Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RESOURCE-157 Support power bi embedded capacities #487

Merged
merged 11 commits into from
Mar 12, 2022
103 changes: 103 additions & 0 deletions docs/resources/azure_power_bi_embedded_capacities.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
title: About the azure_power_bi_embedded_capacities Resource
platform: azure
---

# azure_power_bi_embedded_capacities

Use the `azure_power_bi_embedded_capacities` InSpec audit resource to test the properties related to all Azure Power BI Embedded Capacities within a project.

## Azure REST API version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter.
If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).

Unless defined, `azure_cloud` global endpoint and default values for the HTTP client is used. For more information, refer to the resource pack [README](../../README.md).

## Availability

### Installation

This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).

## Syntax

An `azure_power_bi_embedded_capacities` resource block returns all Azure Power BI Embedded Capacities within a project.

```ruby
describe azure_power_bi_embedded_capacities do
#...
end
```

## Parameters

| Name | Description |
|----------------|----------------------------------------------------------------------------------|
| account_name | The Azure Storage account name. |
| dns_suffix | The DNS suffix for the Azure Data Lake Storage endpoint. |

The below parameters are optional.
- `account_name` and `dns_suffix` (optional)

## Properties

|Property | Description | Filter Criteria<superscript>*</superscript> |
|--------------------|---------------------------------------------------------------|------------------|
| ids | A list of PowerBI Dedicated resources. | `id` |
| names | The names of all the PowerBI Dedicated resource. | `name` |
| locations | A list of all locations of all the PowerBI Dedicated resource.| `location` |
| modes | A list of all the capacity modes. | `mode` |
| provisioningStates | A list of all provisioning state. |`provisioningState`|
| states | The current state of all PowerBI Dedicated resources. | `state` |
| sku_names | The SKU name of the PowerBI Dedicated resource. | `sku_name` |
| sku_tiers | The SKU tier of the PowerBI Dedicated resource. | `sku_tier` |
| sku_capacities | The SKU capacities of the PowerBI Dedicated resource. | `sku_capacity` |
| administration_members | A collection of Dedicated capacity administrators. | `administration_members` |



<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi-embedded/capacities/list) for other properties available.

## Examples

### Loop through Power BI Embedded Capacities by their names

```ruby
azure_power_bi_embedded_capacities.names.each do |name|
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: name) do
it { should exist }
end
end
```

### Test to ensure Power BI Embedded Capacities where sku_capacities greater than 1

```ruby
describe azure_power_bi_embedded_capacities.where(sku_capacity > 1 ) do
it { should exist }
end
```

## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).

### exists

```ruby
# Should exist if the filter returns at least one Migrate Assessment in the project and in the resource group
describe azure_power_bi_embedded_capacities do
it { should exist }
end

# Should not exist if no Power BI Embedded Capacities are present in the project and in the resource group
describe azure_power_bi_embedded_capacities do
it { should_not exist }
end
```

## Azure Permissions

Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `contributor` role on the subscription you wish to test.
98 changes: 98 additions & 0 deletions docs/resources/azure_power_bi_embedded_capacity.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
---
title: About the azure_power_bi_embedded_capacity Resource
platform: azure
---

# azure_power_bi_embedded_capacity

Use the `azure_power_bi_embedded_capacity` InSpec audit resource to test the properties related to Azure Power BI Embedded Capacity.

## Azure REST API version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter.
If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).

Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md).

## Availability

### Installation

This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).

## Syntax

`name` and `resource_group` is a required parameter.

```ruby
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do
it { should exist }
end
```

```ruby
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do
it { should exist }
end
```

## Parameters

| Name | Description |
|----------------|----------------------------------------------------------------------------------|
| name | Name of the Power BI Embedded Capacity to test. |
| resource_group | Azure Resource Group. |

The parameter set should be provided for a valid query:

- `name` and `account_name`

## Properties

| Property | Description |
|----------------------------|------------------------------------------------------------------|
| id | An identifier that represents the PowerBI Dedicated resource. |
| location | Location of the PowerBI Dedicated resource. |
| name | The name of the PowerBI Dedicated resource. |
| properties.administration | A collection of Dedicated capacity administrators. |
| properties.mode | The capacity mode. |
| properties.state | The current state of PowerBI Dedicated resource. The state is to indicate more states outside of resource provisioning.|
| sku | The SKU of the PowerBI Dedicated resource. |
| tags | Key-value pairs of additional resource provisioning properties. |
| type | The type of the PowerBI Dedicated resource. |


For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).

Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi-embedded/capacities/get-details) for other properties available.

## Examples

### Test that the Power BI Embedded Capacity

```ruby
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do
its('count') { should eq 1.0 }
end
```

## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).

### exists

```ruby
# If the Power BI Embedded Capacity is found, it will exist
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do
it { should exist }
end
# if the Power BI Embedded Capacity is not found, it will not exist
describe azure_power_bi_embedded_capacity(resource_group: 'RESOURCE_GROUP', name: 'POWER_BI_EMBEDDED') do
it { should_not exist }
end
```

## Azure Permissions

Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `contributor` role on the subscription you wish to test.
44 changes: 44 additions & 0 deletions libraries/azure_power_bi_embedded_capacities.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
require 'azure_generic_resources'

class AzurePowerBiEmbeddedCapacities < AzureGenericResources
name 'azure_power_bi_embedded_capacities'
desc 'Retrieves and verifies the settings of all Azure Power BI Embedded Capacities.'
example <<-EXAMPLE
describe azure_power_bi_embedded_capacities do
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.PowerBIDedicated/capacities', opts)
super(opts, true)
return if failed_resource?

populate_filter_table_from_response
end

def to_s
super(AzurePowerBiEmbeddedCapacities)
end

private

def populate_table
@resources.each do |resource|
props = resource[:properties]
sku_hash = concat_keys(resource[:sku], 'sku')
administration_attrs = concat_keys(props[:administration], 'administration')
@table << resource.merge(resource[:properties])
.merge(sku_hash)
.merge(administration_attrs)
end
end

def concat_keys(props, concat_prefix = nil)
return unless concat_prefix

props.each_with_object({}) { |(key, value), hash| hash["#{concat_prefix}_#{key}".to_sym] = value }
end
end
22 changes: 22 additions & 0 deletions libraries/azure_power_bi_embedded_capacity.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
require 'azure_generic_resource'

class AzurePowerBiEmbeddedCapacity < AzureGenericResource
name 'azure_power_bi_embedded_capacity'
desc 'Retrieves and verifies the settings of an Azure Power BI Embedded Capacity.'
example <<-EXAMPLE
describe azure_power_bi_embedded_capacity(resource_group: 'inspec-azure-rg', name: 'power-bi-inspec') do
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.PowerBIDedicated/capacities', opts)
super(opts, true)
end

def to_s
super(AzurePowerBiEmbeddedCapacity)
end
end
10 changes: 9 additions & 1 deletion terraform/azure.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
}

provider "azurerm" {
version = "~> 2.1.0"
version = "~> 2.2.0"
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
Expand Down Expand Up @@ -1424,4 +1424,12 @@ resource "azurerm_virtual_wan" "inspec-nw-wan" {
location = var.location
name = var.inspec_wan_name
resource_group_name = azurerm_resource_group.rg.name
}

resource "azurerm_powerbi_embedded" "power_bi_embedded" {
name = var.power_bi_embedded_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku_name = "A1"
administrators = ["sbabu@progress.com"]
}
5 changes: 5 additions & 0 deletions terraform/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -493,3 +493,8 @@ output "inspec_virtual_wan" {
description = "The resource name of the inspec virtual WAN"
value = azurerm_virtual_wan.inspec-nw-wan.name
}

output "power_bi_embedded_name" {
description = "The name of the Power BI Embedded"
value = azurerm_powerbi_embedded.power_bi_embedded.name
}
4 changes: 4 additions & 0 deletions terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -178,3 +178,7 @@ variable "inspec_compliance_redis_cache_name" {
variable "inspec_wan_name" {
default = "inspec-nw-wan"
}

variable "power_bi_embedded_name" {
default = "inspecdevbi"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
power_bi_embedded_name = input(:power_bi_embedded_name, value: '')
location = input(:location, value: '')

control 'Verify settings for all Azure Power BI Embedded Capacities' do
describe azure_power_bi_embedded_capacities do
it { should exist }
its('names') { should include power_bi_embedded_name }
its('locations') { should include location }
its('modes') { should include 'Gen2' }
its('sku_names') { should include 'A1' }
its('sku_capacities') { should include 1 }
end
end
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
resource_group = input(:resource_group, value: '')
power_bi_embedded_name = input(:power_bi_embedded_name, value: '')

control 'Verify settings for Azure Power BI Embedded Capacity' do
describe azure_power_bi_embedded_capacity(resource_group: resource_group, name: power_bi_embedded_name) do
it { should exist }
its('properties.mode') { should include 'Gen2' }
its('sku.name') { should eq 'A1' }
its('sku.capacity') { should eq 1 }
end
end
21 changes: 21 additions & 0 deletions test/unit/resources/azure_power_bi_embedded_capacities_test.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
require_relative 'helper'
require 'azure_power_bi_embedded_capacities'

class AzurePowerBiEmbeddedCapacitiesConstructorTest < Minitest::Test
# resource_type should not be allowed.
def test_resource_type_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacities.new(resource_provider: 'some_type') }
end

def tag_value_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacities.new(tag_value: 'some_tag_value') }
end

def tag_name_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacities.new(tag_name: 'some_tag_name') }
end

def test_name_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacities.new(name: 'some_name') }
end
end
17 changes: 17 additions & 0 deletions test/unit/resources/azure_power_bi_embedded_capacity_test.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
require_relative 'helper'
require 'azure_power_bi_embedded_capacity'

class AzurePowerBiEmbeddedCapacityConstructorTest < Minitest::Test
def test_empty_param_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacity.new }
end

# resource_provider should not be allowed.
def test_resource_provider_not_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacity.new(resource_provider: 'some_type') }
end

def test_resource_group_name_alone_ok
assert_raises(ArgumentError) { AzurePowerBiEmbeddedCapacity.new(resource_group: 'test') }
end
end