inspec · sathish-progress · Oct 28, 2021 · Oct 19, 2021 · Oct 19, 2021 · Oct 19, 2021
@@ -244,7 +244,10 @@ The following is a list of static resources.
 - [azure_virtual_machine_disk](docs/resources/azure_virtual_machine_disk.md)
 - [azure_virtual_machine_disks](docs/resources/azure_virtual_machine_disks.md)
 - [azure_virtual_network](docs/resources/azure_virtual_network.md)
+- [azure_virtual_network_gateway](docs/resources/azure_virtual_network_gateway.md)
 - [azure_virtual_network_gateways](docs/resources/azure_virtual_network_gateways.md)
+- [azure_virtual_network_gateway_connection](docs/resources/azure_virtual_network_gateway_connection.md)
+- [azure_virtual_network_gateway_connections](docs/resources/azure_virtual_network_gateway_connections.md)
 - [azure_virtual_network_peering](docs/resources/azure_virtual_network_peering.md)
 - [azure_virtual_network_peerings](docs/resources/azure_virtual_network_peerings.md)
 - [azure_virtual_networks](docs/resources/azure_virtual_networks.md)

@@ -0,0 +1,92 @@
+---
+title: About the azure_virtual_network_gateway Resource
+platform: azure
+---
+
+# azure_virtual_network_gateway
+
+Use the `azure_virtual_network_gateway` InSpec audit resource to test the properties and configuration of an Azure Virtual Network Gateway.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter.
+If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+`resource_group` and `name` are required parameters.
+
+```ruby
+describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it { should exist }
+end
+```
+
+## Parameters
+
+| Name                           | Description                                                    |
+|--------------------------------|----------------------------------------------------------------|
+| resource_group                 | Azure resource group where the targeted resource resides.      |
+| name                           | The unique name of the targeted resource.                      |
+
+Either one of the parameter sets is provided for a valid query:
+
+- `resource_group` and `name`
+
+## Properties
+
+| Property                    | Description                                                              |
+|-----------------------------|--------------------------------------------------------------------------|
+| name                        | Resource name.                                                           |
+| id                          | Resource ID.                                                             |
+| etag                        | A unique read-only string that changes whenever the resource is updated. |
+| type                        | Resource type.                                                           |
+| location                    | Resource location.                                                       |
+| tags                        | Resource tags.                                                           |
+| properties.bgpSettings      | Virtual network gateway's BGP speaker settings.                          |
+| properties.provisioningState| The provisioning state of the virtual network gateway resource.          |
+| properties.vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. |
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-gateway/virtual-network-gateways/get) for other properties available. Any attribute in the response is accessed with the key names separated by dots (`.`).
+
+## Examples
+
+### Test the VPN Client Protocol of an Virtual Network Gateway
+
+```ruby
+describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  its('properties.vpnClientConfiguration.vpnClientProtocols') { should include 'OpenVPN' }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/).
+
+### exists
+
+```ruby
+# If we expect a virtual network gateway to always exist
+describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it { should exist }
+end
+
+# If we expect virtual network gateway to never exist
+describe azure_virtual_network_gateway(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a minimum of `reader` role on the subscription you wish to test.
@@ -0,0 +1,91 @@
+---
+title: About the azure_virtual_network_gateway_connection Resource
+platform: azure
+---
+
+# azure_virtual_network_gateway_connection
+
+Use the `azure_virtual_network_gateway_connection` InSpec audit resource to test the properties related to an Azure Virtual Network Gateway connection.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter.
+If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+`name` and `resource_group`  are required parameters.
+
+```ruby
+describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it  { should exist }
+end
+```
+
+## Parameters
+
+| Name           | Description                                                      |
+|----------------|------------------------------------------------------------------|
+| name           | Name of the Azure Virtual Network Gateway Connection to test.    |
+| resource_group | Azure resource group name where the targeted resource resides.   |
+
+The parameter set should be provided for a valid query:
+- `resource_group` and `name`
+
+## Properties
+
+| Property                      | Description                                                      |
+|-------------------------------|------------------------------------------------------------------|
+| id                            | Resource ID.                                                     |
+| name                          | Resource name.                                                   |
+| type                          | Resource type.                                                   |
+| eTag                          | A unique read-only string that changes whenever the resource is updated.|
+| location                      | Resource location.                                               |
+| properties.provisioningState  | The provisioning state of the virtual network gateway resource.  |
+| properties.connectionType     | Gateway connection type.                                         |
+| properties.useLocalAzureIpAddresses| Use private local Azure IP for the connection.              |
+| properties.ipsecPolicies      | The IPSec Policies to be considered by this connection.          |
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-gateway/virtual-network-gateway-connections/get) for other properties available. Any attribute in the response is accessed with the key names separated by dots (`.`).
+
+## Examples
+
+### Test that the Virtual Network Gateway connection protocol is IKEv1
+
+```ruby
+describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  its('connectionProtocol') { should eq 'IKEv1' }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+
+### exists
+
+```ruby
+# If a Virtual Network Gateway Connection is found it will exist
+describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it { should exist }
+end
+
+# if Virtual Network Gateway Connection is not found it will not exist
+describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: 'VIRTUAL_NETWORK_NAME') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a minimum of `reader` role on the subscription you wish to test.
@@ -0,0 +1,98 @@
+---
+title: About the azure_virtual_network_gateway_connections Resource
+platform: azure
+---
+
+# azure_virtual_network_gateway_connections
+
+Use the `azure_virtual_network_gateway_connections` InSpec audit resource to test the properties related to all Azure Virtual Network Gateway connections within a project.
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_virtual_network_gateway_connections` resource block returns all Azure Virtual Network Gateway <!-- markdownlint-configure-file { "MD013": { "line_length": 100 } } -->connections within a project.
+
+```ruby
+describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
+  #...
+end
+```
+
+## Parameters
+| Name           | Description                                                    |
+|----------------|----------------------------------------------------------------|
+| resource_group | Azure resource group name where the targeted resource resides. |
+
+The parameter set should be provided for a valid query:
+- `resource_group`
+
+## Properties
+
+|Property                        | Description                                                            | Filter Criteria<superscript>*</superscript> |
+|--------------------------------|------------------------------------------------------------------------|------------------|
+| ids                            | A list of resource IDs.                                                | `id`             |
+| names                          | A list of resource names.                                              | `name`           |
+| types                          | A list of types.                                                       | `type`           |
+| eTags                          | A list of eTags.                                                       | `eTag`           |
+| locations                      | A list of all locations.                                               | `location`       |
+| properties                     | A list of Properties for all the virtual network gateway connections.  | `properties`     |
+| provisioningStates             | A list of provisioning states.                                         | `provisioningState`|
+| connectionTypes                | A list of gateway connection types.                                    | `connectionType`|
+| connectionProtocols            | A list of connection protocols used for this connection.               | `connectionProtocol`|
+| useLocalAzureIpAddresses       | A list of private local Azure IPs for the connection.                  | `datacenterManagementServerName`|
+| ipsecPolicies                  | A list of all The IPSec Policies to be considered by this connection.  | `ipsecPolicies`  |                               | `description`    |
+
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/network-gateway/virtual-network-gateway-connections/list) for other properties available.
+
+## Examples
+
+### Loop through Virtual Network Gateway connection by their names
+
+```ruby
+azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').names.each do |name|
+  describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: name) do
+    it { should exist }
+  end
+end
+```
+
+### Test that there are Virtual Network Gateway connection with IPsec type 
+
+```ruby
+describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').where(connectionType: 'VPN_CONNECTION_TYPE') do
+  it { should exist }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+```ruby
+# Should not exist if no Virtual Network Gateway Connection are present in the project and in the resource group
+describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
+  it { should_not exist }
+end
+
+# Should exist if the filter returns at least one Virtual Network Gateway Connection in the project and in the resource group
+describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
+  it { should exist }
+end
+```
+
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a minimum of `reader` role on the subscription you wish to test.
@@ -0,0 +1,23 @@
+require 'azure_generic_resource'
+
+class AzureVirtualNetworkGateway < AzureGenericResource
+  name 'azure_virtual_network_gateway'
+  desc 'Verifies settings for an Azure Virtual Network Gateway'
+  example <<-EXAMPLE
+    describe azure_virtual_network_gateway(resource_group: 'example', name: '') do
+      it{ should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/virtualNetworkGateways', opts)
+
+    super(opts, true)
+    create_resource_methods(@resource_long_desc[:properties])
+  end
+
+  def to_s
+    super(AzureVirtualNetworkGateway)
+  end
+end
@@ -0,0 +1,23 @@
+require 'azure_generic_resource'
+
+class AzureVirtualNetworkGatewayConnection < AzureGenericResource
+  name 'azure_virtual_network_gateway_connection'
+  desc 'Verifies settings for an Azure Virtual Network Gateway Connection'
+  example <<-EXAMPLE
+    describe azure_virtual_network_gateway_connection(resource_group: 'inspec-rg', name: 'nw-gw-connection') do
+      it { should exist }
+    end
+  EXAMPLE
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/connections', opts)
+
+    super(opts, true)
+    create_resource_methods(@resource_long_desc[:properties])
+  end
+
+  def to_s
+    super(AzureVirtualNetworkGateway)
+  end
+end
@@ -0,0 +1,35 @@
+require 'azure_generic_resources'
+
+class AzureVirtualNetworkGatewayConnections < AzureGenericResources
+  name 'azure_virtual_network_gateway_connections'
+  desc 'Verifies settings for Azure Virtual Network Gateway Connections'
+  example <<-EXAMPLE
+    describe azure_virtual_network_gateway_connections(resource_group: 'inspec-rg') do
+      it { should exist }
+    end
+  EXAMPLE
+
+  attr_reader :table
+
+  def initialize(opts = {})
+    raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+    opts[:resource_provider] = specific_resource_constraint('Microsoft.Network/connections', opts)
+    super(opts, true)
+
+    return if failed_resource?
+    populate_filter_table_from_response
+  end
+
+  def to_s
+    super(AzureVirtualNetworkGatewayConnections)
+  end
+
+  private
+
+  def populate_table
+    @resources.each do |resource|
+      @table << resource.merge(resource[:properties])
+    end
+  end
+end