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should_not exist }
end
```

## Azure Permissions

{{% azure_permissions_service_principal role="contributor" %}}
2 changes: 1 addition & 1 deletion inspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ copyright: Chef Software, Inc.
copyright_email: support@chef.io
license: Apache-2.0
summary: This resource pack provides compliance resources for Azure.
version: 1.118.12
version: 1.118.14
inspec_version: '>= 4.18.39'
supports:
- platform: azure
10 changes: 5 additions & 5 deletions libraries/azure_microsoft_defender_security_contact.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ class AzureMicrosoftDefenderSecurityContact < AzureGenericResource
it { should exist }
end
EXAMPLE

def initialize(opts = {})
# Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
raise ArgumentError, '`resource_group` is not allowed.' if opts.key(:resource_group)

opts[:resource_provider] = specific_resource_constraint('Microsoft.Security/securityContacts', opts)
opts[:allowed_parameters] = %i(built_in)

opts[:resource_uri] = '/providers/Microsoft.Security/securityContacts'
opts[:add_subscription_id] = opts[:built_in] != true

super(opts, true)
end

def to_s
super(AzureMicrosoftDefenderSecurityContact)
end
Expand Down
10 changes: 5 additions & 5 deletions libraries/azure_microsoft_defender_setting.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ class AzureMicrosoftDefenderSetting < AzureGenericResource
it { should exist }
end
EXAMPLE

def initialize(opts = {})
# Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
raise ArgumentError, '`resource_group` is not allowed.' if opts.key(:resource_group)

opts[:resource_provider] = specific_resource_constraint('Microsoft.Security/settings', opts)
opts[:allowed_parameters] = %i(built_in)

opts[:resource_uri] = '/providers/Microsoft.Security/settings'
opts[:add_subscription_id] = opts[:built_in] != true

super(opts, true)
end

def to_s
super(AzureMicrosoftDefenderSetting)
end
Expand Down
20 changes: 10 additions & 10 deletions libraries/azure_microsoft_defender_settings.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,44 +8,44 @@ class AzureMicrosoftDefenderSettings < AzureGenericResources
it { should exist }
end
EXAMPLE

attr_reader :table

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
raise ArgumentError, '`resource_group` is not allowed.' if opts.key(:resource_group)

opts[:resource_provider] = specific_resource_constraint('Microsoft.Security/settings', opts)

# `built_in_only` is a resource specific parameter as oppose to the `api_version`.
# That's why it should be put in allowed_parameters to be able to pass the parameter validation in the backend.
opts[:allowed_parameters] = %i(built_in_only)
opts[:resource_uri] = '/providers/Microsoft.Security/settings'
opts[:add_subscription_id] = opts[:built_in_only] != true

# static_resource parameter must be true for setting the resource_provider in the backend.
super(opts, true)

# Check if the resource is failed.
# It is recommended to check that after every usage of inherited methods or making API calls.
return if failed_resource?

# Define the column and field names for FilterTable.
# In most cases, the `column` should be the pluralized form of the `field`.
# @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md

table_schema = [
{ column: :ids, field: :id },
{ column: :names, field: :name },
{ column: :types, field: :type },
{ column: :kinds, field: :kind },
{ column: :properties, field: :properties },
]

# FilterTable is populated at the very end due to being an expensive operation.
AzureGenericResources.populate_filter_table(:table, table_schema)
end

def to_s
super(AzureMicrosoftDefenderSettings)
end
Expand Down
Loading

0 comments on commit 9cf1016

Please sign in to comment.