F/bastion hosts

README.md

@@ -206,7 +206,8 @@ The following is a list of static resources.
 - [azure_web_app_functions](docs/resources/azure_web_app_functions.md)
 - [azure_webapp](docs/resources/azure_webapp.md)
 - [azure_webapps](docs/resources/azure_webapps.md)
-
+- [azure_bastion_hosts_resource](docs/resources/azure_bastion_hosts_resource.md)
+- [azure_bastion_hosts_resources](docs/resources/azure_bastion_hosts_resources.md)
 
 For more details and different use cases, please refer to the specific resource pages.
 
@@ -387,7 +388,7 @@ They can be defined as environment variables or resource parameters (has priorit
 | azurerm_virtual_machine_disk, azurerm_virtual_machine_disks | `2017-03-30` | [azure_virtual_machine_disk](docs/resources/azure_virtual_machine_disk.md), [azure_virtual_machine_disks](docs/resources/azure_virtual_machine_disks.md) |
 | azurerm_virtual_network, azurerm_virtual_networks | `2018-02-01` | [azure_virtual_network](docs/resources/azure_virtual_network.md), [azure_virtual_networks](docs/resources/azure_virtual_networks.md) |
 | azurerm_webapp, azurerm_webapps | `2016-08-01` | [azure_webapp](docs/resources/azure_webapp.md), [azure_webapps](docs/resources/azure_webapps.md) |
-
+| azure_bastion_hosts_resource, azure_bastion_hosts_resources | `2021-07-15` | [azure_bastion_hosts_resource](docs/resources/azure_bastion_hosts_resource.md), [azure_bastion_hosts_resources](docs/resources/azure_bastion_hosts_resources.md) |
 ## Development
 
 If you'd like to contribute to this project please see [Contributing Rules](CONTRIBUTING.md). 

docs/resources/azure_bastion_hosts_resource.md

@@ -0,0 +1,92 @@
+---
+title: About the azure_bastion_hosts_resource Resource
+platform: azure
+---
+
+# azure_bastion_hosts_resource
+
+Use the `azure_bastion_hosts_resource` InSpec audit resource to test properties related to a bastion hosts resource.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+`resource_group` and bastion hosts resource `name` or the `resource_id` must be given as a parameter.
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
+  it { should exist }
+end
+```
+## Parameters
+
+| Name                           | Description                                                                      |
+|--------------------------------|----------------------------------------------------------------------------------|
+| resource_group                 | Azure resource group that the targeted resource resides in. `MyResourceGroup`    |
+| name                           | Name of the Azure resource to test. `MyBastionHostName`                          |
+| type                           | type of BastionHostName                                                          |
+| provisioning_state             | State of BastionHostName creation                                                |
+
+Either one of the parameter sets can be provided for a valid query:
+- `resource_group` and `name`
+
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/bastion-hosts/get) for other properties available. 
+Any attribute in the response may be accessed with the key names separated by dots (`.`).
+
+
+## Examples
+
+### Ensure that the bastion hosts resource has is from same type
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
+  its('type') { should eq 'Microsoft.Network/bastionHosts' }
+end
+```
+### Ensure that the bastion hosts resource is in successful state
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
+  its('provisioning_state') { should include('Succeeded') }
+end
+```
+
+### Ensure that the bastion hosts resource is from same location
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
+  its('location') { should include df_location }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exists
+```ruby
+# If a bastion hosts resource is found it will exist
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'MyBastionHostName') do
+  it { should exist }
+end
+
+# bastion hosts resources that aren't found will not exist
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'DoesNotExist') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.

docs/resources/azure_bastion_hosts_resources.md

@@ -0,0 +1,93 @@
+---
+title: About the azure_bastion_hosts_resource Resource
+platform: azure
+---
+
+# azure_bastion_hosts_resource
+
+Use the `azure_bastion_hosts_resource` InSpec audit resource to test properties related to bastion hots for a resource group or the entire subscription.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/bastion-hosts/list) for  properties available.
+Any attribute in the response may be accessed with the key names separated by dots (`.`).
+## Syntax
+
+An `azure_bastion_hosts_resource` resource block returns all Azure bastion hots, either within a Resource Group (if provided)
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'my-rg') do
+
+end
+```
+
+## Properties
+
+|Property       | Description                                                                          | Filter Criteria<superscript>*</superscript> |
+|---------------|--------------------------------------------------------------------------------------|-----------------|
+| name           | A list of the unique resource names.                                                | `name`            |
+| ids            | A list of bastion hosts ids .                                                       | `id`              |
+| tags           | A list of `tag:value` pairs defined on the resources.                               | `tag`             |
+| provisioning_state             | State of BastionHosts creation                                      | `provisioning_state`         |
+| types             |   Types of all the bastion hosts | `type` |
+
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
+
+
+## Examples
+
+### Ensure that the bastion hosts resource has is from same type
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup', name: 'bastion_name') do
+  its('type') { should eq 'Microsoft.Network/bastionHosts' }
+end
+```
+### Ensure that the bastion hosts resource is in successful state
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
+  its('provisioning_states') { should include('Succeeded') }
+end
+```
+
+### Ensure that the bastion hosts resource is from same location
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
+  its('location') { should include df_location }
+end
+```
+### Test If Any bastion hots Exist in the Resource Group
+```ruby
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
+  it { should exist }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+```ruby
+# Should not exist if no bastion hots are in the resource group
+describe azure_bastion_hosts_resource(resource_group: 'MyResourceGroup') do
+  it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.

libraries/azure_bastion_hosts_resource.rb

@@ -0,0 +1,61 @@
+require 'azure_generic_resource'
+
+class AzureBastionHostsResource < AzureGenericResource
+  name 'azure_bastion_hosts_resource'
+  desc 'Azure Bastion to connect to a data lake hosts'
+  example <<-EXAMPLE
+    describe azure_bastion_hosts_resource(resource_group: 'example', bastionHostName: 'host-name') do
+      it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+    # Azure REST API endpoint URL format for the resource:
+    #   GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/
+    # providers/Microsoft.Network/bastionHosts/{bastionHostName}?api-version=2020-11-01
+    #
+    # The dynamic part that has to be created in this resource:
+    #   Microsoft.Network/bastionHosts/{bastionHostName}?api-version=2020-11-01
+    #
+    # Parameters acquired from environment variables:
+    #   - {subscriptionId} => Required parameter. It will be acquired by the backend from environment variables.
+    #
+    # User supplied parameters:
+    #   - resource_group => Required parameter unless `resource_id` is provided. {resourceGroupName}
+    #   - name => Required parameter unless `resource_id` is provided. data lake hosts name. {bastionHostName}
+    #   - resource_id => Optional parameter. If exists, `resource_group` and `name` must not be provided.
+    #     In the following format:
+    #       /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/
+    #       Microsoft.Network/bastionHosts/{bastionHostName}
+    #   - api_version => Optional parameter. The latest version will be used unless provided. api-version
+    #
+    #   **`resource_group` and (resource) `name` or `resource_id`  will be validated in the backend appropriately.
+    #     We don't have to do anything here.
+    #
+    # Following resource parameters have to be defined here.
+    #   - resource_provider => Microsoft.Network/bastionHosts
+    #     The `specific_resource_constraint` method will validate the user input
+    #       not to accept a different `resource_provider`.
+    #
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/bastionHosts', opts)
+    opts[:required_parameters] = %i(name)
+
+    # static_resource parameter must be true for setting the resource_provider in the backend.
+    super(opts, true)
+  end
+
+  def to_s
+    super(AzureBastionHostsResource)
+  end
+
+  # Resource specific methods can be created.
+  # `return unless exists?` is necessary to prevent any unforeseen Ruby error.
+  # Following methods are created to provide the same functionality with the current resource pack >>>>
+  # @see https://github.com/inspec/inspec-azure
+
+  def provisioning_state
+    properties.provisioningState if exists?
+  end
+end

libraries/azure_bastion_hosts_resources.rb

@@ -0,0 +1,96 @@
+require 'azure_generic_resources'
+
+class AzureBastionHostsResources < AzureGenericResources
+  name 'azure_bastion_hosts_resources'
+  desc 'Lists all Bastion Hosts in a subscription'
+  example <<-EXAMPLE
+    azure_bastion_hosts_resources(resource_group: 'example') do
+      it{ should exist }
+    end
+  EXAMPLE
+
+  attr_reader :table
+
+  def initialize(opts = {})
+    # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    # Azure REST API endpoint URL format listing the all resources for a given subscription:
+    #   GET https://management.azure.com/subscriptions/{subscriptionId}/providers
+    # /Microsoft.Network/bastionHosts?api-version=2020-11-01
+    #
+    #
+    # The dynamic part that has to be created for this resource:
+    #   Microsoft.Network/bastionHosts?api-version=2019-12-01
+    #
+    # Parameters acquired from environment variables:
+    #   - {subscriptionId} => Required parameter. It will be acquired by the backend from environment variables.
+    #
+    # For parameters applicable to all resources, see project's README.
+    #
+    # User supplied parameters:
+    #   - resource_group => Optional parameter.
+    #   - api_version => Optional parameter. The latest version will be used unless provided.
+    #
+    #   **`resource_group`  will be used in the backend appropriately.
+    #     We don't have to do anything here.
+    #
+    # Following resource parameters have to be defined/created here.
+    #   resource_provider => Microsoft.Network/bastionHosts
+    #     The `specific_resource_constraint` method will validate the user input
+    #       not to accept a different `resource_provider`.
+    #
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/bastionHosts', opts)
+
+    # static_resource parameter must be true for setting the resource_provider in the backend.
+    super(opts, true)
+
+    # Check if the resource is failed.
+    # It is recommended to check that after every usage of superclass methods or API calls.
+    return if failed_resource?
+
+    # Define the column and field names for FilterTable.
+    #   - column: It is defined as an instance method, callable on the resource, and present `field` values in a list.
+    #   - field: It has to be identical with the `key` names in @table items that will be presented in the FilterTable.
+    # @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
+    table_schema = [
+      { column: :names, field: :name },
+      { column: :types, field: :type },
+      { column: :ids, field: :id },
+      { column: :tags, field: :tags },
+      { column: :provisioning_states, field: :provisioningState },
+      { column: :locations, field: :location },
+    ]
+
+    # FilterTable is populated at the very end due to being an expensive operation.
+    AzureGenericResources.populate_filter_table(:table, table_schema)
+  end
+
+  def to_s
+    super(AzureBastionHostsResources)
+  end
+
+  private
+
+  # Populate the @table with the resource attributes.
+  # @table has been declared in the super class as an empty array.
+  # Each item in the @table
+  #   - should be a Hash object
+  #   - should have the exact key names defined in the @table_schema as `field`.
+  def populate_table
+    # If @resources empty than @table should stay as an empty array as declared in superclass.
+    # This will ensure constructing resource and passing `should_not exist` test.
+    return [] if @resources.empty?
+
+    @resources.each do |resource|
+      @table << {
+        id: resource[:id],
+        name: resource[:name],
+        type: resource[:type],
+        tags: resource[:tags],
+        provisioningState: resource[:properties][:provisioningState],
+        location: resource[:location],
+      }
+    end
+  end
+end

libraries/backend/azure_environment.rb

@@ -98,8 +98,8 @@ def initialize(options)
                                                            active_directory_graph_api_version: '2013-04-05',
                                                            storage_endpoint_suffix: '.core.windows.net',
                                                            key_vault_dns_suffix: '.vault.azure.net',
-                                                           datalake_store_filesystem_endpoint_suffix: 'azuredatalakestore.net',
-                                                           datalake_analytics_catalog_and_job_endpoint_suffix: 'azuredatalakeanalytics.net',
+                                                           datalake_store_filesystem_endpoint_suffix: '.azuredatalakestore.net',
+                                                           datalake_analytics_catalog_and_job_endpoint_suffix: '.azuredatalakeanalytics.net',
                                                          })
     AzureChinaCloud = AzureEnvironments::AzureEnvironment.new({
                                                                 name: 'AzureChinaCloud',