Skip to content

Commit

Permalink
Merge branch 'main' of github.com:inspec/inspec-azure into support-az…
Browse files Browse the repository at this point in the history
…ure-cache-skus
  • Loading branch information
sathish-progress committed Apr 11, 2022
2 parents 1ccf6a8 + 954a40a commit 983fff0
Show file tree
Hide file tree
Showing 11 changed files with 329 additions and 85 deletions.
19 changes: 17 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,25 @@
# Changelog
<!-- latest_release 1.114.3 -->
<!-- latest_release 1.115.1 -->
## [v1.115.1](https://github.com/inspec/inspec-azure/tree/v1.115.1) (2022-04-08)

#### Merged Pull Requests
- Resource 106 hpc asc operations [#649](https://github.com/inspec/inspec-azure/pull/649) ([sathish-progress](https://github.com/sathish-progress))
<!-- latest_release -->

## [v1.115.0](https://github.com/inspec/inspec-azure/tree/v1.115.0) (2022-03-31)

#### Merged Pull Requests
- Adding storage account logging features [#648](https://github.com/inspec/inspec-azure/pull/648) ([Rohit1509](https://github.com/Rohit1509))

## [v1.114.4](https://github.com/inspec/inspec-azure/tree/v1.114.4) (2022-03-31)

#### Merged Pull Requests
- Update rubocop requirement from ~&gt; 1.25.1 to ~&gt; 1.26.0 [#646](https://github.com/inspec/inspec-azure/pull/646) ([dependabot[bot]](https://github.com/dependabot[bot]))

## [v1.114.3](https://github.com/inspec/inspec-azure/tree/v1.114.3) (2022-03-29)

#### Merged Pull Requests
- Update docs makefile [#647](https://github.com/inspec/inspec-azure/pull/647) ([IanMadd](https://github.com/IanMadd))
<!-- latest_release -->

## [v1.114.2](https://github.com/inspec/inspec-azure/tree/v1.114.2) (2022-03-21)

Expand Down
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ end

group :development, :test do
gem 'minitest'
gem 'rubocop', '~> 1.25.1'
gem 'rubocop', '~> 1.26.0'
gem 'simplecov', '~> 0.21'
gem 'simplecov_json_formatter'
end
116 changes: 58 additions & 58 deletions README.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.114.3
1.115.1
36 changes: 15 additions & 21 deletions docs-chef-io/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# Chef InSpec Azure Resource Documentation

This is the home of the InSpec Azure resource documentation found on
<https://docs.chef.io/inspec/resources/#azure>.
Home page of the InSpec Azure resource documentation is at <https://docs.chef.io/inspec/resources/#azure>.

We use [Hugo](https://gohugo.io/) to incorporate documentation from this repository into `chef/chef-web-docs` and deploy it on <https://docs.chef.io>.

Expand Down Expand Up @@ -70,26 +69,27 @@ which will render the following text:

> Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with at least a `contributor` role on the subscription you wish to test.
**Note:** You can add shortcodes from other repositories. For example, the `inspec_filter_table.md` and the `inspec_matchers_link.md` shortcodes are both located in the chef/chef-web-docs repository, but they can be added to this documentation set using the same method described above.
{{< note >}}

You can add shortcodes from other repositories. For example, the `inspec_filter_table.md` and the `inspec_matchers_link.md` shortcodes are both located in the chef/chef-web-docs repository, but they can be added to this documentation set using the same method described above.

{{< /note >}}

### Release Dates

The chef/chef-web-docs repository uses the `release-dates.json` file in `docs-chef-io/assets/release-notes/inspec-azure` to generate release notes on <https://docs.chef.io/release_notes_inspec_azure/>. See below for more information on release notes for inspec-azure.

## Update the InSpec Repository Module In `chef/chef-web-docs`

We use [Hugo modules](https://gohugo.io/hugo-modules/) to build Chef's documentation
from multiple repositories.
We use [Hugo modules](https://gohugo.io/hugo-modules/) to build Chef's documentation from multiple repositories.

When release notes are announced for inspec-azure, the documentation for inspec-azure is updated at the same time. See the section below on release notes.

A member of the Docs Team can also update the inspec-azure resource documentation at any time when new resources are ready to be added to <docs.chef.io>.
A member from the Documentation Team can also update the inspec-azure resource documentation at any time when new resources are ready to be added to <docs.chef.io>.

## Local Development Environment

We use [Hugo](https://gohugo.io/), [Go](https://golang.org/), and[NPM](https://www.npmjs.com/)
to build the Chef Documentation website. You will need Hugo 0.93.1 or higher
installed and running to build and view our documentation.
We use [Hugo](https://gohugo.io/), [Go](https://golang.org/), and[NPM](https://www.npmjs.com/) to build the Chef Documentation website. You will need Hugo 0.93.1 or higher installed and running to build and view our documentation.

To install Hugo, NPM, and Go on Windows and macOS:

Expand All @@ -106,10 +106,7 @@ To install Hugo on Linux, run:

### make serve

Run `make serve` to build a local preview of the InSpec Azure resource documentation.
This will clone a copy of `chef/chef-web-docs` into the `docs-chef-io` directory.
That copy will be configured to build the InSpec Azure resource documentation from the `docs-chef-io` directory
and live reload if any changes are made while the Hugo server is running.
Run `make serve` to build a local preview of the InSpec Azure resource documentation. This clones a copy of `chef/chef-web-docs` into the `docs-chef-io` directory and configures to build the InSpec Azure resource documentation. Then the live reload happens if any changes made while the Hugo server is running.

- Run `make serve`
- go to <http://localhost:1313/inspec/resources/#azure>
Expand All @@ -136,13 +133,13 @@ Have a member of the documentation team review the Pending Release Notes file be

2. Run the `publish-release-notes.sh` script in `tools/release-notes`. You can run this from the Makefile with `make publish_release_notes`

This will push the pending release notes to the S3 chef-cd bucket, reset the Pending Release Notes file, and update the `release-dates.json` file in `assets/release-notes/inspec-azure`.
This command pushes the pending release notes to the S3 chef-cd bucket, reset the Pending Release Notes file, and update the `release-dates.json` file in `assets/release-notes/inspec-azure`.

3. Push up and merge a branch to `inspec/inspec-azure` with the changes made to the `release-dates.json` file.

### chef-web-docs

chef-web-docs is configured to open a PR that will update the inspec-azure content on <doc.chef.io> when a change is committed to the `release-dates.json` file in the inspec-azure repository. This will update the InSpec Azure resource documentation and update release notes for InSpec Azure resources.
chef-web-docs is configured to open a PR that updates the inspec-azure content on <doc.chef.io> when a change is committed to the `release-dates.json` file in the inspec-azure repository. This updates the InSpec Azure resource documentation and update release notes for InSpec Azure resources.

A member fo the documentation team can merge that PR for you as soon as it's made.

Expand All @@ -156,11 +153,8 @@ You can find the proper release notes in the Pending Release Notes file history

If you need support, contact [Chef Support](https://www.chef.io/support/).

**GitHub issues**
### GitHub issues

Submit an issue to the [inspec-azure repo](https://github.com/inspec/inspec-azure/issues)
for "important" documentation bugs that may need visibility among a larger group,
especially in situations where a documentation bug may also surface a product bug.
Submit an issue to the [inspec-azure repo](https://github.com/inspec/inspec-azure/issues) for **important** documentation bugs that may need visibility among a larger group, especially in situations where a documentation bug may also surface a product bug.

Submit an issue to [chef-web-docs](https://github.com/chef/chef-web-docs/issues) for
documentation feature requests and minor documentation issues.
Submit an issue to [chef-web-docs](https://github.com/chef/chef-web-docs/issues) for documentation feature requests and minor documentation issues.
99 changes: 99 additions & 0 deletions docs-chef-io/content/inspec/resources/azure_hpc_asc_operation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
+++
title = "azure_hpc_asc_operation Resource"
platform = "azure"
draft = false
gh_repo = "inspec-azure"

[menu.inspec]
title = "azure_hpc_asc_operation"
identifier = "inspec/resources/azure/azure_hpc_asc_operation Resource"
parent = "inspec/resources/azure"
+++

Use the `azure_hpc_asc_operation` InSpec audit resource to test the properties related to an Azure HPC ASC Operation.

## Azure REST API Version, Endpoint, and HTTP Client Parameters

{{% inspec_azure_common_parameters %}}

## Installation

{{% inspec_azure_install %}}

## Syntax

`name`, `cache_name`, and `resource_group` are required parameters.

```ruby
describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do
it { should exist }
its('type') { should eq 'Microsoft.StorageCache/Cache/StorageTarget' }
its('location') { should eq 'East US' }
end
```

```ruby
describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do
it { should exist }
end
```

## Parameters

`location` _(required)_
: The name of the region used to look up the operation.

`operation_id` _(required)_
: The operation ID that uniquely identifies the asynchronous operation.

## Properties

`id`
: The operation Id.

`name`
: The operation name.

`startTime`
: The start time of the operation.

`status`
: The status of the operation.

`endTime`
: The end time of the operation.

For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}).

Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagecache/asc-operations/get#ascoperation) for other properties available.

## Examples

**Test that the HPC ASC Operation is Succeeded.**

```ruby
describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do
its('status') { should eq 'Succeeded' }
end
```

## Matchers

{{% inspec_matchers_link %}}

### exists

```ruby
# If a HPC ASC Operation is found it will exist
describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do
it { should exist }
end
# if HPC ASC Operation is not found it will not exist
describe azure_hpc_asc_operation(location: 'LOCATION', operation_id: 'OPERATION_ID') do
it { should_not exist }
end
```

## Azure Permissions

{{% azure_permissions_service_principal role="reader" %}}
2 changes: 1 addition & 1 deletion inspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ copyright: Chef Software, Inc.
copyright_email: support@chef.io
license: Apache-2.0
summary: This resource pack provides compliance resources for Azure.
version: 1.114.3
version: 1.115.1
inspec_version: '>= 4.18.39'
supports:
- platform: azure
24 changes: 24 additions & 0 deletions libraries/azure_hpc_asc_operation.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
require 'azure_generic_resource'

class AzureHPCASCOperation < AzureGenericResource
name 'azure_hpc_asc_operation'
desc 'Retrieves and verifies the settings of an Azure HPC ASC Operation'
example <<-EXAMPLE
describe azure_hpc_asc_operation(location: 'westus', operation_id: 'testoperationid') do
it { should exist }
end
EXAMPLE

def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.StorageCache/locations', opts)
opts[:required_parameters] = %i(location operation_id)
opts[:resource_path] = [opts[:location], 'ascOperations', opts[:operation_id]].join('/')
super(opts, true)
end

def to_s
super(AzureHPCASCOperations)
end
end
88 changes: 87 additions & 1 deletion libraries/azure_storage_account.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,16 @@ def initialize(opts = {})
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.Storage/storageAccounts', opts)
opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version)
opts[:allowed_parameters] = %i(activity_log_alert_api_version storage_service_endpoint_api_version diagnostic_settings_api_version)
# fall-back `api_version` is fixed for now.
# TODO: Implement getting the latest Azure Storage services api version
opts[:storage_service_endpoint_api_version] ||= '2019-12-12'
opts[:activity_log_alert_api_version] ||= 'latest'

# static_resource parameter must be true for setting the resource_provider in the backend.
super(opts, true)

@opts[:diagnostic_settings_api_version] ||= '2017-05-01-preview'
end

def to_s
Expand Down Expand Up @@ -143,8 +145,92 @@ def table_properties
end
end

def blobs_diagnostic_settings
return unless exists?
# `additional_resource_properties` method will create a singleton method with the `property_name`
# and make api response available through this property.
additional_resource_properties(
{
property_name: 'diagnostic_settings',
property_endpoint: "#{id}/blobServices/default/providers/microsoft.insights/diagnosticSettings",
api_version: @opts[:diagnostic_settings_api_version],
},
)
end

def tables_diagnostic_settings
return unless exists?
# `additional_resource_properties` method will create a singleton method with the `property_name`
# and make api response available through this property.
additional_resource_properties(
{
property_name: 'diagnostic_settings',
property_endpoint: "#{id}/tableServices/default/providers/microsoft.insights/diagnosticSettings",
api_version: @opts[:diagnostic_settings_api_version],
},
)
end

def queues_diagnostic_settings
return unless exists?
# `additional_resource_properties` method will create a singleton method with the `property_name`
# and make api response available through this property.
additional_resource_properties(
{
property_name: 'diagnostic_settings',
property_endpoint: "#{id}/queueServices/default/providers/microsoft.insights/diagnosticSettings",
api_version: @opts[:diagnostic_settings_api_version],
},
)
end

def has_blobs_read_log_enabled?
check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageRead')
end

def has_blobs_write_log_enabled?
check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageWrite')
end

def has_blobs_delete_log_enabled?
check_enablement_from(settings: blobs_diagnostic_settings, category: 'StorageDelete')
end

def has_tables_read_log_enabled?
check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageRead')
end

def has_tables_write_log_enabled?
check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageWrite')
end

def has_tables_delete_log_enabled?
check_enablement_from(settings: tables_diagnostic_settings, category: 'StorageDelete')
end

def has_queues_read_log_enabled?
check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageRead')
end

def has_queues_write_log_enabled?
check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageWrite')
end

def has_queues_delete_log_enabled?
check_enablement_from(settings: queues_diagnostic_settings, category: 'StorageDelete')
end

private

def check_enablement_from(settings:, category:)
return false if settings.blank?

settings.any? do |setting|
logs = setting.properties&.logs
logs&.any? { |log| (log.category == category) && log.enabled }
end
end

def get_resource(opts = {})
opts[:resource_data].presence || super
end
Expand Down
9 changes: 9 additions & 0 deletions test/integration/verify/controls/azure_hpc_asc_operation.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
location = input(:location, value: '')

control 'Verify settings of an Azure HPC ASC Operation' do
describe azure_hpc_asc_operation(location: location, operation_id: 'testoperation') do
it { should exist }
its('name') { should eq 'testoperation' }
its('status') { should eq 'Succeeded' }
end
end
Loading

0 comments on commit 983fff0

Please sign in to comment.