Re-write more resources with the new backend

.gitignore

@@ -14,3 +14,4 @@ vendor
 .env
 dev/
 .ruby-version
+.rakeTasks

README.md

@@ -73,13 +73,33 @@ supports:
 
 ## Resource Documentation
 
-The following is a list of generic resources and static resources. 
-The static resources derived from the generic resources prepended with `azure_` are fully backward compatible with their `azurerm_` counterparts. 
+The following is a list of generic resources.
 
 - [azure_generic_resource](docs/resources/azure_generic_resource.md)
 - [azure_generic_resources](docs/resources/azure_generic_resources.md)
 - [azure_graph_generic_resource](docs/resources/azure_graph_generic_resource.md)
 - [azure_graph_generic_resources](docs/resources/azure_graph_generic_resources.md)
+
+With the generic resources:
+
+- Azure cloud resources that this resource pack does not include a static InSpec resource for can be tested.
+- Azure resources from different resource providers and resource groups can be tested at the same time.
+- Server side filtering can be used for more efficient tests.
+
+The following is a list of static resources. 
+The static resources derived from the generic resources prepended with `azure_` are fully backward compatible with their `azurerm_` counterparts. 
+
+- [azure_aks_cluster](docs/resources/azure_aks_cluster.md)
+- [azure_aks_clusters](docs/resources/azure_aks_clusters.md)
+- [azure_api_management](docs/resources/azure_api_management.md)
+- [azure_api_managements](docs/resources/azure_api_managements.md)
+- [azure_application_gateway](docs/resources/azure_application_gateway.md)
+- [azure_application_gateways](docs/resources/azure_application_gateways.md)
+- [azure_cosmosdb_database_account](docs/resources/azure_cosmosdb_database_account.md)
+- [azure_event_hub_authorization_rule](docs/resources/azure_event_hub_authorization_rule.md)
+- [azure_event_hub_event_hub](docs/resources/azure_event_hub_event_hub.md)
+- [azure_event_hub_namespace](docs/resources/azure_event_hub_namespace.md)
+- [azure_hdinsight_cluster](docs/resources/azure_hdinsight_cluster.md)
 - [azure_graph_user](docs/resources/azure_graph_user.md)
 - [azure_graph_users](docs/resources/azure_graph_users.md)
 - [azure_key_vault](docs/resources/azure_key_vault.md)
@@ -88,18 +108,15 @@ The static resources derived from the generic resources prepended with `azure_`
 - [azure_mysql_servers](docs/resources/azure_mysql_servers.md)
 - [azure_network_security_group](docs/resources/azure_network_security_group.md)
 - [azure_network_security_groups](docs/resources/azure_network_security_groups.md)
+- [azure_public_ip](docs/resources/azure_public_ip.md)
 - [azure_subnet](docs/resources/azure_subnet.md)
 - [azure_subnets](docs/resources/azure_subnets.md)
 - [azure_virtual_machine](docs/resources/azure_virtual_machine.md)
 - [azure_virtual_machines](docs/resources/azure_virtual_machines.md)
 - [azure_virtual_network](docs/resources/azure_virtual_network.md)
 - [azure_virtual_networks](docs/resources/azure_virtual_networks.md)
 
-With the generic resources:
 
-- Azure cloud resources that this resource pack does not include a static InSpec resource for can be tested.
-- Azure resources from different resource providers and resource groups can be tested at the same time.
-- Server side filtering can be used for more efficient tests.
 
 For more details and different use cases, please refer to the specific resource pages.
 

docs/resources/azure_aks_cluster.md

@@ -0,0 +1,102 @@
+---
+title: About the azure_aks_cluster Resource
+platform: azure
+---
+
+# azure_aks_cluster
+
+Use the `azure_aks_cluster` InSpec audit resource to test properties of an Azure AKS Cluster.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_aks_cluster` resource block identifies an AKS Cluster by `name` and `resource_group`.
+```ruby
+describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do
+  it { should exist }
+end
+```
+## Parameters
+
+| Name                           | Description                                                                       |
+|--------------------------------|-----------------------------------------------------------------------------------|
+| resource_group                 | Azure resource group that the targeted resource resides in. `MyResourceGroup`     |
+| name                           | Name of the AKS cluster to test. `ClusterName`                                      |
+| resource_id                    | The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{ClusterName}` |
+
+Either one of the parameter sets can be provided for a valid query:
+- `resource_id`
+- `resource_group` and `name`
+
+## Properties
+
+| Property          | Description |
+|-------------------|-------------|
+| identity          | The identity of the managed cluster, if configured. It is a [managed cluster identity object](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedclusteridentity). |
+| sku               | The SKU (pricing tier) of the resource. |
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/aks/managedclusters/get#managedcluster) for other properties available. 
+Any attribute in the response may be accessed with the key names separated by dots (`.`).
+
+## Examples
+
+### Test that an AKS Cluster has the Desired Network Plug-in
+```ruby
+describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do
+  its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' }
+end
+```
+
+### Loop through All Clusters within The Subscription
+```ruby
+azure_aks_clusters.ids.each do |resource_id|
+  describe azure_aks_cluster(resource_id: resource_id) do
+    its('properties.networkProfile.networkPlugin') { should cmp 'kubenet' }
+  end
+end 
+```
+### Test that a Specified AKS Cluster has the Correct Number of Nodes in Pool
+```ruby
+describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do
+  its('properties.agentPoolProfiles.first.count') { should cmp 5 }
+end
+```
+See [integration tests](../../test/integration/verify/controls/azurerm_aks_cluster.rb) for more examples.
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/).
+
+### exists
+```ruby
+# If we expect 'ClusterName' to always exist
+describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do
+  it { should exist }
+end
+
+# If we expect 'ClusterName' to never exist
+describe azure_aks_cluster(resource_group: 'example', name: 'ClusterName') do
+  it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.

docs/resources/azure_aks_clusters.md

@@ -0,0 +1,85 @@
+---
+title: About the azure_aks_clusters Resource
+platform: azure
+---
+
+# azure_aks_clusters
+
+Use the `azure_aks_clusters` InSpec audit resource to test properties and configuration of multiple Azure AKS Clusters.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_aks_clusters` resource block returns all AKS Clusters, either within a Resource Group (if provided), or within an entire Subscription.
+```ruby
+describe azure_aks_clusters do
+  #...
+end
+```
+or
+```ruby
+describe azure_aks_clusters(resource_group: 'my-rg') do
+  #...
+end
+```
+## Parameters
+
+- `resource_group` (Optional)
+
+## Properties
+
+|Property       | Description                                                                          | Filter Criteria<superscript>*</superscript> |
+|---------------|--------------------------------------------------------------------------------------|-----------------|
+| ids           | A list of the unique resource ids.                                                   | `id`            |
+| locations     | A list of locations for all the resources being interrogated.                        | `location`      |
+| names         | A list of all the resources being interrogated.                                      | `name`          |
+| tags          | A list of `tag:value` pairs defined on the resources being interrogated.             | `tags`          |
+| properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
+
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+
+## Examples
+
+### Test that an Example Resource Group has the Named AKS Cluster
+```ruby
+describe azure_aks_clusters(resource_group: 'ExampleGroup') do
+  its('names') { should include('ClusterName') }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
+```ruby
+# If we expect 'ExampleGroup' Resource Group to have AKS Clusters
+describe azure_aks_clusters(resource_group: 'ExampleGroup') do
+  it { should exist }
+end
+
+# If we expect 'EmptyExampleGroup' Resource Group to not have AKS Clusters
+describe azure_aks_clusters(resource_group: 'EmptyExampleGroup') do
+  it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.

docs/resources/azure_api_management.md

@@ -0,0 +1,99 @@
+---
+title: About the azure_api_management Resource
+platform: azure
+---
+
+# azure_api_management
+
+Use the `azure_api_management` InSpec audit resource to test properties and configuration of an Azure API Management Service.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+For more information, refer to the resource pack [README](../../README.md). 
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). 
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+The `resource_group` and `name` must be given as a parameter.
+```ruby
+describe azure_api_management(resource_group: 'inspec-resource-group-9', name: 'apim01') do
+  it { should exist }
+end
+```
+## Parameters
+
+| Name                           | Description                                                                       |
+|--------------------------------|-----------------------------------------------------------------------------------|
+| resource_group                 | Azure resource group that the targeted resource resides in. `MyResourceGroup`     |
+| name                           | The unique name of the API Management Service. `apim01`                           |
+| api_management_name            | Alias for the `name` parameter.                                                    |
+| resource_id                    | The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.ApiManagement/service/{apim01}` |
+
+Either one of the parameter sets can be provided for a valid query:
+- `resource_id`
+- `resource_group` and `name`
+- `resource_group` and `api_management_name`
+
+## Properties
+
+| Property          | Description |
+|-------------------|-------------|
+| identity          | Managed service identity of the Api Management service. It is an [api management service identity object](https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/apimanagementservice/get#apimanagementserviceidentity). |
+| sku               | The SKU (pricing tier) of the resource. |
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/apimanagementservice/get#apimanagementserviceresource) for other properties available. 
+Any attribute in the response may be accessed with the key names separated by dots (`.`).
+
+## Examples
+
+### Test API Management Service's Publisher Email Value
+```ruby
+describe azure_api_management(resource_group: resource_group, api_management_name: api_management_name) do
+  its('properties.publisherEmail') { should eq '[email protected]' }
+end
+```
+
+### Loop through Resources via Plural Resource
+```ruby
+azure_api_managements.ids.each do |resource_id|
+  describe azure_api_management(resource_id: resource_id) do
+    its('properties.publisherEmail') { should eq '[email protected]' }
+  end
+end
+```
+See [integration tests](../../test/integration/verify/controls/azurerm_api_management.rb) for more examples.
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://docs.chef.io/inspec/matchers/).
+
+### exists
+```ruby
+# If we expect 'apim01' to always exist
+describe azure_api_management(resource_group: 'example', name: 'apim01') do
+  it { should exist }
+end
+
+# If we expect 'apim01' to never exist
+describe azure_api_management(resource_group: 'example', name: 'apim01') do
+  it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
+