Merge pull request #578 from inspec/support-azure-service-fabric-mesh…

…-apps

RESOURCE-118 Support azure service fabric mesh apps

README.md

@@ -408,6 +408,10 @@ The following is a list of static resources.
 - [azure_role_definitions](docs/resources/azure_role_definitions.md)
 - [azure_security_center_policy](docs/resources/azure_security_center_policy.md)
 - [azure_security_center_policies](docs/resources/azure_security_center_policies.md)
+- [azure_sentinel_alert_rule_template](docs/resources/azure_sentinel_alert_rule_template.md)
+- [azure_sentinel_alert_rule_templates](docs/resources/azure_sentinel_alert_rule_templates.md)
+- [azure_service_fabric_mesh_application](docs/resources/azure_service_fabric_mesh_application.md)
+- [azure_service_fabric_mesh_applications](docs/resources/azure_service_fabric_mesh_applications.md)
 - [azure_sentinel_incidents_resource](docs/resources/azure_sentinel_incidents_resource.md)
 - [azure_sentinel_incidents_resources](docs/resources/azure_sentinel_incidents_resources.md)
 - [azure_service_bus_namespace](docs/resources/azure_service_bus_namespace.md)

docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_application.md

@@ -0,0 +1,113 @@
++++
+title = "azure_service_fabric_mesh_application Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_service_fabric_mesh_application"
+identifier = "inspec/resources/azure/azure_service_fabric_mesh_application Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_service_fabric_mesh_application` InSpec audit resource to test properties of an Azure Service Fabric Mesh application.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+```ruby
+describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do
+  it                                      { should exist }
+  its('type')                             { should eq 'Microsoft.ServiceFabricMesh/applications' }
+  its('location')                         { should eq 'eastus' }
+end
+```
+
+```ruby
+describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do
+  it  { should exist }
+end
+```
+
+## Parameters
+
+`name` _(required)_
+: Name of the Azure Service Fabric Mesh applications to test.
+
+`resource_group` _(required)_
+: Azure resource group that the targeted resource resides in. `MyResourceGroup`.
+
+
+## Properties
+
+`id`
+: Resource Id.
+
+`name`
+: Resource name.
+
+`type`
+: Resource type. `Microsoft.ServiceFabricMesh/applications`.
+
+`location`
+: The Geo-location where the resource lives.
+
+`properties`
+: The properties of the Service Fabric Mesh application.
+
+`properties.description`
+: User readable description of the application.
+
+`properties.debugParams`
+: Internal use.
+
+`properties.provisioningState`
+: State of the resource.
+
+`properties.healthState`
+: The health state of a resource such as application, Service, or Network.
+
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/servicefabric/sfmeshrp-api-application_get) for other properties available.
+
+## Examples
+
+**Test that the Service Fabric Mesh application is provisioned successfully.**
+
+```ruby
+describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do
+  its('properties.provisioningState') { should eq 'Succeeded' }
+end
+```
+
+## Matchers
+
+{{% inspec_matchers_link %}}
+
+### exists
+
+```ruby
+# If a Service Fabric Mesh application is found it will exist
+
+describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do
+  it { should exist }
+end
+# if Service Fabric Mesh application is not found it will not exist
+
+describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: 'SERVICE_FABRIC_MESH_APP_NAME') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="reader" %}}

docs-chef-io/content/inspec/resources/azure_service_fabric_mesh_applications.md

@@ -0,0 +1,124 @@
++++
+title = "azure_service_fabric_mesh_applications Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_service_fabric_mesh_applications"
+identifier = "inspec/resources/azure/azure_service_fabric_mesh_applications Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_service_fabric_mesh_applications` InSpec audit resource to test properties of all Azure Service Fabric Mesh applications.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+An `azure_service_fabric_mesh_applications` resource block returns all Azure Service Fabric Mesh applications.
+
+```ruby
+describe azure_service_fabric_mesh_applications do
+  #...
+end
+```
+
+## Parameters
+
+`resource_group` _(optional)_
+: Azure resource group that the targeted resource resides in.
+
+
+## Properties
+
+`ids`
+: A list of resource IDs.
+
+: **Field**: `id`
+
+`names`
+: A list of resource Names.
+
+: **Field**: `name`
+
+`types`
+: A list of the resource types.
+
+: **Field**: `type`
+
+`properties`
+: A list of Properties for all the Service Fabric Mesh applications.
+
+: **Field**: `properties`
+
+`locations`
+: A list of the Geo-locations.
+
+: **Field**: `location`
+
+`provisioningStates`
+: A list of provisioning states of the Service Fabric Mesh applications.
+
+: **Field**: `provisioningState`
+
+`healthStates`
+: A list of the health states of a resource such as application, Service, or Network.
+
+: **Field**: `healthState`
+
+`serviceNames`
+: A list of the services in the application.
+
+: **Field**: `serviceNames`
+
+{{% inspec_filter_table %}}
+
+## Examples
+
+**Loop through Service Fabric Mesh applications by their names.**
+
+```ruby
+azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP').names.each do |name|
+  describe azure_service_fabric_mesh_application(resource_group: 'RESOURCE_GROUP', name: name) do
+    it { should exist }
+  end
+end
+```
+
+**Test that there are Service Fabric Mesh applications that are successfully provisioned.**
+
+```ruby
+describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP').where(provisioningState: 'Succeeded') do
+  it { should exist }
+end
+```
+
+## Matchers
+
+{{% inspec_matchers_link %}}
+
+### exists
+
+```ruby
+# Should not exist if no Service Fabric Mesh applications are present
+
+describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP') do
+  it { should_not exist }
+end
+# Should exist if the filter returns at least one Service Fabric Mesh applications
+
+describe azure_service_fabric_mesh_applications(resource_group: 'RESOURCE_GROUP') do
+  it { should exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="reader" %}}

libraries/azure_service_fabric_mesh_application.rb

@@ -0,0 +1,22 @@
+require 'azure_generic_resource'
+
+class AzureServiceFabricMeshApplication < AzureGenericResource
+  name 'azure_service_fabric_mesh_application'
+  desc 'Retrieves and verifies the settings of an Azure Service Fabric Mesh Application.'
+  example <<-EXAMPLE
+    describe azure_service_fabric_mesh_application(resource_group: 'inspec-def-rg', name: 'fabric-app') do
+      it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceFabricMesh/applications', opts)
+    super(opts, true)
+  end
+
+  def to_s
+    super(AzureServiceFabricMeshApplication)
+  end
+end

libraries/azure_service_fabric_mesh_applications.rb

@@ -0,0 +1,33 @@
+require 'azure_generic_resources'
+
+class AzureServiceFabricMeshApplications < AzureGenericResources
+  name 'azure_service_fabric_mesh_applications'
+  desc 'Verifies settings for a collection of Azure Service Fabric Mesh Applications'
+  example <<-EXAMPLE
+    describe azure_service_fabric_mesh_applications do
+        it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.ServiceFabricMesh/applications', opts)
+    super(opts, true)
+    return if failed_resource?
+
+    populate_filter_table_from_response
+  end
+
+  def to_s
+    super(AzureServiceFabricMeshApplications)
+  end
+
+  private
+
+  def populate_table
+    @resources.each do |resource|
+      @table << resource.merge(resource[:properties])
+    end
+  end
+end

test/integration/verify/controls/azure_service_fabric_mesh_application.rb

@@ -0,0 +1,13 @@
+resource_group = input(:resource_group, value: '')
+location = input(:location, value: '')
+
+skip_control 'test the properties of an Azure Service Fabric Mesh Application' do
+  describe azure_service_fabric_mesh_application(resource_group: resource_group, name: 'inspec-fb-mesh-app') do
+    it { should exist }
+    its('name') { should eq 'inspec-fb-mesh-app' }
+    its('properties.status') { should eq 'Ready' }
+    its('location') { should eq location.downcase.gsub("\s", '') }
+    its('properties.healthState') { should eq 'healthState' }
+    its('properties.provisioningState') { should eq 'Succeeded' }
+  end
+end

test/integration/verify/controls/azure_service_fabric_mesh_applications.rb

@@ -0,0 +1,12 @@
+location = input(:location, value: '')
+
+skip_control 'test the properties of all Azure Service Fabric Mesh Applications' do
+  describe azure_service_fabric_mesh_applications do
+    it { should exist }
+    its('names') { should include 'inspec-fb-mesh-app' }
+    its('statuses') { should include 'Ready' }
+    its('locations') { should include location.downcase.gsub("\s", '') }
+    its('healthStates') { should include 'healthState' }
+    its('provisioningStates') { should include 'Succeeded' }
+  end
+end

test/unit/resources/azure_service_fabric_mesh_application_test.rb

@@ -0,0 +1,17 @@
+require_relative 'helper'
+require 'azure_service_fabric_mesh_application'
+
+class AzureServiceFabricMeshApplicationConstructorTest < Minitest::Test
+  def test_empty_param_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplication.new }
+  end
+
+  # resource_provider should not be allowed.
+  def test_resource_provider_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplication.new(resource_provider: 'some_type') }
+  end
+
+  def test_resource_group_name_alone_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplication.new(resource_group: 'test') }
+  end
+end

test/unit/resources/azure_service_fabric_mesh_applications_test.rb

@@ -0,0 +1,21 @@
+require_relative 'helper'
+require 'azure_service_fabric_mesh_applications'
+
+class AzureServiceFabricMeshApplicationsConstructorTest < Minitest::Test
+  # resource_type should not be allowed.
+  def test_resource_type_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplications.new(resource_provider: 'some_type') }
+  end
+
+  def tag_value_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplications.new(tag_value: 'some_tag_value') }
+  end
+
+  def tag_name_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplications.new(tag_name: 'some_tag_name') }
+  end
+
+  def test_name_not_ok
+    assert_raises(ArgumentError) { AzureServiceFabricMeshApplications.new(name: 'some_name') }
+  end
+end