From 2e80f847c470585f6359e811fff3b93b368ab592 Mon Sep 17 00:00:00 2001
From: Joe McCrea <joe.mccrea@sap.com>
Date: Wed, 11 Nov 2020 16:33:36 +0000
Subject: [PATCH 1/3] Adding resource and docs for VPN gateways

Signed-off-by: Joe McCrea <joe.mccrea@sap.com>
---
 docs/resources/azure_vpn_gateways.md | 85 ++++++++++++++++++++++++++++
 libraries/azure_vpn_gateways.rb      | 46 +++++++++++++++
 2 files changed, 131 insertions(+)
 create mode 100644 docs/resources/azure_vpn_gateways.md
 create mode 100644 libraries/azure_vpn_gateways.rb

diff --git a/docs/resources/azure_vpn_gateways.md b/docs/resources/azure_vpn_gateways.md
new file mode 100644
index 000000000..38e604d46
--- /dev/null
+++ b/docs/resources/azure_vpn_gateways.md
@@ -0,0 +1,85 @@
+---
+title: About the azure_vpn_gateways Resource
+platform: azure
+---
+
+# azure_vpn_gateways
+
+Use the `azure_vpn_gateways` InSpec audit resource to test properties and configuration of multiple Azure VPN gateways.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_vpn_gateways` resource block returns all VPN gateways, either within a Resource Group (if provided), or within an entire Subscription.
+```ruby
+describe azure_vpn_gateways do
+  #...
+end
+```
+or
+```ruby
+describe azure_vpn_gateways(resource_group: 'my-rg') do
+  #...
+end
+```
+## Parameters
+
+- `resource_group` (Optional)
+
+## Properties
+
+|Property       | Description                                                                          | Filter Criteria<superscript>*</superscript> |
+|---------------|--------------------------------------------------------------------------------------|-----------------|
+| ids           | A list of the unique resource ids.                                                   | `id`            |
+| locations     | A list of locations for all the resources being interrogated.                        | `location`      |
+| names         | A list of names of all the resources being interrogated.                             | `name`          |
+| tags          | A list of `tag:value` pairs defined on the resources being interrogated.             | `tags`          |
+| properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
+
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
+
+## Examples
+
+### Test that an Example Resource Group has the Named VPN gateway
+```ruby
+describe azure_vpn_gateways(resource_group: 'ExampleGroup') do
+  its('names') { should include('ExampleName') }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
+```ruby
+# If we expect 'ExampleGroup' Resource Group to have VPN Gateways
+describe azure_vpn_gateways(resource_group: 'ExampleGroup') do
+  it { should exist }
+end
+
+# If we expect 'EmptyExampleGroup' Resource Group to not have VPN Gateways
+describe azure_vpn_gateways(resource_group: 'EmptyExampleGroup') do
+  it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
diff --git a/libraries/azure_vpn_gateways.rb b/libraries/azure_vpn_gateways.rb
new file mode 100644
index 000000000..95702cac2
--- /dev/null
+++ b/libraries/azure_vpn_gateways.rb
@@ -0,0 +1,46 @@
+require 'azure_generic_resources'
+
+class AzureVPNGateways < AzureGenericResources
+  name 'azure_vpn_gateways'
+  desc 'Verifies settings for AKS VPN Gateways'
+  example <<-EXAMPLE
+    azure_vpn_gateways(resource_group: 'example') do
+      it{ should exist }
+    end
+  EXAMPLE
+
+  attr_reader :table
+
+  def initialize(opts = {})
+    # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/virtualNetworkGateways', opts)
+
+    # static_resource parameter must be true for setting the resource_provider in the backend.
+    super(opts, true)
+
+    # Check if the resource is failed.
+    # It is recommended to check that after every usage of inherited methods or making API calls.
+    return if failed_resource?
+
+    # Define the column and field names for FilterTable.
+    # In most cases, the `column` should be the pluralized form of the `field`.
+    # @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
+    table_schema = [
+      { column: :names, field: :name },
+      { column: :ids, field: :id },
+      { column: :types, field: :type },
+      { column: :locations, field: :location },
+      { column: :tags, field: :tag },
+      { column: :properties, field: :properties },
+    ]
+
+    # FilterTable is populated at the very end due to being an expensive operation.
+    AzureGenericResources.populate_filter_table(:table, table_schema)
+  end
+
+  def to_s
+    super(AzureVPNGateways)
+  end
+end

From d31896cbf7b11cebaf0cdb7983eed8123ef9554b Mon Sep 17 00:00:00 2001
From: Joe McCrea <joe.mccrea@sap.com>
Date: Wed, 11 Nov 2020 16:38:40 +0000
Subject: [PATCH 2/3] Adding unit test for VPN gateways resource

Signed-off-by: Joe McCrea <joe.mccrea@sap.com>
---
 test/unit/resources/azure_vpn_gateways.rb | 25 +++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 test/unit/resources/azure_vpn_gateways.rb

diff --git a/test/unit/resources/azure_vpn_gateways.rb b/test/unit/resources/azure_vpn_gateways.rb
new file mode 100644
index 000000000..9dfcf03d8
--- /dev/null
+++ b/test/unit/resources/azure_vpn_gateways.rb
@@ -0,0 +1,25 @@
+require_relative 'helper'
+require 'azure_vpn_gateways'
+
+class AzureVPNGatewaysConstructorTest < Minitest::Test
+  # resource_type should not be allowed.
+  def test_resource_type_not_ok
+    assert_raises(ArgumentError) { AzureVPNGateways.new(resource_provider: 'some_type') }
+  end
+
+  def tag_value_not_ok
+    assert_raises(ArgumentError) { AzureVPNGateways.new(tag_value: 'some_tag_value') }
+  end
+
+  def tag_name_not_ok
+    assert_raises(ArgumentError) { AzureVPNGateways.new(tag_name: 'some_tag_name') }
+  end
+
+  def test_resource_id_not_ok
+    assert_raises(ArgumentError) { AzureVPNGateways.new(resource_id: 'some_id') }
+  end
+
+  def test_name_not_ok
+    assert_raises(ArgumentError) { AzureVPNGateways.new(name: 'some_name') }
+  end
+end

From 14e8ecbbaf01326ff7b5af02fbd136f7f7dc5b2c Mon Sep 17 00:00:00 2001
From: Joe McCrea <joe.mccrea@sap.com>
Date: Wed, 11 Nov 2020 18:47:47 +0000
Subject: [PATCH 3/3] Renamed resource and added to project readme

Signed-off-by: Joe McCrea <joe.mccrea@sap.com>
---
 README.md                                     |  1 +
 ...s.md => azure_virtual_network_gateways.md} | 18 ++++++-------
 ...s.rb => azure_virtual_network_gateways.rb} | 12 ++++-----
 .../azure_virtual_network_gateways.rb         | 25 +++++++++++++++++++
 test/unit/resources/azure_vpn_gateways.rb     | 25 -------------------
 5 files changed, 41 insertions(+), 40 deletions(-)
 rename docs/resources/{azure_vpn_gateways.md => azure_virtual_network_gateways.md} (80%)
 rename libraries/{azure_vpn_gateways.rb => azure_virtual_network_gateways.rb} (82%)
 create mode 100644 test/unit/resources/azure_virtual_network_gateways.rb
 delete mode 100644 test/unit/resources/azure_vpn_gateways.rb

diff --git a/README.md b/README.md
index 5fcb2a15e..4ed5e3a35 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,7 @@ The static resources derived from the generic resources prepended with `azure_`
 - [azure_virtual_machine_disks](docs/resources/azure_virtual_machine_disks.md)
 - [azure_virtual_network](docs/resources/azure_virtual_network.md)
 - [azure_virtual_networks](docs/resources/azure_virtual_networks.md)
+- [azure_virtual_network_gateways](docs/resources/azure_virtual_network_gateways.md)
 
 
     
diff --git a/docs/resources/azure_vpn_gateways.md b/docs/resources/azure_virtual_network_gateways.md
similarity index 80%
rename from docs/resources/azure_vpn_gateways.md
rename to docs/resources/azure_virtual_network_gateways.md
index 38e604d46..e9c41c0e2 100644
--- a/docs/resources/azure_vpn_gateways.md
+++ b/docs/resources/azure_virtual_network_gateways.md
@@ -1,11 +1,11 @@
 ---
-title: About the azure_vpn_gateways Resource
+title: About the azure_virtual_network_gateways Resource
 platform: azure
 ---
 
-# azure_vpn_gateways
+# azure_virtual_network_gateways
 
-Use the `azure_vpn_gateways` InSpec audit resource to test properties and configuration of multiple Azure VPN gateways.
+Use the `azure_virtual_network_gateways` InSpec audit resource to test properties and configuration of multiple Azure Virtual Network Gateways.
 
 ## Azure REST API version, endpoint and http client parameters
 
@@ -26,15 +26,15 @@ For an example `inspec.yml` file and how to set up your Azure credentials, refer
 
 ## Syntax
 
-An `azure_vpn_gateways` resource block returns all VPN gateways, either within a Resource Group (if provided), or within an entire Subscription.
+An `azure_virtual_network_gateways` resource block returns all VPN gateways, either within a Resource Group (if provided), or within an entire Subscription.
 ```ruby
-describe azure_vpn_gateways do
+describe azure_virtual_network_gateways do
   #...
 end
 ```
 or
 ```ruby
-describe azure_vpn_gateways(resource_group: 'my-rg') do
+describe azure_virtual_network_gateways(resource_group: 'my-rg') do
   #...
 end
 ```
@@ -58,7 +58,7 @@ end
 
 ### Test that an Example Resource Group has the Named VPN gateway
 ```ruby
-describe azure_vpn_gateways(resource_group: 'ExampleGroup') do
+describe azure_virtual_network_gateways(resource_group: 'ExampleGroup') do
   its('names') { should include('ExampleName') }
 end
 ```
@@ -71,12 +71,12 @@ This InSpec audit resource has the following special matchers. For a full list o
 The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
 ```ruby
 # If we expect 'ExampleGroup' Resource Group to have VPN Gateways
-describe azure_vpn_gateways(resource_group: 'ExampleGroup') do
+describe azure_virtual_network_gateways(resource_group: 'ExampleGroup') do
   it { should exist }
 end
 
 # If we expect 'EmptyExampleGroup' Resource Group to not have VPN Gateways
-describe azure_vpn_gateways(resource_group: 'EmptyExampleGroup') do
+describe azure_virtual_network_gateways(resource_group: 'EmptyExampleGroup') do
   it { should_not exist }
 end
 ```
diff --git a/libraries/azure_vpn_gateways.rb b/libraries/azure_virtual_network_gateways.rb
similarity index 82%
rename from libraries/azure_vpn_gateways.rb
rename to libraries/azure_virtual_network_gateways.rb
index 95702cac2..59173c558 100644
--- a/libraries/azure_vpn_gateways.rb
+++ b/libraries/azure_virtual_network_gateways.rb
@@ -1,10 +1,10 @@
 require 'azure_generic_resources'
 
-class AzureVPNGateways < AzureGenericResources
-  name 'azure_vpn_gateways'
-  desc 'Verifies settings for AKS VPN Gateways'
+class AzureVirtualNetworkGateways < AzureGenericResources
+  name 'azure_virtual_network_gateways'
+  desc 'Verifies settings for Azure Virtual Network Gateways'
   example <<-EXAMPLE
-    azure_vpn_gateways(resource_group: 'example') do
+    azure_virtual_network_gateways(resource_group: 'example') do
       it{ should exist }
     end
   EXAMPLE
@@ -32,7 +32,7 @@ def initialize(opts = {})
       { column: :ids, field: :id },
       { column: :types, field: :type },
       { column: :locations, field: :location },
-      { column: :tags, field: :tag },
+      { column: :tags, field: :tags },
       { column: :properties, field: :properties },
     ]
 
@@ -41,6 +41,6 @@ def initialize(opts = {})
   end
 
   def to_s
-    super(AzureVPNGateways)
+    super(AzureVirtualNetworkGateways)
   end
 end
diff --git a/test/unit/resources/azure_virtual_network_gateways.rb b/test/unit/resources/azure_virtual_network_gateways.rb
new file mode 100644
index 000000000..61a644872
--- /dev/null
+++ b/test/unit/resources/azure_virtual_network_gateways.rb
@@ -0,0 +1,25 @@
+require_relative 'helper'
+require 'azure_virtual_network_gateways'
+
+class AzureVirtualNetworkGatewaysConstructorTest < Minitest::Test
+  # resource_type should not be allowed.
+  def test_resource_type_not_ok
+    assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(resource_provider: 'some_type') }
+  end
+
+  def tag_value_not_ok
+    assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(tag_value: 'some_tag_value') }
+  end
+
+  def tag_name_not_ok
+    assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(tag_name: 'some_tag_name') }
+  end
+
+  def test_resource_id_not_ok
+    assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(resource_id: 'some_id') }
+  end
+
+  def test_name_not_ok
+    assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(name: 'some_name') }
+  end
+end
diff --git a/test/unit/resources/azure_vpn_gateways.rb b/test/unit/resources/azure_vpn_gateways.rb
deleted file mode 100644
index 9dfcf03d8..000000000
--- a/test/unit/resources/azure_vpn_gateways.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-require_relative 'helper'
-require 'azure_vpn_gateways'
-
-class AzureVPNGatewaysConstructorTest < Minitest::Test
-  # resource_type should not be allowed.
-  def test_resource_type_not_ok
-    assert_raises(ArgumentError) { AzureVPNGateways.new(resource_provider: 'some_type') }
-  end
-
-  def tag_value_not_ok
-    assert_raises(ArgumentError) { AzureVPNGateways.new(tag_value: 'some_tag_value') }
-  end
-
-  def tag_name_not_ok
-    assert_raises(ArgumentError) { AzureVPNGateways.new(tag_name: 'some_tag_name') }
-  end
-
-  def test_resource_id_not_ok
-    assert_raises(ArgumentError) { AzureVPNGateways.new(resource_id: 'some_id') }
-  end
-
-  def test_name_not_ok
-    assert_raises(ArgumentError) { AzureVPNGateways.new(name: 'some_name') }
-  end
-end