Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RESOURCE-123 Support servicebus subscription rules #567

Merged
merged 15 commits into from
Mar 12, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,9 @@ The following is a list of static resources.
- [azure_sentinel_incidents_resources](docs/resources/azure_sentinel_incidents_resources.md)
- [azure_service_bus_namespace](docs/resources/azure_service_bus_namespace.md)
- [azure_service_bus_namespaces](docs/resources/azure_service_bus_namespaces.md)
- [azure_service_bus_regions](docs/resources/azure_service_bus_regions.md)
- [azure_service_bus_subscription_rule](docs/resources/azure_service_bus_subscription_rule.md)
- [azure_service_bus_subscription_rules](docs/resources/azure_service_bus_subscription_rules.md)
- [azure_service_bus_topic](docs/resources/azure_service_bus_topic.md)
- [azure_service_bus_topics](docs/resources/azure_service_bus_topics.md)
- [azure_sql_database](docs/resources/azure_sql_database.md)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
+++
title = "azure_service_bus_subscription_rule Resource"
platform = "azure"
draft = false
gh_repo = "inspec-azure"

[menu.inspec]
title = "azure_service_bus_subscription_rule"
identifier = "inspec/resources/azure/azure_service_bus_subscription_rule Resource"
parent = "inspec/resources/azure"
+++

Use the `azure_service_bus_subscription_rule` InSpec audit resource to test properties related to an Azure Service Bus subscription rule.

## Azure REST API Version, Endpoint, and HTTP Client Parameters

{{% inspec_azure_common_parameters %}}

## Installation

{{% inspec_azure_install %}}

## Syntax

```ruby
describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do
it { should exist }
its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' }
its('properties.filterType') { should eq 'SqlFilter' }
end
```

## Parameters

`name` _(required)_
: Name of the Azure Service Bus subscription rule to test.

`namespace_name` _(required)_
: The namespace name.

`subscription_name` _(required)_
: The subscription name.

`topic_name` _(required)_
: The topic name.

`resource_group` _(required)_
: Azure resource group that the targeted resource resides in.

## Properties

`id`
: Resource Id.

`name`
: Resource name.

`type`
: Resource type.

`properties`
: The properties of the Service Bus subscription rule.

`properties.action`
: Represents the filter actions which are allowed for the transformation of a message that have been matched by a filter expression.

`properties.filterType`
: Filter type that is evaluated against a BrokeredMessage.

`properties.sqlFilter`
: Properties of sqlFilter.


For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}).

Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicebus/stable/rules/get) for other properties available.

## Examples

**Test that the Service Bus subscription rule is of SQL Filter type.**

```ruby
describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do
its('properties.filterType') { should eq 'SqlFilter' }
end
```

## Matchers

{{% inspec_matchers_link %}}

### exists

```ruby
# If a Service Bus subscription rule is found it will exist

describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do
it { should exist }
end
# if Service Bus subscription rule is not found it will not exist

describe azure_service_bus_subscription_rule(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: "SUBSCRIPTION_NAME", topic_name: 'TOPIC_NAME', name: 'SUBSCRIPTION_RULE_NAME') do
it { should_not exist }
end
```

## Azure Permissions

{{% azure_permissions_service_principal role="reader" %}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
+++
title = "azure_service_bus_subscription_rules Resource"
platform = "azure"
draft = false
gh_repo = "inspec-azure"

[menu.inspec]
title = "azure_service_bus_subscription_rules"
identifier = "inspec/resources/azure/azure_service_bus_subscription_rules Resource"
parent = "inspec/resources/azure"
+++

Use the `azure_service_bus_subscription_rules` InSpec audit resource to test properties related to all Azure Service Bus subscription rules.

## Azure REST API Version, Endpoint, and HTTP Client Parameters

{{% inspec_azure_common_parameters %}}

## Installation

{{% inspec_azure_install %}}

## Syntax

An `azure_service_bus_subscription_rules` resource block returns all Azure Service Bus subscription rules.

```ruby
describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do
#...
end
```

## Parameters

`namespace_name` _(required)_
: The namespace name.

`subscription_name` _(required)_
: The subscription name.

`topic_name` _(required)_
: The topic name.

`resource_group` _(required)_
: Azure resource group that the targeted resource resides in.

## Properties

`ids`
: A list of resource IDs.

: **Field**: `id`

`names`
: A list of resource Names.

: **Field**: `name`

`types`
: A list of the resource types.

: **Field**: `type`

`properties`
: A list of Properties for all the Service Bus subscription rules.

: **Field**: `properties`

`filterTypes`
: A list of the Filter types.

: **Field**: `filterType`

`sqlFilter`
: A list of sqlFilters.

: **Field**: `sqlFilter`

{{% inspec_filter_table %}}

## Examples

**Test that there are Service Bus subscription rules that are of SQL Filter type.**

```ruby
describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME').where(filterType: 'SqlFilter') do
it { should exist }
end
```

## Matchers

{{% inspec_matchers_link %}}

### exists

```ruby
# Should not exist if no Service Bus subscription rules are present

describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do
it { should_not exist }
end
# Should exist if the filter returns at least one Service Bus subscription rules

describe azure_service_bus_subscription_rules(resource_group: 'RESOURCE_GROUP', namespace_name: 'NAMESPACE_NAME', subscription_name: 'SUBSCRIPTION_NAME', topic_name: 'TOPIC_NAME') do
it { should exist }
end
```

## Azure Permissions

{{% azure_permissions_service_principal role="reader" %}}
35 changes: 35 additions & 0 deletions libraries/azure_service_bus_regions.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
require 'azure_generic_resources'

class AzureServiceBusRegions < AzureGenericResources
name 'azure_service_bus_regions'
desc 'Verifies settings for a collection of Azure Service Bus regions in a Resource Group'
example <<-EXAMPLE
describe azure_service_bus_regions(sku: 'Standard') do
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/sku', opts)
opts[:required_parameters] = %i(sku)
opts[:resource_path] = "#{opts[:sku]}/regions"
super(opts, true)
return if failed_resource?

populate_filter_table_from_response
end

def to_s
super(AzureServiceBusRegions)
end

private

def populate_table
@resources.each do |resource|
@table << resource.merge(resource[:properties])
end
end
end
24 changes: 24 additions & 0 deletions libraries/azure_service_bus_subscription_rule.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
require 'azure_generic_resource'

class AzureServiceBusSubscriptionRule < AzureGenericResource
name 'azure_service_bus_subscription_rule'
desc 'Retrieves and verifies the settings of an Azure Service Bus Subscription Rule.'
example <<-EXAMPLE
describe azure_service_bus_subscription_rule(resource_group: 'inspec-rg', namespace_name: 'inspec-ns', topic_name: 'inspec-topic', subscription_name: 'inspec-sub', name: 'inspec_rule1') do
soumyo13 marked this conversation as resolved.
Show resolved Hide resolved
soumyo13 marked this conversation as resolved.
Show resolved Hide resolved
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/namespaces', opts)
opts[:required_parameters] = %i(namespace_name topic_name subscription_name)
soumyo13 marked this conversation as resolved.
Show resolved Hide resolved
opts[:resource_path] = "#{opts[:namespace_name]}/topics/#{opts[:topic_name]}/subscriptions/#{opts[:subscription_name]}/rules"
super(opts, true)
end

def to_s
super(AzureServiceBusSubscriptionRule)
end
end
35 changes: 35 additions & 0 deletions libraries/azure_service_bus_subscription_rules.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
require 'azure_generic_resources'

class AzureServiceBusSubscriptionRules < AzureGenericResources
name 'azure_service_bus_subscription_rules'
desc 'Verifies settings for a collection of Azure Service Bus Subscription Rules in a Resource Group.'
example <<-EXAMPLE
describe azure_service_bus_subscription_rules(resource_group: 'inspec-rg', namespace_name: 'inspec-ns', subscription_name: 'inspec-subs', topic_name: 'inspec-topic') do
soumyo13 marked this conversation as resolved.
Show resolved Hide resolved
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceBus/namespaces', opts)
opts[:required_parameters] = %i(namespace_name topic_name subscription_name)
opts[:resource_path] = "#{opts[:namespace_name]}/topics/#{opts[:topic_name]}/subscriptions/#{opts[:subscription_name]}/rules"
super(opts, true)
return if failed_resource?

populate_filter_table_from_response
end

def to_s
super(AzureServiceBusSubscriptionRules)
end

private

def populate_table
@resources.each do |resource|
@table << resource.merge(resource[:properties]).merge(resource.dig(:properties, :sqlFilter))
end
end
end
18 changes: 18 additions & 0 deletions terraform/azure.tf
Original file line number Diff line number Diff line change
Expand Up @@ -1636,4 +1636,22 @@ resource "azurerm_servicebus_topic" "inspec_sb_topic" {
namespace_name = azurerm_servicebus_namespace.sb.name

enable_partitioning = true
}

resource "azurerm_servicebus_subscription" "inspec-sub" {
name = "inspec-sb-subs"
resource_group_name = azurerm_resource_group.rg.name
namespace_name = azurerm_servicebus_namespace.sb.name
topic_name = azurerm_servicebus_topic.inspec_sb_topic.name
max_delivery_count = 1
}

resource "azurerm_servicebus_subscription_rule" "inspec-sub-rule" {
name = "inspec_subs_rule"
resource_group_name = azurerm_resource_group.rg.name
namespace_name = azurerm_servicebus_namespace.sb.name
topic_name = azurerm_servicebus_topic.inspec_sb_topic.name
subscription_name = azurerm_servicebus_subscription.inspec-sub.name
filter_type = "SqlFilter"
sql_filter = "colour = 'red'"
}
10 changes: 10 additions & 0 deletions terraform/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -559,4 +559,14 @@ output "service_bus_namespace_name" {
output "service_bus_topic_name" {
description = "The name of the Azure Service Bus Topic"
value = azurerm_servicebus_topic.inspec_sb_topic.name
}

output "service_bus_subscription_name" {
description = "The name of the Azure Service Bus Subscription"
value = azurerm_servicebus_subscription.inspec-sub.name
}

output "service_bus_subscription_rule_name" {
description = "The name of the Azure Service Bus Subscription Rule"
value = azurerm_servicebus_subscription_rule.inspec-sub-rule.name
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
sku_name = 'Standard'
control 'test the properties of all Azure Service Bus Topics' do
describe azure_service_bus_regions(sku: sku_name) do
it { should exist }
its('names') { should include 'Central US' }
its('codes') { should include 'Central US' }
its('fullNames') { should include 'Central US' }
end
end
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
resource_group = input(:resource_group, value: '')
service_bus_namespace_name = input(:service_bus_namespace_name, value: '')
service_bus_subscription_name = input(:service_bus_subscription_name, value: '')
service_bus_topic_name = input(:service_bus_topic_name, value: '')
service_bus_subscription_rule_name = input(:service_bus_subscription_rule_name, value: '')

control 'Verify the settings for an Azure Service Bus Subscription Rule' do
describe azure_service_bus_subscription_rule(resource_group: resource_group, namespace_name: service_bus_namespace_name, subscription_name: service_bus_subscription_name, topic_name: service_bus_topic_name, name: service_bus_subscription_rule_name) do
it { should exist }
its('type') { should eq 'Microsoft.ServiceBus/Namespaces/Topics/Subscriptions/Rules' }
its('properties.filterType') { should eq 'SqlFilter' }
its('properties.sqlFilter.compatibilityLevel') { should eq 20 }
end
end
Loading