azure_sql_database_server_vulnerability

Use the azure_sql_database_server_vulnerability_assessments InSpec audit resource to test the properties and configuration of multiple Azure SQL Database server vulnerability assessments.

Syntax

The resource_group and server_name are required parameters.

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Parameters

resource_group (required): Azure resource group where the targeted resource resides.
server_name (required): The name of the server in which the database resides.

Properties

ids: The ID of the resource.; Field: id
names: The name of the resource. The name of the vulnerability assessment is default.; Field: name
types: The type of the resource.; Field: type
isEnabled: Recurring scans state.; Field: properties.recurringScans.isEnabled
emailSubscriptionAdmins: Specifies that the schedule scan notification will be is sent to the subscription administrators.; Field: properties.recurringScans.emailSubscriptionAdmins
emails: Specifies an array of e-mail addresses to which the scan notification is sent.; Field: properties.recurringScans.emails

Note

For information on using filter criteria on plural resources, see the documentation on FilterTable

Examples

Check resources are present

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
  its('names') { should include 'Default' }
end

Filter the results to include only those with names that match the specified string value

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Verify the types of the resource

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('types') { should include 'Microsoft.Sql/servers/vulnerabilityAssessments' }

Verify whether the recurring scans are enabled or not

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('isEnabled') { should include false }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control passes if the filter returns at least one result. Use should_not if you expect zero matches.

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

azure_sql_database_server_vulnerability_assessments Resource