From 5a4c0f22f57da7dc898e337a793f9c96c5e74a69 Mon Sep 17 00:00:00 2001 From: Deepa Kumaraswamy Date: Wed, 29 Jun 2022 19:37:42 +0530 Subject: [PATCH] Resource Docs cleanup - For Clinton's Review Signed-off-by: Deepa Kumaraswamy --- .../azure_active_directory_domain_service.md | 19 +++-- .../azure_active_directory_domain_services.md | 19 +++-- .../inspec/resources/azure_aks_cluster.md | 55 ++++++++------ .../inspec/resources/azure_aks_clusters.md | 22 +++--- .../azure_cosmosdb_database_account.md | 37 ++++++---- .../resources/azure_data_factory_dataset.md | 20 +++-- .../resources/azure_data_factory_datasets.md | 18 ++--- .../azure_ddos_protection_resource.md | 45 ++++++------ .../azure_ddos_protection_resources.md | 24 +++--- .../resources/azure_event_hub_namespace.md | 39 ++++++---- .../resources/azure_generic_resource.md | 73 ++++++++++--------- .../resources/azure_generic_resources.md | 62 ++++++++-------- .../azure_iothub_event_hub_consumer_group.md | 41 ++++++----- .../azure_iothub_event_hub_consumer_groups.md | 38 ++++++---- .../azure_sentinel_incidents_resource.md | 42 +++++------ .../azure_sentinel_incidents_resources.md | 38 +++++----- 16 files changed, 321 insertions(+), 271 deletions(-) diff --git a/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md b/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md index c7100123a..a3d969c9f 100644 --- a/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md +++ b/docs-chef-io/content/inspec/resources/azure_active_directory_domain_service.md @@ -43,7 +43,7 @@ Either one of the following parameters is mandatory. : The fully qualified name of the domain. Key, immutable, not nullable, unique. `authenticationType` -: Indicates the configured authentication type for the domain.The value is either `Managed` or `Federated`. +: Indicates the configured authentication type for the domain. The value is either `Managed` or `Federated`. `availabilityStatus` : This property is always `null` except when the verify action is used. @@ -52,10 +52,10 @@ Either one of the following parameters is mandatory. : The value of the property is `false` if the DNS record management of the domain has been delegated to Microsoft 365. `isDefault` -: `true` if this is the default domain that is used for user creation. There is only one default domain per company. Not nullable. +: `true` if this is the default domain used for user creation. There is only one default domain per company. Not nullable. `isInitial` -: `true` if this is the initial domain created by Microsoft Online Services (companyname.onmicrosoft.com). There is only one initial domain per company. +: `true` if this is the initial domain created by Microsoft Online Services (`companyname.microsoft.com`). There is only one initial domain per company. `isRoot` : `true` if the domain is a verified root domain. Otherwise, `false` if the domain is a subdomain or unverified. @@ -64,10 +64,10 @@ Either one of the following parameters is mandatory. : `true` if the domain has completed domain ownership verification. `passwordNotificationWindowInDays` -: Specifies the number of days before a user receives notification that their password will expire. If the property is not set, a default value of 14 days will be used. +: Specifies the number of days before a user receives a password expiry notification. A default value of 14 days is used if the property is not set. `passwordValidityPeriodInDays` -: Specifies the length of time that a password is valid before it must be changed. If the property is not set, a default value of 90 days will be used. +: Specifies the length of time that a password is valid before it must be changed. A default value of 90 days is used if the property is not set. `supportedServices` : The capabilities assigned to the domain. @@ -77,7 +77,7 @@ Either one of the following parameters is mandatory. ## Examples -**Test If an Active Directory Domain is Referenced with a Valid ID.** +### Test to ensure if an active directory domain is referenced with a Valid ID ```ruby describe azure_active_directory_domain_service(id: 'example.com') do @@ -85,7 +85,7 @@ describe azure_active_directory_domain_service(id: 'example.com') do end ``` -**Test If an Active Directory Domain is Referenced with an Invalid ID.** +### Test to ensure if an active directory domain is referenced with an Invalid ID ```ruby describe azure_active_directory_domain_service(id: 'example.com') do @@ -97,7 +97,7 @@ end {{% inspec_matchers_link %}} -### exists +### Exists ```ruby describe azure_active_directory_domain_service(id: 'example.onmicrosoft.com') do @@ -107,5 +107,4 @@ end ## Azure Permissions -Graph resources require specific privileges granted to your service principal. -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. \ No newline at end of file +Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md b/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md index 9e209f1f5..2f48fb76b 100644 --- a/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md +++ b/docs-chef-io/content/inspec/resources/azure_active_directory_domain_services.md @@ -35,7 +35,7 @@ end The following parameters can be passed for targeting specific domains. `filter` -: A hash containing the filtering options and their values. The `starts_with_` operator can be used for fuzzy string matching. Parameter names are in snake case. +: A hash containing the filtering options and their values. The `starts_with_` operator can be used for fuzzy string matching. Parameter names are in the snake case. : **Example**: `{ starts_with_given_name: 'J', starts_with_department: 'Core', country: 'United Kingdom', given_name: John}` @@ -44,7 +44,7 @@ The following parameters can be passed for targeting specific domains. : **Example**: `"startswith(displayName,'J') and surname eq 'Doe'"` or `"userType eq 'Guest'"` -It is advised to use these parameters to narrow down the targeted resources at the server side, Azure Graph API, for a more efficient test. +It is advised to use these parameters to narrow down the targeted resources at the server-side, Azure Graph API, for a more efficient test. ## Properties @@ -64,7 +64,7 @@ It is advised to use these parameters to narrow down the targeted resources at t : **Field**: `availabilityStatus` `is_admin_manageds` -: A list of admin managed configuration. +: A list of admin-managed configuration. : **Field**: `isAdminManaged` @@ -114,7 +114,7 @@ It is advised to use these parameters to narrow down the targeted resources at t The following examples show how to use this InSpec audit resource. -**Check domains with some filtering parameters applied at server side using `filter`.** +### Test to ensure domains with some filtering parameters are applied at server side using `filter` ```ruby describe azure_active_directory_domain_services(filter: {authenticationType: "authenticationType-value"}) do @@ -122,7 +122,7 @@ describe azure_active_directory_domain_services(filter: {authenticationType: "au end ``` -**Check domains with some filtering parameters applied at server side using `filter_free_text`.** +### Test to ensure domains with some filtering parameters are applied at the server side using `filter_free_text` ```ruby describe azure_active_directory_domain_services(filter_free_text: "startswith(authenticationType,'authenticationType-value')") do @@ -130,7 +130,7 @@ describe azure_active_directory_domain_services(filter_free_text: "startswith(au end ``` -**Ensure there are supported services using client-side filtering.** +### Test to ensure there are supported services using client-side filtering ```ruby describe azure_active_directory_domain_services.supportedServices do @@ -142,9 +142,9 @@ end {{% inspec_matchers_link %}} -### exists +### Exists -The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches. +The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. ```ruby describe azure_active_directory_domain_services do @@ -154,5 +154,4 @@ end ## Azure Permissions -Graph resources require specific privileges granted to your service principal. -Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. +Graph resources require specific privileges granted to your service principal. Please refer to the [Microsoft Documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#updating-an-application) for information on how to grant these permissions to your application. diff --git a/docs-chef-io/content/inspec/resources/azure_aks_cluster.md b/docs-chef-io/content/inspec/resources/azure_aks_cluster.md index 346d87f6a..f6ee8cdb0 100644 --- a/docs-chef-io/content/inspec/resources/azure_aks_cluster.md +++ b/docs-chef-io/content/inspec/resources/azure_aks_cluster.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_aks_cluster Resource" parent = "inspec/resources/azure" +++ -Use the `azure_aks_cluster` InSpec audit resource to test properties of an Azure AKS Cluster. +Use the `azure_aks_cluster` InSpec audit resource to test the properties of an Azure AKS Cluster. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,12 +22,14 @@ Use the `azure_aks_cluster` InSpec audit resource to test properties of an Azure ## Syntax -An `azure_aks_cluster` resource block identifies an AKS Cluster by `name` and `resource_group` or the `resource_id`. +An `azure_aks_cluster` resource block identifies an AKS Cluster by `name` and `resource_group`, or the `resource_id`. + ```ruby -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do it { should exist } end ``` + ```ruby describe azure_aks_cluster(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{ClusterName}') do it { should exist } @@ -37,17 +39,18 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. `MyResourceGroup`. +: Azure resource group where the targeted resource resides. `name` -: Name of the AKS cluster to test. `ClusterName`. +: Name of the AKS cluster to test. `resource_id` : The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{ClusterName}`. -Either one of the parameter sets can be provided for a valid query: +Either one of the following parameter sets can be provided for a valid query: + - `resource_id` -- `resource_group` and `name` +- `resource_group` and `name`. ## Properties @@ -66,70 +69,76 @@ Either one of the parameter sets can be provided for a valid query: `disabled_logging_types` : The logging types that are disabled for the AKS cluster. -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). +For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). + +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedcluster) for other properties available. -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedcluster) for other properties available. Any attribute in the response may be accessed with the key names separated by dots (`.`). ## Examples -**Test that an AKS Cluster has the Desired Network Plug-in.** +### Test to ensure that an AKS Cluster has the desired network plug-in ```ruby -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' } end ``` -**Loop through All Clusters within The Subscription.** +### Test to loop through all clusters within the subscription ```ruby azure_aks_clusters.ids.each do |resource_id| describe azure_aks_cluster(resource_id: resource_id) do its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' } end -end +end ``` -**Test that a Specified AKS Cluster has the Correct Number of Nodes in Pool.** +### Test to ensure a specified AKS Cluster has the correct number of nodes in the pool ```ruby -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do its('properties.agentPoolProfiles.first.count') { should cmp 5 } end ``` -**Test that a Specified AKS Cluster has kube-audit logging enabled.** +### Test to ensure a specified AKS Cluster has kube-audit logging enabled ```ruby -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do its('enabled_logging_types') { should include "kube-audit" } end ``` -**Test that a Specified AKS Cluster has logging enabled on it and no forms of logging disabled.** +### Test to ensure a specified AKS Cluster has logging enabled on it and no forms of logging disabled ```ruby -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do its('disabled_logging_types.count') { should eq 0 } end ``` + See [integration tests](../../test/integration/verify/controls/azurerm_aks_cluster.rb) for more examples. ## Matchers This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### exists +### Exists ```ruby # If we expect 'ClusterName' to always exist -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do it { should exist } end +``` -# If we expect 'ClusterName' to never exist -describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do +### Not Exists + +```ruby +# If we expect 'ClusterName' to not exist +describe azure_aks_cluster(resource_group: 'RESOURCE_GROUP', name: 'CLUSTER_NAME') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_aks_clusters.md b/docs-chef-io/content/inspec/resources/azure_aks_clusters.md index 18e7f5f00..5cda12eb8 100644 --- a/docs-chef-io/content/inspec/resources/azure_aks_clusters.md +++ b/docs-chef-io/content/inspec/resources/azure_aks_clusters.md @@ -22,7 +22,7 @@ Use the `azure_aks_clusters` InSpec audit resource to test properties and config ## Syntax -An `azure_aks_clusters` resource block returns all AKS Clusters, either within a Resource Group (if provided), or within an entire Subscription. +An `azure_aks_clusters` resource block returns all AKS Clusters, either within a resource group (if provided) or an entire subscription. ```ruby describe azure_aks_clusters do @@ -33,7 +33,7 @@ end or ```ruby -describe azure_aks_clusters(resource_group: 'my-rg') do +describe azure_aks_clusters(resource_group: 'RESOURCE_GROUP') do #... end ``` @@ -47,7 +47,7 @@ end ## Properties `ids` -: A list of the unique resource ids. +: A list of the unique resource IDs. : **Field**: `id` @@ -78,8 +78,8 @@ end **Test that an Example Resource Group has the Named AKS Cluster.** ```ruby -describe azure_aks_clusters(resource_group: 'ExampleGroup') do - its('names') { should include('ClusterName') } +describe azure_aks_clusters(resource_group: 'RESOURCE_GROUP') do + its('names') { should include('CLUSTER_NAME') } end ``` @@ -87,18 +87,22 @@ end {{% inspec_matchers_link %}} -### exists +### Exists -The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches. +The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. ```ruby # If we expect 'ExampleGroup' Resource Group to have AKS Clusters -describe azure_aks_clusters(resource_group: 'ExampleGroup') do +describe azure_aks_clusters(resource_group: 'RESOURCE_GROUP') do it { should exist } end +``` + +### Not Exists +```ruby # If we expect 'EmptyExampleGroup' Resource Group to not have AKS Clusters -describe azure_aks_clusters(resource_group: 'EmptyExampleGroup') do +describe azure_aks_clusters(resource_group: 'EMPTY_RESOURCE_GROUP') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md b/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md index 75ba762ce..9ac76fad4 100644 --- a/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md +++ b/docs-chef-io/content/inspec/resources/azure_cosmosdb_database_account.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_cosmosdb_database_account Resource" parent = "inspec/resources/azure" +++ -Use the `azure_cosmosdb_database_account` InSpec audit resource to test properties and configuration of an Azure CosmosDb Database Account within a Resource Group. +Use the `azure_cosmosdb_database_account` InSpec audit resource to test the properties and configuration of an Azure CosmosDb database account within a resource group. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,12 +22,14 @@ Use the `azure_cosmosdb_database_account` InSpec audit resource to test properti ## Syntax -`resource_group` and `name` or the `resource_id` must be given as a parameter. +`resource_group` and `name`, or the `resource_id` are required parameters. + ```ruby -describe azure_cosmosdb_database_account(resource_group: 'inspec-resource-group-9', name: 'my-cosmos-db') do +describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'DATABASE_NAME') do it { should exist } end ``` + ```ruby describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do it { should exist } @@ -37,10 +39,10 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. `resource-group-name`. +: Azure resource group where the targeted resource resides. `name` -: The unique name of the targeted resource. `resource-name`. +: The unique name of the targeted resource. `cosmosdb_database_account` : Alias for the `name` parameter. @@ -49,32 +51,35 @@ end : The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}`. Either one of the parameter sets can be provided for a valid query: + - `resource_id` - `resource_group` and `name` -- `resource_group` and `cosmosdb_database_account` +- `resource_group` and `cosmosdb_database_account`. ## Properties `location` -: Resource location, e.g. `eastus`. +: Resource location, for example, `eastus`. `kind` -: Indicates the type of database account, e.g. `GlobalDocumentDB`, `MongoDB`. +: Indicates the type of database account, for example, `GlobalDocumentDB`, `MongoDB`. -For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). +For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/2020-04-01/databaseaccounts/get#databaseaccountgetresults) for other properties available. + Any attribute in the response may be accessed with the key names separated by dots (`.`). ## Examples -**Test If a GlobalDocumentDB is Accessible on Public Network.** +### Test to ensure if a GlobalDocumentDB is accessible on a public network ```ruby -describe azure_cosmosdb_database_account(resource_group: 'my-rg', name: 'my-cosmos-db') do +describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'DATABASE_NAME') do its('properties.publicNetworkAccess') { should cmp 'Enabled' } end ``` + ```ruby describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do its('properties.publicNetworkAccess') { should cmp 'Enabled' } @@ -85,16 +90,20 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### exists +### Exists ```ruby # If we expect 'my-cosmos-db' to always exist -describe azure_cosmosdb_database_account(resource_group: 'example', name: 'appgw-1') do +describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'DATABASE_NAME') do it { should exist } end +``` +### Not Exists + +```ruby # If we expect 'my-cosmos-db' to never exist -describe azure_cosmosdb_database_account(resource_group: 'example', name: 'my-cosmos-db') do +describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'DATABASE_NAME') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md b/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md index 11d46e13a..d677d56a6 100644 --- a/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md +++ b/docs-chef-io/content/inspec/resources/azure_data_factory_dataset.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_data_factory_dataset Resource" parent = "inspec/resources/azure" +++ -Use the `azure_data_factory_dataset` InSpec audit resource to test properties related to an Azure Data Factory dataset. +Use the `azure_data_factory_dataset` InSpec audit resource to test the properties related to an Azure Data Factory dataset. See the [`Azure Data Factories Dataset documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/datasets/get) for additional information. @@ -33,13 +33,13 @@ end ## Parameters `resource_group` _(required)_ -: Azure resource group that the targeted resource resides in. +: Azure resource group where the targeted resource resides. `dataset_name` _(required)_ : Name of the Azure resource to test. `factory_name` _(required)_ -: The factory name. +: The data factory name. ## Properties @@ -47,7 +47,7 @@ end : Name of the Azure resource to test. `id` -: The azure_sentinel_alert_rule type. +: The azure sentinel alert rule type. `properties` : The properties of the resource. @@ -59,17 +59,17 @@ end : The description of dataset type. `properties.linkedServiceName.referenceName` -: Reference LinkedService name. +: Reference linked service name. `properties.linkedServiceName.type` : Linked service reference type. `properties.type` -: The dataset type.`AmazonMWSObjectDataset`, `AvroDataset`. +: The dataset type. Valid values are `AmazonMWSObjectDataset` and `AvroDataset`. ## Examples -**Test if Properties Match.** +### Test to ensure if properties match ```ruby describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do @@ -86,7 +86,7 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### exists +### Exists ```ruby # If a dataset should exist @@ -94,7 +94,11 @@ This InSpec audit resource has the following special matchers. For a full list o describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do it { should exist } end +``` + +### Not Exists +```ruby # If a dataset should not exist describe azure_data_factory_dataset(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME', dataset_name: 'DATASET_NAME') do diff --git a/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md b/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md index 0263a4823..2b000d847 100644 --- a/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md +++ b/docs-chef-io/content/inspec/resources/azure_data_factory_datasets.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_data_factory_datasets Resource" parent = "inspec/resources/azure" +++ -Use the `azure_data_factory_datasets` InSpec audit resource to test properties of multiple Azure Data Factory datasets for a resource group or the entire subscription. +Use the `azure_data_factory_datasets` InSpec audit resource to test the properties of multiple Azure Data Factory datasets for a resource group or the entire subscription. See the [`Azure Data Factories Dataset documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/datasets/get) for additional information. @@ -24,7 +24,7 @@ See the [`Azure Data Factories Dataset documentation`](https://docs.microsoft.co ## Syntax -An `azure_data_factory_datasets` resource block returns all Azure dataset, either within a Resource Group (if provided), or within an entire Subscription. +An `azure_data_factory_datasets` resource block returns all Azure datasets, either within a resource group (if provided) or within an entire Subscription. ```ruby describe azure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do @@ -35,7 +35,7 @@ end ## Parameters `resource_group` _(required)_ -: Azure resource group that the targeted resource resides in. +: Azure resource group where the targeted resource resides. `factory_name` _(required)_ : The Azure Data factory name. @@ -68,12 +68,12 @@ end : **Field**: `description` `linkedServiceName_referenceNames` -: The list of LinkedService names. +: The list of linked service names. : **Field**: `linkedServiceName_referenceName` `linkedServiceName_types` -: The list of LinkedService types. +: The list of linked service types. : **Field**: `linkedServiceName_type` @@ -81,7 +81,7 @@ end ## Examples -**Test if Properties Match.** +### Test to ensure if properties match ```ruby describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do @@ -95,7 +95,7 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### Test if Any Dataset Exists in the Data Factory +### Test to ensure if any dataset exists in the data factory ```ruby describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do @@ -103,10 +103,10 @@ describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: end ``` -### Test That There Aren’t Any Datasets in a Data Factory +### Test to ensure there are not any datasets in a data factory ```ruby -# Should not exist if no dataset are in the data factory +# Should not exist if no datasets are in the data factory describe azure_data_factory_datasetsazure_data_factory_datasets(resource_group: 'RESOURCE_GROUP', factory_name: 'FACTORY_NAME') do it { should_not exist } diff --git a/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md b/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md index fa592bd36..ab4addb0f 100644 --- a/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md +++ b/docs-chef-io/content/inspec/resources/azure_ddos_protection_resource.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_ddos_protection_resource Resource" parent = "inspec/resources/azure" +++ -Use the `azure_ddos_protection_resource` InSpec audit resource to test properties of a DDoS protection plan resource. +Use the `azure_ddos_protection_resource` InSpec audit resource to test the properties of a DDoS Protection Plan resource. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,7 +22,7 @@ Use the `azure_ddos_protection_resource` InSpec audit resource to test propertie ## Syntax -The `resource_group` and the DDoS protection plan resource `name`, or the `resource_id` are required parameters. +The `resource_group` and DDoS Protection Plan resource `name`, or the `resource_id` are required parameters. ```ruby describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do @@ -30,16 +30,16 @@ describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: end ``` - ## Parameters +## Parameters -| Name | Description | -|--------------------------------|--------------------------------------------------------------| -| resource_group | Azure resource group that the targeted resource resides in. | -| name | Name of the Azure DDoS Protection Plan resource to test. | -| resource_id | The Azure DDoS Protection Plan resource ID to test. | +`resource_group` +: Azure resource group where the targeted resource resides. +`name` +: Name of the Azure DDoS Protection Plan resource to test. -The `resource_group` and the DDoS protection plan resource `name`, or the `resource_id` are required parameters. +`resource_id` +: The Azure DDoS Protection Plan resource ID to test. ## Properties @@ -50,22 +50,19 @@ The `resource_group` and the DDoS protection plan resource `name`, or the `resou : The resource type. `provisioning_state` -: The provisioning state of DDoS protection plan. Valid values: `Deleting`, `Failed`, `Succeeded`, `Updating`. +: The current provisioning state of DDoS protection plan. Valid values are `Deleting`, `Failed`, `Succeeded`, and `Updating`. `virtual_networks` -: The list of virtual networks associated with the DDoS protection plan resource. +: The list of virtual networks associated with the DDoS protection plan resource. This list is read-only. `resource_guid` -: The resource GUID property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrate the resource across subscriptions or resource groups. - +: The resource `GUID` property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrates the resource across subscriptions or resource groups. -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/get) -for other properties available. -Access any attribute in the response by separating the key names with a period (`.`). +Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/get) for other properties available. You can access any attribute in the response by separating the key names with a period (`.`). ## Examples -**Ensure that the DDoS protection plan resource has the correct type.** +### Test to ensure the DDoS protection plan resource has the correct type ```ruby describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do @@ -73,7 +70,7 @@ describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: end ``` -**Ensure that the DDoS protection plan resource is in successful state.** +### Test to ensure the DDoS protection plan resource is in a successful state ```ruby describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do @@ -81,7 +78,7 @@ describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: end ``` -**Ensure that the DDoS protection plan resource is from same location.** +### Test to ensure the DDoS protection plan resource is from the same location ```ruby describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do @@ -93,16 +90,20 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). -### exists +### Exists ```ruby -# If a DDoS protection plan resource is found it will exist +# If a DDoS protection plan resource is found, it will exist describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do it { should exist } end +``` -# DDoS protection plan resources that aren't found will not exist +### Not Exists + +```ruby +# DDoS protection plan resources that are not found, will not exist describe azure_ddos_protection_resource(resource_group: 'RESOURCE_GROUP', name: 'DDOS_PROTECTION_PLAN_NAME') do it { should_not exist } end diff --git a/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md b/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md index e4690cb13..3bdacc8b0 100644 --- a/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md +++ b/docs-chef-io/content/inspec/resources/azure_ddos_protection_resources.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_ddos_protection_resources Resource" parent = "inspec/resources/azure" +++ -Use the `azure_ddos_protection_resources` InSpec audit resource to test properties of DDoS protection plans in a resource group. +Use the `azure_ddos_protection_resources` InSpec audit resource to test the properties of DDoS protection plans in a resource group. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,7 +22,7 @@ Use the `azure_ddos_protection_resources` InSpec audit resource to test properti ## Syntax -An `azure_ddos_protection_resources` resource block returns all Azure bastion hosts, either within a Resource Group (if provided) +An `azure_ddos_protection_resources` resource block returns all Azure bastion hosts within a resource group (if provided). ```ruby describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do @@ -33,7 +33,7 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. +: Azure resource group where the targeted resource resides. ## Properties @@ -53,29 +53,27 @@ end : **Field**: `virtual_networks` `provisioning_states` -: The provisioning states of the DDoS protection plans. +: The current provisioning states of the DDoS protection plans. : **Field**: `provisioning_state` `types` -: The types of all the DDoS protection plans. +: The types of all DDoS protection plans. : **Field**: `type` `resource_guids` -: The resource GUID property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrate the resource across subscriptions or resource groups. +: The resource GUID property of the DDoS protection plan resource. It uniquely identifies the resource, even if the user changes its name or migrates the resource across subscriptions or resource groups. : **Field**: `resource_guid` - {{% inspec_filter_table %}} -Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/list) for all available properties. -Access any attribute in the response by separating the key names with a period (`.`). +Also, refer to the [Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/ddos-protection-plans/list) for all available properties. You can access any attribute in the response by separating the key names with a period (`.`). ## Examples -**Ensure that the DDoS protection plan resource is in successful state.** +### Test to ensure the DDoS protection plan resource is in a successful state ```ruby describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do @@ -83,7 +81,7 @@ describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do end ``` -**Ensure that a DDoS protection plan resource is from a location.** +### Test to ensure a DDoS protection plan resource is from a location ```ruby describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do @@ -91,7 +89,7 @@ describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do end ``` -**Test if any DDoS protection plan exists in the resource group.** +### Test to ensure if any DDoS protection plan exists in the resource group ```ruby describe azure_ddos_protection_resources(resource_group: 'RESOURCE_GROUP') do @@ -103,7 +101,7 @@ end {{% inspec_matchers_link %}} -### exists +### Exists ```ruby # Should not exist if no bastion hots are in the resource group diff --git a/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md b/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md index c86d2cf09..4d2dfb352 100644 --- a/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md +++ b/docs-chef-io/content/inspec/resources/azure_event_hub_namespace.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_event_hub_namespace Resource" parent = "inspec/resources/azure" +++ -Use the `azure_event_hub_namespace` InSpec audit resource to test properties and configuration of an Azure Event Hub Namespace within a Resource Group. +Use the `azure_event_hub_namespace` InSpec audit resource to test the properties and configurations of an Azure Event Hub namespace within a resource group. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,12 +22,14 @@ Use the `azure_event_hub_namespace` InSpec audit resource to test properties and ## Syntax -`resource_group` and `name` or the `resource_id` must be given as a parameter. +`resource_group` and `name`, or the `resource_id` are required parameters. + ```ruby -describe azure_event_hub_namespace(resource_group: 'my-rg', name: 'my-event-hub-ns') do +describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', name: 'EVENT_NAME') do it { should exist } end ``` + ```ruby describe azure_event_hub_namespace(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}') do it { should exist } @@ -37,10 +39,10 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. `resourceGroupName`. +: Azure resource group where the targeted resource resides. `name` -: The unique name of the Event Hub Namespace. `namespaceName`. +: The unique name of the Event Hub namespace. `namespace_name` : Alias for the `name` parameter. @@ -49,29 +51,30 @@ end : The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}`. Either one of the parameter sets can be provided for a valid query: + - `resource_id` - `resource_group` and `name` -- `resource_group` and `namespace_name` +- `resource_group` and `namespace_name`. ## Properties `properties.kafkaEnabled` -: Value that indicates whether Kafka is enabled for eventhub namespace. +: Value that indicates whether Kafka is enabled for Event Hub namespace. -For parameters applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). +For parameters applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/2017-04-01/namespaces/get#ehnamespace) for other properties available. -Any attribute in the response may be accessed with the key names separated by dots (`.`). +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/eventhub/preview/namespaces/get) for other properties available. You can access any attribute in the response with the key names separated by dots (`.`). ## Examples -**Test If Kafka is Enabled for an Eventhub Namespace.** +### Ensure to test if Kafka is enabled for an Event Hub namespace ```ruby -describe azure_event_hub_namespace(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns') do +describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME') do its('properties.kafkaEnabled') { should be true } end ``` + ```ruby describe azure_event_hub_namespace(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}') do its('properties.kafkaEnabled') { should be true } @@ -82,18 +85,22 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### exists +### Exists ```ruby -# If we expect the resource to always exist +# If we expect the resource always to exist -describe azure_event_hub_namespace(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns') do +describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME') do it { should exist } end +``` + +### Not Exists +```ruby # If we expect the resource not to exist -describe azure_event_hub_namespace(resource_group: 'my-rg', namespace_name: 'my-event-hub-ns') do +describe azure_event_hub_namespace(resource_group: 'RESOURCE_GROUP', namespace_name: 'EVENT_NAME') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_generic_resource.md b/docs-chef-io/content/inspec/resources/azure_generic_resource.md index c15c09862..24e5fca12 100644 --- a/docs-chef-io/content/inspec/resources/azure_generic_resource.md +++ b/docs-chef-io/content/inspec/resources/azure_generic_resource.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_generic_resource Resource" parent = "inspec/resources/azure" +++ -Use the `azure_generic_resource` Inspec audit resource to test any valid Azure resource available through Azure Resource Manager. +Use the `azure_generic_resource` Inspec audit resource to test any valid Azure resource available through Azure Resource Manager. ## Installation @@ -19,41 +19,41 @@ Use the `azure_generic_resource` Inspec audit resource to test any valid Azure r ## Syntax ```ruby -describe azure_generic_resource(resource_group: 'MyResourceGroup', name: 'MyResource') do +describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'RESOURCE_GROUP_NAME') do its('property') { should eq 'value' } end ``` -where - -* Resource parameters are used to query Azure Resource Manager endpoint for the resource to be tested. -* `property` - This generic resource dynamically creates the properties on the fly based on the type of resource that has been targeted. -* `value` is the expected output from the chosen property. +> Where +> +> - Resource parameters are used to query the Azure Resource Manager endpoint for the resource to be tested. +> - `property` is the generic resource that dynamically creates the properties on the fly based on the resource type targeted. +> - `value` is the expected output from the chosen property. ## Parameters The following parameters can be passed for targeting a specific Azure resource. `resource_group` -: Azure resource group that the targeted resource has been created in. `MyResourceGroup`. +: Azure resource group where the targeted resource has been created. `name` -: Name of the Azure resource to test. `MyResourceName`. +: Name of the Azure resource to test. `resource_provider` : Azure resource provider of the resource to be tested. `Microsoft.Compute/virtualMachines`. `resource_path` -: Relative path to the resource if it is defined on another resource. Resource path of a subnet in a virtual network would be: `{virtualNetworkName}/subnets`. +: Relative path to the resource if it is defined on another resource. The resource path of a subnet in a virtual network would be `{virtualNetworkName}/subnets`. `resource_id` -: Unique id of Azure resource to be tested. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}`. +: Unique ID of Azure resource to be tested. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}`. `resource_uri` : Azure REST API URI of the resource to be tested. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` and `name` parameters to be provided together. `/providers/Microsoft.Authorization/policyDefinitions/`. `add_subscription_id` -: Indicates whether the `resource_uri` contains the subscription id. `true` or `false`. +: Indicates whether the `resource_uri` contains the subscription id. Valid values are`true` or `false`. `tag_name*` : Tag name defined on the Azure resource. `name`. @@ -62,29 +62,31 @@ The following parameters can be passed for targeting a specific Azure resource. : Tag value of the tag defined with the `tag_name`. `external_linux`. `api_version` -: API version to use when interrogating the resource. If not set or the provided api version is not supported by the resource provider then the latest version for the resource provider will be used. `2017-10-9`, `latest`, `default`. +: API version to use when interrogating the resource. If not set or the resource provider does not support the provided API version, then the latest version for the resource provider is used. Valid values are `2017-10-9`, `latest`, `default`. * When resources are filtered by a tag name and value, the tags for each resource are not returned in the results. Either one of the parameter sets can be provided for a valid query: + - `resource_id` - `resource_group` and `name` - `name` - `resource_group`, `resource_provider` and `name` - `resource_group`, `resource_provider`, `resource_path` and `name` - `add_subscription_id`, `resource_uri` and `name` -- `tag_name` and `tag_value` +- `tag_name` and `tag_value`. -Different parameter combinations can be tried. If it is not supported, either the InSpec resource or the Azure Rest API will raise an error. +Different parameter combinations can be tried. If it is not supported, the InSpec resource or the Azure Rest API raises an error. -If the Azure Resource Manager endpoint returns multiple resources for a given query, this singular generic resource will fail. In that case, the [plural generic resource]({{< relref "azure_generic_resources.md" >}}) should be used. +If the Azure Resource Manager endpoint returns multiple resources for a given query, this singular generic resource fails. In that case, the [plural generic resource]({{< relref "azure_generic_resources.md" >}}) should be used. ## Properties -The properties that can be tested are dependent on the Azure Resource that is tested. One way to see what properties can be tested is checking their API pages. For example for virtual machines, see [here](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get). -Also the [Azure Resources Portal](https://resources.azure.com) can be used to select the resource you are interested in and see what can be tested. +The properties that can be tested are dependent on the Azure Resource that is tested. Check their API pages to see what properties can be tested. For example, for virtual machines, see [here](https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get). -The following properties are applicable to almost all resources. +Also, the [Azure Resources Portal](https://resources.azure.com) can be used to select the resource you are interested in and see what can be tested. + +The following properties apply to almost all resources. `id` : The unique resource identifier. @@ -104,14 +106,14 @@ The following properties are applicable to almost all resources. `properties` : The resource properties. -For more properties, refer to specific Azure documents for the resource being tested. +For more properties, refer to specific Azure documents for the tested resource. ## Examples -**Test Properties of a Virtual Machine and the Endpoint API Version.** +### Test to ensure properties of a virtual machine and the Endpoint API Version ```ruby -describe azure_generic_resource(resource_group: 'my_vms', name: 'my_linux_vm') do +describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'RESOURCE_GROUP_NAME) do its('properties.storageProfile.osDisk.osType') { should cmp 'Linux' } its('properties.storageProfile.osDisk.createOption') { should cmp 'FromImage' } its('properties.storageProfile.osDisk.name') { should cmp 'linux-external-osdisk' } @@ -121,7 +123,7 @@ describe azure_generic_resource(resource_group: 'my_vms', name: 'my_linux_vm') d end ``` -**Test the API Version Used for the Query.** +### Test to ensure that the API Version is used for the query ```ruby describe azure_generic_resource(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}', api_version: '2017-01-01') do @@ -130,19 +132,18 @@ describe azure_generic_resource(resource_id: '/subscriptions/{subscriptionId}/re end ``` -**Test the Tags if Include Specific Values.** +### Test to ensure that the tags include specific values ```ruby -describe azure_generic_resource(resource_group: 'my_vms', name: 'my_linux_vm') do +describe azure_generic_resource(resource_group: 'RESOURCE_GROUP', name: 'RESOURCE_GROUP_NAME') do its('tags') { should include(name: 'MyVM') } -**The tag key name can be tested in String or Symbol.** -**regardless of the value.** -**regardless of the value.** + +The tag key name can be tested in **String** or **Symbol** regardless of the values. end ``` -**Test Properties of a Virtual Machine Resides in an Azure Dev Test Lab .** +### Test to ensure properties of a virtual machine resides in an Azure development test Lab ```ruby describe azure_generic_resource(resource_provider: 'Microsoft.DevTestLab/labs', resource_path: '{labName}/virtualmachines', resource_group: 'my_group', name: 'my_VM') do @@ -151,17 +152,17 @@ describe azure_generic_resource(resource_provider: 'Microsoft.DevTestLab/labs', end ``` -**Test a Resource Group .** +### Test to ensure a resource group ```ruby -describe azure_generic_resource(add_subscription_id: true, resource_uri: '/resourcegroups/', name: 'my_group') do +describe azure_generic_resource(add_subscription_id: true, resource_uri: '/resourcegroups/', name: 'RESOURCE_GROUP') do it { should exist } its('tags') { should include(:owner) } its('tags') { should include(owner: 'John Doe') } end ``` -**Test a Policy Definition.** +### Test to ensure a policy definition ```ruby describe azure_generic_resource(add_subscription_id: true, resource_uri: 'providers/Microsoft.Authorization/policyDefinitions', name: 'my_policy') do @@ -170,21 +171,25 @@ describe azure_generic_resource(add_subscription_id: true, resource_uri: 'provid its('properties.policyType') { should cmp 'Custom' } end ``` + For more examples, please see the [integration tests](/test/integration/verify/controls/azure_generic_resource.rb). ## Matchers {{% inspec_matchers_link %}} -### exist +### Exists ```ruby # Should not exist if there is no resource with a given name -describe azure_generic_resource(name: 'fake_name') do +describe azure_generic_resource(name: 'NAME') do it { should_not exist } end ``` + +### Not Exists + ```ruby # Should exist if there is one resource with a given name diff --git a/docs-chef-io/content/inspec/resources/azure_generic_resources.md b/docs-chef-io/content/inspec/resources/azure_generic_resources.md index 46ff7c525..63856a547 100644 --- a/docs-chef-io/content/inspec/resources/azure_generic_resources.md +++ b/docs-chef-io/content/inspec/resources/azure_generic_resources.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_generic_resources Resource" parent = "inspec/resources/azure" +++ -Use the `azure_generic_resources` Inspec audit resource to test any valid Azure resources. +Use the `azure_generic_resources` Inspec audit resource to test any valid Azure resources. ## Installation @@ -18,7 +18,7 @@ Use the `azure_generic_resources` Inspec audit resource to test any valid Azure ## Syntax -This resource will interrogate all resource in your subscription available through Azure Resource Manager when initiated without a parameter. +This resource interrogates all resources in your subscription available through Azure Resource Manager when initiated without a parameter. ```ruby describe azure_generic_resources do @@ -28,16 +28,15 @@ end ## Parameters -The following parameters can be passed for targeting Azure resources. -All of them are optional. +The following parameters can be passed for targeting Azure resources. All of them are optional. `resource_group` -: Azure resource group that the targeted resources have been created in. +: Azure resource group where the targeted resources is created. : **Example**: `MyResourceGroup` `substring_of_resource_group` -: Substring of an Azure resource group name that the targeted resources have been created in. +: Substring of an Azure resource group name that the targeted resources is created. : **Example**: `My` @@ -72,17 +71,18 @@ All of them are optional. : **Example**: `/providers/Microsoft.Authorization/policyDefinitions/` `add_subscription_id` -: Indicates whether the `resource_uri` contains the subscription id. +: Indicates whether the `resource_uri` contains the subscription ID. : **Example**: `true` or `false` `filter_free_text` -: Filter expression for the endpoints supporting `$filter` parameter, eg. [Azure role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest). This can only be used with the `resource_uri` parameter. +: Filter expression for the endpoints supporting `$filter` parameter. For example, [Azure role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest). This can only be used with the `resource_uri` parameter. : **Example**: `"atScope()"` * When resources are filtered by a tag name and value, the tags for each resource are not returned in the results. Either one of the parameter sets can be provided for a valid query: + - `resource_group` - `substring_of_resource_group` - `name` @@ -94,21 +94,21 @@ Either one of the parameter sets can be provided for a valid query: - `tag_name` - `tag_name` and `tag_value` - `add_subscription_id` and `resource_uri` -- `add_subscription_id`, `resource_uri` and `filter_free_text` +- `add_subscription_id`, `resource_uri` and `filter_free_text`. -Different parameter combinations can be tried. If it is not supported either the InSpec resource or the Azure Rest API will raise an error. +Different parameter combinations can be tried. If it is not supported, the InSpec resource or the Azure Rest API raises an error. -It is advised to use these parameter sets to narrow down the targeted resources at the server side, Azure Rest API, for a more computing resource efficient test. +It is advised to use these parameter sets to narrow down the targeted resources at the server-side, Azure Rest API, for a more computing resource-efficient test. ## Properties `ids` -: A list of the unique resource ids. +: A list of the unique resource IDs. : **Field**: `id` `names` -: A list of the resource names that are unique within a resource group. +: A list of the unique resource names within a resource group. : **Field**: `name` @@ -123,7 +123,7 @@ It is advised to use these parameter sets to narrow down the targeted resources : **Field**: `type` `locations` -: A list of locations where resources are created in. +: A list of locations where resources are created. : **Field**: `location` @@ -148,7 +148,7 @@ It is advised to use these parameter sets to narrow down the targeted resources ## Examples -**Test All Virtual Machines in Your Subscription.** +### Test to ensure all virtual machines are tied up with your subscription ```ruby describe azure_generic_resources(resource_provider: 'Microsoft.Compute/virtualMachines') do @@ -157,27 +157,29 @@ describe azure_generic_resources(resource_provider: 'Microsoft.Compute/virtualMa end ``` -**Test All Resources Regardless of Their Type and Resource Group with a Common String in Their Names (Server Side Filtering).** +### Test to ensure all resources, regardless of type and resource group with a common string in names (Server-Side Filtering) ```ruby -azure_generic_resources(substring_of_name: 'project_a').ids.each do |id| +azure_generic_resources(substring_of_name: 'PROJECT_A').ids.each do |id| describe azure_generic_resource(resource_id: id) do it { should exist } its('location') { should eq 'eastus' } end end -``` -**Test All Resources Regardless of Their Type and Resource Group with a Common Tag `name:value` Pair (Server Side Filtering).** +``` + +### Test to ensure all resources, regardless of type and resource group, with a common tag `name:value` pair (Server-Side Filtering) ```ruby -azure_generic_resources(tag_name: 'demo', tag_value: 'shutdown_at_10_pm').ids.each do |id| +azure_generic_resources(tag_name: 'demo', tag_value: 'shutdown_at_10_pm').ids.each do |id| describe azure_generic_resource(resource_id: id) do it { should exist } its('location') { should eq 'eastus' } end end -``` -**Filters the Results to Only Include Those that Match the Given Location (Client Side Filtering).** +``` + +### Test to filter the results to only include those that match the given location (Client-Side Filtering) ```ruby describe azure_generic_resources.where(location: 'eastus') do @@ -185,7 +187,7 @@ describe azure_generic_resources.where(location: 'eastus') do end ``` -**Filters the Results to Only Include Those that Created within Last 24 Hours (Client Side Filtering).** +### Test to filter the results to only include those that were created within last 24 Hours (Client-Side Filtering) ```ruby describe azure_generic_resources.where{ created_time > Time.now - 86400 } do @@ -193,7 +195,7 @@ describe azure_generic_resources.where{ created_time > Time.now - 86400 } do end ``` -**Test Policy Definitions.** +### Test Policy Definitions ```ruby describe azure_generic_resources(add_subscription_id: true, resource_uri: 'providers/Microsoft.Authorization/policyDefinitions') do @@ -201,7 +203,7 @@ describe azure_generic_resources(add_subscription_id: true, resource_uri: 'provi end ``` -**Filter Role Assignments via `filter_free_text`.** +### Filter Role Assignments via `filter_free_text` ```ruby describe azure_generic_resources(add_subscription_id: true, resource_uri: "providers/Microsoft.Authorization/roleAssignments", filter_free_text: "atScope()+and+assignedTo('{abcd1234-abcd-1234}')") do @@ -217,19 +219,22 @@ For more examples, please see the [integration tests](/test/integration/verify/c {{% inspec_matchers_link %}} -### exist +### Exists ```ruby # Should not exist if there is no resource with a given resource group -describe azure_generic_resources(resource_group: 'fake_group') do +describe azure_generic_resources(resource_group: 'RESOURCE_GROUP') do it { should_not exist } end ``` + +### Not Exists + ```ruby # Should exist if there is at least one resource -describe azure_generic_resources(resource_group: 'MyResourceGroup') do +describe azure_generic_resources(resource_group: 'RESOURCE_GROUP') do it { should exist } end ``` @@ -237,4 +242,3 @@ end ## Azure Permissions {{% azure_permissions_service_principal role="contributor" %}} - diff --git a/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md b/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md index 6af58f624..26dd1f938 100644 --- a/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md +++ b/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_group.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_iothub_event_hub_consumer_group Resou parent = "inspec/resources/azure" +++ -Use the `azure_iothub_event_hub_consumer_group` InSpec audit resource to test properties and configuration of an Azure IoT Hub Event Hub Consumer Group within a Resource Group. +Use the `azure_iothub_event_hub_consumer_group` InSpec audit resource to test the properties and configuration of an Azure IoT Hub Event Hub Consumer Group within a resource group. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,12 +22,14 @@ Use the `azure_iothub_event_hub_consumer_group` InSpec audit resource to test pr ## Syntax -`resource_group`, `resource_name`, `event_hub_endpoint` and `name` or the `resource_id` must be given as a parameter. +`resource_group`, `resource_name`, `event_hub_endpoint`, and `name` or the `resource_id` are required parameters. + ```ruby -describe azure_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub', name: 'my-consumer-group') do +describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP_NAME') do it { should exist } end ``` + ```ruby describe azure_iothub_event_hub_consumer_group(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}') do it { should exist } @@ -37,16 +39,16 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. `MyResourceGroup`. +: Azure resource group where the targeted resource resides. `resource_name` -: The name of the IoT hub. `my-iot-hub`. +: The name of the IoT hub. `event_hub_endpoint` -: The name of the Event Hub-compatible endpoint in the IoT hub. `eventHubEndpointName`. +: The name of the Event Hub-compatible endpoint in the IoT hub. `name` -: The name of the consumer group to retrieve. `my-consumer-group`. +: The name of the consumer group to retrieve. `consumer_group` : Alias for the `name` parameter. @@ -55,29 +57,30 @@ end : The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}`. Either one of the parameter sets can be provided for a valid query: + - `resource_id` -- `resource_group`, `resource_name`, `event_hub_endpoint` and `name` -- `resource_group`, `resource_name`, `event_hub_endpoint` and `consumer_group` +- `resource_group`, `resource_name`, `event_hub_endpoint`, and `name` +- `resource_group`, `resource_name`, `event_hub_endpoint`, and `consumer_group`. ## Properties `name` : The Event Hub-compatible consumer group name. -For properties applicable to all resources, such as `type`, `tags`, `id`, `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). +For properties applicable to all resources, such as `type`, `tags`, `id`, and `properties`, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md#properties" >}}). -Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/geteventhubconsumergroup#eventhubconsumergroupinfo) for other properties available. -Any attribute in the response may be accessed with the key names separated by dots (`.`). +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/iothub/iothubresource/geteventhubconsumergroup#eventhubconsumergroupinfo) for other properties available. You can access any attribute in the response with the key names separated by dots (`.`). ## Examples -**Test the Name of a Resource.** +### Test to ensure the resource name ```ruby -describe azure_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub', name: 'my-consumer-group') do +describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP_NAME') do its('name') { should cmp 'my-consumer-group' } end ``` + ```ruby describe azure_iothub_event_hub_consumer_group(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Devices/IotHubs/{resourceName}/eventHubEndpoints/{eventHubEndpointName}/ConsumerGroups/{name}') do its('name') { should cmp 'my-consumer-group' } @@ -88,18 +91,22 @@ end This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/). -### exists +### Exists ```ruby # If we expect the resource to always exist -describe azure_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub', name: 'my-consumer-group') do +describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP_NAME') do it { should exist } end +``` + +### Not Exists +```ruby # If we expect the resource to never exist -describe azure_iothub_event_hub_consumer_group(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub', name: 'my-consumer-group') do +describe azure_iothub_event_hub_consumer_group(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME', name: 'CONSUMER_GROUP_NAME') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md b/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md index db395802a..63f829975 100644 --- a/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md +++ b/docs-chef-io/content/inspec/resources/azure_iothub_event_hub_consumer_groups.md @@ -10,7 +10,7 @@ identifier = "inspec/resources/azure/azure_iothub_event_hub_consumer_groups Reso parent = "inspec/resources/azure" +++ -Use the `azure_iothub_event_hub_consumer_groups` InSpec audit resource to test properties and configuration of an Azure IoT Hub Event Hub Consumer Groups within a Resource Group. +Use the `azure_iothub_event_hub_consumer_groups` InSpec audit resource to test the properties and configurations of an Azure IoT Hub Event Hub Consumer Groups within a resource group. ## Azure REST API Version, Endpoint, and HTTP Client Parameters @@ -22,9 +22,10 @@ Use the `azure_iothub_event_hub_consumer_groups` InSpec audit resource to test p ## Syntax -The `resource_group`, `resource_name` and `event_hub_endpoint` must be given as a parameter. +The `resource_group`, `resource_name`, and `event_hub_endpoint` are required parameters. + ```ruby -describe azure_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub') do +describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do its('names') { should include 'my-consumer-group'} its('types') { should include 'Microsoft.Devices/IotHubs/EventHubEndpoints/ConsumerGroups' } end @@ -33,18 +34,18 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. `MyResourceGroup`. +: Azure resource group where the targeted resource resides. `resource_name` -: The name of the IoT hub. `my-iot-hub`. +: The name of the IoT hub. `event_hub_endpoint` -: The name of the Event Hub-compatible endpoint in the IoT hub. `eventHubEndpointName`. +: The name of the Event Hub-compatible endpoint in the IoT hub. ## Properties `ids` -: A list of the unique resource ids. +: A list of the unique resource IDs. : **Field**: `id` @@ -82,27 +83,34 @@ end ## Examples -**Check If a Specific Consumer Group Exists.** +### Test to ensure if a specific consumer group exists ```ruby -describe azure_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub') do +describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do its('names') { should include('my_consumer_group') } end ``` -**exists.** +## Matchers + +### Exists + +The control passes if the filter returns at least one result. Use `should_not` if you expect zero matches. -The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches. ```ruby -**If we expect at least one resource to exists on a specified endpoint.** +#If we expect at least one resource to exists on a specified endpoint.** -describe azure_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub') do +describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do it { should exist } end +``` + +### Not Exists -**If we expect not to exist any consumer groups on a specified endpoint.** +```ruby +# If we expect not to exist any consumer groups on a specified endpoint.** -describe azure_iothub_event_hub_consumer_groups(resource_group: 'my-rg', resource_name: 'my-iot-hub', event_hub_endpoint: 'myeventhub') do +describe azure_iothub_event_hub_consumer_groups(resource_group: 'RESOURCE_GROUP', resource_name: 'RESOURCE_NAME', event_hub_endpoint: 'EVENT_HUB_NAME') do it { should_not exist } end ``` diff --git a/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resource.md b/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resource.md index cb53d724d..d647dc5aa 100644 --- a/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resource.md +++ b/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resource.md @@ -10,19 +10,18 @@ identifier = "inspec/resources/azure/azure_sentinel_incidents_resource Resource" parent = "inspec/resources/azure" +++ -Use the `azure_sentinel_incidents_resource` InSpec audit resource to test properties of an Azure Azure Sentinel incident. +Use the `azure_sentinel_incidents_resource` InSpec audit resource to test the properties of an Azure Azure Sentinel incident. -## Azure Rest API Version, Endpoint, And HTTP Client Parameters +## Azure Rest API Version, Endpoint, and HTTP Client Parameters -This resource interacts with API versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. -For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). +This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. +If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). + +Unless defined, the `azure_cloud` global endpoint and default values for the HTTP client are used. -Unless defined, `azure_cloud` global endpoint, and default values for the HTTP client will be used. For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). -For api related info : [`Azure Azure Sentinel incident Docs`](https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/get). +For API-related information, refer to [`Azure Azure Sentinel incident Docs`](https://docs.microsoft.com/en-us/rest/api/securityinsights/preview/incidents/get). ## Installation @@ -30,7 +29,7 @@ For api related info : [`Azure Azure Sentinel incident Docs`](https://docs.micr ## Syntax -`resource_group` and `incident_id`, `workspace_name` must be given as parameters. +`resource_group` and `incident_id`, and `workspace_name` are required parameters. ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', incident_id: 'INCIDENT_ID') do @@ -41,16 +40,15 @@ end ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. +: Azure resource group where the targeted resource resides. `workspace_name` -: Name for the workspace that you want to create your Azure Sentinel incident in. +: Name the workspace where you want to create the Azure Sentinel incident. `incident_id` : The Azure Sentinel incident name. -All the parameter sets needs be provided for a valid query: -- `resource_group` , `workspace_name` and `incident_id` +The parameter sets that need to be provided for a valid query are `resource_group` , `workspace_name`, and `incident_id`. ## Properties @@ -58,10 +56,10 @@ All the parameter sets needs be provided for a valid query: : Name of the Azure resource to test. `id` -: The Azure Sentinel incident type. +: The Azure Sentinel incident type. `properties` -: The Properties of the Resource. +: The properties of the resource. `properties.severity` : The severity of the incident. @@ -70,17 +68,17 @@ All the parameter sets needs be provided for a valid query: : The status of the incident. `properties.owner.email` -: The email of the user the incident is assigned to. +: The email of the user the incident is assigned. `properties.owner.userPrincipalName` -: The user principal name of the user the incident is assigned to. +: The user principal name of the user the incident is assigned. `properties.owner.assignedTo` -: The name of the user the incident is assigned to. +: The name of the user the incident is assigned. ## Examples -**Test The Properties of an Incident.** +### Test to ensure the properties of an incident ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', incident_id: 'INCIDENT_ID') do @@ -95,7 +93,7 @@ describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', wor end ``` -**Test That An Azure Sentinel Incident Exists.** +### Tests an Azure Sentinel Incident exists ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', incident_id: 'INCIDENT_ID') do @@ -103,7 +101,7 @@ describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', wor end ``` -**Test That An Azure Sentinel Incident Does Not Exist.** +### Tests an Azure Sentinel Incident does not exists ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', incident_id: 'INCIDENT_ID') do @@ -111,7 +109,7 @@ end end ``` -**Test properties of a sentinel_incident.** +### Test properties of a sentinel incident ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', incident_id: 'INCIDENT_ID') do diff --git a/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resources.md b/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resources.md index 3465db9e1..501cf6d7d 100644 --- a/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resources.md +++ b/docs-chef-io/content/inspec/resources/azure_sentinel_incidents_resources.md @@ -10,17 +10,16 @@ identifier = "inspec/resources/azure/azure_sentinel_incidents_resources Resource parent = "inspec/resources/azure" +++ -Use the `azure_sentinel_incidents_resources` InSpec audit resource to test properties of Azure Sentinel incidents for a resource group or the entire subscription. +Use the `azure_sentinel_incidents_resources` InSpec audit resource to test the properties of Azure Sentinel incidents for a resource group or the entire subscription. -## Azure Rest API Version, Endpoint, And HTTP Client Parameters +## Azure Rest API Version, Endpoint, and HTTP Client Parameters + +This resource interacts with API versions supported by the resource provider. The `api_version` can be defined as a resource parameter. +If not provided, the latest version is used. -This resource interacts with API versions supported by the resource provider. -The `api_version` can be defined as a resource parameter. -If not provided, the latest version will be used. For more information, refer to [`azure_generic_resource`]({{< relref "azure_generic_resource.md" >}}). -Unless defined, `azure_cloud` global endpoint, and default values for the HTTP client will be used. -For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). +Unless defined, the `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](https://github.com/inspec/inspec-azure/blob/main/README.md). ## Installation @@ -28,7 +27,7 @@ For more information, refer to the resource pack [README](https://github.com/ins ## Syntax -An `azure_sentinel_incidents_resources` resource block returns all Azure sentinel incident, either within a resource group (if provided), or within an entire Subscription. +An `azure_sentinel_incidents_resources` resource block returns all Azure sentinel incidents, either within a resource group (if provided) or an entire Subscription. ```ruby describe azure_sentinel_incidents_resources(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do @@ -36,16 +35,15 @@ describe azure_sentinel_incidents_resources(resource_group: 'RESOURCE_GROUP', wo end ``` -`resource_group` and `workspace_name` are required parameters. - +The `resource_group` and `workspace_name` are required parameters. ## Parameters `resource_group` -: Azure resource group that the targeted resource resides in. +: Azure resource group where the targeted resource resides. `workspace_name` -: Azure Workspace Name for which Azure Sentinel incident are being retrieved. +: Azure Workspace Name for which Azure Sentinel incidents are being retrieved. ## Properties @@ -55,7 +53,7 @@ end : **Field**: `name` `ids` -: A list of Azure Sentinel incident IDs . +: A list of Azure Sentinel incident IDs. : **Field**: `id` @@ -80,17 +78,17 @@ end : **Field**: `status` `owner_emails` -: The email of the user the incident is assigned to. +: The email of the user the incident is assigned. : **Field**: `owner_email` `owner_userPrincipalNames` -: The user principal name of the user the incident is assigned to. +: The user principal name of the user the incident is assigned. : **Field**: `owner_userPrincipalName` `owner_assignedTos` -: The name of the user the incident is assigned to. +: The name of the user the incident is assigned. : **Field**: `owner_assignedTo` @@ -98,7 +96,7 @@ end ## Examples -**Test Properties of Incidents in a Resource Group.** +### Tests properties of incidents in a resource group ```ruby describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do @@ -115,7 +113,7 @@ describe azure_sentinel_incidents_resource(resource_group: 'RESOURCE_GROUP', wor end ``` -**Test If Any Azure Sentinel Incident Exists in a Resource Group.** +### Tests if any Azure Sentinel Incident exists in a resource group ```ruby describe azure_sentinel_incidents_resources(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do @@ -123,10 +121,10 @@ describe azure_sentinel_incidents_resources(resource_group: 'RESOURCE_GROUP', wo end ``` -**Test That There Aren't Any Azure Sentinel Incident in a Resource Group.** +### Tests there are not any Azure Sentinel incidents in a resource group ```ruby -**Should not exist if no Azure Sentinel incident are in the resource group.** +#Should not exist if no Azure Sentinel incidents are in the resource group.** describe azure_sentinel_incidents_resources(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do it { should_not exist }