From 31ef4be3a2c1ff1e9fc0dad13daf78555654e43c Mon Sep 17 00:00:00 2001 From: Sathish Date: Wed, 16 Feb 2022 17:48:53 +0530 Subject: [PATCH 01/20] support HPC cache SKUs Signed-off-by: Sathish --- libraries/azure_hpc_cache_skus.rb | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 libraries/azure_hpc_cache_skus.rb diff --git a/libraries/azure_hpc_cache_skus.rb b/libraries/azure_hpc_cache_skus.rb new file mode 100644 index 000000000..95294f0c5 --- /dev/null +++ b/libraries/azure_hpc_cache_skus.rb @@ -0,0 +1,25 @@ +require 'azure_generic_resources' + +class AzureHPCCacheSKUs < AzureGenericResources + name 'azure_hpc_cache_skus' + desc 'Verifies settings for a collection of Azure HPC Storage SKUs' + example <<-EXAMPLE + describe azure_hpc_cache_skus do + it { should exist } + end + EXAMPLE + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_provider] = specific_resource_constraint('Microsoft.StorageCache/skus', opts) + super(opts, true) + return if failed_resource? + + populate_filter_table_from_response + end + + def to_s + super(AzureHPCCacheSKUs) + end +end From 3094992b7d2c2bedc56441d54c59eaad7ff41925 Mon Sep 17 00:00:00 2001 From: Sathish Date: Wed, 16 Feb 2022 17:49:07 +0530 Subject: [PATCH 02/20] support integral and unit tests HPC cache SKUs Signed-off-by: Sathish --- .../verify/controls/azure_hpc_cache_skus.rb | 1 + .../resources/azure_hpc_cache_skus_test.rb | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 test/integration/verify/controls/azure_hpc_cache_skus.rb create mode 100644 test/unit/resources/azure_hpc_cache_skus_test.rb diff --git a/test/integration/verify/controls/azure_hpc_cache_skus.rb b/test/integration/verify/controls/azure_hpc_cache_skus.rb new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/test/integration/verify/controls/azure_hpc_cache_skus.rb @@ -0,0 +1 @@ + diff --git a/test/unit/resources/azure_hpc_cache_skus_test.rb b/test/unit/resources/azure_hpc_cache_skus_test.rb new file mode 100644 index 000000000..ede585835 --- /dev/null +++ b/test/unit/resources/azure_hpc_cache_skus_test.rb @@ -0,0 +1,21 @@ +require_relative 'helper' +require 'azure_hpc_cache_skus' + +class AzureHPCCacheSKUsConstructorTest < Minitest::Test + # resource_type should not be allowed. + def test_resource_type_not_ok + assert_raises(ArgumentError) { AzureHPCCacheSKUs.new(resource_provider: 'some_type') } + end + + def tag_value_not_ok + assert_raises(ArgumentError) { AzureHPCCacheSKUs.new(tag_value: 'some_tag_value') } + end + + def tag_name_not_ok + assert_raises(ArgumentError) { AzureHPCCacheSKUs.new(tag_name: 'some_tag_name') } + end + + def test_name_not_ok + assert_raises(ArgumentError) { AzureHPCCacheSKUs.new(name: 'some_name') } + end +end From f7fa388cbaa375eac13bbfe9bcc35ce145e51399 Mon Sep 17 00:00:00 2001 From: Sathish Date: Wed, 16 Feb 2022 17:49:22 +0530 Subject: [PATCH 03/20] placeholder for HPC cache SKUs Signed-off-by: Sathish --- docs/resources/azure_hpc_cache_skus.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/resources/azure_hpc_cache_skus.md diff --git a/docs/resources/azure_hpc_cache_skus.md b/docs/resources/azure_hpc_cache_skus.md new file mode 100644 index 000000000..e69de29bb From bc6fb44d31378dc78823478f44ef30d30e255506 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Mar 2022 21:06:45 +0000 Subject: [PATCH 04/20] Update rubocop requirement from ~> 1.25.1 to ~> 1.26.0 Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.25.1...v1.26.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 0a007c513..ab26f6559 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,7 @@ end group :development, :test do gem 'minitest' - gem 'rubocop', '~> 1.25.1' + gem 'rubocop', '~> 1.26.0' gem 'simplecov', '~> 0.21' gem 'simplecov_json_formatter' end From 1fbbd1402c48335623c8cf4463059ec6fe2c566b Mon Sep 17 00:00:00 2001 From: Rohit Date: Mon, 21 Mar 2022 16:48:17 -0500 Subject: [PATCH 05/20] adding storage account logging features Signed-off-by: Rohit --- libraries/azure_storage_account.rb | 142 ++++++++++++++++++++++++++++- 1 file changed, 141 insertions(+), 1 deletion(-) diff --git a/libraries/azure_storage_account.rb b/libraries/azure_storage_account.rb index b6b3fadbd..d5a27eeb5 100644 --- a/libraries/azure_storage_account.rb +++ b/libraries/azure_storage_account.rb @@ -15,7 +15,7 @@ def initialize(opts = {}) raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) opts[:resource_provider] = specific_resource_constraint('Microsoft.Storage/storageAccounts', opts) - opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version) + opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version diagnostic_settings_api_version) # fall-back `api_version` is fixed for now. # TODO: Implement getting the latest Azure Storage services api version opts[:storage_service_endpoint_api_version] ||= '2019-12-12' @@ -23,6 +23,8 @@ def initialize(opts = {}) # static_resource parameter must be true for setting the resource_provider in the backend. super(opts, true) + + @opts[:diagnostic_settings_api_version] ||= '2017-05-01-preview' end def to_s @@ -143,6 +145,144 @@ def table_properties end end + def blobs_diagnostic_settings + return unless exists? + # `additional_resource_properties` method will create a singleton method with the `property_name` + # and make api response available through this property. + additional_resource_properties( + { + property_name: 'diagnostic_settings', + property_endpoint: "#{id}/blobServices/default/providers/microsoft.insights/diagnosticSettings", + api_version: @opts[:diagnostic_settings_api_version], + }, + ) + end + + def tables_diagnostic_settings + return unless exists? + # `additional_resource_properties` method will create a singleton method with the `property_name` + # and make api response available through this property. + additional_resource_properties( + { + property_name: 'diagnostic_settings', + property_endpoint: "#{id}/tableServices/default/providers/microsoft.insights/diagnosticSettings", + api_version: @opts[:diagnostic_settings_api_version], + }, + ) + end + + def queues_diagnostic_settings + return unless exists? + # `additional_resource_properties` method will create a singleton method with the `property_name` + # and make api response available through this property. + additional_resource_properties( + { + property_name: 'diagnostic_settings', + property_endpoint: "#{id}/queueServices/default/providers/microsoft.insights/diagnosticSettings", + api_version: @opts[:diagnostic_settings_api_version], + }, + ) + end + + def has_blobs_read_log_enabled? + return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + result = [] + blobs_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact + end + result.include?(true) + end + + def has_blobs_write_log_enabled? + return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + result = [] + blobs_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact + end + result.include?(true) + end + + def has_blobs_delete_log_enabled? + return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + result = [] + blobs_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact + end + result.include?(true) + end + + def has_tables_read_log_enabled? + return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + result = [] + tables_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact + end + result.include?(true) + end + + def has_tables_write_log_enabled? + return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + result = [] + tables_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact + end + result.include?(true) + end + + def has_tables_delete_log_enabled? + return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + result = [] + tables_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact + end + result.include?(true) + end + + def has_queues_read_log_enabled? + return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + result = [] + queues_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact + end + result.include?(true) + end + + def has_queues_write_log_enabled? + return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + result = [] + queues_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact + end + result.include?(true) + end + + def has_queues_delete_log_enabled? + return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + result = [] + queues_diagnostic_settings.each do |setting| + logs = setting.properties&.logs + next unless logs + result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact + end + result.include?(true) + end + private def get_resource(opts = {}) From e5c710619e16630dc11a4e30486523f8c583d34b Mon Sep 17 00:00:00 2001 From: Rohit Date: Tue, 22 Mar 2022 11:24:09 -0500 Subject: [PATCH 06/20] changing the conditional statement Signed-off-by: Rohit --- libraries/azure_storage_account.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libraries/azure_storage_account.rb b/libraries/azure_storage_account.rb index d5a27eeb5..3c4b7d1e0 100644 --- a/libraries/azure_storage_account.rb +++ b/libraries/azure_storage_account.rb @@ -185,7 +185,7 @@ def queues_diagnostic_settings end def has_blobs_read_log_enabled? - return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + return false if blobs_diagnostic_settings.blank? result = [] blobs_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -196,7 +196,7 @@ def has_blobs_read_log_enabled? end def has_blobs_write_log_enabled? - return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + return false if blobs_diagnostic_settings.blank? result = [] blobs_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -207,7 +207,7 @@ def has_blobs_write_log_enabled? end def has_blobs_delete_log_enabled? - return false if blobs_diagnostic_settings.nil? || blobs_diagnostic_settings.empty? + return false if blobs_diagnostic_settings.blank? result = [] blobs_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -218,7 +218,7 @@ def has_blobs_delete_log_enabled? end def has_tables_read_log_enabled? - return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + return false if tables_diagnostic_settings.blank? result = [] tables_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -229,7 +229,7 @@ def has_tables_read_log_enabled? end def has_tables_write_log_enabled? - return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + return false if tables_diagnostic_settings.blank? result = [] tables_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -240,7 +240,7 @@ def has_tables_write_log_enabled? end def has_tables_delete_log_enabled? - return false if tables_diagnostic_settings.nil? || tables_diagnostic_settings.empty? + return false if tables_diagnostic_settings.blank? result = [] tables_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -251,7 +251,7 @@ def has_tables_delete_log_enabled? end def has_queues_read_log_enabled? - return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + return false if queues_diagnostic_settings.blank? result = [] queues_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -262,7 +262,7 @@ def has_queues_read_log_enabled? end def has_queues_write_log_enabled? - return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + return false if queues_diagnostic_settings.blank? result = [] queues_diagnostic_settings.each do |setting| logs = setting.properties&.logs @@ -273,7 +273,7 @@ def has_queues_write_log_enabled? end def has_queues_delete_log_enabled? - return false if queues_diagnostic_settings.nil? || queues_diagnostic_settings.empty? + return false if queues_diagnostic_settings.blank? result = [] queues_diagnostic_settings.each do |setting| logs = setting.properties&.logs From 3f426958c1c73ab222600814d80f98acc7aa71d0 Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 24 Mar 2022 17:54:42 +0530 Subject: [PATCH 07/20] integration test for hpc cache sku Signed-off-by: Sathish --- test/integration/verify/controls/azure_hpc_cache_skus.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/integration/verify/controls/azure_hpc_cache_skus.rb b/test/integration/verify/controls/azure_hpc_cache_skus.rb index 8b1378917..3367a9098 100644 --- a/test/integration/verify/controls/azure_hpc_cache_skus.rb +++ b/test/integration/verify/controls/azure_hpc_cache_skus.rb @@ -1 +1,10 @@ +describe azure_hpc_cache_skus do + it { should exist } + its('tier') { should eq 'Standard' } + its('size') { should eq 'A0' } +end +describe azure_hpc_cache_skus.where(tier: 'Standard') do + it { should exist } + its('size') { should eq 'A0' } +end From d2b1457b9a6495853d9acb8ef8aea11c18ed1b3b Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 24 Mar 2022 17:54:55 +0530 Subject: [PATCH 08/20] document HPC Cache SKUs Signed-off-by: Sathish --- .../inspec/resources/azure_hpc_cache_skus.md | 96 +++++++++++++++++++ .../resources/azure_hpc_cache_skus.md | 0 2 files changed, 96 insertions(+) create mode 100644 docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md delete mode 100644 docs-chef-io/resources/azure_hpc_cache_skus.md diff --git a/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md b/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md new file mode 100644 index 000000000..6a07a2717 --- /dev/null +++ b/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md @@ -0,0 +1,96 @@ ++++ +title = "azure_hpc_cache_skus Resource" +platform = "azure" +draft = false +gh_repo = "inspec-azure" + +[menu.inspec] +title = "azure_hpc_cache_skus" +identifier = "inspec/resources/azure/azure_hpc_cache_skus Resource" +parent = "inspec/resources/azure" ++++ + +Use the `azure_hpc_cache_skus` InSpec audit resource to test properties related to all Azure HPC Cache SKUs. + +## Azure REST API Version, Endpoint, and HTTP Client Parameters + +{{% inspec_azure_common_parameters %}} + +## Installation + +{{% inspec_azure_install %}} + +## Syntax + +An `azure_hpc_cache_skus` resource block returns all Azure HPC Cache SKUs. + +```ruby +describe azure_hpc_cache_skus do + #... +end +``` + +## Parameters + +## Properties + +`resourceTypes` +: A list of the type of resource the SKU applies to. + +: **Field**: `resourceType` + +`names` +: A list of SKU names. + +: **Field**: `name` + +`sizes` +: A list of the SKU sizes. + +: **Field**: `size` + +`tiers` +: A list of tiers of VM in a scale set. + +: **Field**: `tier` + +`kind` +: A list of kind of resources that are supported. + +: **Field**: `kind` + +{{% inspec_filter_table %}} + +## Examples + + +**Test that there are Standard tier HPC Cache SKUs.** + +```ruby +describe azure_hpc_cache_skus.where(tier: 'Standard') do + it { should exist } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +### exists + +```ruby +# Should not exist if no HPC Cache SKUs are present + +describe azure_hpc_cache_skus do + it { should_not exist } +end +# Should exist if the filter returns at least one HPC Cache SKUs + +describe azure_hpc_cache_skus do + it { should exist } +end +``` + +## Azure Permissions + +{{% azure_permissions_service_principal role="reader" %}} diff --git a/docs-chef-io/resources/azure_hpc_cache_skus.md b/docs-chef-io/resources/azure_hpc_cache_skus.md deleted file mode 100644 index e69de29bb..000000000 From 49694c65dbc4c1975101296c7fa49d1cfa89e81e Mon Sep 17 00:00:00 2001 From: Sathish Date: Thu, 24 Mar 2022 20:47:34 +0530 Subject: [PATCH 09/20] update readme Signed-off-by: Sathish --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9caac40dd..a16989573 100644 --- a/README.md +++ b/README.md @@ -329,6 +329,7 @@ The following is a list of static resources. - [azure_graph_user](docs/resources/azure_graph_user.md) - [azure_graph_users](docs/resources/azure_graph_users.md) - [azure_hdinsight_cluster](docs/resources/azure_hdinsight_cluster.md) +- [azure_hpc_cache_skus](https://docs.chef.io/inspec/resources/azure_hpc_cache_skus/) - [azure_iothub](docs/resources/azure_iothub.md) - [azure_iothub_event_hub_consumer_group](docs/resources/azure_iothub_event_hub_consumer_group.md) - [azure_iothub_event_hub_consumer_groups](docs/resources/azure_iothub_event_hub_consumer_groups.md) From 5084888594553f10e9bd3b399dcd6f236435074b Mon Sep 17 00:00:00 2001 From: Rohit Date: Thu, 24 Mar 2022 18:32:36 -0500 Subject: [PATCH 10/20] modifying functions implementation Signed-off-by: Rohit --- libraries/azure_storage_account.rb | 90 ++++++------------------------ 1 file changed, 18 insertions(+), 72 deletions(-) diff --git a/libraries/azure_storage_account.rb b/libraries/azure_storage_account.rb index 3c4b7d1e0..52a85a989 100644 --- a/libraries/azure_storage_account.rb +++ b/libraries/azure_storage_account.rb @@ -185,106 +185,52 @@ def queues_diagnostic_settings end def has_blobs_read_log_enabled? - return false if blobs_diagnostic_settings.blank? - result = [] - blobs_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact - end - result.include?(true) + check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageRead') end def has_blobs_write_log_enabled? - return false if blobs_diagnostic_settings.blank? - result = [] - blobs_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact - end - result.include?(true) + check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageWrite') end def has_blobs_delete_log_enabled? - return false if blobs_diagnostic_settings.blank? - result = [] - blobs_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact - end - result.include?(true) + check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageDelete') end def has_tables_read_log_enabled? - return false if tables_diagnostic_settings.blank? - result = [] - tables_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact - end - result.include?(true) + check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageRead') end def has_tables_write_log_enabled? - return false if tables_diagnostic_settings.blank? - result = [] - tables_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact - end - result.include?(true) + check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageWrite') end def has_tables_delete_log_enabled? - return false if tables_diagnostic_settings.blank? - result = [] - tables_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact - end - result.include?(true) + check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageDelete') end def has_queues_read_log_enabled? - return false if queues_diagnostic_settings.blank? - result = [] - queues_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageRead' }.compact - end - result.include?(true) + check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageRead') end def has_queues_write_log_enabled? - return false if queues_diagnostic_settings.blank? - result = [] - queues_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageWrite' }.compact - end - result.include?(true) + check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageWrite') end def has_queues_delete_log_enabled? - return false if queues_diagnostic_settings.blank? - result = [] - queues_diagnostic_settings.each do |setting| - logs = setting.properties&.logs - next unless logs - result += logs.map { |log| log.enabled if log.category == 'StorageDelete' }.compact - end - result.include?(true) + check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageDelete') end private + def check_enablement_from(settings:, category:) + return false if settings.blank? + + settings.any? do |setting| + logs = setting.properties&.logs + logs&.any? { |log| (log.category == category) && log.enabled } + end + end + def get_resource(opts = {}) opts[:resource_data].presence || super end From fe03e55066bf92ef5dd93579e3d3b48e98a12be2 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 25 Mar 2022 18:19:55 +0530 Subject: [PATCH 11/20] singular lib for hpc asc operation Signed-off-by: Sathish --- libraries/azure_hpc_asc_operation.rb | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 libraries/azure_hpc_asc_operation.rb diff --git a/libraries/azure_hpc_asc_operation.rb b/libraries/azure_hpc_asc_operation.rb new file mode 100644 index 000000000..da9d3eaec --- /dev/null +++ b/libraries/azure_hpc_asc_operation.rb @@ -0,0 +1,24 @@ +require 'azure_generic_resource' + +class AzureHPCASCOperation < AzureGenericResource + name 'azure_hpc_asc_operation' + desc 'Retrieves and verifies the settings of an Azure HPC ASC Operation' + example <<-EXAMPLE + describe azure_hpc_asc_operation(location: 'westus', operation_id: 'testoperationid') do + it { should exist } + end + EXAMPLE + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_provider] = specific_resource_constraint('Microsoft.StorageCache/locations', opts) + opts[:required_parameters] = %i(location operation_id) + opts[:resource_path] = [opts[:location], 'ascOperations', opts[:operation_id]].join('/') + super(opts, true) + end + + def to_s + super(AzureHPCASCOperations) + end +end From ce7857514e0b7fbb448baa84dfc50e6b06b6d97f Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 25 Mar 2022 18:20:17 +0530 Subject: [PATCH 12/20] integral and unit test hpc asc operation Signed-off-by: Sathish --- .../verify/controls/azure_hpc_asc_operation.rb | 9 +++++++++ .../resources/azure_hpc_asc_operation_test.rb | 17 +++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 test/integration/verify/controls/azure_hpc_asc_operation.rb create mode 100644 test/unit/resources/azure_hpc_asc_operation_test.rb diff --git a/test/integration/verify/controls/azure_hpc_asc_operation.rb b/test/integration/verify/controls/azure_hpc_asc_operation.rb new file mode 100644 index 000000000..d168b83ed --- /dev/null +++ b/test/integration/verify/controls/azure_hpc_asc_operation.rb @@ -0,0 +1,9 @@ +location = input(:location, value: '') + +control 'Verify settings of an Azure HPC ASC Operation' do + describe azure_hpc_asc_operation(location: location, operation_id: 'testoperation') do + it { should exist } + its('name') { should eq 'testoperation' } + its('status') { should eq 'Succeeded' } + end +end diff --git a/test/unit/resources/azure_hpc_asc_operation_test.rb b/test/unit/resources/azure_hpc_asc_operation_test.rb new file mode 100644 index 000000000..9cae6ec55 --- /dev/null +++ b/test/unit/resources/azure_hpc_asc_operation_test.rb @@ -0,0 +1,17 @@ +require_relative 'helper' +require 'azure_hpc_asc_operation' + +class AzureHPCASCOperationConstructorTest < Minitest::Test + def test_empty_param_not_ok + assert_raises(ArgumentError) { AzureHPCASCOperation.new } + end + + # resource_provider should not be allowed. + def test_resource_provider_not_ok + assert_raises(ArgumentError) { AzureHPCASCOperation.new(resource_provider: 'some_type') } + end + + def test_resource_group_name_alone_not_ok + assert_raises(ArgumentError) { AzureHPCASCOperation.new(resource_group: 'test') } + end +end From bfca8c0a00d9a42a55e985dc933e608d28daa6eb Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 25 Mar 2022 18:21:12 +0530 Subject: [PATCH 13/20] document hpc asc operations Signed-off-by: Sathish --- .../resources/azure_hpc_asc_operation.md | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md diff --git a/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md b/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md new file mode 100644 index 000000000..76cf10117 --- /dev/null +++ b/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md @@ -0,0 +1,99 @@ ++++ +title = "azure_hpc_asc_operation Resource" +platform = "azure" +draft = false +gh_repo = "inspec-azure" + +[menu.inspec] +title = "azure_hpc_asc_operation" +identifier = "inspec/resources/azure/azure_hpc_asc_operation Resource" +parent = "inspec/resources/azure" ++++ + +Use the `azure_hpc_asc_operation` InSpec audit resource to test properties related to an Azure HPC ASC Operation. + +## Azure REST API Version, Endpoint, and HTTP Client Parameters + +{{% inspec_azure_common_parameters %}} + +## Installation + +{{% inspec_azure_install %}} + +## Syntax + +`name`, `cache_name`, `resource_group` is a required parameter. + +```ruby +describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do + it { should exist } + its('type') { should eq 'Microsoft.StorageCache/Cache/StorageTarget' } + its('location') { should eq 'East US' } +end +``` + +```ruby +describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do + it { should exist } +end +``` + +## Parameters + +`location` _(required)_ +: The name of the region used to look up the operation. + +`operation_id` _(required)_ +: The operation id which uniquely identifies the asynchronous operation. + +## Properties + +`id` +: The operation Id. + +`name` +: The operation name. + +`startTime` +: The start time of the operation. + +`status` +: The status of the operation. + +`endTime` +: The end time of the operation. + +For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). + +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagecache/asc-operations/get#ascoperation) for other properties available. + +## Examples + +**Test that the HPC ASC Operation is Succeeded.** + +```ruby +describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do + its('status') { should eq 'Succeeded' } +end +``` + +## Matchers + +{{% inspec_matchers_link %}} + +### exists + +```ruby +# If a HPC ASC Operation is found it will exist +describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do + it { should exist } +end +# if HPC ASC Operation is not found it will not exist +describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do + it { should_not exist } +end +``` + +## Azure Permissions + +{{% azure_permissions_service_principal role="reader" %}} \ No newline at end of file From c2082edf69af0134a68006a14adb977035291132 Mon Sep 17 00:00:00 2001 From: Sathish Date: Fri, 25 Mar 2022 18:22:20 +0530 Subject: [PATCH 14/20] update readme Signed-off-by: Sathish --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9caac40dd..f90336e92 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,7 @@ The following is a list of static resources. - [azure_graph_user](https://docs.chef.io/inspec/resources/azure_graph_user/) - [azure_graph_users](https://docs.chef.io/inspec/resources/azure_graph_users/) - [azure_hdinsight_cluster](https://docs.chef.io/inspec/resources/azure_hdinsight_cluster/) +- [azure_hpc_asc_operation](https://docs.chef.io/inspec/resources/azure_hpc_asc_operation/) - [azure_iothub](https://docs.chef.io/inspec/resources/azure_iothub/) - [azure_iothub_event_hub_consumer_group](https://docs.chef.io/inspec/resources/azure_iothub_event_hub_consumer_group/) - [azure_iothub_event_hub_consumer_groups](https://docs.chef.io/inspec/resources/azure_iothub_event_hub_consumer_groups/) From 52eba012585d9ccfb09a6b9baba458bbf3fe3afe Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Thu, 31 Mar 2022 09:35:21 +0000 Subject: [PATCH 15/20] Bump version to 1.114.4 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d77c2724..140c62f4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,15 @@ # Changelog - + +## [v1.114.4](https://github.com/inspec/inspec-azure/tree/v1.114.4) (2022-03-31) + +#### Merged Pull Requests +- Update rubocop requirement from ~> 1.25.1 to ~> 1.26.0 [#646](https://github.com/inspec/inspec-azure/pull/646) ([dependabot[bot]](https://github.com/dependabot[bot])) + + ## [v1.114.3](https://github.com/inspec/inspec-azure/tree/v1.114.3) (2022-03-29) #### Merged Pull Requests - Update docs makefile [#647](https://github.com/inspec/inspec-azure/pull/647) ([IanMadd](https://github.com/IanMadd)) - ## [v1.114.2](https://github.com/inspec/inspec-azure/tree/v1.114.2) (2022-03-21) diff --git a/VERSION b/VERSION index 9166b8852..d40deac76 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.114.3 \ No newline at end of file +1.114.4 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index fceac6587..fec15c2d3 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,7 +5,7 @@ copyright: Chef Software, Inc. copyright_email: support@chef.io license: Apache-2.0 summary: This resource pack provides compliance resources for Azure. -version: 1.114.3 +version: 1.114.4 inspec_version: '>= 4.18.39' supports: - platform: azure From c5080a3cfcd79b19e371da401a65da2fff4f1daf Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Thu, 31 Mar 2022 12:59:05 +0000 Subject: [PATCH 16/20] Bump version to 1.115.0 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 140c62f4f..41fc16c14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,15 @@ # Changelog - + +## [v1.115.0](https://github.com/inspec/inspec-azure/tree/v1.115.0) (2022-03-31) + +#### Merged Pull Requests +- Adding storage account logging features [#648](https://github.com/inspec/inspec-azure/pull/648) ([Rohit1509](https://github.com/Rohit1509)) + + ## [v1.114.4](https://github.com/inspec/inspec-azure/tree/v1.114.4) (2022-03-31) #### Merged Pull Requests - Update rubocop requirement from ~> 1.25.1 to ~> 1.26.0 [#646](https://github.com/inspec/inspec-azure/pull/646) ([dependabot[bot]](https://github.com/dependabot[bot])) - ## [v1.114.3](https://github.com/inspec/inspec-azure/tree/v1.114.3) (2022-03-29) diff --git a/VERSION b/VERSION index d40deac76..8a7515d6b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.114.4 \ No newline at end of file +1.115.0 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index fec15c2d3..b1c143bca 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,7 +5,7 @@ copyright: Chef Software, Inc. copyright_email: support@chef.io license: Apache-2.0 summary: This resource pack provides compliance resources for Azure. -version: 1.114.4 +version: 1.115.0 inspec_version: '>= 4.18.39' supports: - platform: azure From a9e46b2e7de6f2e7d9f16761804cc98434e8f6ac Mon Sep 17 00:00:00 2001 From: Deepa Kumaraswamy Date: Fri, 8 Apr 2022 12:43:20 +0530 Subject: [PATCH 17/20] doc review changes Signed-off-by: Deepa Kumaraswamy --- README.md | 159 +++++++++--------- docs-chef-io/README.md | 36 ++-- .../resources/azure_hpc_asc_operation.md | 8 +- 3 files changed, 99 insertions(+), 104 deletions(-) diff --git a/README.md b/README.md index f90336e92..60947fcdd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # InSpec for Azure -* **Project State: Maintained** +- **Project State: Maintained** For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md). @@ -18,22 +18,23 @@ This InSpec resource pack uses the Azure REST API and provides the required reso - [Create a new profile](#create-a-new-profile) - [Resource Documentation](#resource-documentation) - [Examples](#examples) - - [Interrogate All Resources that Have `project_A` in Their Names within Your Subscription Regardless of Their Type and Resource Group](#interrogate-all-resources-that-have-project_a-in-their-names-within-your-subscription-regardless-of-their-type-and-resource-group) - - [Interrogate All Resources that Have a Tag Defined with the Name `project_A` Regardless of its Value](#interrogate-all-resources-that-have-a-tag-defined-with-the-name-project_a-regardless-of-its-value) + - [Ensure that all resources have specified names within the subscription regardless of type and resource Group](#ensure-that-all-resources-have-specified-names-within-the-subscription-regardless-of-type-and-resource-group) + - [Ensure all resources has a specified tag defined regardless of the value](#ensure-all-resources-has-a-specified-tag-defined-regardless-of-the-value) - [Verify Properties of an Azure Virtual Machine](#verify-properties-of-an-azure-virtual-machine) - [Verify Properties of a Network Security Group](#verify-properties-of-a-network-security-group) - [Parameters Applicable To All Resources](#parameters-applicable-to-all-resources) - [`api_version`](#api_version) - - [User Provided Api Version](#user-provided-api-version) - - [Pre-defined Default Api Version](#pre-defined-default-api-version) - - [Latest Api Version](#latest-api-version) - - [`endpoint`](#endpoint) + - [User-Provided API Version](#user-provided-api-version) + - [Pre-defined Default API Version](#pre-defined-default-api-version) + - [Latest API Version](#latest-api-version) + - [endpoint](#endpoint) - [http_client parameters](#http_client-parameters) - [Development](#development) - [Developing a Static Resource](#developing-a-static-resource) - [Singular Resources](#singular-resources) - [Plural Resources](#plural-resources) - [Setting the Environment Variables](#setting-the-environment-variables) + - [Setup Azure CLI](#setup-azure-cli) - [Starting an Environment](#starting-an-environment) - [Direnv](#direnv) - [Rake Commands](#rake-commands) @@ -41,48 +42,48 @@ This InSpec resource pack uses the Azure REST API and provides the required reso ## Prerequisites -* Ruby -* Bundler installed -* Azure Service Principal Account +- Ruby +- Bundler installed +- Azure Service Principal Account ### Service Principal -Your Azure Service Principal Account must have a minimum of `reader` role of the [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) to any subscription that you'd like to use this resource pack against. +Your Azure Service Principal Account must have a minimum of `reader` role of the [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) to any subscription that you'd like to use this resource pack. -You should have the following pieces of information: +You must have the following pieces of information: -* TENANT_ID -* CLIENT_ID -* CLIENT_SECRET -* SUBSCRIPTION_ID +- TENANT_ID +- CLIENT_ID +- CLIENT_SECRET +- SUBSCRIPTION_ID To create your account Service Principal Account: -1. Login to the Azure portal. -2. Click on `Azure Active Directory`. -3. Click on `APP registrations`. -4. Click on `New application registration`. -5. Fill in a name and select `Web` from the `Application Type` drop down. Save your application. -6. Note your Application ID. This is your `client_id` above. -7. Click on `Certificates & secrets`. -8. Click on `New client secret`. -9. Create a new password. This value is your `client_secret` above. -10. Go to your subscription (click on `All Services` then subscriptions). Choose your subscription from that list. -11. Note your Subscription ID can be found here. -12. Click `Access control (IAM)`. -13. Click **Add**. -14. Select the `reader` role. -15. Select the application you just created and save. - -These must be stored in a environment variables prefaced with `AZURE_`. If you use Dotenv, then you may save these values in your own `.envrc` file. Either source it or run `direnv allow`. If you don't use Dotenv, then you may just create environment variables in the way that your prefer. +1. Log in to the Azure portal. +1. Click **Azure Active Directory**. +1. Click **APP registrations**. +1. Click **New application registration**. +1. Enter name and select **Web** from the **Application Type** drop-down. Save your application. +1. Note your Application ID. This is your **client_id** above. +1. Click **Certificates & secrets**. +1. Click **New client secret**. +1. Create a new password. This value is your **client_secret** above. +1. Go to your subscription (click on **All Services** then subscriptions). Choose your subscription from that list. +1. Note your Subscription ID can be found here. +1. Click **Access control (IAM)**. +1. Click **Add**. +1. Select the **reader** role. +1. Select the application you created and save. + +These must be stored in an environment variables prefaced with `AZURE_`. If you use Dotenv, then you may save these values in your own `.envrc` file. Either source it or run `direnv allow`. If you don't use `Dotenv`, then you may just create environment variables in the way that you prefer. ### Use the Resources -Since this is an InSpec resource pack, it only defines InSpec resources. To use these resources in your own controls you should create your own profile: +Since this is an InSpec resource pack, it only defines InSpec resources. To use these resources in your controls, you should create your profile: #### Create a new profile -``` +```ruby $ inspec init profile --platform azure my-profile ``` @@ -115,7 +116,7 @@ With the generic resources: - Azure cloud resources that this resource pack does not include a static InSpec resource for can be tested. - Azure resources from different resource providers and resource groups can be tested at the same time. -- Server side filtering can be used for more efficient tests. +- Server-side filtering can be used for more efficient tests. The following is a list of static resources. @@ -470,24 +471,24 @@ The following is a list of static resources. - [azure_webapp](docs/resources/azure_webapp.md) - [azure_webapps](docs/resources/azure_webapps.md) -For more details and different use cases, please refer to the specific resource pages. +Please refer to the specific resource pages for more details and different use cases. ## Examples -### Interrogate All Resources that Have `project_A` in Their Names within Your Subscription Regardless of Their Type and Resource Group +### Ensure that all resources have specified names within the subscription regardless of type and resource Group ```ruby -azure_generic_resources(substring_of_name: 'project_A').ids.each do |id| +azure_generic_resources(substring_of_name: 'NAME').ids.each do |id| describe azure_generic_resource(resource_id: id) do its('location') { should eq 'eastus' } end end ``` -### Interrogate All Resources that Have a Tag Defined with the Name `project_A` Regardless of its Value +### Ensure all resources has a specified tag defined regardless of the value ```ruby -azure_generic_resources(tag_name: 'project_A').ids.each do |id| +azure_generic_resources(tag_name: 'NAME').ids.each do |id| describe azure_generic_resource(resource_id: id) do its('location') { should eq 'eastus' } end @@ -497,7 +498,7 @@ end ### Verify Properties of an Azure Virtual Machine ```ruby -describe azure_virtual_machine(resource_group: 'MyResourceGroup', name: 'prod-web-01') do +describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'NAME-WEB-01') do it { should exist } it { should have_monitoring_agent_installed } it { should_not have_endpoint_protection_installed([]) } @@ -511,7 +512,7 @@ end ### Verify Properties of a Network Security Group ```ruby -describe azure_network_security_group(resource_group: 'ProductionResourceGroup', name: 'ProdServers') do +describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'NAME-SERVER') do it { should exist } its('type') { should eq 'Microsoft.Network/networkSecurityGroups' } its('security_rules') { should_not be_empty } @@ -525,34 +526,35 @@ end ## Parameters Applicable To All Resources -The generic resources and their derivations support following parameters unless stated otherwise in their specific resource page. +The generic resources and their derivations support the following parameters unless stated otherwise on their specific resource page. ### `api_version` As an Azure resource provider enables new features, it releases a new version of the REST API. They are generally in the format of `2020-01-01`. -InSpec Azure resources can be forced to use a specific version of the API to eliminate the behavioural changes between the tests using different API versions. The latest version will be used unless a specific version is provided. +InSpec Azure resources can be forced to use a specific version of the API to eliminate the behavioral changes between the tests using different API versions. The latest version will be used unless a specific version is provided. -### User Provided Api Version +### User-Provided API Version ```ruby -describe azure_virtual_machine(resource_group: 'my_group', name: 'my_VM', api_version: '2020-01-01') do +describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'NAME', api_version: '2020-01-01') do its('api_version_used_for_query_state') { should eq 'user_provided' } its('api_version_used_for_query') { should eq '2020-01-01' } end ``` -### Pre-defined Default Api Version +### Pre-defined Default API Version -`default` api version can be used if it is supported by the resource provider. +`default` API version can be used if it is supported by the resource provider. ```ruby -describe azure_generic_resource(resource_provider: 'Microsoft.Compute/virtualMachines', name: 'my_VM', api_version: 'default') do +describe azure_generic_resource(resource_provider: 'Microsoft.Compute/virtualMachines', name: 'NAME', api_version: 'DEFAULT') do its('api_version_used_for_query_state') { should eq 'default' } end ``` -### Latest Api Version -`latest` version will be determined by this resource pack within the supported api versions. If the latest version is a `preview` than an older but a stable version might be used. Explicitly forcing to use the `latest` version. +### Latest API Version + +`latest` version will be determined by this resource pack within the supported API versions. If the latest version is a `preview`, than an older, but a stable version might be used. Explicitly forcing to use the `latest` version. ```ruby describe azure_virtual_networks(api_version: 'latest') do @@ -563,7 +565,7 @@ end `latest` version will be used unless provided (Implicit). ```ruby -describe azure_network_security_groups(resource_group: 'my_group') do +describe azure_network_security_groups(resource_group: 'RESOURCE_GROUP') do its('api_version_used_for_query_state') { should eq 'latest' } end ``` @@ -576,9 +578,9 @@ describe azure_network_security_groups(resource_group: 'my_group', api_version: end ``` -### `endpoint` +### endpoint -Microsoft Azure cloud services are available through a global and three national network of datacenter as described [here](https://docs.microsoft.com/en-us/graph/deployments). The preferred data center can be defined via `endpoint` parameter. Azure Global Cloud will be used if not provided. +Microsoft Azure cloud services are available through a global and three national networks of the datacenter as described [here](https://docs.microsoft.com/en-us/graph/deployments). The preferred data center can be defined via `endpoint` parameter. Azure Global Cloud will be used if not provided. - `azure_cloud` (default) - `azure_china_cloud` @@ -594,11 +596,11 @@ end It can be defined as an environment variable or a resource parameter (has priority). -The predefined environment variables for each cloud deployments can be found [here](libraries/backend/helpers.rb). +The pre-defined environment variables for each cloud deployment can be found [here](libraries/backend/helpers.rb). ### http_client parameters -The behavior of the http client can be defined with the following parameters: +The behavior of the HTTP client can be defined with the following parameters: - `azure_retry_limit`: Maximum number of retries (default - `2`, Integer). - `azure_retry_backoff`: Pause in seconds between retries (default - `0`, Integer). @@ -608,11 +610,11 @@ They can be defined as environment variables or resource parameters (has priorit
-> WARNING The following resources are using their `azure_` counterparts under the hood and they will be deprecated in the InSpec Azure version **2**. -> Their api versions are fixed (see below) for full backward compatibility. +> WARNING The following resources are using their `azure_` counterparts under the hood, and they will be deprecated in the InSpec Azure version **2**. +> Their API versions are fixed (see below) for full backward compatibility. > It is strongly advised to start using the resources with `azure_` prefix for an up-to-date testing experience. -| Legacy Resource Name | Fixed [api version](#api_version) | Replaced by | +| Legacy Resource Name | Fixed [API version](#api_version) | Replaced by | |------------------------------------------|----------------------------|-------------------------------| | azurerm_ad_user, azurerm_ad_users | `v1.0` | [azure_graph_user](https://docs.chef.io/inspec/resources/azure_graph_user/), [azure_graph_users](https://docs.chef.io/inspec/resources/azure_graph_users/) | | azurerm_aks_cluster, azurerm_aks_clusters | `2018-03-31` | [azure_aks_cluster](https://docs.chef.io/inspec/resources/azure_aks_cluster/), [azure_aks_cluster](https://docs.chef.io/inspec/resources/azure_aks_cluster/) | @@ -658,15 +660,15 @@ They can be defined as environment variables or resource parameters (has priorit ## Development -If you'd like to contribute to this project please see [Contributing Rules](CONTRIBUTING.md). +If you'd like to contribute to this project, please see [Contributing Rules](CONTRIBUTING.md). For a detailed walk-through of resource creation, see the [Resource Creation Guide](dev-docs/resource_creation_guide.md). ### Developing a Static Resource -The static resource is an InSpec Azure resource that is used to interrogate a specific Azure resource, such as, `azure_virtual_machine`, `azure_key_vaults`. As opposed to the generic resources, they might have some static properties created by processing the dynamic properties of a resource, such as, `azure_virtual_machine.admin_username`. +The static resource is an InSpec Azure resource that is used to interrogate a specific Azure resource, such as, `azure_virtual_machine`, `azure_key_vaults`. As opposed to the generic resources, they might have some static properties created by processing the dynamic properties of a resource, such as `azure_virtual_machine.admin_username`. -The easiest way to start is checking the existing static resources. They have detailed information on how to leverage the backend class within their comments. +The easiest way to start by checking the existing static resources. They have detailed information on leveraging the backend class within their comments. The common parameters are: @@ -679,9 +681,9 @@ The common parameters are: #### Singular Resources -The singular resource is used to test a specific resource of a specific type and should include all of the properties available, such as, `azure_virtual_machine`. +The singular resource is used to test a specific resource of a specific type and should include all of the properties available, such as `azure_virtual_machine`. -- In most cases `resource_group` and resource `name` should be required from the users and a single API call would be enough for creating methods on the resource. See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties. +- In most cases, `resource_group` and resource `name` should be required from the users, and a single API call would be enough for creating methods on the resource. See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties. - If it is beneficial to accept the resource name with a more specific keyword, such as `server_name`, see [azure_mysql_server](libraries/azure_mysql_server.rb). - If a resource exists in another resource, such as a subnet on a virtual network, see [azure_subnet](libraries/azure_subnet.rb). - If it is necessary to make an additional API call within a static method, the `create_additional_properties` should be used. See [azure_key_vault](libraries/azure_key_vault.rb). @@ -697,7 +699,7 @@ A plural resource is used to test the collection of resources of a specific type ### Setting the Environment Variables -The following instructions will help you get your development environment setup to run integration tests. +The following instructions will help you get your development environment set up to run integration tests. Copy `.envrc-example` to `.envrc` and fill in the fields with the values from your account. @@ -708,7 +710,7 @@ export AZURE_TENANT_ID= export AZURE_CLIENT_SECRET= ``` -For PowerShell, set the following environment variables +For PowerShell, set the following environment variables. ```shell $env:AZURE_SUBSCRIPTION_ID="" @@ -717,20 +719,20 @@ $env:AZURE_CLIENT_SECRET="" $env:AZURE_TENANT_ID="" ``` -**Setup Azure CLI** +## Setup Azure CLI - Follow the instructions for your platform [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) - * macOS: `brew update && brew install azure-cli` + - macOS: `brew update && brew install azure-cli` - Login with the azure-cli - * `rake azure:login` + - `rake azure:login` - Verify azure-cli is logged in: - * `az account show` + - `az account show` ### Starting an Environment -First ensure your system has [Terraform](https://www.terraform.io/intro/getting-started/install.html) installed. +First, ensure your system has [Terraform](https://www.terraform.io/intro/getting-started/install.html) installed. -This environment may be used to run your profile against or to run integration tests on it. We are using [Terraform workspaces](https://www.terraform.io/docs/state/workspaces.html) to allow for teams to have completely unique environments without affecting each other. +This environment may be used to run your profile against or to run integration tests on it. We are using [Terraform workspaces](https://www.terraform.io/docs/state/workspaces.html) to allow teams to have unique environments without affecting each other. ### Direnv @@ -745,7 +747,7 @@ rake azure:login rake tf:apply ``` -Updating a running environment (e.g. when you change the .tf file): +Updating a running environment (For example, when you change the .tf file): ```shell rake tf:apply @@ -763,7 +765,7 @@ Destroying your environment: rake tf:destroy ``` -To run Rubocop and Syntax check for Ruby and InSpec: +To run Rubocop and Syntax, check for Ruby and InSpec: ```shell rake test:lint @@ -781,8 +783,7 @@ To run integration tests: rake test:integration ``` -Please note that Graph API resource requires specific privileges granted to your service principal. -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. +Please note that Graph API resource requires specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. To run a control called `azure_virtual_machine` only: @@ -790,7 +791,7 @@ To run a control called `azure_virtual_machine` only: rake test:integration[azurerm_virtual_machine] ``` -Note that in zsh you need to escape the `[`, `]` characters. +Note that in `zsh` you need to escape the `[`, `]` characters. You may run selected multiple controls only: @@ -806,7 +807,7 @@ rake ### Optional Components -The creation of the following resources can be skipped if there is any resource constraints. +The creation of the following resources can be skipped if there are any resource constraints. - Network Watcher diff --git a/docs-chef-io/README.md b/docs-chef-io/README.md index 255c90b88..30cb4441a 100644 --- a/docs-chef-io/README.md +++ b/docs-chef-io/README.md @@ -1,7 +1,6 @@ # Chef InSpec Azure Resource Documentation -This is the home of the InSpec Azure resource documentation found on -. +Home page of the InSpec Azure resource documentation is at . We use [Hugo](https://gohugo.io/) to incorporate documentation from this repository into `chef/chef-web-docs` and deploy it on . @@ -70,7 +69,11 @@ which will render the following text: > Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with at least a `contributor` role on the subscription you wish to test. -**Note:** You can add shortcodes from other repositories. For example, the `inspec_filter_table.md` and the `inspec_matchers_link.md` shortcodes are both located in the chef/chef-web-docs repository, but they can be added to this documentation set using the same method described above. +{{< note >}} + +You can add shortcodes from other repositories. For example, the `inspec_filter_table.md` and the `inspec_matchers_link.md` shortcodes are both located in the chef/chef-web-docs repository, but they can be added to this documentation set using the same method described above. + +{{< /note >}} ### Release Dates @@ -78,18 +81,15 @@ The chef/chef-web-docs repository uses the `release-dates.json` file in `docs-ch ## Update the InSpec Repository Module In `chef/chef-web-docs` -We use [Hugo modules](https://gohugo.io/hugo-modules/) to build Chef's documentation -from multiple repositories. +We use [Hugo modules](https://gohugo.io/hugo-modules/) to build Chef's documentation from multiple repositories. When release notes are announced for inspec-azure, the documentation for inspec-azure is updated at the same time. See the section below on release notes. -A member of the Docs Team can also update the inspec-azure resource documentation at any time when new resources are ready to be added to . +A member from the Documentation Team can also update the inspec-azure resource documentation at any time when new resources are ready to be added to . ## Local Development Environment -We use [Hugo](https://gohugo.io/), [Go](https://golang.org/), and[NPM](https://www.npmjs.com/) -to build the Chef Documentation website. You will need Hugo 0.93.1 or higher -installed and running to build and view our documentation. +We use [Hugo](https://gohugo.io/), [Go](https://golang.org/), and[NPM](https://www.npmjs.com/) to build the Chef Documentation website. You will need Hugo 0.93.1 or higher installed and running to build and view our documentation. To install Hugo, NPM, and Go on Windows and macOS: @@ -106,10 +106,7 @@ To install Hugo on Linux, run: ### make serve -Run `make serve` to build a local preview of the InSpec Azure resource documentation. -This will clone a copy of `chef/chef-web-docs` into the `docs-chef-io` directory. -That copy will be configured to build the InSpec Azure resource documentation from the `docs-chef-io` directory -and live reload if any changes are made while the Hugo server is running. +Run `make serve` to build a local preview of the InSpec Azure resource documentation. This clones a copy of `chef/chef-web-docs` into the `docs-chef-io` directory and configures to build the InSpec Azure resource documentation. Then the live reload happens if any changes made while the Hugo server is running. - Run `make serve` - go to @@ -136,13 +133,13 @@ Have a member of the documentation team review the Pending Release Notes file be 2. Run the `publish-release-notes.sh` script in `tools/release-notes`. You can run this from the Makefile with `make publish_release_notes` - This will push the pending release notes to the S3 chef-cd bucket, reset the Pending Release Notes file, and update the `release-dates.json` file in `assets/release-notes/inspec-azure`. + This command pushes the pending release notes to the S3 chef-cd bucket, reset the Pending Release Notes file, and update the `release-dates.json` file in `assets/release-notes/inspec-azure`. 3. Push up and merge a branch to `inspec/inspec-azure` with the changes made to the `release-dates.json` file. ### chef-web-docs -chef-web-docs is configured to open a PR that will update the inspec-azure content on when a change is committed to the `release-dates.json` file in the inspec-azure repository. This will update the InSpec Azure resource documentation and update release notes for InSpec Azure resources. +chef-web-docs is configured to open a PR that updates the inspec-azure content on when a change is committed to the `release-dates.json` file in the inspec-azure repository. This updates the InSpec Azure resource documentation and update release notes for InSpec Azure resources. A member fo the documentation team can merge that PR for you as soon as it's made. @@ -156,11 +153,8 @@ You can find the proper release notes in the Pending Release Notes file history If you need support, contact [Chef Support](https://www.chef.io/support/). -**GitHub issues** +### GitHub issues -Submit an issue to the [inspec-azure repo](https://github.com/inspec/inspec-azure/issues) -for "important" documentation bugs that may need visibility among a larger group, -especially in situations where a documentation bug may also surface a product bug. +Submit an issue to the [inspec-azure repo](https://github.com/inspec/inspec-azure/issues) for **important** documentation bugs that may need visibility among a larger group, especially in situations where a documentation bug may also surface a product bug. -Submit an issue to [chef-web-docs](https://github.com/chef/chef-web-docs/issues) for -documentation feature requests and minor documentation issues. +Submit an issue to [chef-web-docs](https://github.com/chef/chef-web-docs/issues) for documentation feature requests and minor documentation issues. diff --git a/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md b/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md index 76cf10117..d024a744f 100644 --- a/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md +++ b/docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_hpc_asc_operation Resource" parent = "inspec/resources/azure" +++ -Use the `azure_hpc_asc_operation` InSpec audit resource to test properties related to an Azure HPC ASC Operation. +Use the `azure_hpc_asc_operation` InSpec audit resource to test the properties related to an Azure HPC ASC Operation. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,7 +22,7 @@ Use the `azure_hpc_asc_operation` InSpec audit resource to test properties relat ## Syntax -`name`, `cache_name`, `resource_group` is a required parameter. +`name`, `cache_name`, and `resource_group` are required parameters. ```ruby describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do @@ -44,7 +44,7 @@ end : The name of the region used to look up the operation. `operation_id` _(required)_ -: The operation id which uniquely identifies the asynchronous operation. +: The operation ID that uniquely identifies the asynchronous operation. ## Properties @@ -96,4 +96,4 @@ end ## Azure Permissions -{{% azure_permissions_service_principal role="reader" %}} \ No newline at end of file +{{% azure_permissions_service_principal role="reader" %}} From 1ccf6a8f74471ffc3a2ec34603dc03c901c9284e Mon Sep 17 00:00:00 2001 From: Deepa Kumaraswamy Date: Fri, 8 Apr 2022 15:06:19 +0530 Subject: [PATCH 18/20] doc review changes Signed-off-by: Deepa Kumaraswamy --- README.md | 103 +++++++++--------- .../inspec/resources/azure_hpc_cache_skus.md | 27 ++--- 2 files changed, 61 insertions(+), 69 deletions(-) diff --git a/README.md b/README.md index a16989573..6fb8bc0ae 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # InSpec for Azure -* **Project State: Maintained** +- **Project State: Maintained** For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md). @@ -18,14 +18,14 @@ This InSpec resource pack uses the Azure REST API and provides the required reso - [Create a new profile](#create-a-new-profile) - [Resource Documentation](#resource-documentation) - [Examples](#examples) - - [Interrogate All Resources that Have `project_A` in Their Names within Your Subscription Regardless of Their Type and Resource Group](#interrogate-all-resources-that-have-project_a-in-their-names-within-your-subscription-regardless-of-their-type-and-resource-group) - - [Interrogate All Resources that Have a Tag Defined with the Name `project_A` Regardless of its Value](#interrogate-all-resources-that-have-a-tag-defined-with-the-name-project_a-regardless-of-its-value) + - [Ensure all Resources have names within the Subscription regardless of the type and resource group](#ensure-all-resources-have-names-within-the-subscription-regardless-of-the-type-and-resource-group) + - [Ensure all resources have a defined tag regardless of its value](#ensure-all-resources-have-a-defined-tag-regardless-of-its-value) - [Verify Properties of an Azure Virtual Machine](#verify-properties-of-an-azure-virtual-machine) - [Verify Properties of a Network Security Group](#verify-properties-of-a-network-security-group) - [Parameters Applicable To All Resources](#parameters-applicable-to-all-resources) - [`api_version`](#api_version) - - [User Provided Api Version](#user-provided-api-version) - - [Pre-defined Default Api Version](#pre-defined-default-api-version) + - [User Provided API Version](#user-provided-api-version) + - [Pre-defined Default API Version](#pre-defined-default-api-version) - [Latest Api Version](#latest-api-version) - [`endpoint`](#endpoint) - [http_client parameters](#http_client-parameters) @@ -34,6 +34,7 @@ This InSpec resource pack uses the Azure REST API and provides the required reso - [Singular Resources](#singular-resources) - [Plural Resources](#plural-resources) - [Setting the Environment Variables](#setting-the-environment-variables) + - [Setup Azure CLI](#setup-azure-cli) - [Starting an Environment](#starting-an-environment) - [Direnv](#direnv) - [Rake Commands](#rake-commands) @@ -41,48 +42,49 @@ This InSpec resource pack uses the Azure REST API and provides the required reso ## Prerequisites -* Ruby -* Bundler installed -* Azure Service Principal Account +- Ruby +- Bundler installed +- Azure Service Principal Account ### Service Principal -Your Azure Service Principal Account must have a minimum of `reader` role of the [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) to any subscription that you'd like to use this resource pack against. +Your Azure Service Principal Account must have a minimum of `reader` role of the [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) to any subscription that you'd like to use this resource pack. You should have the following pieces of information: -* TENANT_ID -* CLIENT_ID -* CLIENT_SECRET -* SUBSCRIPTION_ID +- TENANT_ID +- CLIENT_ID +- CLIENT_SECRET +- SUBSCRIPTION_ID To create your account Service Principal Account: 1. Login to the Azure portal. -2. Click on `Azure Active Directory`. -3. Click on `APP registrations`. -4. Click on `New application registration`. -5. Fill in a name and select `Web` from the `Application Type` drop down. Save your application. -6. Note your Application ID. This is your `client_id` above. -7. Click on `Certificates & secrets`. -8. Click on `New client secret`. -9. Create a new password. This value is your `client_secret` above. -10. Go to your subscription (click on `All Services` then subscriptions). Choose your subscription from that list. -11. Note your Subscription ID can be found here. -12. Click `Access control (IAM)`. -13. Click **Add**. -14. Select the `reader` role. -15. Select the application you just created and save. - -These must be stored in a environment variables prefaced with `AZURE_`. If you use Dotenv, then you may save these values in your own `.envrc` file. Either source it or run `direnv allow`. If you don't use Dotenv, then you may just create environment variables in the way that your prefer. +1. Click on **Azure Active Directory**. +1. Click on **APP registrations**. +1. Click on **New application registration**. +1. Enter a name and select **Web** from the **Application Type** drop-down. +1. Save your application. +1. Note your Application ID. This is your **Client_id** above. +1. Click on **Certificates & secrets**. +1. Click on **New client secret**. +1. Create a new password. This value is your **client_secret** above. +1. Go to your subscription, click on **All Services** and then subscriptions. Choose your subscription from that list. +1. Note your Subscription ID can be found here. +1. Click **Access control (IAM)`. +1. Click **Add**. +1. Select the **reader** role. +1. Select the application you created and save. + +These must be stored in a environment variables prefaced with `AZURE_`. If you use Dotenv, then you may save these values in your own `.envrc` file. Either source it or run `direnv allow`. If you don't use `Dotenv`, then you may create environment variables in the way that you prefer. ### Use the Resources -Since this is an InSpec resource pack, it only defines InSpec resources. To use these resources in your own controls you should create your own profile: +Since this is an InSpec resource pack, it only defines InSpec resources. To use these resources in your controls, you should create your profile: #### Create a new profile -``` +```ruby $ inspec init profile --platform azure my-profile ``` @@ -474,21 +476,21 @@ For more details and different use cases, please refer to the specific resource ## Examples -### Interrogate All Resources that Have `project_A` in Their Names within Your Subscription Regardless of Their Type and Resource Group +### Ensure all Resources have names within the Subscription regardless of the type and resource group ```ruby -azure_generic_resources(substring_of_name: 'project_A').ids.each do |id| - describe azure_generic_resource(resource_id: id) do +azure_generic_resources(substring_of_name: 'NAME').ids.each do |id| + describe azure_generic_resource(resource_id: 'ID') do its('location') { should eq 'eastus' } end end ``` -### Interrogate All Resources that Have a Tag Defined with the Name `project_A` Regardless of its Value +### Ensure all resources have a defined tag regardless of its value ```ruby -azure_generic_resources(tag_name: 'project_A').ids.each do |id| - describe azure_generic_resource(resource_id: id) do +azure_generic_resources(tag_name: 'NAME').ids.each do |id| + describe azure_generic_resource(resource_id: 'ID') do its('location') { should eq 'eastus' } end end @@ -497,7 +499,7 @@ end ### Verify Properties of an Azure Virtual Machine ```ruby -describe azure_virtual_machine(resource_group: 'MyResourceGroup', name: 'prod-web-01') do +describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'NAME') do it { should exist } it { should have_monitoring_agent_installed } it { should_not have_endpoint_protection_installed([]) } @@ -511,7 +513,7 @@ end ### Verify Properties of a Network Security Group ```ruby -describe azure_network_security_group(resource_group: 'ProductionResourceGroup', name: 'ProdServers') do +describe azure_network_security_group(resource_group: 'RESOURCE_GROUP', name: 'NAME) do it { should exist } its('type') { should eq 'Microsoft.Network/networkSecurityGroups' } its('security_rules') { should_not be_empty } @@ -532,26 +534,27 @@ The generic resources and their derivations support following parameters unless As an Azure resource provider enables new features, it releases a new version of the REST API. They are generally in the format of `2020-01-01`. InSpec Azure resources can be forced to use a specific version of the API to eliminate the behavioural changes between the tests using different API versions. The latest version will be used unless a specific version is provided. -### User Provided Api Version +### User Provided API Version ```ruby -describe azure_virtual_machine(resource_group: 'my_group', name: 'my_VM', api_version: '2020-01-01') do +describe azure_virtual_machine(resource_group: 'RESOURCE_GROUP', name: 'VM_NAME, api_version: '2020-01-01') do its('api_version_used_for_query_state') { should eq 'user_provided' } its('api_version_used_for_query') { should eq '2020-01-01' } end ``` -### Pre-defined Default Api Version +### Pre-defined Default API Version -`default` api version can be used if it is supported by the resource provider. +`default` API version can be used if it is supported by the resource provider. ```ruby -describe azure_generic_resource(resource_provider: 'Microsoft.Compute/virtualMachines', name: 'my_VM', api_version: 'default') do +describe azure_generic_resource(resource_provider: 'Microsoft.Compute/virtualMachines', name: 'VM_NAME', api_version: 'default') do its('api_version_used_for_query_state') { should eq 'default' } end ``` ### Latest Api Version + `latest` version will be determined by this resource pack within the supported api versions. If the latest version is a `preview` than an older but a stable version might be used. Explicitly forcing to use the `latest` version. ```ruby @@ -571,7 +574,7 @@ end `latest` version will be used if the provided is invalid. ```ruby -describe azure_network_security_groups(resource_group: 'my_group', api_version: 'invalid_api_version') do +describe azure_network_security_groups(resource_group: 'RESOURCE_GROUP', api_version: 'invalid_api_version') do its('api_version_used_for_query_state') { should eq 'latest' } end ``` @@ -609,7 +612,7 @@ They can be defined as environment variables or resource parameters (has priorit
> WARNING The following resources are using their `azure_` counterparts under the hood and they will be deprecated in the InSpec Azure version **2**. -> Their api versions are fixed (see below) for full backward compatibility. +> Their API versions are fixed (see below) for full backward compatibility. > It is strongly advised to start using the resources with `azure_` prefix for an up-to-date testing experience. | Legacy Resource Name | Fixed [api version](#api_version) | Replaced by | @@ -717,14 +720,14 @@ $env:AZURE_CLIENT_SECRET="" $env:AZURE_TENANT_ID="" ``` -**Setup Azure CLI** +### Setup Azure CLI - Follow the instructions for your platform [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) - * macOS: `brew update && brew install azure-cli` + - macOS: `brew update && brew install azure-cli` - Login with the azure-cli - * `rake azure:login` + - `rake azure:login` - Verify azure-cli is logged in: - * `az account show` + - `az account show` ### Starting an Environment diff --git a/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md b/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md index 6a07a2717..87c2e3dfb 100644 --- a/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md +++ b/docs-chef-io/content/inspec/resources/azure_hpc_cache_skus.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_hpc_cache_skus Resource" parent = "inspec/resources/azure" +++ -Use the `azure_hpc_cache_skus` InSpec audit resource to test properties related to all Azure HPC Cache SKUs. +Use the `azure_hpc_cache_skus` InSpec audit resource to test the properties related to all Azure HPC Cache SKUs. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -35,39 +35,28 @@ end ## Properties `resourceTypes` -: A list of the type of resource the SKU applies to. - -: **Field**: `resourceType` +: A resource types list of the SKU applies to. **Field**: `resourceType` `names` -: A list of SKU names. - -: **Field**: `name` +: A list of SKU names. **Field**: `name` `sizes` -: A list of the SKU sizes. - -: **Field**: `size` +: A list of the SKU sizes. **Field**: `size` `tiers` -: A list of tiers of VM in a scale set. - -: **Field**: `tier` +: A tiers list of VM in a scale set. **Field**: `tier` `kind` -: A list of kind of resources that are supported. - -: **Field**: `kind` +: The supported kind list of resources. **Field**: `kind` {{% inspec_filter_table %}} ## Examples - -**Test that there are Standard tier HPC Cache SKUs.** +### Ensure that there are Standard tier HPC Cache SKUs ```ruby -describe azure_hpc_cache_skus.where(tier: 'Standard') do +describe azure_hpc_cache_skus.where(tier: 'STANDARD') do it { should exist } end ``` From 954a40a85b015c94586a3d0cb0d96b1931f808b7 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Fri, 8 Apr 2022 12:34:00 +0000 Subject: [PATCH 19/20] Bump version to 1.115.1 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41fc16c14..1ac4c4cc1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,15 @@ # Changelog - + +## [v1.115.1](https://github.com/inspec/inspec-azure/tree/v1.115.1) (2022-04-08) + +#### Merged Pull Requests +- Resource 106 hpc asc operations [#649](https://github.com/inspec/inspec-azure/pull/649) ([sathish-progress](https://github.com/sathish-progress)) + + ## [v1.115.0](https://github.com/inspec/inspec-azure/tree/v1.115.0) (2022-03-31) #### Merged Pull Requests - Adding storage account logging features [#648](https://github.com/inspec/inspec-azure/pull/648) ([Rohit1509](https://github.com/Rohit1509)) - ## [v1.114.4](https://github.com/inspec/inspec-azure/tree/v1.114.4) (2022-03-31) diff --git a/VERSION b/VERSION index 8a7515d6b..f704e8456 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.115.0 \ No newline at end of file +1.115.1 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index b1c143bca..d25e238d8 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,7 +5,7 @@ copyright: Chef Software, Inc. copyright_email: support@chef.io license: Apache-2.0 summary: This resource pack provides compliance resources for Azure. -version: 1.115.0 +version: 1.115.1 inspec_version: '>= 4.18.39' supports: - platform: azure From 6d7b89ed6f9b10d703b1f4000d3461050ff03ccb Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Mon, 11 Apr 2022 09:42:49 +0000 Subject: [PATCH 20/20] Bump version to 1.116.0 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ac4c4cc1..c264d660c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,15 @@ # Changelog - + +## [v1.116.0](https://github.com/inspec/inspec-azure/tree/v1.116.0) (2022-04-11) + +#### Merged Pull Requests +- RESOURCE-104 Support azure cache skus [#637](https://github.com/inspec/inspec-azure/pull/637) ([sathish-progress](https://github.com/sathish-progress)) + + ## [v1.115.1](https://github.com/inspec/inspec-azure/tree/v1.115.1) (2022-04-08) #### Merged Pull Requests - Resource 106 hpc asc operations [#649](https://github.com/inspec/inspec-azure/pull/649) ([sathish-progress](https://github.com/sathish-progress)) - ## [v1.115.0](https://github.com/inspec/inspec-azure/tree/v1.115.0) (2022-03-31) diff --git a/VERSION b/VERSION index f704e8456..60b3e53ad 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.115.1 \ No newline at end of file +1.116.0 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index d25e238d8..c23f534e2 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,7 +5,7 @@ copyright: Chef Software, Inc. copyright_email: support@chef.io license: Apache-2.0 summary: This resource pack provides compliance resources for Azure. -version: 1.115.1 +version: 1.116.0 inspec_version: '>= 4.18.39' supports: - platform: azure