Add lib for load balancer and network interface

.gitignore

@@ -1,6 +1,6 @@
 test/fixtures/vcr_cassettes
 .terraform
-terraform/.*-attributes.yml
+**/.*-attributes.yml
 terraform/.terraform/
 terraform/terraform.tfstate*
 terraform/terraform.tfstate.backup

README.md

@@ -54,8 +54,10 @@ Since this is an InSpec resource pack, it only defines InSpec resources. To use
 ```
 $ inspec init profile my-profile
 ```
+
 Example inspec.yml:
-```
+
+```yaml
 name: my-profile
 title: My own Azure profile
 version: 0.1.0
@@ -73,7 +75,7 @@ supports:
 
 Verify properties of an Azure VM
 
-```
+```ruby
 control 'azurerm_virtual_machine' do
   describe azurerm_virtual_machine(resource_group: 'MyResourceGroup', name: 'prod-web-01') do
     it                                { should exist }
@@ -89,7 +91,7 @@ end
 
 Verify properties of a security group
 
-```
+```ruby
 control 'azure_network_security_group' do
   describe azure_network_security_group(resource_group: 'ProductionResourceGroup', name: 'ProdServers') do
     it                            { should exist }
@@ -123,6 +125,8 @@ The following resources are available in the InSpec Azure Resource Pack
 - [azurerm_key_vault_secret](docs/resources/azurerm_key_vault_secret.md.erb)
 - [azurerm_key_vault_secrets](docs/resources/azurerm_key_vault_secrets.md.erb)
 - [azurerm_key_vaults](docs/resources/azurerm_key_vaults.md.erb)
+- [azurerm_load_balancer](docs/resources/azurerm_load_balancer.md.erb)
+- [azurerm_load_balancers](docs/resources/azurerm_load_balancers.md.erb)
 - [azurerm_locks](docs/resources/azurerm_locks.md.erb)
 - [azurerm_management_group](docs/resources/azurerm_management_group.md.erb)
 - [azurerm_management_groups](docs/resources/azurerm_management_groups.md.erb)
@@ -134,6 +138,8 @@ The following resources are available in the InSpec Azure Resource Pack
 - [azurerm_mysql_databases](docs/resources/azurerm_mysql_databases.md.erb)
 - [azurerm_mysql_server](docs/resources/azurerm_mysql_server.md.erb)
 - [azurerm_mysql_servers](docs/resources/azurerm_mysql_servers.md.erb)
+- [azurerm_network_interface](docs/resources/azurerm_network_interface.md.erb)
+- [azurerm_network_interfaces](docs/resources/azurerm_network_interfaces.md.erb)
 - [azurerm_network_security_group](docs/resources/azurerm_network_security_group.md.erb)
 - [azurerm_network_security_groups](docs/resources/azurerm_network_security_groups.md.erb)
 - [azurerm_network_watcher](docs/resources/azurerm_network_watcher.md.erb)
@@ -177,14 +183,16 @@ If you'd like to contribute to this project please see [Contributing Rules](CONT
 ### Getting Started
 
 Copy `.envrc-example` to `.envrc` and fill in the fields with the values from your account.
-```
+
+```bash
 export AZURE_SUBSCRIPTION_ID=<subscription id>
 export AZURE_CLIENT_ID=<client id>
 export AZURE_TENANT_ID=<tenant id>
 export AZURE_CLIENT_SECRET=<client secret>
 ```
 
 For PowerShell, set the following environment variables
+
 ```
 $env:AZURE_SUBSCRIPTION_ID="<subscription id>"
 $env:AZURE_CLIENT_ID="<client id>"
@@ -193,6 +201,7 @@ $env:AZURE_TENANT_ID="<tenant id>"
 ```
 
 **Setup Azure CLI**
+
 - Follow the instructions for your platform [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
   * macOS: `brew update && brew install azure-cli`
 - Login with the azure-cli
@@ -243,19 +252,23 @@ rake tf:apply
 ```
 
 Creating a new environment with a Network Watcher:
+
 ```
 rake azure:login
 rake network_watcher tf:apply
 ```
+
 You may only have a single Network Watcher per a subscription. Use this carefully if you are working with other team members.
 
 Updating a running environment (e.g. when you change the .tf file):
+
 ```
 rake azure:login
 rake tf:apply
 ```
 
 Checking if your state has diverged from your plan:
+
 ```
 rake azure:login
 rake tf:plan

docs/resource_creation_guide.md

@@ -5,8 +5,10 @@ Typically there are two resources created for each resource type, singular and p
 The singular resource (`azurerm_subnet`) is used to test a specific resource of that type and should include all of the properties available. A plural resource (`azurerm_subnets`) is used to test the collection of resources of that type. This allows for tests to be written based on the group of resources.
 
 ## Update libraries/support/azure/management.rb
+
 The files in `libraries/support/azure` define how things are downloaded by the API. A definition needs to be added for the types of resources you're going to be testing for (i.e. virtual machine, virtual networks, subnets, etc). This definition will need to include the location of the resource in the API. This is essentially the type of object. The [Azure Resource Explorer](https://resources.azure.com) can be used to determine the location by browsing for an object and referencing the object type.
-```
+
+```ruby
 # Example: defines both subnet and subnets
 
 def subnet(resource_group, id)
@@ -27,25 +29,28 @@ end
 ```
 
 ## Create library files
+
 All of the InSpec resource extensions are located in the `libraries` directory. Copy two of the files (singular and plural) for a similar resource as a starting point. Start by removing most of the definitions and adding what is needed for the resource once all of the infrastructure is in place.
 Consider the following:
+
 - Change the name to match the resource your creating.
   - (i.e. `libraries/azurerm_subnet.rb` and `libraries/azurerm_subnets.rb`)
 - Rename the class match the resource.
-```
+```ruby
 class AzurermSubnet < AzurermSingularResource
   name 'azurerm_subnet'
 ```
 - Update the `desc` and `example`
 - Remove any definitions that don't apply to this resource.
 - Within the `initialize` definition, update the method that is called to match the appropriate definition that was added in `libraries/support/azure/management.rb`
-```
+```ruby
 def initialize(resource_group: nil, name: nil)
   resp = client.subnet(resource_group, name)
   return if has_error?(resp)
 ```
 
 ## Update Terraform outputs
+
 - Background:
   - The `rake tf:apply` command creates Azure infrastructure based on `terraform/azure.tf`. It then takes the Terraform outputs and creates `.$(whoami)-attributes.yml` with them.
   - The `rake test:integration` command injects the attributes defined in the `.$(whoami)-attributes.yml`. These are then compared to the results collected by InSpec.
@@ -54,10 +59,12 @@ def initialize(resource_group: nil, name: nil)
 - Ensure Rake command `tf:apply` is run after updating `outputs.tf` so that it updates the attributes file.
 
 ### Run `rake tf:apply`
+
 - Make sure Terraform runs successfully and creates all of the infrastructure.
 - Verify that `/terraform/.$(whoami)-attributes.yml` contains ouput with property values for the resource being developed.
 
 ## Create controls
+
 Azure controls are located in `test/integration/verify/controls/`. Copy two of the files (singular and plural) for a similar resource as a starting point. This is where InSpec tests are defined to insure the resources that are being developed are working correctly.
 Consider the following:
 - The names should match the corresponding library files (i.e. `azurerm_subnet.rb` and `azurerm_subnets.rb`)
@@ -76,7 +83,7 @@ Consider the following:
 - Remove any attributes and properties that will not be referencing for this control.
 - Update variables and Terraform outputs as needed.
 
-```
+```ruby
 resource_group = input('resource_group',  value: nil)
 subnet         = input('subnet_name',     value: nil)
 tags           = input('subnet_tags',     value: nil)
@@ -104,24 +111,28 @@ end
 ```
 
 ## Properties
+
 To determine which properties are available for a given resource, start by looking in the following locations:
 1. The [Azure Resource Explorer](https://resources.azure.com) can be referenced by looking at the resources created by Terraform.
 2. Terraform documents and details all of the attributes that are available. Note that the data source for a resource may surface different properties than the resource. A data source object may need to be added to `azure.tf` in order for some properties to be made available.
 3. Inserting `require 'pry'; binding.pry` after `resp = line` will allow for inspecting the response to see what properties are available using Pry.
 
 ### Generic development process:
+
 - Update the controls to include checks for each of the properties available.
 - Write library definitions for each property.
 - Run `rake test:integration` to verify that the check is included and the definition tests appropriately.
 - Pry can be used to debug code. Add `require 'pry'; binding.pry` to create a break point. When `rake test` is run, InSpec will stop at the break point so that Pry can be used to debug the code.
 
 ## Create documentation in `docs/resources`
+
 Once everything is working, documentation must be added for the resources that have been added. Copy similar resource documents in `docs/resources/` and edit them as appropriate. Include enough examples to give a good idea how the resource works. Make sure to include any special case examples that might exist.
 After writing the documentation:
 - Run `bundle exec rake docs:resource_links`
 - Copy/Paste all display links in the Readme.md
 
 ## Create a pull request.
+
 - Prior to creating a pull request, make user to do the following:
   - run `bundle exec rake lint` and then fix all of the issues. Some can likely be corrected automatically by running `bundle exec rake rubocop:auto_correct`
   - run `bundle exec rake test` and verify that everything is working.

docs/resources/azurerm_load_balancer.md.erb

@@ -0,0 +1,132 @@
+---
+title: About the azurerm_load_balancer Resource
+platform: azure
+---
+
+# azurerm\_load\_balancer
+
+Use the `azurerm_load_balancer` InSpec audit resource to test properties and configuration of
+an Azure Load Balancer.
+<br />
+
+## Azure REST API version
+This resource interacts with version `2018-11-01` of the Azure Management API. For more
+information see the [Official Azure Documentation](https://docs.microsoft.com/en-us/rest/api/load-balancer/loadbalancers/get).
+
+At the moment, there doesn't appear to be a way to select the version of the
+Azure API docs. If you notice a newer version being referenced in the official
+documentation please open an issue or submit a pull request using the updated
+version.
+
+## Availability
+
+### Installation
+
+This resource is available in the `inspec-azure` [resource
+pack](https://www.inspec.io/docs/reference/glossary/#resource-pack). To use it, add the
+following to your `inspec.yml` in your top-level profile:
+
+    depends:
+      inspec-azure:
+        git: https://github.com/inspec/inspec-azure.git
+
+You'll also need to setup your Azure credentials; see the resource pack
+[README](https://github.com/inspec/inspec-azure#inspec-for-azure).
+
+### Version
+
+This resource first became available in 1.7.2 of the inspec-azure resource pack.
+
+## Syntax
+
+The `resource_group` and `loadbalancer_name` must be given as a parameter.
+
+    describe azurerm_load_balancer(resource_group: 'inspec-resource-group-9', loadbalancer_name: 'example_lb') do
+      it { should exist }
+    end
+
+<br />
+
+## Examples
+
+If a Load Balancer is referenced with a valid `Resource Group` and `Load balancer Name`
+
+    describe azurerm_load_balancer(resource_group: 'my-rg', loadbalancer_name: 'lb-1') do
+      it { should exist }
+    end
+
+If a Load Balancer is referenced with an invalid `Resource Group` or `Load balancer Name`
+
+    describe azurerm_load_balancer(resource_group: 'invalid-rg', loadbalancer_name: 'i-dont-exist') do
+      it { should_not exist }
+    end
+
+<br />
+
+## Parameters
+
+  - `resource_group` - The resource Group to which the Load Balancer belongs.
+  - `loadbalancer_name` - The unique name of the Load balancer.
+
+## Attributes
+
+- `id`
+- `name`
+- `sku`
+- `location`
+- `properties`
+- `tags`
+- `type`
+
+### id
+Azure resource ID.
+
+### name
+Load Balancer name, e.g. `lb-1`.
+
+### sku
+SKU of load balancer. This is billing information related properties of a load balancer.
+
+### location
+Resource location, e.g. `eastus`.
+
+### properties
+A collection of additional configuration properties related to the Load balancer, e.g. `loadBalancingRules`.
+
+### tags
+Resource tags applied to the Load balancer.
+
+### type
+The type of Resource, typically `Microsoft.Network/loadBalancers`.
+
+### Other Attributes
+
+There are additional attributes that may be accessed that we have not
+documented. Please take a look at the [Azure documentation](##-Azure-REST-API-version).
+Any attribute in the response may be accessed with the key names separated by
+dots (`.`).
+
+The API may not always return keys that do not have any associated data. There
+may be cases where the deeply nested property may not have the desired
+attribute along your call chain. If you find yourself writing tests against
+properties that may be nil, fork this resource pack and add an accessor to the
+resource. Within that accessor you'll be able to guard against nil keys. Pull
+requests are always welcome.
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of
+available matchers, please visit our [Universal Matchers
+page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+describe azurerm_load_balancer(resource_group: 'my-rg', loadbalancer_name: 'lb-1') do
+  it { should exist }
+end
+
+## Azure Permissions
+
+Your [Service
+Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
+must be setup with a `contributor` role on the subscription you wish to test.