Merge pull request #419 from inspec/f/express_route

F/express route

README.md

@@ -121,6 +121,8 @@ The following is a list of static resources.
 - [azure_api_managements](docs/resources/azure_api_managements.md)
 - [azure_application_gateway](docs/resources/azure_application_gateway.md)
 - [azure_application_gateways](docs/resources/azure_application_gateways.md)
+- [azure_bastion_hosts_resource](docs/resources/azure_bastion_hosts_resource.md)
+- [azure_bastion_hosts_resources](docs/resources/azure_bastion_hosts_resources.md)
 - [azure_container_group](docs/resources/azure_container_group.md)
 - [azure_container_groups](docs/resources/azure_container_groups.md)
 - [azure_container_registries](docs/resources/azure_container_registries.md)
@@ -133,6 +135,7 @@ The following is a list of static resources.
 - [azure_event_hub_authorization_rule](docs/resources/azure_event_hub_authorization_rule.md)
 - [azure_event_hub_event_hub](docs/resources/azure_event_hub_event_hub.md)
 - [azure_event_hub_namespace](docs/resources/azure_event_hub_namespace.md)
+- [azure_express_route_providers](docs/resources/azure_express_route_providers.md)
 - [azure_generic_resource](docs/resources/azure_generic_resource.md)
 - [azure_generic_resources](docs/resources/azure_generic_resources.md)
 - [azure_graph_generic_resource](docs/resources/azure_graph_generic_resource.md)
@@ -220,8 +223,6 @@ The following is a list of static resources.
 - [azure_web_app_functions](docs/resources/azure_web_app_functions.md)
 - [azure_webapp](docs/resources/azure_webapp.md)
 - [azure_webapps](docs/resources/azure_webapps.md)
-- [azure_bastion_hosts_resource](docs/resources/azure_bastion_hosts_resource.md)
-- [azure_bastion_hosts_resources](docs/resources/azure_bastion_hosts_resources.md)
 
 For more details and different use cases, please refer to the specific resource pages.
 

docs/resources/azure_express_route_providers.md

@@ -86,8 +86,6 @@ describe azure_express_route_providers(resource_group: 'MyResourceGroup') do
   its('peering_locations_list') { should include(["Melbourne", "Sydney"]) }
   its('bandwidths_offered_list') { should include('bandwidths_offered') }
 end
-
-
 ```
 ## Azure Permissions
 

libraries/azure_express_route_providers.rb

@@ -0,0 +1,100 @@
+require 'azure_generic_resources'
+
+class AzureExpressRouteServiceProviders < AzureGenericResources
+  name 'azure_express_route_providers'
+  desc 'Verifies settings for Azure Virtual Machines'
+  example <<-EXAMPLE
+    describe azure_express_route_providers(resource_group: 'example') do
+      it{ should exist }
+    end
+  EXAMPLE
+
+  attr_reader :table
+
+  def initialize(opts = {})
+    # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    # Azure REST API endpoint URL format listing the all resources for a given subscription:
+    #   GET https://management.azure.com/subscriptions/{subscriptionId}/
+    # providers/Microsoft.Network/expressRouteServiceProviders?api-version=2020-11-01
+    #
+    # or in a resource group only
+    #   GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/
+    #   Microsoft.Network/expressRouteServiceProviders?api-version=2019-12-01
+    #
+    # The dynamic part that has to be created for this resource:
+    #   Microsoft.Network/expressRouteServiceProviders?api-version=2019-12-01
+    #
+    # Parameters acquired from environment variables:
+    #   - {subscriptionId} => Required parameter. It will be acquired by the backend from environment variables.
+    #
+    # For parameters applicable to all resources, see project's README.
+    #
+    # User supplied parameters:
+    #   - resource_group => Optional parameter.
+    #   - api_version => Optional parameter. The latest version will be used unless provided.
+    #
+    #   **`resource_group`  will be used in the backend appropriately.
+    #     We don't have to do anything here.
+    #
+    # Following resource parameters have to be defined/created here.
+    #   resource_provider => Microsoft.Network/expressRouteServiceProviders
+    #     The `specific_resource_constraint` method will validate the user input
+    #       not to accept a different `resource_provider`.
+    #
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/expressRouteServiceProviders', opts)
+
+    # static_resource parameter must be true for setting the resource_provider in the backend.
+    super(opts, true)
+
+    # Check if the resource is failed.
+    # It is recommended to check that after every usage of superclass methods or API calls.
+    return if failed_resource?
+
+    # Define the column and field names for FilterTable.
+    #   - column: It is defined as an instance method, callable on the resource, and present `field` values in a list.
+    #   - field: It has to be identical with the `key` names in @table items that will be presented in the FilterTable.
+    # @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
+    table_schema = [
+      { column: :names, field: :name },
+      { column: :types, field: :type },
+      { column: :ids, field: :id },
+      { column: :tags, field: :tags },
+      { column: :provisioning_states, field: :provisioningState },
+      { column: :peering_locations_list, field: :peeringLocations },
+      { column: :bandwidths_offered_list, field: :bandwidthsOffered },
+    ]
+    # FilterTable is populated at the very end due to being an expensive operation.
+    AzureGenericResources.populate_filter_table(:table, table_schema)
+  end
+
+  def to_s
+    super(AzureExpressRouteServiceProviders)
+  end
+
+  private
+
+  # Populate the @table with the resource attributes.
+  # @table has been declared in the super class as an empty array.
+  # Each item in the @table
+  #   - should be a Hash object
+  #   - should have the exact key names defined in the @table_schema as `field`.
+  def populate_table
+    # If @resources empty than @table should stay as an empty array as declared in superclass.
+    # This will ensure constructing resource and passing `should_not exist` test.
+    return [] if @resources.empty?
+
+    @resources.each do |resource|
+      @table << {
+        id: resource[:id],
+        name: resource[:name],
+        type: resource[:type],
+        tags: resource[:tags],
+        provisioningState: resource[:properties][:provisioningState],
+        peeringLocations: resource[:properties][:peeringLocations],
+        bandwidthsOffered: resource[:properties][:bandwidthsOffered],
+      }
+    end
+  end
+end

terraform/outputs.tf

@@ -405,6 +405,10 @@ output "inspec_db_migration_service_sku_name" {
   value = var.inspec_db_migration_service.sku_name
 }
 
+output "express_route_name" {
+  value = var.express_route_name
+}
+
 output "inspec_container_group_name" {
   description = "the name of the container group"
   value = azurerm_container_group.inspec_container_trial.name
@@ -418,4 +422,4 @@ output "sample_directory_object" {
 output "inspec_redis_cache_name" {
   description = "The name of the redis cache created for cloud packs"
   value = azurerm_redis_cache.inspec_compliance_redis_cache.name
-}
+}

terraform/variables.tf

@@ -136,6 +136,10 @@ variable "policy_assignment_display_name" {
   default = "inspec_policy_assignment_name"
 }
 
+variable "express_route_name" {
+  default = "AARNet"
+}
+
 variable "inspec_db_migration_service" {
   default = {
     name = "inspec-compliance-migration-dev"

test/integration/verify/controls/azure_express_route_providers.rb

@@ -0,0 +1,9 @@
+express_route_name = input('express_route_name', value: nil)
+
+control 'azure_express_route_providers' do
+  describe azure_express_route_providers do
+    its('names') { should include express_route_name }
+    its('types') { should include 'Microsoft.Network/expressRouteServiceProviders' }
+    its('provisioning_states') { should include('Succeeded') }
+  end
+end

test/unit/resources/azure_express_route_providers_test.rb

@@ -0,0 +1,24 @@
+require_relative 'helper'
+require 'azure_express_route_providers'
+
+class AzureExpressRouteServiceProvidersConstructorTest < Minitest::Test
+  def test_resource_type_not_ok
+    assert_raises(ArgumentError) { AzureExpressRouteServiceProviders.new(resource_provider: 'some_type') }
+  end
+
+  def tag_value_not_ok
+    assert_raises(ArgumentError) { AzureExpressRouteServiceProviders.new(tag_value: 'some_tag_value') }
+  end
+
+  def tag_name_not_ok
+    assert_raises(ArgumentError) { AzureExpressRouteServiceProviders.new(tag_name: 'some_tag_name') }
+  end
+
+  def test_resource_id_not_ok
+    assert_raises(ArgumentError) { AzureExpressRouteServiceProviders.new(resource_id: 'some_id') }
+  end
+
+  def test_name_not_ok
+    assert_raises(ArgumentError) { AzureExpressRouteServiceProviders.new(name: 'some_name') }
+  end
+end