Skip to main content

azure_graph_generic_resource Resource

Use the azure_graph_generic_resource Inspec audit resource to test any valid Azure resource available through Microsoft Azure Graph API.

Azure REST API Version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The api_version can be defined as a resource parameter. If not provided, this resource uses the latest version. For more information, refer to the azure_generic_resource document.

Unless defined, this resource uses the azure_cloud global endpoint and default values for the HTTP client. For more information, refer to the resource pack README.

Install

This resource is available in the Chef InSpec Azure resource pack.

For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.

Syntax

describe azure_graph_generic_resource(resource: 'RESOURCE', id: 'GUID', select: %w(attributes to be tested)) do
  its('property') { should eq 'value' }
end

where:

  • Resource parameters are used to query Azure Graph API endpoint for the resource to be tested.
  • property - This generic resource dynamically creates the properties on the fly based on the property names provided with the select parameter.
  • value is the expected output from the chosen property.

Parameters

The following parameters can be passed for targeting a specific Azure resource.

resource
Azure resource type where the targeted resource belongs. For example, users.
id
Globally unique ID of the targeted resource. For example, jdoe@example.com.
select
The list of query parameters defining which attributes the resource will expose. If not provided, then the predefined attributes will be returned from the API. For example, givenName, surname, and department.
api_version
API version of the GRAPH API to use when interrogating the resource. If not set, then the predefined stable version will be used. For example, v1.0, or beta.

Properties

The properties that can be tested are entirely dependent on the Azure Resource that is tested and the query parameters provided with the select parameter.

Examples

Test properties of a user account

describe azure_graph_generic_resource(resource: 'USERS', id: 'jdoe@contoso.com', select: %w{ surname givenName }) do
  its('surname') { should cmp 'Doe' }
  its('givenName') { should cmp 'John' }
end

For more examples, please see the integration tests.

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

# Should not exist if there is no resource with a given name.

describe azure_graph_generic_resource(resource: 'users', id: 'fake_id') do
  it { should_not exist }
end

not_exists

# Should exist if there is one resource with a given name.

describe azure_graph_generic_resource(resource: 'users', id: 'valid_id') do
  it { should exist }
end

Azure Permissions

Graph resources require specific privileges granted to your service principal.

Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results