-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #517 from inspec/support-power-bi-gateways
Support power bi gateways
- Loading branch information
Showing
9 changed files
with
300 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
--- | ||
title: About the azure_power_bi_gateway Resource | ||
platform: azure | ||
--- | ||
|
||
# azure_power_bi_gateway | ||
|
||
Use the `azure_power_bi_gateway` InSpec audit resource to test the properties related to Azure Power BI gateway. | ||
|
||
## Azure REST API version, Endpoint, and HTTP Client Parameters | ||
|
||
This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter. | ||
If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). | ||
|
||
Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md). | ||
|
||
## Availability | ||
|
||
### Installation | ||
|
||
This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). | ||
|
||
## Syntax | ||
|
||
`gateway_id` is a required parameter. | ||
|
||
```ruby | ||
describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do | ||
it { should exist } | ||
end | ||
``` | ||
|
||
## Parameters | ||
|
||
`gateway_id` _(required)_ | ||
|
||
The gateway ID. | ||
|
||
## Properties | ||
|
||
| Property | Description | | ||
|-------------------------------------|------------------------------------------------------------------| | ||
| id | The gateway ID. | | ||
| name | The gateway name. | | ||
| type | The gateway type. | | ||
| publicKey.exponent | The public key exponent. | | ||
| publicKey.modulus | The public key modulus. | ||
|
||
For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). | ||
|
||
Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway) for other properties available. | ||
|
||
## Examples | ||
|
||
### Test that the Power BI gateway's exponent is `AQAB` | ||
|
||
```ruby | ||
describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do | ||
its('publicKey.exponent') { should eq 'AQAB' } | ||
end | ||
``` | ||
|
||
## Matchers | ||
|
||
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). | ||
|
||
### exists | ||
|
||
```ruby | ||
# If the Azure Power BI gateway is found, it will exist | ||
describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do | ||
it { should exist } | ||
end | ||
# if the Azure Power BI gateway is not found, it will not exist | ||
describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do | ||
it { should_not exist } | ||
end | ||
``` | ||
|
||
## Azure Permissions | ||
|
||
Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
title: About the azure_power_bi_gateways Resource | ||
platform: azure | ||
--- | ||
|
||
# azure_power_bi_gateways | ||
|
||
Use the `azure_power_bi_gateways` InSpec audit resource to test the properties related to all Azure Power BI gateways. | ||
|
||
## Azure REST API version, Endpoint, and HTTP Client Parameters | ||
|
||
This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter. | ||
If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). | ||
|
||
Unless defined, `azure_cloud` global endpoint and default values for the HTTP client is used. For more information, refer to the resource pack [README](../../README.md). | ||
|
||
## Availability | ||
|
||
### Installation | ||
|
||
This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). | ||
|
||
## Syntax | ||
|
||
An `azure_power_bi_gateways` resource block returns all Azure Power BI gateways. | ||
|
||
```ruby | ||
describe azure_power_bi_gateways do | ||
#... | ||
end | ||
``` | ||
|
||
## Parameters | ||
|
||
## Properties | ||
|
||
|Property | Description | Filter Criteria<superscript>*</superscript> | | ||
|--------------------------------|------------------------------------------------------------------------|------------------| | ||
| ids | List of all gateway IDs. | `id` | | ||
| names | List of all the gateway names. | `name` | | ||
| types | List of all the gateway types. | `type` | | ||
| exponents | List of all public key exponents. | `exponent` | | ||
| modulus | List of all public key modulus. | `modulus` | | ||
|
||
|
||
<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). | ||
Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/Gateways/get-Gateways) for other available properties. | ||
|
||
## Examples | ||
|
||
### Loop through Power BI gateways by their IDs | ||
|
||
```ruby | ||
azure_power_bi_gateways.ids.each do |id| | ||
describe azure_power_bi_gateway(gateway_id: id) do | ||
it { should exist } | ||
end | ||
end | ||
``` | ||
|
||
### Test to ensure all Power BI gateways exponent is `AQAB` | ||
|
||
```ruby | ||
describe azure_power_bi_gateways.where(exponent: 'AQAB') do | ||
it { should exist } | ||
end | ||
``` | ||
|
||
## Matchers | ||
|
||
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). | ||
|
||
### exists | ||
|
||
```ruby | ||
# Should not exist if no Power BI gateways are present | ||
describe azure_power_bi_gateways do | ||
it { should_not exist } | ||
end | ||
# Should exist if the filter returns at least one Power BI gateways | ||
describe azure_power_bi_gateways do | ||
it { should exist } | ||
end | ||
``` | ||
|
||
## Azure Permissions | ||
|
||
Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
require 'azure_generic_resource' | ||
|
||
class AzurePowerBIGateway < AzureGenericResource | ||
name 'azure_power_bi_gateway' | ||
desc 'Retrieves and verifies the settings of a Azure Power BI Gateway' | ||
example <<-EXAMPLE | ||
describe azure_power_bi_gateway(gateway_id: '95a4871a-33a4-4f35-9eea-8ff006b4840b') do | ||
it { should exist } | ||
end | ||
EXAMPLE | ||
|
||
attr_reader :table | ||
|
||
AUDIENCE = 'https://analysis.windows.net/powerbi/api'.freeze | ||
|
||
def initialize(opts = {}) | ||
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) | ||
|
||
Validators.validate_parameters(resource_name: @__resource_name__, required: %i(gateway_id), | ||
opts: opts) | ||
|
||
opts[:name] = opts.delete(:gateway_id) | ||
opts[:resource_uri] = "https://api.powerbi.com/v1.0/myorg/gateways/#{opts[:name]}" | ||
opts[:audience] = AUDIENCE | ||
opts[:add_subscription_id] = false | ||
opts[:is_uri_a_url] = true | ||
opts[:api_version] = 'v1.0' | ||
super | ||
end | ||
|
||
def to_s | ||
super(AzurePowerBIGateway) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
require 'azure_generic_resources' | ||
|
||
class AzurePowerBIGateways < AzureGenericResources | ||
name 'azure_power_bi_gateways' | ||
desc 'Retrieves and verifies the settings of all Azure Power BI Gateways.' | ||
example <<-EXAMPLE | ||
describe azure_power_bi_gateways do | ||
it { should exist } | ||
end | ||
EXAMPLE | ||
|
||
AUDIENCE = 'https://analysis.windows.net/powerbi/api'.freeze | ||
|
||
def initialize(opts = {}) | ||
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) | ||
|
||
opts[:resource_uri] = 'https://api.powerbi.com/v1.0/myorg/gateways' | ||
opts[:audience] = AUDIENCE | ||
opts[:add_subscription_id] = false | ||
opts[:is_uri_a_url] = true | ||
opts[:api_version] = 'v1.0' | ||
super | ||
return if failed_resource? | ||
|
||
populate_filter_table_from_response | ||
end | ||
|
||
def to_s | ||
super(AzurePowerBIGateways) | ||
end | ||
|
||
private | ||
|
||
def populate_table | ||
@resources.each do |resource| | ||
@table << resource.merge(resource[:publicKey]) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
gateway_id = input(:gateway_id, value: '') | ||
control 'Verify settings of a Power BI Dashboard' do | ||
describe azure_power_bi_gateway(gateway_id: gateway_id) do | ||
it { should exist } | ||
its('type') { should eq 'Resource' } | ||
its('publicKey.exponent') { should eq 'AQAB' } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
control 'verify settings of Power BI Gateways' do | ||
describe azure_power_bi_gateways do | ||
it { should exist } | ||
its('types') { should include 'Resource' } | ||
its('exponents') { should include 'AQAB' } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
require_relative 'helper' | ||
require 'azure_power_bi_gateway' | ||
|
||
class AzurePowerBIGatewayConstructorTest < Minitest::Test | ||
def test_empty_param_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateway.new } | ||
end | ||
|
||
# resource_provider should not be allowed. | ||
def test_resource_provider_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateway.new(resource_provider: 'some_type') } | ||
end | ||
|
||
def test_resource_group_name_alone_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateway.new(name: 'my-name', resource_group: 'test') } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
require_relative 'helper' | ||
|
||
require 'azure_power_bi_gateways' | ||
|
||
class AzurePowerBIGatewaysConstructorTest < Minitest::Test | ||
# resource_type should not be allowed. | ||
|
||
def test_resource_type_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateways.new(resource_provider: 'some_type') } | ||
end | ||
|
||
def tag_value_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateways.new(tag_value: 'some_tag_value') } | ||
end | ||
|
||
def tag_name_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateways.new(tag_name: 'some_tag_name') } | ||
end | ||
|
||
def test_name_not_ok | ||
assert_raises(ArgumentError) { AzurePowerBIGateways.new(name: 'some_name') } | ||
end | ||
end |