azure_graph_generic_resource Resource
Use the azure_graph_generic_resource
Inspec audit resource to test any valid Azure resource available through Microsoft Azure Graph API.
Azure REST API Version, Endpoint, and HTTP Client Parameters
This resource interacts with API versions supported by the resource provider.
The api_version
can be defined as a resource parameter.
If not provided, this resource uses the latest version.
For more information, refer to the azure_generic_resource
document.
Unless defined, this resource uses the azure_cloud
global endpoint and default values for the HTTP client.
For more information, refer to the resource pack README.
Install
This resource is available in the Chef InSpec Azure resource pack.
For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.
Syntax
describe azure_graph_generic_resource(resource: 'RESOURCE', id: 'GUID', select: %w(attributes to be tested)) do
its('property') { should eq 'value' }
end
where:
- Resource parameters are used to query Azure Graph API endpoint for the resource to be tested.
property
- This generic resource dynamically creates the properties on the fly based on the property names provided with theselect
parameter.value
is the expected output from the chosen property.
Parameters
The following parameters can be passed for targeting a specific Azure resource.
resource
- Azure resource type where the targeted resource belongs. For example,
users
. id
- Globally unique ID of the targeted resource. For example,
jdoe@example.com
. select
- The list of query parameters defining which attributes the resource will expose. If not provided, then the predefined attributes will be returned from the API. For example,
givenName
,surname
, anddepartment
. api_version
- API version of the GRAPH API to use when interrogating the resource. If not set, then the predefined stable version will be used. For example,
v1.0
, orbeta
.
Properties
The properties that can be tested are entirely dependent on the Azure Resource that is tested and the query parameters provided with the select
parameter.
Examples
Test properties of a user account
describe azure_graph_generic_resource(resource: 'USERS', id: 'jdoe@contoso.com', select: %w{ surname givenName }) do
its('surname') { should cmp 'Doe' }
its('givenName') { should cmp 'John' }
end
For more examples, please see the integration tests.
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
# Should not exist if there is no resource with a given name.
describe azure_graph_generic_resource(resource: 'users', id: 'fake_id') do
it { should_not exist }
end
not_exists
# Should exist if there is one resource with a given name.
describe azure_graph_generic_resource(resource: 'users', id: 'valid_id') do
it { should exist }
end
Azure Permissions
Graph resources require specific privileges granted to your service principal.
Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.