Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

F/bastion hosts #414

Merged
merged 38 commits into from
Aug 6, 2021
Merged
Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
28fb58b
resources added
sa-progress Jul 14, 2021
e14bd29
Merge branch 'master' of https://github.com/inspec/inspec-azure
sa-progress Jul 15, 2021
5b7ab1c
bastion resource added
sa-progress Jul 15, 2021
74a0a9b
resource added for Bastion Hosts
sa-progress Jul 15, 2021
fedc1d6
f/bastion_hosts
sa-progress Jul 15, 2021
9786554
bastion hosts
sa-progress Jul 19, 2021
0ee4b75
bastion hosts
sa-progress Jul 19, 2021
b17ce5b
Resource and Docs addes for bostionHosts
sa-progress Jul 19, 2021
197b40d
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 19, 2021
6754d3c
Update azure_bastion_hosts_resources.md
sa-progress Jul 19, 2021
717f537
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 19, 2021
29f0259
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 19, 2021
303b96c
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 19, 2021
9c6747a
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 23, 2021
b52598e
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 23, 2021
d72ca37
Merge branch 'f/bastion_hosts' of https://github.com/inspec/inspec-az…
sa-progress Jul 23, 2021
5892609
changed require
sa-progress Jul 25, 2021
6e1f725
changed require
sa-progress Jul 25, 2021
324528a
changed require
sa-progress Jul 25, 2021
4a3daca
added additional params
sa-progress Aug 4, 2021
c259bf9
Merge branch 'master' into f/bastion_hosts
sa-progress Aug 4, 2021
8250ecc
lint fix
sa-progress Aug 4, 2021
405890a
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 4, 2021
d28beca
Update README.md
sa-progress Aug 5, 2021
c6cb642
removed changes from azure_env
sa-progress Aug 5, 2021
7347907
removed changes from azure_env
sa-progress Aug 5, 2021
83f0670
docs updated
sa-progress Aug 5, 2021
b3e1a8f
docs updated
sa-progress Aug 5, 2021
b00e007
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 5, 2021
edcc4c6
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 5, 2021
cc31475
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 6, 2021
0a2a868
param name changed
sa-progress Aug 6, 2021
9844033
param name changed
sa-progress Aug 6, 2021
6db65aa
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 6, 2021
a37e72d
updated name
sa-progress Aug 6, 2021
5ef5f78
docs updated :review fix
sa-progress Aug 6, 2021
79c6f4c
Merge branch 'f/bastion_hosts' of github.com:inspec/inspec-azure into…
sa-progress Aug 6, 2021
f7d4561
Merge branch 'master' into f/bastion_hosts
sa-progress Aug 6, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,8 @@ The following is a list of static resources.
- [azure_web_app_functions](docs/resources/azure_web_app_functions.md)
- [azure_webapp](docs/resources/azure_webapp.md)
- [azure_webapps](docs/resources/azure_webapps.md)

- [azure_bastion_hosts_resource](docs/resources/azure_bastion_hosts_resource.md)
- [azure_bastion_hosts_resources](docs/resources/azure_bastion_hosts_resources.md)

For more details and different use cases, please refer to the specific resource pages.

Expand Down Expand Up @@ -391,7 +392,7 @@ They can be defined as environment variables or resource parameters (has priorit
| azurerm_virtual_machine_disk, azurerm_virtual_machine_disks | `2017-03-30` | [azure_virtual_machine_disk](docs/resources/azure_virtual_machine_disk.md), [azure_virtual_machine_disks](docs/resources/azure_virtual_machine_disks.md) |
| azurerm_virtual_network, azurerm_virtual_networks | `2018-02-01` | [azure_virtual_network](docs/resources/azure_virtual_network.md), [azure_virtual_networks](docs/resources/azure_virtual_networks.md) |
| azurerm_webapp, azurerm_webapps | `2016-08-01` | [azure_webapp](docs/resources/azure_webapp.md), [azure_webapps](docs/resources/azure_webapps.md) |
| azurerm_data_factory, azurerm_data_factories | `2021-06-06` | [azure_data_factory](docs/resources/azure_data_factory.md), [azure_data_factories](docs/resources/azure_data_factories.md) |

## Development

If you'd like to contribute to this project please see [Contributing Rules](CONTRIBUTING.md).
Expand Down Expand Up @@ -550,4 +551,4 @@ rake tf:apply[management_group]
A combination of the above can be provided.
```shell
rake tf:apply[management_group,public_ip,network_watcher]
```
```
100 changes: 100 additions & 0 deletions docs/resources/azure_bastion_hosts_resource.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
---
title: About the azure_bastion_hosts_resource Resource
platform: azure
---

# azure_bastion_hosts_resource

Use the `azure_bastion_hosts_resource` InSpec audit resource to test properties related to a bastion hosts resource.

## Azure REST API version, endpoint and http client parameters

This resource interacts with api versions supported by the resource provider.
The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).

Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).

## Availability

### Installation

This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).

## Syntax

`resource_group` and bastion hosts resource `name` or the `resource_id` must be given as a parameter.
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
it { should exist }
end
```
## Parameters

| Name | Description |
|--------------------------------|----------------------------------------------------------------------------------|
| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` |
| bastionHostName | Name of the virtual network to test. `MyVNetwork` |
sa-progress marked this conversation as resolved.
Show resolved Hide resolved

Both of the parameter sets should be provided for a valid query:
- `resource_group` and `bastionHostName`
sa-progress marked this conversation as resolved.
Show resolved Hide resolved


## Properties

| Name | Description |
|--------------------------------|----------------------------------------------------------------------------------|
| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` |
sa-progress marked this conversation as resolved.
Show resolved Hide resolved
| name | Name of the Azure resource to test. `MyBastionHostName` |
| tags | A list of `tag:value` pairs defined on the resources. |
| type | type of BastionHostName |
| provisioning_state | State of BastionHostName creation |
sa-progress marked this conversation as resolved.
Show resolved Hide resolved

Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/bastion-hosts/get) for other properties available.
Any attribute in the response may be accessed with the key names separated by dots (`.`).


## Examples

### Ensure that the bastion hosts resource has is from same type
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
its('type') { should eq 'Microsoft.Network/bastionHosts' }
end
```
### Ensure that the bastion hosts resource is in successful state
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
its('provisioning_state') { should include('Succeeded') }
end
```

### Ensure that the bastion hosts resource is from same location
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
its('location') { should include df_location }
end
```
## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).

### exists
```ruby
# If a bastion hosts resource is found it will exist
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'MyBastionHostName') do
it { should exist }
end

# bastion hosts resources that aren't found will not exist
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'DoesNotExist') do
it { should_not exist }
end
```

## Azure Permissions

Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
94 changes: 94 additions & 0 deletions docs/resources/azure_bastion_hosts_resources.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
---
title: About the azure_bastion_hosts_resource Resource
platform: azure
---

# azure_bastion_hosts_resource

Use the `azure_bastion_hosts_resource` InSpec audit resource to test properties related to bastion hots for a resource group or the entire subscription.

## Azure REST API version, endpoint and http client parameters

This resource interacts with api versions supported by the resource provider.
The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).

Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).

## Availability

### Installation

This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).


Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/bastion-hosts/list) for properties available.
Any attribute in the response may be accessed with the key names separated by dots (`.`).
## Syntax

An `azure_bastion_hosts_resource` resource block returns all Azure bastion hots, either within a Resource Group (if provided)
```ruby
describe azure_bastion_hosts_resource(resource_group: 'my-rg') do

end
```

## Properties

|Property | Description | Filter Criteria<superscript>*</superscript> |
|---------------|--------------------------------------------------------------------------------------|-----------------|
| name | A list of the unique resource names. | `name` |
| ids | A list of bastion hosts ids . | `id` |
| tags | A list of `tag:value` pairs defined on the resources. | `tags` |
| provisioning_state | State of BastionHosts creation | `provisioning_state` |
sa-progress marked this conversation as resolved.
Show resolved Hide resolved
| types | Types of all the bastion hosts | `type` |
| properties | Types of all the bastion hosts | `properties` |

<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).


## Examples

### Ensure that the bastion hosts resource has is from same type
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
its('type') { should eq 'Microsoft.Network/bastionHosts' }
end
```
### Ensure that the bastion hosts resource is in successful state
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
its('provisioning_states') { should include('Succeeded') }
end
```

### Ensure that the bastion hosts resource is from same location
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
its('location') { should include df_location }
end
```
### Test If Any bastion hots Exist in the Resource Group
```ruby
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
it { should exist }
end
```

## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).

### exists
```ruby
# Should not exist if no bastion hots are in the resource group
describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
it { should_not exist }
end
```
## Azure Permissions

Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
137 changes: 137 additions & 0 deletions libraries/azure_bastion_hosts_resource.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
require 'azure_generic_resource'

class AzureBastionHostsResource < AzureGenericResource
name 'azure_bastion_hosts_resource'
desc 'Azure Bastion to connect to a data lake hosts'
example <<-EXAMPLE
describe azure_bastion_hosts_resource(resource_group: 'example', bastionHostName: 'host-name') do
sa-progress marked this conversation as resolved.
Show resolved Hide resolved
it { should exist }
end
EXAMPLE

def initialize(opts = {})
# Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
# Azure REST API endpoint URL format for the resource:
# GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/
# providers/Microsoft.Network/bastionHosts/{bastionHostName}?api-version=2020-11-01
#
# The dynamic part that has to be created in this resource:
# Microsoft.Network/bastionHosts/{bastionHostName}?api-version=2020-11-01
#
# Parameters acquired from environment variables:
# - {subscriptionId} => Required parameter. It will be acquired by the backend from environment variables.
#
# User supplied parameters:
# - resource_group => Required parameter unless `resource_id` is provided. {resourceGroupName}
# - name => Required parameter unless `resource_id` is provided. data lake hosts name. {bastionHostName}
# - resource_id => Optional parameter. If exists, `resource_group` and `name` must not be provided.
# In the following format:
# /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/
# Microsoft.Network/bastionHosts/{bastionHostName}
# - api_version => Optional parameter. The latest version will be used unless provided. api-version
#
# **`resource_group` and (resource) `name` or `resource_id` will be validated in the backend appropriately.
# We don't have to do anything here.
#
# Following resource parameters have to be defined here.
# - resource_provider => Microsoft.Network/bastionHosts
# The `specific_resource_constraint` method will validate the user input
# not to accept a different `resource_provider`.
#
opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/bastionHosts', opts)
opts[:required_parameters] = %i(name)

# static_resource parameter must be true for setting the resource_provider in the backend.
super(opts, true)
end

def to_s
super(AzureBastionHostsResource)
end

# Resource specific methods can be created.
# `return unless exists?` is necessary to prevent any unforeseen Ruby error.
# Following methods are created to provide the same functionality with the current resource pack >>>>
# @see https://github.com/inspec/inspec-azure

def provisioning_state
properties.provisioningState if exists?
end

def dns_name
properties.dnsName if exists?
end

def ip_configurations_name
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.name
end
result
end

def ip_configurations_id
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.id
end
result
end

def ip_configurations_etag
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.etag
end
result
end

def ip_configurations_type
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.type
end
result
end

def ip_configurations_provisioning_state
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.properties.provisioningState
end
result
end

def ip_configurations_private_ip_allocation_method
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.properties.privateIPAllocationMethod
end
result
end

def ip_configurations_subnet_id
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.properties.subnet.id
end
result
end

def ip_configurations_public_ip_address
return nil if properties.ipConfigurations.first.nil?
result = []
properties.ipConfigurations.each do |config|
result += config.properties.publicIPAddress.id
end
result
end
end
Loading