azure_active_directory_object Resource
Use the azure_active_directory_object InSpec audit resource to test the properties of an Azure Active Directory object.
Azure REST API Version, Endpoint, and HTTP Client Parameters
This resource interacts with API versions supported by the resource provider.
The api_version can be defined as a resource parameter.
If not provided, this resource uses the latest version.
For more information, refer to the azure_generic_resource document.
Unless defined, this resource uses the azure_cloud global endpoint and default values for the HTTP client.
For more information, refer to the resource pack README.
Install
This resource is available in the Chef InSpec Azure resource pack.
For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.
Syntax
describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
it { should exist }
end
Parameters
Parameter id is mandatory.
id- The Active Directory object ID.
Example:
0bf29229-50d7-433c-b08e-2a5d8b293cb5
Properties
id- The object’s globally unique ID.
deletedDateTime- The date and time that the object was deleted.
classification- The classification of the AD object.
createdDateTime- The created Datetime of the AD object.
creationOptions- The creationOptions of the AD object.
description- The description of the AD object.
displayName- The display name of the AD object.
expirationDateTime- The expiration Datetime of the AD object.
groupTypes- The group types of the AD object group.
isAssignableToRole- The roles assignable to the AD object.
mail- The configured mail for the AD object.
mailEnabled- The mail-enabled configuration parameter.
mailNickname- The mail nickname configuration.
membershipRule- The membership rule for the AD object.
membershipRuleProcessingState- The processing state of the membership rule.
onPremisesDomainName- The specified domain name for the on-premises domain.
onPremisesLastSyncDateTime- The on-premises latest sync date time.
onPremisesNetBiosName- The on-premises net bios name.
onPremisesSamAccountName- The on-premises SAM account name.
onPremisesSecurityIdentifier- The on-premises security identifier.
onPremisesSyncEnabled- The on-premises sync enabled configuration.
onPremisesProvisioningErrors- The on-premises provisioning errors.
preferredDataLocation- The preferred data location.
preferredLanguage- The preferred language.
proxyAddresses- The proxy addresses for the object.
renewedDateTime- The renewed date time of the AD object.
resourceBehaviorOptions- The behavior options set for the resource.
resourceProvisioningOptions- The resource provisioning options set.
securityEnabled- The security-enabled configured.
securityIdentifier- The security identifier configured.
theme- The theme of the object.
visibility- The visibility status of the object.
Examples
Test if an Active Directory object is referenced with a valid ID
describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
it { should exist }
end
Test if an Active Directory object is referenced with an invalid ID
describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
it { should_not exist }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exists
describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
it { should exist }
end
Azure Permissions
Graph resources require specific privileges granted to your service principal. Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.