Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding resource and docs for VPN gateways #331

Merged
merged 4 commits into from
Nov 12, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ The static resources derived from the generic resources prepended with `azure_`
- [azure_virtual_machine_disks](docs/resources/azure_virtual_machine_disks.md)
- [azure_virtual_network](docs/resources/azure_virtual_network.md)
- [azure_virtual_networks](docs/resources/azure_virtual_networks.md)
- [azure_virtual_network_gateways](docs/resources/azure_virtual_network_gateways.md)


For more details and different use cases, please refer to the specific resource pages.
Expand Down
85 changes: 85 additions & 0 deletions docs/resources/azure_virtual_network_gateways.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
title: About the azure_virtual_network_gateways Resource
platform: azure
---

# azure_virtual_network_gateways

Use the `azure_virtual_network_gateways` InSpec audit resource to test properties and configuration of multiple Azure Virtual Network Gateways.

## Azure REST API version, endpoint and http client parameters

This resource interacts with api versions supported by the resource provider.
The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).

Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).

## Availability

### Installation

This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).

## Syntax

An `azure_virtual_network_gateways` resource block returns all VPN gateways, either within a Resource Group (if provided), or within an entire Subscription.
```ruby
describe azure_virtual_network_gateways do
#...
end
```
or
```ruby
describe azure_virtual_network_gateways(resource_group: 'my-rg') do
#...
end
```
## Parameters

- `resource_group` (Optional)

## Properties

|Property | Description | Filter Criteria<superscript>*</superscript> |
|---------------|--------------------------------------------------------------------------------------|-----------------|
| ids | A list of the unique resource ids. | `id` |
| locations | A list of locations for all the resources being interrogated. | `location` |
| names | A list of names of all the resources being interrogated. | `name` |
| tags | A list of `tag:value` pairs defined on the resources being interrogated. | `tags` |
| properties | A list of properties for all the resources being interrogated. | `properties` |

<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).

## Examples

### Test that an Example Resource Group has the Named VPN gateway
```ruby
describe azure_virtual_network_gateways(resource_group: 'ExampleGroup') do
its('names') { should include('ExampleName') }
end
```
## Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).

### exists

The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
```ruby
# If we expect 'ExampleGroup' Resource Group to have VPN Gateways
describe azure_virtual_network_gateways(resource_group: 'ExampleGroup') do
it { should exist }
end

# If we expect 'EmptyExampleGroup' Resource Group to not have VPN Gateways
describe azure_virtual_network_gateways(resource_group: 'EmptyExampleGroup') do
it { should_not exist }
end
```
## Azure Permissions

Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
46 changes: 46 additions & 0 deletions libraries/azure_virtual_network_gateways.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
require 'azure_generic_resources'

class AzureVirtualNetworkGateways < AzureGenericResources
name 'azure_virtual_network_gateways'
desc 'Verifies settings for Azure Virtual Network Gateways'
example <<-EXAMPLE
azure_virtual_network_gateways(resource_group: 'example') do
it{ should exist }
end
EXAMPLE

attr_reader :table

def initialize(opts = {})
# Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)

opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/virtualNetworkGateways', opts)

# static_resource parameter must be true for setting the resource_provider in the backend.
super(opts, true)

# Check if the resource is failed.
# It is recommended to check that after every usage of inherited methods or making API calls.
return if failed_resource?

# Define the column and field names for FilterTable.
# In most cases, the `column` should be the pluralized form of the `field`.
# @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
table_schema = [
{ column: :names, field: :name },
{ column: :ids, field: :id },
{ column: :types, field: :type },
{ column: :locations, field: :location },
{ column: :tags, field: :tags },
{ column: :properties, field: :properties },
]

# FilterTable is populated at the very end due to being an expensive operation.
AzureGenericResources.populate_filter_table(:table, table_schema)
end

def to_s
super(AzureVirtualNetworkGateways)
end
end
25 changes: 25 additions & 0 deletions test/unit/resources/azure_virtual_network_gateways.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
require_relative 'helper'
require 'azure_virtual_network_gateways'

class AzureVirtualNetworkGatewaysConstructorTest < Minitest::Test
# resource_type should not be allowed.
def test_resource_type_not_ok
assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(resource_provider: 'some_type') }
end

def tag_value_not_ok
assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(tag_value: 'some_tag_value') }
end

def tag_name_not_ok
assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(tag_name: 'some_tag_name') }
end

def test_resource_id_not_ok
assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(resource_id: 'some_id') }
end

def test_name_not_ok
assert_raises(ArgumentError) { AzureVirtualNetworkGateways.new(name: 'some_name') }
end
end