Merge pull request #238 from inspec/add_tags_to_resource_group

Add tags to resource group
inspec · Apr 17, 2020 · 2b762c7 · 2b762c7
2 parents ea688b7 + f11d9a5
commit 2b762c7
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 2 deletions.
diff --git a/Gemfile b/Gemfile
@@ -9,6 +9,7 @@ gem 'rake',                '~> 12.3', '>= 12.3.1'
 
 group :development do
   gem 'pry', '~> 0.11.3'
+  gem 'pry-byebug'
 end
 
 group :developmen, :test do

diff --git a/Rakefile b/Rakefile
@@ -111,7 +111,7 @@ namespace :test do
   task :integration, [:controls] => ['attributes:write', :setup_env] do |_t, args|
     cmd = %W( bin/inspec exec #{INTEGRATION_DIR}
               --input-file terraform/#{ENV['ATTRIBUTES_FILE']}
-              --reporter progress
+              --reporter cli
               --no-distinct-exit
               -t azure://#{ENV['AZURE_SUBSCRIPTION_ID']} )
 

diff --git a/.../resources/azurerm_resource_groups.md.erb → docs/resources/azurerm_resource_groups.md b/.../resources/azurerm_resource_groups.md.erb → docs/resources/azurerm_resource_groups.md
@@ -95,13 +95,23 @@ is a string value.
 
 ## Attributes
 
+  - `ids`
   - `names`
+  - `tags`
 
 ### names
 
+The names property provides a list of all the Resource Group ids.
+
+    its('ids') { should include 'MyResourceGroupID' }
+
 The names property provides a list of all the Resource Group names.
 
     its('names') { should include 'MyResourceGroup' }
+
+The names property provides a list of all the Resource Group tags.
+
+    its('tags') { should include '{MyResourceGroupTag=""}' }
 
 ## Matchers
 

diff --git a/libraries/azurerm_resource_groups.rb b/libraries/azurerm_resource_groups.rb
@@ -12,7 +12,9 @@ class AzurermResourceGroups < AzurermPluralResource
   EXAMPLE
 
   FilterTable.create
-             .register_column(:names, field: 'name')
+             .register_column(:names, field: :name)
+             .register_column(:ids, field: :id)
+             .register_column(:tags, field: :tags)
              .install_filter_methods_on_resource(self, :table)
 
   attr_reader :table
@@ -21,6 +23,11 @@ def initialize
     resp = management.resource_groups
     return if has_error?(resp)
 
+    resp.map! do |r|
+      r=r.to_h
+      r[:tags]={} unless r[:tags]
+      r
+    end
     @table = resp
   end
 

diff --git a/terraform/azure.tf b/terraform/azure.tf
@@ -386,6 +386,7 @@ resource "azurerm_monitor_log_profile" "log_profile" {
 
   locations = [
     "eastus",
+    "global",
   ]
 
   storage_account_id = azurerm_storage_account.sa.id
@@ -394,6 +395,7 @@ resource "azurerm_monitor_log_profile" "log_profile" {
     enabled = true
     days    = 365
   }
+  depends_on = [azurerm_storage_account.sa]
 }
 
 # MSI External Access VM

diff --git a/test/integration/verify/controls/azurerm_resource_groups.rb b/test/integration/verify/controls/azurerm_resource_groups.rb
@@ -4,5 +4,6 @@
   describe azurerm_resource_groups do
     it           { should exist }
     its('names') { should include(resource_group) }
+    its('tags')  { should include({}) }
   end
 end
diff --git a/test/integration/verify/controls/azurerm_security_center_policy.rb b/test/integration/verify/controls/azurerm_security_center_policy.rb
@@ -14,6 +14,7 @@
 
   describe azurerm_security_center_policy(name: 'default') do
     it                                     { should exist }
+    # if this fails run 'az security auto-provisioning-setting update -n "default" --auto-provision "On"'
     it                                     { should have_auto_provisioning_enabled }
     its('id')                              { should eq("/subscriptions/#{ENV['AZURE_SUBSCRIPTION_ID']}/providers/Microsoft.Security/policies/default") }
     its('name')                            { should eq('default') }