allow_rdp_from_internet and allows_ssh_from_internet fails on NSGs that have multiple source addresses

[skelleyton]

🎛 Description

Choose one: is this a 🐛 bug report or 🙋 feature request? Bug Report

When testing allow_rdp_from_internet or allow_ssh_from_internet against NSGs that contain multiple source addresses, the test will fail and return the error "no member 'sourceAddressPrefix' in struct".

🌍 InSpec and Platform Version

Inspec Version 3.6.6
macOS 10.14.3

🤔 Replication Case

Create an NSG in Azure that contains source IP restriction for RDP with multiple IP addresses.
Run test allow_rdp_from_internet against NSG.

💁 Possible Solutions

I was able to resolve the issue by editing the source_open? method in azurerm_network_security_group.rb with the following code.

def source_open?(properties)
    properties_hash = properties.to_h
    if properties_hash.include?(:sourceAddressPrefix)
      return properties['sourceAddressPrefix'] =~ %r{\*|0\.0\.0\.0|<nw>\/0|\/0|Internet|any}
    end
    if properties_hash.include?(:sourceAddressPrefixes)
      return properties['sourceAddressPrefixes'].include?('0.0.0.0')
    end
  end

[rmoles]

Hi, @skelleyton I just want to confirm that the above PR resolved your issue before closing.

[skelleyton]

Hi @rmoles, I can confirm that fixed this issue. I will go ahead and close it. Thanks.