diff --git a/Gemfile b/Gemfile index 4fa522a5c..2c3ee078a 100644 --- a/Gemfile +++ b/Gemfile @@ -9,6 +9,7 @@ gem 'rake', '~> 12.3', '>= 12.3.1' group :development do gem 'pry', '~> 0.11.3' + gem 'pry-byebug' end group :developmen, :test do diff --git a/Rakefile b/Rakefile index 618e8e5ee..a1dd37155 100644 --- a/Rakefile +++ b/Rakefile @@ -111,7 +111,7 @@ namespace :test do task :integration, [:controls] => ['attributes:write', :setup_env] do |_t, args| cmd = %W( bin/inspec exec #{INTEGRATION_DIR} --input-file terraform/#{ENV['ATTRIBUTES_FILE']} - --reporter progress + --reporter cli --no-distinct-exit -t azure://#{ENV['AZURE_SUBSCRIPTION_ID']} ) diff --git a/docs/resources/azurerm_resource_groups.md.erb b/docs/resources/azurerm_resource_groups.md similarity index 92% rename from docs/resources/azurerm_resource_groups.md.erb rename to docs/resources/azurerm_resource_groups.md index d36ccd9d9..0ff678fc4 100644 --- a/docs/resources/azurerm_resource_groups.md.erb +++ b/docs/resources/azurerm_resource_groups.md @@ -95,13 +95,23 @@ is a string value. ## Attributes + - `ids` - `names` + - `tags` ### names +The names property provides a list of all the Resource Group ids. + + its('ids') { should include 'MyResourceGroupID' } + The names property provides a list of all the Resource Group names. its('names') { should include 'MyResourceGroup' } + +The names property provides a list of all the Resource Group tags. + + its('tags') { should include '{MyResourceGroupTag=""}' } ## Matchers diff --git a/libraries/azurerm_resource_groups.rb b/libraries/azurerm_resource_groups.rb index 310e8dab7..e0d5a082f 100644 --- a/libraries/azurerm_resource_groups.rb +++ b/libraries/azurerm_resource_groups.rb @@ -12,7 +12,9 @@ class AzurermResourceGroups < AzurermPluralResource EXAMPLE FilterTable.create - .register_column(:names, field: 'name') + .register_column(:names, field: :name) + .register_column(:ids, field: :id) + .register_column(:tags, field: :tags) .install_filter_methods_on_resource(self, :table) attr_reader :table @@ -21,6 +23,11 @@ def initialize resp = management.resource_groups return if has_error?(resp) + resp.map! do |r| + r=r.to_h + r[:tags]={} unless r[:tags] + r + end @table = resp end diff --git a/terraform/azure.tf b/terraform/azure.tf index a71d01bcb..3c700924d 100644 --- a/terraform/azure.tf +++ b/terraform/azure.tf @@ -386,6 +386,7 @@ resource "azurerm_monitor_log_profile" "log_profile" { locations = [ "eastus", + "global", ] storage_account_id = azurerm_storage_account.sa.id @@ -394,6 +395,7 @@ resource "azurerm_monitor_log_profile" "log_profile" { enabled = true days = 365 } + depends_on = [azurerm_storage_account.sa] } # MSI External Access VM diff --git a/test/integration/verify/controls/azurerm_resource_groups.rb b/test/integration/verify/controls/azurerm_resource_groups.rb index 28562a121..4c78a0be6 100644 --- a/test/integration/verify/controls/azurerm_resource_groups.rb +++ b/test/integration/verify/controls/azurerm_resource_groups.rb @@ -4,5 +4,6 @@ describe azurerm_resource_groups do it { should exist } its('names') { should include(resource_group) } + its('tags') { should include({}) } end end diff --git a/test/integration/verify/controls/azurerm_security_center_policy.rb b/test/integration/verify/controls/azurerm_security_center_policy.rb index f4ead399e..19cef0ed3 100644 --- a/test/integration/verify/controls/azurerm_security_center_policy.rb +++ b/test/integration/verify/controls/azurerm_security_center_policy.rb @@ -14,6 +14,7 @@ describe azurerm_security_center_policy(name: 'default') do it { should exist } + # if this fails run 'az security auto-provisioning-setting update -n "default" --auto-provision "On"' it { should have_auto_provisioning_enabled } its('id') { should eq("/subscriptions/#{ENV['AZURE_SUBSCRIPTION_ID']}/providers/Microsoft.Security/policies/default") } its('name') { should eq('default') }