azure_sql_database_server_vulnerability_assessments Resource
Use the azure_sql_database_server_vulnerability_assessments
InSpec audit resource to test the properties and configuration of multiple Azure SQL Database server vulnerability assessments.
Syntax
The resource_group
and server_name
are required parameters.
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
Parameters
resource_group
(required)- Azure resource group where the targeted resource resides.
server_name
(required)- The name of the server in which the database resides.
Properties
ids
- The ID of the resource.
Field:
id
names
- The name of the resource. The name of the vulnerability assessment is
default
. Field:
name
types
- The type of the resource.
Field:
type
isEnabled
- Recurring scans state.
Field:
properties.recurringScans.isEnabled
emailSubscriptionAdmins
- Specifies that the schedule scan notification will be is sent to the subscription administrators.
Field:
properties.recurringScans.emailSubscriptionAdmins
emails
- Specifies an array of e-mail addresses to which the scan notification is sent.
Field:
properties.recurringScans.emails
Note
For information on using filter criteria on plural resources, see the documentation on FilterTable
Examples
Check resources are present
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
its('names') { should include 'Default' }
end
Filter the results to include only those with names that match the specified string value
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
Verify the types of the resource
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
its('types') { should include 'Microsoft.Sql/servers/vulnerabilityAssessments' }
Verify whether the recurring scans are enabled or not
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
its('isEnabled') { should include false }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
The control passes if the filter returns at least one result. Use should_not
if you expect zero matches.
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should_not exist }
end
Azure Permissions
Your Service Principal must be set up with at least a contributor
role on the subscription you wish to test.