From cb578c8dc1fe1547609d90e7e281dbedd7fad334 Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 25 Nov 2021 00:10:34 +0530 Subject: [PATCH 01/13] support service bus region(s) Signed-off-by: Sathish --- libraries/azure_service_bus_regions.rb | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 libraries/azure_service_bus_regions.rb diff --git a/libraries/azure_service_bus_regions.rb b/libraries/azure_service_bus_regions.rb new file mode 100644 index 000000000..d4c70705a --- /dev/null +++ b/libraries/azure_service_bus_regions.rb @@ -0,0 +1,35 @@ +require 'azure_generic_resources' + +class AzureServiceBusRegions < AzureGenericResources + name 'azure_service_bus_regions' + desc 'Verifies settings for a collection of Azure Service Bus regions in a Resource Group' + example <<-EXAMPLE + describe azure_service_bus_regions(sku: 'Standard') do + it { should exist } + end + EXAMPLE + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/sku', opts) + opts[:required_parameters] = %i(sku) + opts[:resource_path] = "#{opts[:sku]}/regions" + super(opts, true) + return if failed_resource? + + populate_filter_table_from_response + end + + def to_s + super(AzureServiceBusRegions) + end + + private + + def populate_table + @resources.each do |resource| + @table << resource.merge(resource[:properties]) + end + end +end From 46f29c5201590a726c8176608ffb60ed1f9cd364 Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 25 Nov 2021 00:10:52 +0530 Subject: [PATCH 02/13] unit test service bus region(s) Signed-off-by: Sathish --- .../azure_service_bus_regions_test.rb | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 test/unit/resources/azure_service_bus_regions_test.rb diff --git a/test/unit/resources/azure_service_bus_regions_test.rb b/test/unit/resources/azure_service_bus_regions_test.rb new file mode 100644 index 000000000..4282f9bb5 --- /dev/null +++ b/test/unit/resources/azure_service_bus_regions_test.rb @@ -0,0 +1,21 @@ +require_relative 'helper' +require 'azure_service_bus_regions' + +class AzureServiceBusRegionsConstructorTest < Minitest::Test + # resource_type should not be allowed. + def test_resource_type_not_ok + assert_raises(ArgumentError) { AzureServiceBusRegions.new(resource_provider: 'some_type') } + end + + def tag_value_not_ok + assert_raises(ArgumentError) { AzureServiceBusRegions.new(tag_value: 'some_tag_value') } + end + + def tag_name_not_ok + assert_raises(ArgumentError) { AzureServiceBusRegions.new(tag_name: 'some_tag_name') } + end + + def test_name_not_ok + assert_raises(ArgumentError) { AzureServiceBusRegions.new(name: 'some_name') } + end +end From 01957fd3bcdc8fb2b37caa228824fdc36910037a Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 25 Nov 2021 00:10:58 +0530 Subject: [PATCH 03/13] integral test service bus region(s) Signed-off-by: Sathish --- .../verify/controls/azure_service_bus_regions.rb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 test/integration/verify/controls/azure_service_bus_regions.rb diff --git a/test/integration/verify/controls/azure_service_bus_regions.rb b/test/integration/verify/controls/azure_service_bus_regions.rb new file mode 100644 index 000000000..ae6a8d94b --- /dev/null +++ b/test/integration/verify/controls/azure_service_bus_regions.rb @@ -0,0 +1,9 @@ +sku_name = 'Standard' +control 'test the properties of all Azure Service Bus Topics' do + describe azure_service_bus_regions(sku: sku_name) do + it { should exist } + its('names') { should include 'Central US' } + its('codes') { should include 'Central US' } + its('fullNames') { should include 'Central US' } + end +end From f62cd2d5fda81080e3accfc59eeb06ea5bfac1a3 Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 25 Nov 2021 00:11:06 +0530 Subject: [PATCH 04/13] document service bus region(s) Signed-off-by: Sathish --- docs/resources/azure_service_bus_regions.md | 87 +++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 docs/resources/azure_service_bus_regions.md diff --git a/docs/resources/azure_service_bus_regions.md b/docs/resources/azure_service_bus_regions.md new file mode 100644 index 000000000..02ea9ca93 --- /dev/null +++ b/docs/resources/azure_service_bus_regions.md @@ -0,0 +1,87 @@ +--- +title: About the azure_service_bus_regions Resource +platform: azure +--- + +# azure_service_bus_regions + +Use the `azure_service_bus_regions` InSpec audit resource to test properties related to all Azure Service Bus Regions. + +## Azure REST API version, endpoint and http client parameters + +This resource interacts with api versions supported by the resource provider. +The `api_version` can be defined as a resource parameter. +If not provided, the latest version will be used. +For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). + +Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. +For more information, refer to the resource pack [README](../../README.md). + +## Availability + +### Installation + +This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). +For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). + +## Syntax + +An `azure_service_bus_regions` resource block returns all Azure Service Bus Regions. + +```ruby +describe azure_service_bus_regions(sku: 'SKU_NAME') do + #... +end +``` + +## Parameters +| Name | Description | +|----------------|----------------------------------------------------------------------------------| +| sku | The sku type. | + +The parameter set optionally be provided for a valid query: +- `sku` + +## Properties + +|Property | Description | Filter Criteria* | +|--------------------------------|------------------------------------------------------------------------|------------------| +| ids | A list of resource IDs. | `id` | +| names | A list of resource Names. | `name` | +| types | A list of the resource types. | `type` | +| properties | A list of Properties for all the Service Bus Regions. | `properties` | +| locations | A list of the Resource locations. | `location` | +| codes | A list of Region codes. | `code` | +| fullNames | A list of Full name of the regions. | `fullName` | + +* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). + +## Examples + +### Test that there are Service Bus Regions that are successfully provisioned. + +```ruby +describe azure_service_bus_regions(sku: 'SKU_NAME').where(code: 'Central US') do + it { should exist } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +### exists + +```ruby +# Should not exist if no Service Bus Regions are present +describe azure_service_bus_regions(sku: 'SKU_NAME') do + it { should_not exist } +end +# Should exist if the filter returns at least one Service Bus Regions +describe azure_service_bus_regions(sku: 'SKU_NAME') do + it { should exist } +end +``` +## Azure Permissions + +Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file From a36a394ff0a3b6ac8db9338d98174b56dde4f962 Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 25 Nov 2021 00:12:12 +0530 Subject: [PATCH 05/13] update readme with service bus region(s) Signed-off-by: Sathish --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 13aa63749..9a958e281 100644 --- a/README.md +++ b/README.md @@ -236,6 +236,7 @@ The following is a list of static resources. - [azure_sentinel_incidents_resources](docs/resources/azure_sentinel_incidents_resources.md) - [azure_service_bus_namespace](docs/resources/azure_service_bus_namespace.md) - [azure_service_bus_namespaces](docs/resources/azure_service_bus_namespaces.md) +- [azure_service_bus_regions](docs/resources/azure_service_bus_regions.md) - [azure_sql_database](docs/resources/azure_sql_database.md) - [azure_sql_databases](docs/resources/azure_sql_databases.md) - [azure_sql_server](docs/resources/azure_sql_server.md) From 4f672d3818805ce86e4264f1f50986bd84c9e28b Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 11:36:17 +0530 Subject: [PATCH 06/13] support azure service bus subscription rule (s) Signed-off-by: Sathish --- .../azure_service_bus_subscription_rule.rb | 24 +++++++++++++ .../azure_service_bus_subscription_rules.rb | 35 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 libraries/azure_service_bus_subscription_rule.rb create mode 100644 libraries/azure_service_bus_subscription_rules.rb diff --git a/libraries/azure_service_bus_subscription_rule.rb b/libraries/azure_service_bus_subscription_rule.rb new file mode 100644 index 000000000..c5bda0a52 --- /dev/null +++ b/libraries/azure_service_bus_subscription_rule.rb @@ -0,0 +1,24 @@ +require 'azure_generic_resource' + +class AzureServiceBusSubscriptionRule < AzureGenericResource + name 'azure_service_bus_subscription_rule' + desc 'Retrieves and verifies the settings of an Azure Service Bus Subscription Rule.' + example <<-EXAMPLE + describe azure_service_bus_subscription_rule(resource_group: 'inspec-rg', namespace_name: 'inspec-ns', topic_name: 'inspec-topic', subscription_name: 'inspec-sub', name: 'inspec_rule1') do + it { should exist } + end + EXAMPLE + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/namespaces', opts) + opts[:required_parameters] = %i(namespace_name topic_name subscription_name) + opts[:resource_path] = "#{opts[:namespace_name]}/topics/#{opts[:topic_name]}/subscriptions/#{opts[:subscription_name]}/rules" + super(opts, true) + end + + def to_s + super(AzureServiceBusSubscriptionRule) + end +end diff --git a/libraries/azure_service_bus_subscription_rules.rb b/libraries/azure_service_bus_subscription_rules.rb new file mode 100644 index 000000000..1fa2ecfe0 --- /dev/null +++ b/libraries/azure_service_bus_subscription_rules.rb @@ -0,0 +1,35 @@ +require 'azure_generic_resources' + +class AzureServiceBusSubscriptionRules < AzureGenericResources + name 'azure_service_bus_subscription_rules' + desc 'Verifies settings for a collection of Azure Service Bus Subscription Rules in a Resource Group.' + example <<-EXAMPLE + describe azure_service_bus_subscription_rules(resource_group: 'inspec-rg', namespace_name: 'inspec-ns', subscription_name: 'inspec-subs', topic_name: 'inspec-topic') do + it { should exist } + end + EXAMPLE + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/namespaces', opts) + opts[:required_parameters] = %i(namespace_name topic_name subscription_name) + opts[:resource_path] = "#{opts[:namespace_name]}/topics/#{opts[:topic_name]}/subscriptions/#{opts[:subscription_name]}/rules" + super(opts, true) + return if failed_resource? + + populate_filter_table_from_response + end + + def to_s + super(AzureServiceBusSubscriptionRules) + end + + private + + def populate_table + @resources.each do |resource| + @table << resource.merge(resource[:properties]).merge(resource.dig(:properties, :sqlFilter)) + end + end +end From d8ea3b85ae47b4cab4c50c127d98661fc56c4352 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 11:36:29 +0530 Subject: [PATCH 07/13] test azure service bus subscription rule (s) Signed-off-by: Sathish --- ...zure_service_bus_subscription_rule_test.rb | 17 +++++++++++++++ ...ure_service_bus_subscription_rules_test.rb | 21 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 test/unit/resources/azure_service_bus_subscription_rule_test.rb create mode 100644 test/unit/resources/azure_service_bus_subscription_rules_test.rb diff --git a/test/unit/resources/azure_service_bus_subscription_rule_test.rb b/test/unit/resources/azure_service_bus_subscription_rule_test.rb new file mode 100644 index 000000000..38bae2f45 --- /dev/null +++ b/test/unit/resources/azure_service_bus_subscription_rule_test.rb @@ -0,0 +1,17 @@ +require_relative 'helper' +require 'azure_service_bus_subscription_rule' + +class AzureServiceBusSubscriptionRuleConstructorTest < Minitest::Test + def test_empty_param_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRule.new } + end + + # resource_provider should not be allowed. + def test_resource_provider_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRule.new(resource_provider: 'some_type') } + end + + def test_resource_group_name_alone_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRule.new(resource_group: 'test') } + end +end diff --git a/test/unit/resources/azure_service_bus_subscription_rules_test.rb b/test/unit/resources/azure_service_bus_subscription_rules_test.rb new file mode 100644 index 000000000..a0267309a --- /dev/null +++ b/test/unit/resources/azure_service_bus_subscription_rules_test.rb @@ -0,0 +1,21 @@ +require_relative 'helper' +require 'azure_service_bus_subscription_rules' + +class AzureServiceBusSubscriptionRulesConstructorTest < Minitest::Test + # resource_type should not be allowed. + def test_resource_type_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRules.new(resource_provider: 'some_type') } + end + + def tag_value_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRules.new(tag_value: 'some_tag_value') } + end + + def tag_name_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRules.new(tag_name: 'some_tag_name') } + end + + def test_name_not_ok + assert_raises(ArgumentError) { AzureServiceBusSubscriptionRules.new(name: 'some_name') } + end +end From b66de29cab75221f417a56ac0fd53d26b3144a89 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 11:36:47 +0530 Subject: [PATCH 08/13] integral test azure service bus subscription rule (s) Signed-off-by: Sathish --- .../azure_service_bus_subscription_rule.rb | 14 ++++++++++++++ .../azure_service_bus_subscription_rules.rb | 14 ++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 test/integration/verify/controls/azure_service_bus_subscription_rule.rb create mode 100644 test/integration/verify/controls/azure_service_bus_subscription_rules.rb diff --git a/test/integration/verify/controls/azure_service_bus_subscription_rule.rb b/test/integration/verify/controls/azure_service_bus_subscription_rule.rb new file mode 100644 index 000000000..e764d2dcd --- /dev/null +++ b/test/integration/verify/controls/azure_service_bus_subscription_rule.rb @@ -0,0 +1,14 @@ +resource_group = input(:resource_group, value: '') +service_bus_namespace_name = input(:service_bus_namespace_name, value: '') +service_bus_subscription_name = input(:service_bus_subscription_name, value: '') +service_bus_topic_name = input(:service_bus_topic_name, value: '') +service_bus_subscription_rule_name = input(:service_bus_subscription_rule_name, value: '') + +control 'Verify the settings for an Azure Service Bus Subscription Rule' do + describe azure_service_bus_subscription_rule(resource_group: resource_group, namespace_name: service_bus_namespace_name, subscription_name: service_bus_subscription_name, topic_name: service_bus_topic_name, name: service_bus_subscription_rule_name) do + it { should exist } + its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } + its('properties.filterType') { should eq 'SqlFilter' } + its('properties.sqlFilter.compatibilityLevel') { should eq 20 } + end +end diff --git a/test/integration/verify/controls/azure_service_bus_subscription_rules.rb b/test/integration/verify/controls/azure_service_bus_subscription_rules.rb new file mode 100644 index 000000000..ba9159ea4 --- /dev/null +++ b/test/integration/verify/controls/azure_service_bus_subscription_rules.rb @@ -0,0 +1,14 @@ +resource_group = input(:resource_group, value: '') +service_bus_namespace_name = input(:service_bus_namespace_name, value: '') +service_bus_subscription_name = input(:service_bus_subscription_name, value: '') +service_bus_topic_name = input(:service_bus_topic_name, value: '') +service_bus_subscription_rule_name = input(:service_bus_subscription_rule_name, value: '') + +control 'Verify the settings for all Azure Service Bus Subscription Rules' do + describe azure_service_bus_subscription_rules(resource_group: resource_group, namespace_name: service_bus_namespace_name, subscription_name: service_bus_subscription_name, topic_name: service_bus_topic_name) do + it { should exist } + its('name') { should include service_bus_subscription_rule_name } + its('type') { should include 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } + its('filterTypes') { should include 'SqlFilter' } + end +end From 8a72766ca528d6446e07029b150c3920479f1a6c Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 19:54:57 +0530 Subject: [PATCH 09/13] support azure subs Signed-off-by: Sathish --- terraform/azure.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/terraform/azure.tf b/terraform/azure.tf index c6d1fb755..00e4c626a 100644 --- a/terraform/azure.tf +++ b/terraform/azure.tf @@ -1543,4 +1543,22 @@ resource "azurerm_servicebus_topic" "inspec_sb_topic" { namespace_name = azurerm_servicebus_namespace.sb.name enable_partitioning = true +} + +resource "azurerm_servicebus_subscription" "inspec-sub" { + name = "inspec-sb-subs" + resource_group_name = azurerm_resource_group.rg.name + namespace_name = azurerm_servicebus_namespace.sb.name + topic_name = azurerm_servicebus_topic.inspec_sb_topic.name + max_delivery_count = 1 +} + +resource "azurerm_servicebus_subscription_rule" "inspec-sub-rule" { + name = "inspec_subs_rule" + resource_group_name = azurerm_resource_group.rg.name + namespace_name = azurerm_servicebus_namespace.sb.name + topic_name = azurerm_servicebus_topic.inspec_sb_topic.name + subscription_name = azurerm_servicebus_subscription.inspec-sub.name + filter_type = "SqlFilter" + sql_filter = "colour = 'red'" } \ No newline at end of file From 6abe70a1423f6da77ff32c72ebfcfdeebf5199c8 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 19:55:12 +0530 Subject: [PATCH 10/13] output azure sub rule Signed-off-by: Sathish --- terraform/outputs.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 42179424a..699f2393d 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -532,4 +532,14 @@ output "service_bus_namespace_name" { output "service_bus_topic_name" { description = "The name of the Azure Service Bus Topic" value = azurerm_servicebus_topic.inspec_sb_topic.name +} + +output "service_bus_subscription_name" { + description = "The name of the Azure Service Bus Subscription" + value = azurerm_servicebus_subscription.inspec-sub.name +} + +output "service_bus_subscription_rule_name" { + description = "The name of the Azure Service Bus Subscription Rule" + value = azurerm_servicebus_subscription_rule.inspec-sub-rule.name } \ No newline at end of file From 390894aa01e27a84a565b2ab6e505046a9b42450 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 19:55:19 +0530 Subject: [PATCH 11/13] doc azure sub rule Signed-off-by: Sathish --- .../azure_service_bus_subscription_rule.md | 98 +++++++++++++++++++ .../azure_service_bus_subscription_rules.md | 91 +++++++++++++++++ 2 files changed, 189 insertions(+) create mode 100644 docs/resources/azure_service_bus_subscription_rule.md create mode 100644 docs/resources/azure_service_bus_subscription_rules.md diff --git a/docs/resources/azure_service_bus_subscription_rule.md b/docs/resources/azure_service_bus_subscription_rule.md new file mode 100644 index 000000000..f9408feb0 --- /dev/null +++ b/docs/resources/azure_service_bus_subscription_rule.md @@ -0,0 +1,98 @@ +--- +title: About the azure_service_bus_subscription_rule Resource +platform: azure +--- + +# azure_service_bus_subscription_rule + +Use the `azure_service_bus_subscription_rule` InSpec audit resource to test properties related to an Azure Service Bus Subscription Rule. + +## Azure REST API version, endpoint and http client parameters + +This resource interacts with api versions supported by the resource provider. +The `api_version` can be defined as a resource parameter. +If not provided, the latest version will be used. +For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). + +Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. +For more information, refer to the resource pack [README](../../README.md). + +## Availability + +### Installation + +This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). +For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). + +## Syntax + +`resource_group`, `namespace_name`, `subscription_name`, `topic_name` and `name` are required parameters. + +```ruby +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should exist } + its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } + its('properties.filterType') { should eq 'SqlFilter' } +end +``` + +## Parameters + +| Name | Description | +|----------------|----------------------------------------------------------------------------------| +| name | Name of the Azure Service Bus Subscription Rule to test. | +| namespace_name | The namespace name. | +| subscription_name | The subscription name. | +| topic_name | The topic name. | +| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | + +The parameter set should be provided for a valid query: +- `resource_group`, `namespace_name`, `subscription_name`, `topic_name` and `name` + +## Properties + +| Property | Description | +|--------------------------|------------------------------------------------------------------| +| id | Resource Id. | +| name | Resource name. | +| type | Resource type. | +| properties | The properties of the Service Bus Subscription Rule. | +| properties.action | Represents the filter actions which are allowed for the transformation of a message that have been matched by a filter expression. | +| properties.filterType | Filter type that is evaluated against a BrokeredMessage. | +| properties.sqlFilter | Properties of sqlFilter. | + + +For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). + +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/rules/get) for other properties available. + +## Examples + +### Test that the Service Bus Subscription Rule is of SQL Filter type. + +```ruby +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + its('properties.filterType') { should eq 'SqlFilter' } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). + +### exists + +```ruby +# If a Service Bus Subscription Rule is found it will exist +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should exist } +end +# if Service Bus Subscription Rule is not found it will not exist +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should_not exist } +end +``` + +## Azure Permissions + +Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_subscription_rules.md b/docs/resources/azure_service_bus_subscription_rules.md new file mode 100644 index 000000000..51ffd3f9f --- /dev/null +++ b/docs/resources/azure_service_bus_subscription_rules.md @@ -0,0 +1,91 @@ +--- +title: About the azure_service_bus_subscription_rules Resource +platform: azure +--- + +# azure_service_bus_subscription_rules + +Use the `azure_service_bus_subscription_rules` InSpec audit resource to test properties related to all Azure Service Bus Subscription Rules. + +## Azure REST API version, endpoint and http client parameters + +This resource interacts with api versions supported by the resource provider. +The `api_version` can be defined as a resource parameter. +If not provided, the latest version will be used. +For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). + +Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. +For more information, refer to the resource pack [README](../../README.md). + +## Availability + +### Installation + +This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). +For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). + +## Syntax + +An `azure_service_bus_subscription_rules` resource block returns all Azure Service Bus Subscription Rules. + +`resource_group`, `namespace_name`, `subscription_name` and `topic_name` are required parameters. + +```ruby +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + #... +end +``` + +## Parameters +| Name | Description | +|----------------|----------------------------------------------------------------------------------| +| namespace_name | The namespace name. | +| subscription_name | The subscription name. | +| topic_name | The topic name. | +| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | + +The parameter set optionally be provided for a valid query: +- `resource_group`, `namespace_name`, `subscription_name` and `topic_name` + +## Properties + +|Property | Description | Filter Criteria* | +|--------------------------------|------------------------------------------------------------------------|------------------| +| ids | A list of resource IDs. | `id` | +| names | A list of resource Names. | `name` | +| types | A list of the resource types. | `type` | +| properties | A list of Properties for all the Service Bus Subscription Rules. | `properties` | +| filterTypes | A list of the Filter types. | `filterType` | +| sqlFilter | A list of sqlFilters. | `sqlFilter` | + +* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). + +## Examples + +### Test that there are Service Bus Subscription Rules that are of SQL Filter type. + +```ruby +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME').where(filterType: 'SqlFilter') do + it { should exist } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +### exists + +```ruby +# Should not exist if no Service Bus Subscription Rules are present +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + it { should_not exist } +end +# Should exist if the filter returns at least one Service Bus Subscription Rules +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + it { should exist } +end +``` +## Azure Permissions + +Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file From cd6ca3918d6549539b5c5ecf2784137047ef6fc5 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 26 Nov 2021 19:56:29 +0530 Subject: [PATCH 12/13] update readme with sub rules Signed-off-by: Sathish --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 325848fd8..e9ae1344c 100644 --- a/README.md +++ b/README.md @@ -237,6 +237,8 @@ The following is a list of static resources. - [azure_service_bus_namespace](docs/resources/azure_service_bus_namespace.md) - [azure_service_bus_namespaces](docs/resources/azure_service_bus_namespaces.md) - [azure_service_bus_regions](docs/resources/azure_service_bus_regions.md) +- [azure_service_bus_subscription_rule](docs/resources/azure_service_bus_subscription_rule.md) +- [azure_service_bus_subscription_rules](docs/resources/azure_service_bus_subscription_rules.md) - [azure_service_bus_topic](docs/resources/azure_service_bus_topic.md) - [azure_service_bus_topics](docs/resources/azure_service_bus_topics.md) - [azure_sql_database](docs/resources/azure_sql_database.md) From 8b9516e77765e964fcc8e96b3ec2eb326f4d2bb2 Mon Sep 17 00:00:00 2001 From: Ian Maddaus Date: Fri, 11 Mar 2022 12:37:00 -0500 Subject: [PATCH 13/13] Docs edits Signed-off-by: Ian Maddaus --- .../azure_service_bus_subscription_rule.md | 109 +++++++++++++++++ .../azure_service_bus_subscription_rules.md | 112 ++++++++++++++++++ docs/resources/azure_service_bus_namespace.md | 102 ---------------- .../resources/azure_service_bus_namespaces.md | 99 ---------------- docs/resources/azure_service_bus_regions.md | 87 -------------- .../azure_service_bus_subscription_rule.md | 98 --------------- .../azure_service_bus_subscription_rules.md | 91 -------------- docs/resources/azure_service_bus_topic.md | 101 ---------------- docs/resources/azure_service_bus_topics.md | 102 ---------------- 9 files changed, 221 insertions(+), 680 deletions(-) create mode 100644 docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md create mode 100644 docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md delete mode 100644 docs/resources/azure_service_bus_namespace.md delete mode 100644 docs/resources/azure_service_bus_namespaces.md delete mode 100644 docs/resources/azure_service_bus_regions.md delete mode 100644 docs/resources/azure_service_bus_subscription_rule.md delete mode 100644 docs/resources/azure_service_bus_subscription_rules.md delete mode 100644 docs/resources/azure_service_bus_topic.md delete mode 100644 docs/resources/azure_service_bus_topics.md diff --git a/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md b/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md new file mode 100644 index 000000000..0dd922e6b --- /dev/null +++ b/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rule.md @@ -0,0 +1,109 @@ ++++ +title = "azure_service_bus_subscription_rule Resource" +platform = "azure" +draft = false +gh_repo = "inspec-azure" + +[menu.inspec] +title = "azure_service_bus_subscription_rule" +identifier = "inspec/resources/azure/azure_service_bus_subscription_rule Resource" +parent = "inspec/resources/azure" ++++ + +Use the `azure_service_bus_subscription_rule` InSpec audit resource to test properties related to an Azure Service Bus subscription rule. + +## Azure REST API Version, Endpoint, and HTTP Client Parameters + +{{% inspec_azure_common_parameters %}} + +## Installation + +{{% inspec_azure_install %}} + +## Syntax + +```ruby +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should exist } + its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } + its('properties.filterType') { should eq 'SqlFilter' } +end +``` + +## Parameters + +`name` _(required)_ +: Name of the Azure Service Bus subscription rule to test. + +`namespace_name` _(required)_ +: The namespace name. + +`subscription_name` _(required)_ +: The subscription name. + +`topic_name` _(required)_ +: The topic name. + +`resource_group` _(required)_ +: Azure resource group that the targeted resource resides in. + +## Properties + +`id` +: Resource Id. + +`name` +: Resource name. + +`type` +: Resource type. + +`properties` +: The properties of the Service Bus subscription rule. + +`properties.action` +: Represents the filter actions which are allowed for the transformation of a message that have been matched by a filter expression. + +`properties.filterType` +: Filter type that is evaluated against a BrokeredMessage. + +`properties.sqlFilter` +: Properties of sqlFilter. + + +For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). + +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/rules/get) for other properties available. + +## Examples + +**Test that the Service Bus subscription rule is of SQL Filter type.** + +```ruby +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + its('properties.filterType') { should eq 'SqlFilter' } +end +``` + +## Matchers + +{{% inspec_matchers_link %}} + +### exists + +```ruby +# If a Service Bus subscription rule is found it will exist + +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should exist } +end +# if Service Bus subscription rule is not found it will not exist + +describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do + it { should_not exist } +end +``` + +## Azure Permissions + +{{% azure_permissions_service_principal role="reader" %}} diff --git a/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md b/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md new file mode 100644 index 000000000..23bb4fba7 --- /dev/null +++ b/docs-chef-io/content/inspec/resources/azure_service_bus_subscription_rules.md @@ -0,0 +1,112 @@ ++++ +title = "azure_service_bus_subscription_rules Resource" +platform = "azure" +draft = false +gh_repo = "inspec-azure" + +[menu.inspec] +title = "azure_service_bus_subscription_rules" +identifier = "inspec/resources/azure/azure_service_bus_subscription_rules Resource" +parent = "inspec/resources/azure" ++++ + +Use the `azure_service_bus_subscription_rules` InSpec audit resource to test properties related to all Azure Service Bus subscription rules. + +## Azure REST API Version, Endpoint, and HTTP Client Parameters + +{{% inspec_azure_common_parameters %}} + +## Installation + +{{% inspec_azure_install %}} + +## Syntax + +An `azure_service_bus_subscription_rules` resource block returns all Azure Service Bus subscription rules. + +```ruby +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + #... +end +``` + +## Parameters + +`namespace_name` _(required)_ +: The namespace name. + +`subscription_name` _(required)_ +: The subscription name. + +`topic_name` _(required)_ +: The topic name. + +`resource_group` _(required)_ +: Azure resource group that the targeted resource resides in. + +## Properties + +`ids` +: A list of resource IDs. + +: **Field**: `id` + +`names` +: A list of resource Names. + +: **Field**: `name` + +`types` +: A list of the resource types. + +: **Field**: `type` + +`properties` +: A list of Properties for all the Service Bus subscription rules. + +: **Field**: `properties` + +`filterTypes` +: A list of the Filter types. + +: **Field**: `filterType` + +`sqlFilter` +: A list of sqlFilters. + +: **Field**: `sqlFilter` + +{{% inspec_filter_table %}} + +## Examples + +**Test that there are Service Bus subscription rules that are of SQL Filter type.** + +```ruby +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME').where(filterType: 'SqlFilter') do + it { should exist } +end +``` + +## Matchers + +{{% inspec_matchers_link %}} + +### exists + +```ruby +# Should not exist if no Service Bus subscription rules are present + +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + it { should_not exist } +end +# Should exist if the filter returns at least one Service Bus subscription rules + +describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do + it { should exist } +end +``` + +## Azure Permissions + +{{% azure_permissions_service_principal role="reader" %}} diff --git a/docs/resources/azure_service_bus_namespace.md b/docs/resources/azure_service_bus_namespace.md deleted file mode 100644 index 7b5225dfb..000000000 --- a/docs/resources/azure_service_bus_namespace.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: About the azure_service_bus_namespace Resource -platform: azure ---- - -# azure_service_bus_namespace - -Use the `azure_service_bus_namespace` InSpec audit resource to test properties related to an Azure Service Bus Namespace. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -`name`, `resource_group` is a required parameter. - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces' } - its('location') { should eq 'East US' } -end -``` - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` -## Parameters - -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| name | Name of the Azure Service Bus Namespaces to test. | -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | - -The parameter set should be provided for a valid query: -- `resource_group` and `name` - -## Properties - -| Property | Description | -|--------------------------|------------------------------------------------------------------| -| id | Resource Id. | -| name | Resource name. | -| type | Resource type. `Microsoft.ServiceBus/Namespaces` | -| location | The Geo-location where the resource lives. | -| properties | The properties of the Service Bus Namespace. | -| properties.serviceBusEndpoint | Endpoint you can use to perform Service Bus operations. | -| properties.metricId | Identifier for Azure Insights metrics. | -| properties.provisioningState | Provisioning state of the namespace. | -| sku.name | Name of this SKU. | - - -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). - -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/namespaces/get) for other properties available. - -## Examples - -### Test that the Service Bus Namespaces is provisioned successfully. - -```ruby -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - its('properties.provisioningState') { should eq 'Succeeded' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Service Bus Namespace is found it will exist -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -# if Service Bus Namespace is not found it will not exist -describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_BUS_NAMESPACE') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_namespaces.md b/docs/resources/azure_service_bus_namespaces.md deleted file mode 100644 index 24990d72d..000000000 --- a/docs/resources/azure_service_bus_namespaces.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: About the azure_service_bus_namespaces Resource -platform: azure ---- - -# azure_service_bus_namespaces - -Use the `azure_service_bus_namespaces` InSpec audit resource to test properties related to all Azure Service Bus Namespaces within a project. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -An `azure_service_bus_namespaces` resource block returns all Azure Service Bus Namespaces within a project. - -```ruby -describe azure_service_bus_namespaces do - #... -end -``` - -## Parameters -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` (Optional) | - -The parameter set optionally be provided for a valid query: -- `resource_group` - -## Properties - -|Property | Description | Filter Criteria* | -|--------------------------------|------------------------------------------------------------------------|------------------| -| ids | A list of resource IDs. | `id` | -| names | A list of resource Names. | `name` | -| types | A list of the resource types. | `type` | -| properties | A list of Properties for all the Service Bus Namespaces. | `properties` | -| locations | A list of the Geo-locations. | `location` | -| serviceBusEndpoints | A list of endpoints you can use to perform Service Bus operations. | `serviceBusEndpoint` | -| metricIds | A list of identifiers for Azure Insights metrics. | `metricId` | -| provisioningStates | A list of provisioning states of the namespace.. | `provisioningState`| -| sku_names | A list of names for the sku | `sku_name` | -| sku_tiers | A list of tiers for the sku | `sku_tier` | - -* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). - -## Examples - -### Loop through Service Bus Namespaces by their names. - -```ruby -azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP').names.each do |name| - describe azure_service_bus_namespace(resource_group: 'RESOURCE_GROUP', name: name) do - it { should exist } - end -end -``` -### Test that there are Service Bus Namespaces that are successfully provisioned. - -```ruby -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -```ruby -# Should not exist if no Service Bus Namespaces are present -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP') do - it { should_not exist } -end -# Should exist if the filter returns at least one Service Bus Namespaces -describe azure_service_bus_namespaces(resource_group: 'RESOURCE_GROUP') do - it { should exist } -end -``` -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_regions.md b/docs/resources/azure_service_bus_regions.md deleted file mode 100644 index 02ea9ca93..000000000 --- a/docs/resources/azure_service_bus_regions.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: About the azure_service_bus_regions Resource -platform: azure ---- - -# azure_service_bus_regions - -Use the `azure_service_bus_regions` InSpec audit resource to test properties related to all Azure Service Bus Regions. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -An `azure_service_bus_regions` resource block returns all Azure Service Bus Regions. - -```ruby -describe azure_service_bus_regions(sku: 'SKU_NAME') do - #... -end -``` - -## Parameters -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| sku | The sku type. | - -The parameter set optionally be provided for a valid query: -- `sku` - -## Properties - -|Property | Description | Filter Criteria* | -|--------------------------------|------------------------------------------------------------------------|------------------| -| ids | A list of resource IDs. | `id` | -| names | A list of resource Names. | `name` | -| types | A list of the resource types. | `type` | -| properties | A list of Properties for all the Service Bus Regions. | `properties` | -| locations | A list of the Resource locations. | `location` | -| codes | A list of Region codes. | `code` | -| fullNames | A list of Full name of the regions. | `fullName` | - -* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). - -## Examples - -### Test that there are Service Bus Regions that are successfully provisioned. - -```ruby -describe azure_service_bus_regions(sku: 'SKU_NAME').where(code: 'Central US') do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -```ruby -# Should not exist if no Service Bus Regions are present -describe azure_service_bus_regions(sku: 'SKU_NAME') do - it { should_not exist } -end -# Should exist if the filter returns at least one Service Bus Regions -describe azure_service_bus_regions(sku: 'SKU_NAME') do - it { should exist } -end -``` -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_subscription_rule.md b/docs/resources/azure_service_bus_subscription_rule.md deleted file mode 100644 index f9408feb0..000000000 --- a/docs/resources/azure_service_bus_subscription_rule.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: About the azure_service_bus_subscription_rule Resource -platform: azure ---- - -# azure_service_bus_subscription_rule - -Use the `azure_service_bus_subscription_rule` InSpec audit resource to test properties related to an Azure Service Bus Subscription Rule. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -`resource_group`, `namespace_name`, `subscription_name`, `topic_name` and `name` are required parameters. - -```ruby -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' } - its('properties.filterType') { should eq 'SqlFilter' } -end -``` - -## Parameters - -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| name | Name of the Azure Service Bus Subscription Rule to test. | -| namespace_name | The namespace name. | -| subscription_name | The subscription name. | -| topic_name | The topic name. | -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | - -The parameter set should be provided for a valid query: -- `resource_group`, `namespace_name`, `subscription_name`, `topic_name` and `name` - -## Properties - -| Property | Description | -|--------------------------|------------------------------------------------------------------| -| id | Resource Id. | -| name | Resource name. | -| type | Resource type. | -| properties | The properties of the Service Bus Subscription Rule. | -| properties.action | Represents the filter actions which are allowed for the transformation of a message that have been matched by a filter expression. | -| properties.filterType | Filter type that is evaluated against a BrokeredMessage. | -| properties.sqlFilter | Properties of sqlFilter. | - - -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). - -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/rules/get) for other properties available. - -## Examples - -### Test that the Service Bus Subscription Rule is of SQL Filter type. - -```ruby -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - its('properties.filterType') { should eq 'SqlFilter' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Service Bus Subscription Rule is found it will exist -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should exist } -end -# if Service Bus Subscription Rule is not found it will not exist -describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_subscription_rules.md b/docs/resources/azure_service_bus_subscription_rules.md deleted file mode 100644 index 51ffd3f9f..000000000 --- a/docs/resources/azure_service_bus_subscription_rules.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: About the azure_service_bus_subscription_rules Resource -platform: azure ---- - -# azure_service_bus_subscription_rules - -Use the `azure_service_bus_subscription_rules` InSpec audit resource to test properties related to all Azure Service Bus Subscription Rules. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -An `azure_service_bus_subscription_rules` resource block returns all Azure Service Bus Subscription Rules. - -`resource_group`, `namespace_name`, `subscription_name` and `topic_name` are required parameters. - -```ruby -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - #... -end -``` - -## Parameters -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| namespace_name | The namespace name. | -| subscription_name | The subscription name. | -| topic_name | The topic name. | -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | - -The parameter set optionally be provided for a valid query: -- `resource_group`, `namespace_name`, `subscription_name` and `topic_name` - -## Properties - -|Property | Description | Filter Criteria* | -|--------------------------------|------------------------------------------------------------------------|------------------| -| ids | A list of resource IDs. | `id` | -| names | A list of resource Names. | `name` | -| types | A list of the resource types. | `type` | -| properties | A list of Properties for all the Service Bus Subscription Rules. | `properties` | -| filterTypes | A list of the Filter types. | `filterType` | -| sqlFilter | A list of sqlFilters. | `sqlFilter` | - -* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). - -## Examples - -### Test that there are Service Bus Subscription Rules that are of SQL Filter type. - -```ruby -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME').where(filterType: 'SqlFilter') do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -```ruby -# Should not exist if no Service Bus Subscription Rules are present -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - it { should_not exist } -end -# Should exist if the filter returns at least one Service Bus Subscription Rules -describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do - it { should exist } -end -``` -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_topic.md b/docs/resources/azure_service_bus_topic.md deleted file mode 100644 index 5e60b755a..000000000 --- a/docs/resources/azure_service_bus_topic.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: About the azure_service_bus_topic Resource -platform: azure ---- - -# azure_service_bus_topic - -Use the `azure_service_bus_topic` InSpec audit resource to test properties related to an Azure Service Bus Topic. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -`name`, `namespace_name` and `resource_group` is a required parameter. - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } - its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics' } -end -``` - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -``` -## Parameters - -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| name | Name of the Azure Service Bus Topics to test. | -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | -| namespace_name | Name of the namespace where the topic resides in. | - -The parameter set should be provided for a valid query: -- `resource_group` , `namespace_name` and `name` - -## Properties - -| Property | Description | -|--------------------------|------------------------------------------------------------------| -| id | Resource Id. | -| name | Resource name. | -| type | Resource type. `Microsoft.ServiceBus/Namespaces/Topics` | -| properties | The properties of the Service Bus Topic. | -| properties.maxSizeInMegabytes | Maximum size of the topic in megabytes, which is the size of the memory allocated for the topic. Default is 1024.| -| properties.sizeInBytes | Size of the topic, in bytes. | -| properties.status | Enumerates the possible values for the status of a messaging entity.| -| properties.countDetails | Message count details. | - - -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). - -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/topics/get) for other properties available. - -## Examples - -### Test that the Service Bus Topics is provisioned successfully. - -```ruby -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - its('properties.status') { should eq 'Active' } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). - -### exists - -```ruby -# If a Service Bus Topic is found it will exist -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should exist } -end -# if Service Bus Topic is not found it will not exist -describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: 'SERVICE_BUS_NAMESPACE') do - it { should_not exist } -end -``` - -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file diff --git a/docs/resources/azure_service_bus_topics.md b/docs/resources/azure_service_bus_topics.md deleted file mode 100644 index ff0217b22..000000000 --- a/docs/resources/azure_service_bus_topics.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: About the azure_service_bus_topics Resource -platform: azure ---- - -# azure_service_bus_topics - -Use the `azure_service_bus_topics` InSpec audit resource to test properties related to all Azure Service Bus Topics within a project. - -## Azure REST API version, endpoint and http client parameters - -This resource interacts with api versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). - -Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used. -For more information, refer to the resource pack [README](../../README.md). - -## Availability - -### Installation - -This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). -For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). - -## Syntax - -An `azure_service_bus_topics` resource block returns all Azure Service Bus Topics within a project. - -`name`, `namespace_name` and `resource_group` is a required parameter. - -```ruby -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - #... -end -``` - -## Parameters - -| Name | Description | -|----------------|----------------------------------------------------------------------------------| -| name | Name of the Azure Service Bus Topics to test. | -| resource_group | Azure resource group that the targeted resource resides in. `MyResourceGroup` | -| namespace_name | Name of the namespace where the topic resides in. | - -The parameter set should be provided for a valid query: -- `resource_group` and `namespace_name` - -## Properties - -|Property | Description | Filter Criteria* | -|--------------------------------|------------------------------------------------------------------------|------------------| -| ids | A list of resource IDs. | `id` | -| names | A list of resource Names. | `name` | -| types | A list of the resource types. | `type` | -| properties | A list of Properties for all the Service Bus Topics. | `properties` | -| maxSizeInMegabytes | A list of maximum sizes of the topics. | `maxSizeInMegabytes` | -| sizeInBytes | A list of sizes of the topics. | `sizeInBytes` | -| statuses | A list of the status of a messaging entity. | `status` | -| countDetails | A list of message count details. | `countDetails` | - -* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). - -## Examples - -### Loop through Service Bus Topics by their names. - -```ruby -azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME').names.each do |name| - describe azure_service_bus_topic(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME', name: name) do - it { should exist } - end -end -``` -### Test that there are Service Bus Topics that are successfully provisioned. - -```ruby -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME').where(status: 'Active') do - it { should exist } -end -``` - -## Matchers - -This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). - -### exists - -```ruby -# Should not exist if no Service Bus Topics are present -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - it { should_not exist } -end -# Should exist if the filter returns at least one Service Bus Topics -describe azure_service_bus_topics(resource_group: 'RESOURCE_GROUP', namespace_name: 'SERVICE_BUS_NAMESPACE_NAME') do - it { should exist } -end -``` -## Azure Permissions - -Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `reader` role on the subscription you wish to test. \ No newline at end of file