From 40c4182b5bb6d90ee79c9784320bf88e66f93809 Mon Sep 17 00:00:00 2001 From: Ian Maddaus Date: Wed, 28 Jul 2021 16:24:07 -0700 Subject: [PATCH] Docs edits Signed-off-by: Ian Maddaus --- .../azure_active_directory_object.md | 92 ++++++++++--------- .../azure_active_directory_objects.md | 10 +- 2 files changed, 55 insertions(+), 47 deletions(-) diff --git a/docs/resources/azure_active_directory_object.md b/docs/resources/azure_active_directory_object.md index 670f1d7f6..0dc8e6e4c 100644 --- a/docs/resources/azure_active_directory_object.md +++ b/docs/resources/azure_active_directory_object.md @@ -5,9 +5,9 @@ platform: azure # azure_active_directory_object -Use the `azure_active_directory_object` InSpec audit resource to test properties of an Azure Active Directory Object. +Use the `azure_active_directory_object` InSpec audit resource to test properties of an Azure Active Directory object. -## Azure REST API version, endpoint and http client parameters +## Azure REST API version, endpoint, and HTTP client parameters This resource interacts with api versions supported by the resource provider. The `api_version` can be defined as a resource parameter. @@ -26,7 +26,7 @@ For an example `inspec.yml` file and how to set up your Azure credentials, refer ## Syntax ```ruby -describe azure_active_directory_object(id: '0bf29229-50d7-433c-b08e-2a5d8b293cb5') do +describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do it { should exist } end ``` @@ -34,71 +34,77 @@ end parameter `id` is mandatory. -| Name | Description | Example | -|--------------------|------------------------|---------| -| id | Directory Object ID | `0bf29229-50d7-433c-b08e-2a5d8b293cb5` | +| Name | Description | Example | +|--------------------|----------------------------------|---------| +| id | The Active Directory object ID. | `0bf29229-50d7-433c-b08e-2a5d8b293cb5` | ## Properties | Property | Description | |-------------------------------|--------------------------------------------| -| id | The Directory Object's globally unique ID. | -| deletedDateTime | Deleted Datetime of the AD object | -| classification | Classification of the AD object | -| createdDateTime | Created Datetime of the AD object | -| creationOptions | creationOptions of the AD object | -| description | description of the AD object | -| displayName | display name of the AD object | -| expirationDateTime | expiration Datetime of the AD object | -| groupTypes | group types of the AD object group | -| isAssignableToRole | Roles assignable to AD object | -| mail | configured mail for AD object | -| mailEnabled | mail enabled configuration parameter | -| mailNickname | mail nick name configuration | -| membershipRule | membership rule for the AD object | -| membershipRuleProcessingState | processing state of the membership rule | -| onPremisesDomainName | Domain name for the given on premises | -| onPremisesLastSyncDateTime | on-premises latest sync datetime | -| onPremisesNetBiosName | on-premises net bios name | -| onPremisesSamAccountName | on-premises sam account name | -| onPremisesSecurityIdentifier | on-premises security identifier | -| onPremisesSyncEnabled | on-premises sync enabled configuration | -| onPremisesProvisioningErrors | on-premises provisioning errors | -| preferredDataLocation | preferred data location | -| preferredLanguage | preferred language | -| proxyAddresses | proxy addresses for the object | -| renewedDateTime | renewed date time of the AD object | -| resourceBehaviorOptions | behaviour options set for the resource | -| resourceProvisioningOptions | resource provisioning options set | -| securityEnabled | security enabled configured | -| securityIdentifier | security identifier configured | -| theme | theme of the Object | -| visibility | visibility status of the object | +| id | The object's globally unique ID. | +| deletedDateTime | The date and time that the object was deleted. | +| classification | The classification of the AD object. | +| createdDateTime | The created Datetime of the AD object. | +| creationOptions | The creationOptions of the AD object. | +| description | The description of the AD object. | +| displayName | The display name of the AD object. | +| expirationDateTime | The expiration Datetime of the AD object. | +| groupTypes | The group types of the AD object group. | +| isAssignableToRole | The roles assignable to AD object. | +| mail | The configured mail for AD object. | +| mailEnabled | The mail enabled configuration parameter. | +| mailNickname | The mail nick name configuration. | +| membershipRule | The membership rule for the AD object. | +| membershipRuleProcessingState | The processing state of the membership rule. | +| onPremisesDomainName | The domain name for the given on premises. | +| onPremisesLastSyncDateTime | The on-premises latest sync datetime. | +| onPremisesNetBiosName | The on-premises net bios name. | +| onPremisesSamAccountName | The on-premises sam account name. | +| onPremisesSecurityIdentifier | The on-premises security identifier. | +| onPremisesSyncEnabled | The on-premises sync enabled configuration. | +| onPremisesProvisioningErrors | The on-premises provisioning errors. | +| preferredDataLocation | The preferred data location. | +| preferredLanguage | The preferred language. | +| proxyAddresses | The proxy addresses for the object. | +| renewedDateTime | The renewed date time of the AD object. | +| resourceBehaviorOptions | The behavior options set for the resource. | +| resourceProvisioningOptions | The resource provisioning options set. | +| securityEnabled | The security enabled configured. | +| securityIdentifier | The security identifier configured. | +| theme | The theme of the object. | +| visibility | The visibility status of the object. | ## Examples -### Test If an Active Directory Object is Referenced with a Valid ID +### Test if an Active Directory object is referenced with a valid ID + ```ruby -describe azure_active_directory_object(id: '0bf29229-50d7-433c-b08e-2a5d8b293cb5') do +describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do it { should exist } end ``` -### Test If an Active Directory Object is Referenced with an Invalid ID + +### Test if an Active Directory object is referenced with an invalid ID + ```ruby -describe azure_active_directory_object(id: '0bf29229-50d7-433c-b08e-2a5d8b293cb5') do +describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do it { should_not exist } end ``` + ## Matchers This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). ### exists + ```ruby -describe azure_active_directory_object(id: '0bf29229-50d7-433c-b08e-2a5d8b293cb5') do +describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do it { should exist } end ``` + ## Azure Permissions Graph resources require specific privileges granted to your service principal. diff --git a/docs/resources/azure_active_directory_objects.md b/docs/resources/azure_active_directory_objects.md index e8797c964..fc4c5ea35 100644 --- a/docs/resources/azure_active_directory_objects.md +++ b/docs/resources/azure_active_directory_objects.md @@ -35,15 +35,16 @@ end ## Properties -|Property | Description | Filter Criteria* | -|---------------|--------------------------------------------------------------------------------------|-----------------| -| values | A list of the unique directory object ids. | `id` | +|Property | Description | Filter Criteria* | +|---------------|----------------------------------------------------------|-----------------| +| values | A list of the unique directory object values. | `value` | * For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). ## Examples -### Iterate and test visibility for AD objects +### Iterate over and test the visibility of Active Directory objects + ```ruby azure_active_directory_objects.values.each do |value| describe azure_active_directory_object(id: value) do @@ -60,6 +61,7 @@ This InSpec audit resource has the following special matchers. For a full list o ### exists The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches. + ```ruby # If we expect current service principle to have AD objects describe azure_active_directory_objects do