Merge branch 'main' into RESOURCE-106-HPC-ASC-operations

CHANGELOG.md

@@ -1,10 +1,20 @@
 # Changelog
-<!-- latest_release 1.114.3 -->
+<!-- latest_release 1.115.0 -->
+## [v1.115.0](https://github.com/inspec/inspec-azure/tree/v1.115.0) (2022-03-31)
+
+#### Merged Pull Requests
+- Adding storage account logging features [#648](https://github.com/inspec/inspec-azure/pull/648) ([Rohit1509](https://github.com/Rohit1509))
+<!-- latest_release -->
+
+## [v1.114.4](https://github.com/inspec/inspec-azure/tree/v1.114.4) (2022-03-31)
+
+#### Merged Pull Requests
+- Update rubocop requirement from ~&gt; 1.25.1 to ~&gt; 1.26.0 [#646](https://github.com/inspec/inspec-azure/pull/646) ([dependabot[bot]](https://github.com/dependabot[bot]))
+
 ## [v1.114.3](https://github.com/inspec/inspec-azure/tree/v1.114.3) (2022-03-29)
 
 #### Merged Pull Requests
 - Update docs makefile [#647](https://github.com/inspec/inspec-azure/pull/647) ([IanMadd](https://github.com/IanMadd))
-<!-- latest_release -->
 
 ## [v1.114.2](https://github.com/inspec/inspec-azure/tree/v1.114.2) (2022-03-21)
 

Gemfile

@@ -14,7 +14,7 @@ end
 
 group :development, :test do
   gem 'minitest'
-  gem 'rubocop',  '~> 1.25.1'
+  gem 'rubocop',  '~> 1.26.0'
   gem 'simplecov', '~> 0.21'
   gem 'simplecov_json_formatter'
 end

VERSION

@@ -1 +1 @@
-1.114.3
+1.115.0

inspec.yml

@@ -5,7 +5,7 @@ copyright: Chef Software, Inc.
 copyright_email: support@chef.io
 license: Apache-2.0
 summary: This resource pack provides compliance resources for Azure.
-version: 1.114.3
+version: 1.115.0
 inspec_version: '>= 4.18.39'
 supports:
   - platform: azure

libraries/azure_storage_account.rb

@@ -15,14 +15,16 @@ def initialize(opts = {})
     raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
 
     opts[:resource_provider] = specific_resource_constraint('Microsoft.Storage/storageAccounts', opts)
-    opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version)
+    opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version diagnostic_settings_api_version)
     # fall-back `api_version` is fixed for now.
     # TODO: Implement getting the latest Azure Storage services api version
     opts[:storage_service_endpoint_api_version] ||= '2019-12-12'
     opts[:activity_log_alert_api_version] ||= 'latest'
 
     # static_resource parameter must be true for setting the resource_provider in the backend.
     super(opts, true)
+
+    @opts[:diagnostic_settings_api_version] ||= '2017-05-01-preview'
   end
 
   def to_s
@@ -143,8 +145,92 @@ def table_properties
     end
   end
 
+  def blobs_diagnostic_settings
+    return unless exists?
+    # `additional_resource_properties` method will create a singleton method with the `property_name`
+    # and make api response available through this property.
+    additional_resource_properties(
+      {
+        property_name: 'diagnostic_settings',
+        property_endpoint: "#{id}/blobServices/default/providers/microsoft.insights/diagnosticSettings",
+        api_version: @opts[:diagnostic_settings_api_version],
+      },
+    )
+  end
+
+  def tables_diagnostic_settings
+    return unless exists?
+    # `additional_resource_properties` method will create a singleton method with the `property_name`
+    # and make api response available through this property.
+    additional_resource_properties(
+      {
+        property_name: 'diagnostic_settings',
+        property_endpoint: "#{id}/tableServices/default/providers/microsoft.insights/diagnosticSettings",
+        api_version: @opts[:diagnostic_settings_api_version],
+      },
+    )
+  end
+
+  def queues_diagnostic_settings
+    return unless exists?
+    # `additional_resource_properties` method will create a singleton method with the `property_name`
+    # and make api response available through this property.
+    additional_resource_properties(
+      {
+        property_name: 'diagnostic_settings',
+        property_endpoint: "#{id}/queueServices/default/providers/microsoft.insights/diagnosticSettings",
+        api_version: @opts[:diagnostic_settings_api_version],
+      },
+    )
+  end
+
+  def has_blobs_read_log_enabled?
+    check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageRead')
+  end
+
+  def has_blobs_write_log_enabled?
+    check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageWrite')
+  end
+
+  def has_blobs_delete_log_enabled?
+    check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageDelete')
+  end
+
+  def has_tables_read_log_enabled?
+    check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageRead')
+  end
+
+  def has_tables_write_log_enabled?
+    check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageWrite')
+  end
+
+  def has_tables_delete_log_enabled?
+    check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageDelete')
+  end
+
+  def has_queues_read_log_enabled?
+    check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageRead')
+  end
+
+  def has_queues_write_log_enabled?
+    check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageWrite')
+  end
+
+  def has_queues_delete_log_enabled?
+    check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageDelete')
+  end
+
   private
 
+  def check_enablement_from(settings:, category:)
+    return false if settings.blank?
+
+    settings.any? do |setting|
+      logs = setting.properties&.logs
+      logs&.any? { |log| (log.category == category) && log.enabled }
+    end
+  end
+
   def get_resource(opts = {})
     opts[:resource_data].presence || super
   end