Merge pull request #582 from inspec/support-azure-service-fabric-mesh…

…-nws

RESOURCE-115 Support azure service fabric mesh network

README.md

@@ -410,6 +410,8 @@ The following is a list of static resources.
 - [azure_security_center_policies](docs/resources/azure_security_center_policies.md)
 - [azure_sentinel_alert_rule_template](docs/resources/azure_sentinel_alert_rule_template.md)
 - [azure_sentinel_alert_rule_templates](docs/resources/azure_sentinel_alert_rule_templates.md)
+- [azure_service_fabric_mesh_network](docs/resources/azure_service_fabric_mesh_network.md)
+- [azure_service_fabric_mesh_networks](docs/resources/azure_service_fabric_mesh_networks.md)
 - [azure_service_fabric_mesh_service](docs/resources/azure_service_fabric_mesh_service.md)
 - [azure_service_fabric_mesh_services](docs/resources/azure_service_fabric_mesh_services.md)
 - [azure_service_fabric_mesh_replica](docs/resources/azure_service_fabric_mesh_replica.md)

docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_network.md

@@ -0,0 +1,114 @@
++++
+title = "azure_service_fabric_mesh_network Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_service_fabric_mesh_network"
+identifier = "inspec/resources/azure/azure_service_fabric_mesh_network Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_service_fabric_mesh_network` InSpec audit resource to test properties of an Azure Service Fabric Mesh network.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+`name`, `resource_group` is a required parameter.
+
+```ruby
+describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do
+  it                                      { should exist }
+  its('type')                             { should eq 'Microsoft.ServiceFabricMesh/networks' }
+  its('location')                         { should eq 'eastus' }
+end
+```
+
+```ruby
+describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do
+  it  { should exist }
+end
+```
+
+## Parameters
+
+`name`
+: Name of the Azure Service Fabric Mesh networks to test.
+
+`resource_group`
+: Azure resource group that the targeted resource resides in. `MyResourceGroup`.
+
+The parameter set should be provided for a valid query:
+- `resource_group` and `name`
+
+## Properties
+
+`id`
+: Resource Id.
+
+`name`
+: Resource name.
+
+`type`
+: Resource type. `Microsoft.ServiceFabricMesh/networks`.
+
+`location`
+: The Geo-location where the resource lives.
+
+`properties`
+: The properties of the Service Fabric Mesh network.
+
+`properties.addressPrefix`
+: the address prefix for this network.
+
+`properties.provisioningState`
+: State of the resource.
+
+`properties.ingressConfig.qosLevel`
+: The QoS tier for ingress.
+
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-network_get) for other properties available.
+
+## Examples
+
+**Test that the Service Fabric Mesh network is provisioned successfully.**
+
+```ruby
+describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do
+  its('properties.provisioningState') { should eq 'Succeeded' }
+end
+```
+
+## Matchers
+
+{{% inspec_matchers_link %}}
+
+### exists
+
+```ruby
+# If a Service Fabric Mesh network is found it will exist
+
+describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do
+  it { should exist }
+end
+# if Service Fabric Mesh network is not found it will not exist
+
+describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_NETWORK_NAME') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="reader" %}}

docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_networks.md

@@ -0,0 +1,118 @@
++++
+title = "azure_service_fabric_mesh_networks Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_service_fabric_mesh_networks"
+identifier = "inspec/resources/azure/azure_service_fabric_mesh_networks Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_service_fabric_mesh_networks` InSpec audit resource to test properties of all Azure Service Fabric Mesh networks.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+An `azure_service_fabric_mesh_networks` resource block returns all Azure Service Fabric Mesh networks.
+
+```ruby
+describe azure_service_fabric_mesh_networks do
+  #...
+end
+```
+
+## Parameters
+
+`resource_group` _(optional)_
+: Azure resource group that the targeted resource resides in.
+
+## Properties
+
+`ids`
+: A list of resource IDs.
+
+: **Field**: `id`
+
+`names`
+: A list of resource Names.
+
+: **Field**: `name`
+
+`types`
+: A list of the resource types.
+
+: **Field**: `type`
+
+`properties`
+: A list of Properties for all the Service Fabric Mesh networks.
+
+: **Field**: `properties`
+
+`locations`
+: A list of the Geo-locations.
+
+: **Field**: `location`
+
+`provisioningStates`
+: A list of provisioning states of the Service Fabric Mesh networks.
+
+: **Field**: `provisioningState`
+
+`addressPrefixes`
+: A list of address prefixes.
+
+: **Field**: `addressPrefix`
+
+{{% inspec_filter_table %}}
+
+## Examples
+
+**Loop through Service Fabric Mesh networks by their names.**
+
+```ruby
+azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP').names.each do |name|
+  describe azure_service_fabric_mesh_network(resource_group: 'RESOURCE_GROUP', name: name) do
+    it { should exist }
+  end
+end
+```
+
+**Test that there are Service Fabric Mesh networks that are successfully provisioned.**
+
+```ruby
+describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do
+  it { should exist }
+end
+```
+
+## Matchers
+
+{{% inspec_matchers_link %}}
+
+### exists
+
+```ruby
+# Should not exist if no Service Fabric Mesh networks are present
+
+describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP') do
+  it { should_not exist }
+end
+# Should exist if the filter returns at least one Service Fabric Mesh networks
+
+describe azure_service_fabric_mesh_networks(resource_group: 'RESOURCE_GROUP') do
+  it { should exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="reader" %}}

libraries/azure_service_fabric_mesh_network.rb

@@ -0,0 +1,22 @@
+require 'azure_generic_resource'
+
+class AzureServiceFabricMeshNetwork < AzureGenericResource
+  name 'azure_service_fabric_mesh_network'
+  desc 'Retrieves and verifies the settings of an Azure Service Fabric Mesh Network.'
+  example <<-EXAMPLE
+    describe azure_service_fabric_mesh_network(resource_group: 'inspec-rg', name: 'fabric-vol') do
+      it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceFabricMesh/networks', opts)
+    super(opts, true)
+  end
+
+  def to_s
+    super(AzureServiceFabricMeshNetwork)
+  end
+end

libraries/azure_service_fabric_mesh_networks.rb

@@ -0,0 +1,33 @@
+require 'azure_generic_resources'
+
+class AzureServiceFabricMeshNetworks < AzureGenericResources
+  name 'azure_service_fabric_mesh_networks'
+  desc 'Verifies settings for a collection of Azure Service Fabric Mesh Networks'
+  example <<-EXAMPLE
+    describe azure_service_fabric_mesh_networks do
+        it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceFabricMesh/networks', opts)
+    super(opts, true)
+    return if failed_resource?
+
+    populate_filter_table_from_response
+  end
+
+  def to_s
+    super(AzureServiceFabricMeshNetworks)
+  end
+
+  private
+
+  def populate_table
+    @resources.each do |resource|
+      @table << resource.merge(resource[:properties]).merge(resource[:properties][:ingressConfig])
+    end
+  end
+end

test/integration/verify/controls/azure_service_fabric_mesh_network.rb

@@ -0,0 +1,11 @@
+location = input(:location, value: '')
+rg = input(:resource_group, value: '')
+
+skip_control 'Test the properties of a Azure Service Fabric Mesh Network' do
+  describe azure_service_fabric_mesh_networks(resource_group: rg, name: 'mesh-fabric-name') do
+    it { should exist }
+    its('location') { should eq location.downcase.gsub("\s", '') }
+    its('addressPrefix') { should eq '10.0.0.4/22' }
+    its('provisioningState') { should eq 'Succeeded' }
+  end
+end

test/integration/verify/controls/azure_service_fabric_mesh_networks.rb

@@ -0,0 +1,11 @@
+location = input(:location, value: '')
+
+skip_control 'Testthe properties of all Azure Service Fabric Mesh Networks' do
+  describe azure_service_fabric_mesh_networks do
+    it { should exist }
+    its('names') { should include 'inspec-fb-mesh-vol' }
+    its('locations') { should include location.downcase.gsub("\s", '') }
+    its('addressPrefixes') { should include '10.0.0.4/22' }
+    its('provisioningStates') { should include 'Succeeded' }
+  end
+end

test/unit/resources/azure_service_fabric_mesh_network_test.rb

@@ -0,0 +1,17 @@
+require_relative 'helper'
+require 'azure_service_fabric_mesh_network'
+
+class AzureServiceFabricMeshNetworkConstructorTest < Minitest::Test
+  def test_empty_param_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetwork.new }
+  end
+
+  # resource_provider should not be allowed.
+  def test_resource_provider_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetwork.new(resource_provider: 'some_type') }
+  end
+
+  def test_resource_group_name_alone_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetwork.new(resource_group: 'test') }
+  end
+end

test/unit/resources/azure_service_fabric_mesh_networks_test.rb

@@ -0,0 +1,21 @@
+require_relative 'helper'
+require 'azure_service_fabric_mesh_networks'
+
+class AzureServiceFabricMeshNetworksConstructorTest < Minitest::Test
+  # resource_type should not be allowed.
+  def test_resource_type_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetworks.new(resource_provider: 'some_type') }
+  end
+
+  def tag_value_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetworks.new(tag_value: 'some_tag_value') }
+  end
+
+  def tag_name_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetworks.new(tag_name: 'some_tag_name') }
+  end
+
+  def test_name_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshNetworks.new(name: 'some_name') }
+  end
+end