inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,294 +0,0 @@
1
- ---
2
- title: About the azure_resource_group_resource_counts Resource
3
- platform: azure
4
- ---
5
-
6
- # azure\_resource\_group\_resource\_counts
7
-
8
- Use the `azure_resource_group_resource_counts` InSpec audit resource to check the number of Azure resources in a resource group.
9
-
10
- ## Availability
11
-
12
- ### Installation
13
-
14
- This resource is distributed along with InSpec itself. You can use it automatically.
15
-
16
- ### Version
17
-
18
- This resource first became available in v2.0.16 of InSpec.
19
-
20
- ## Syntax
21
-
22
- The name of the resource group is specified as a parameter on the resource:
23
-
24
- describe azure_resource_group(name: 'MyResourceGroup') do
25
- its('property') { should eq 'value' }
26
- end
27
-
28
- where
29
-
30
- * `MyResourceGroup` is the name of the resource group being interrogated
31
- * `property` is one a resource property
32
- * `value` is the expected output from the matcher
33
-
34
- ## Examples
35
-
36
- The following examples show how to use this InSpec audit resource:
37
-
38
- ### Ensure the Resource Group has the correct number of resources
39
-
40
- describe azure_resource_group_resource_counts(name: 'Inspec-Azure') do
41
- its('total') { should eq 7}
42
- end
43
-
44
- ### Ensure that the Resource Group contains the correct resources
45
-
46
- describe azure_resource_group_resource_counts(name: 'Inspec-Azure') do
47
- its('total') { should eq 7 }
48
- its('vm_count') { should eq 2 }
49
- its('nic_count') { should eq 2 }
50
- its('public_ip_count') { should eq 1 }
51
- its('sa_count') { should eq 1 }
52
- its('vnet_count') { should eq 1 }
53
- end
54
-
55
- <br>
56
-
57
- ## Parameters
58
-
59
- * `group_name`, `name`
60
-
61
- ## Parameter Examples
62
-
63
- The options that can be passed to the resource are as follows.
64
-
65
- ### group_name (required)
66
-
67
- Use this parameter to define the Azure Resource Group to be tested.
68
-
69
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
70
- ...
71
- end
72
-
73
- ### name
74
-
75
- Use this parameter to define the name of the Azure resource to test.
76
-
77
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
78
- ...
79
- end
80
-
81
- If both `group_name` and `name` is set then `name` takes priority
82
-
83
- These options can also be set using the environment variables:
84
-
85
- * `AZURE_RESOURCE_GROUP_NAME`
86
- * `AZURE_RESOURCE_NAME`
87
-
88
- When the options have been set as well as the environment variables, the environment variables take priority.
89
-
90
- <br>
91
-
92
- ## Parameter Example
93
-
94
- describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Linux-Internal-VM') do
95
- its('location') { should eq 'westeurope' }
96
- end
97
-
98
- <br>
99
-
100
- ## Properties
101
-
102
- * `name`, `location` ,`id`, `provisioning_state`, `subscription_id`, `total`, `nic_count`, `vm_count`, `extension_count`, `vnet_count`, `sa_count`, `public_ip_count`,`managed_disk_image_count`, `managed_disk_count`, `tag_count`
103
-
104
- <br>
105
-
106
- ## Property Examples
107
-
108
- This InSpec audit resource has the following properties:
109
-
110
- ### name
111
-
112
- Tests the name of the resource group.
113
-
114
- its('name') { should cmp 'Inspec-Azure' }
115
-
116
- ### location
117
-
118
- Tests where in Azure the resource group is located.
119
-
120
- its('location') { should cmp 'westeurope' }
121
-
122
- ### id
123
-
124
- Tests the full qualified ID of the resource group.
125
-
126
- This takes the format: `/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>`.
127
-
128
- its('id') { should cmp 'FQDN' }
129
-
130
- ### provisioning_state
131
-
132
- Tests the provisioning state of the resource group.
133
-
134
- its('provisioning_state') { should cmp 'Succeeded' }
135
-
136
- ### total
137
-
138
- Tests the total number of resources in the resource group.
139
-
140
- its('total') { should eq 13 }
141
-
142
- ### nic_count
143
-
144
- Tests the number of network interface cards in the resource group.
145
-
146
- it { should have_nics }
147
- its('nic_count') { should eq 3 }
148
-
149
- ### vm_count
150
-
151
- Tests the number of virtual machines in the resource group.
152
-
153
- its('vm_count') { should eq 5 }
154
-
155
- ### vnet_count
156
-
157
- Tests the number of virtual networks in the resource group.
158
-
159
- its('vnet_count') { should eq 5 }
160
-
161
- ### sa_count
162
-
163
- Tests the number of storage accounts in the resource group.
164
-
165
- its('sa_count') { should eq 5 }
166
-
167
- ### public\_ip\_count
168
-
169
- Tests the number of Public IP Addresses in the resource group.
170
-
171
- its('public_ip_count') { should eq 5 }
172
-
173
- ### managed\_disk\_image\_count
174
-
175
- Tests the number of managed disk images that are in the resource group.
176
-
177
- Managed disks are created from disk images and then attached to the machines. Generally, the images are created from a base image or a custom image (e.g., Packer)
178
-
179
- its('managed_disk_image_count') { should eq 5 }
180
-
181
- ### managed\_disk\_count
182
-
183
- Tests the number of managed disks in the resource group.
184
-
185
- If a resource group contains one virtual machine with an OS disk and 2 data disks that are all Managed Disks, then the count would be 3.
186
-
187
- its('managed_disk_count') { should eq 3 }
188
-
189
- <br>
190
-
191
- ## Matchers
192
-
193
- This resource has a number of special matchers that provide a simple way to test if a specific Azure Resource type exists in the resource group.
194
-
195
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
196
-
197
- ### have_nics
198
-
199
- Use this matcher to test if network interfaces exist.
200
-
201
- it { should have_nics }
202
-
203
- ### have_vms
204
-
205
- Use this matcher to test that virtual machines exist.
206
-
207
- it { should have_vms }
208
-
209
- ### have_extensions
210
-
211
- Use this matcher to test for virtual machine extensions.
212
-
213
- it { should have_extensions }
214
-
215
- ### have_nsgs
216
-
217
- Use this matcher to test that network security groups exist.
218
-
219
- it { should have_nsgs }
220
-
221
- ### have_vnets
222
-
223
- Use this matcher to test that virtual networks exist.
224
-
225
- it { should have_vnets }
226
-
227
- ### have\_managed\_disks
228
-
229
- Use this matcher to test that managed disks exist.
230
-
231
- it { should have_managed_disks }
232
-
233
- ### have\_managed\_disk\_images
234
-
235
- Use this matcher to test that managed disk images exist.
236
-
237
- it { should have_managed_disk_images }
238
-
239
- ### have_sas
240
-
241
- Use this matcher to test that storage accounts exist.
242
-
243
- it { should have_sas }
244
-
245
- ### have\_public\_ips
246
-
247
- Use this matcher to test that public ips exist.
248
-
249
- it { should have_public_ips }
250
-
251
- ## Tags
252
-
253
- It is possible to test the tags that have been assigned to the resource. There are some properties for checking that a resource has tags, that it has the correct number of tags, and that the correct tags are assigned.
254
-
255
- ### have\_tags
256
-
257
- This is a simple test to see if the machine has tags assigned to it or not.
258
-
259
- it { should have_tags }
260
-
261
- ### tag\_count
262
-
263
- Returns the number of tags that are assigned to the resource
264
-
265
- its ('tag_count') { should eq 2 }
266
-
267
- ### tags
268
-
269
- It is possible to check if a specific tag has been set on the resource.
270
-
271
- its('tags') { should include 'owner' }
272
-
273
- ### xxx\_tag
274
-
275
- To get the value of the tag, some properties are created from the tags themselves.
276
-
277
- For example, if the following tag is set on a resource:
278
-
279
- * owner: JG Jinglehimerschmidt
280
-
281
- Then a property is available called `Owner_tag`.
282
-
283
- its('owner_tag') { should cmp 'JG Jinglehimerschmidt' }
284
-
285
- Note: The tag name is case sensitive which makes the test case sensitive. E.g. `owner_tag` does not equal `Owner_tag`.
286
-
287
- <br>
288
-
289
- ## References
290
-
291
- For more information on Azure Ruby SDK resources, see:
292
-
293
- * [Azure Ruby SDK - Resources](https://github.com/Azure/azure-sdk-for-ruby/tree/master/management/azure_mgmt_resources)
294
- * [Resource Group](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/resource_group.rb)
@@ -1,357 +0,0 @@
1
- ---
2
- title: About the azure_virtual_machine Resource
3
- platform: azure
4
- ---
5
-
6
- # azure\_virtual\_machine
7
-
8
- Use the `azure_virtual_machine` InSpec audit resource to ensure that a Virtual Machine has been provisioned correctly.
9
-
10
- ## Availability
11
-
12
- ### Installation
13
-
14
- This resource is distributed along with InSpec itself. You can use it automatically.
15
-
16
- ### Version
17
-
18
- This resource first became available in v2.0.16 of InSpec.
19
-
20
- ## Syntax
21
-
22
- The name of the machine and the resource group are required as properties to the resource.
23
-
24
- describe azure_virtual_machine(group_name: 'MyResourceGroup', name: 'MyVM') do
25
- its('property') { should eq 'value' }
26
- end
27
-
28
- where
29
-
30
- * `MyVm` is the name of the virtual machine as seen in Azure; it is **not** the hostname of the machine
31
- * `MyResourceGroup` is the name of the machine's resource group
32
- * `property` is one of the resource properties
33
- * `value` is the expected output from the matcher
34
-
35
- ## Examples
36
-
37
- The following examples show to use this InSpec audit resource.
38
-
39
- ### Check that the first data disk is of the correct size
40
-
41
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Linux-Internal-VM').where(number: 1) do
42
- its('size') { should cmp >= 15 }
43
- end
44
-
45
- <br>
46
-
47
- ## Parameters
48
-
49
- * `group_name`, `name`, `apiversion`
50
-
51
- ## Parameter Examples
52
-
53
- The options that can be passed to the resource are as follows.
54
-
55
- ### group_name (required)
56
-
57
- Use this parameter to define the Azure Resource Group to be tested.
58
-
59
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
60
- ...
61
- end
62
-
63
- ### name
64
-
65
- Use this parameter to define the name of the Azure resource to test.
66
-
67
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
68
- ...
69
- end
70
-
71
- ### apiversion
72
-
73
- The API Version to use when querying the resource. Defaults to the latest version for the resource.
74
-
75
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
76
- ...
77
- end
78
-
79
- These options can also be set using the environment variables:
80
-
81
- * `AZURE_RESOURCE_GROUP_NAME`
82
- * `AZURE_RESOURCE_NAME`
83
- * `AZURE_RESOURCE_API_VERSION`
84
-
85
- When the options have been set as well as the environment variables, the environment variables take priority.
86
-
87
- <br>
88
-
89
- ## Properties
90
-
91
- * `type`, `location`, `name`, `publisher`, `offer`, `sku`, `os_type`, `os_disk_name`, `have_managed_osdisk`, `caching`, `create_option`, `disk_size_gb`, `have_data_disks`, `data_disk_count` , `storage_account_type`, `vm_size`, `computer_name`, `admin_username`, `have_nics`, `nic_count`, `connected_nics`, `have_password_authentication`, `password_authentication?`, `have_custom_data`, `custom_data?`, `have_ssh_keys`, `ssh_keys?`, `ssh_key_count`, `ssh_keys`, `have_boot_diagnostics`, `boot_diagnostics_storage_uri`
92
-
93
- <br>
94
-
95
- ## Property Examples
96
-
97
- This InSpec audit resource has the following properties that can be tested:
98
-
99
- ### type
100
-
101
- The Azure Resource type. For a virtual machine this will always return `Microsoft.Compute/virtualMachines`
102
-
103
- its('type') { should cmp 'Microsoft.Compute/virtualMachines' }
104
-
105
- ### location
106
-
107
- Where the machine is located
108
-
109
- its('location') { should eq 'westeurope' }
110
-
111
- ### name
112
-
113
- Name of the Virtual Machine in Azure. Be aware that this is not the computer name or hostname, rather the name of the machine when seen in the Azure Portal.
114
-
115
- its('name') { should cmp 'InSpec-Azure' }
116
-
117
- ### publisher
118
-
119
- The publisher of this machine's build image.
120
-
121
- `nil` if the machine was created from a custom image.
122
-
123
- its('publisher') { should cmp 'MicrosoftWindowsServer' }
124
-
125
- ### offer
126
-
127
- The offer from the publisher of the build image.
128
-
129
- `nil` if the machine was created from a custom image.
130
-
131
- its('offer') { should cmp 'WindowsServer' }
132
-
133
- ### sku
134
-
135
- The item from the publisher that was used to create the image.
136
-
137
- `nil` if the machine was created from a custom image.
138
-
139
- its('sku') { should cmp '2016-Datacenter' }
140
-
141
- ### os\_type
142
-
143
- Test that returns the classification in Azure of the operating system type. Usually either `Linux` or `Windows`.
144
-
145
- its('os_type') { should cmp 'Windows' }
146
-
147
- ### os\_disk\_name
148
-
149
- Return the name of the operating system disk attached to the machine.
150
-
151
- its('os_disk_name') { should cmp 'Windows-Internal-OSDisk-MD' }
152
-
153
- ### caching
154
-
155
- Returns the type of caching that has been set on the operating system disk.
156
-
157
- its('caching') { should cmp 'ReadWrite' }
158
-
159
- ### create\_option
160
-
161
- When the operating system disk is created, how it was created is set as a property. This property returns how the disk was created.
162
-
163
- its('create_option') { should cmp 'FromImage' }
164
-
165
- ### disk\_size\_gb
166
-
167
- Returns the size of the operating system disk.
168
-
169
- its('disk_size_gb') { should be >= 30 }
170
-
171
- ### data\_disk\_count
172
-
173
- Return the number of data disks that are attached to the machine
174
-
175
- ### storage\_account\_type
176
-
177
- This provides the storage account type for a machine that is using managed disks for the operating system disk.
178
-
179
- its('storage_account_type') { should cmp 'Standard_LRS' }
180
-
181
- ### vm\_size
182
-
183
- The size of the machine in Azure
184
-
185
- its('vm_size') { should eq 'Standard_DS2_v2' }
186
-
187
- ### computer\_name
188
-
189
- The name of the machine. This is what was assigned to the machine during deployment and is what _should_ be returned by the `hostname` command.
190
-
191
- its('computer_name') { should cmp 'win-internal-1' }
192
-
193
- ### admin\_username
194
-
195
- The admin username that was assigned to the machine
196
-
197
- NOTE: Azure does not allow the use of `Administrator` as the admin username on a Windows machine
198
-
199
- its('admin_username') { should cmp 'azure' }
200
-
201
- ### nic\_count
202
-
203
- The number of network interface cards that have been attached to the machine
204
-
205
- its('nic_count') { should eq 1 }
206
-
207
- ### connected\_nics
208
-
209
- This returns an array of the NIC ids that are connected to the machine. This means that it possible to check that the machine has the correct NIC(s) attached and thus on the correct subnet.
210
-
211
- its('connected_nics') { should include /Inspec-NIC-1/ }
212
-
213
- Note the use of the regular expression here. This is because the NIC id is a long string that contains the subscription id, resource group, machine id as well as other things. By using the regular expression the NIC can be checked without breaking this string up. It also means that other tests can be performed.
214
-
215
- An example of the id string is `/subscriptions/1e0b427a-d58b-494e-ae4f-ee558463ebbf/resourceGroups/Inspec-Azure/providers/Microsoft.Network/networkInterfaces/Inspec-NIC-1`
216
-
217
- ### password\_authentication?
218
-
219
- Boolean to state of password authentication is enabled or not for the admin user.
220
-
221
- its('password_authentication?') { should be false }
222
-
223
- This only applies to Linux machines and will always return `true` on Windows.
224
-
225
- ### custom\_data
226
-
227
- Boolean to state if the machine has custom data or not
228
-
229
- its('custom_data') { should be true }
230
-
231
- ### ssh\_keys?
232
-
233
- Boolean to state of the machine is accessible using SSH keys
234
-
235
- its('ssh_keys?') { should be true }
236
-
237
- ### ssh\_key\_count
238
-
239
- Returns how many SSH keys have been applied to the machine.
240
-
241
- This only applies to Linux machines and will always return `0` on Windows.
242
-
243
- its('ssh_key_count') { should eq '0' }
244
-
245
- ### ssh\_keys
246
-
247
- Returns an array of the keys that are assigned to the machine. This is check if the correct keys are assigned.
248
-
249
- Most SSH public keys have a signature at the end of them that can be tested. For example:
250
-
251
- its('ssh_keys') { should include /azure@inspec.local/ }
252
-
253
- ### boot\_diagnostics\_storage\_uri
254
-
255
- If boot diagnostics are enabled for the machine they will be saved in a storage account. This method returns the URI for the storage account.
256
-
257
- its('boot_diagnostics_storage_uri') { should match 'ghjgjhgjg' }
258
-
259
- <br>
260
-
261
- ## Matchers
262
-
263
- There are a number of built in comparison operators that are available to test the result with an expected value.
264
-
265
- For information on all that are available please refer to the [Inspec Matchers Reference](https://www.inspec.io/docs/reference/matchers/) page.
266
-
267
- ### boot\_diagnostics?
268
-
269
- Boolean test to see if boot diagnostics have been enabled on the machine
270
-
271
- it { should have_boot_diagnostics }
272
-
273
- ### have\_custom\_data
274
-
275
- Returns a boolean stating if the machine has custom data assigned to it.
276
-
277
- it { should have_custom_data }
278
-
279
- ### have\_data\_disks
280
-
281
- Denotes if the machine has data disks attached to it or not.
282
-
283
- it { should have_data_disks }
284
-
285
- ### have\_managed\_osdisk
286
-
287
- Determine if the operating system disk is a Managed Disks or not.
288
-
289
- This test can be used in the following way:
290
-
291
- it { should have_managed_osdisk }
292
-
293
- ### have\_nics
294
-
295
- Returns a boolean to state if the machine has NICs connected or not.
296
-
297
- This has can be used in the following way:
298
-
299
- it { should have_nics }
300
-
301
- ### have\_password\_authentication
302
-
303
- Returns a boolean to denote if the machine is accessible using a password.
304
-
305
- it { should have_password_authentication }
306
-
307
- ### have\_ssh\_keys
308
-
309
- Boolean to state if the machine has SSH keys assigned to it
310
-
311
- it { should have_ssh_keys }
312
-
313
- For a Windows machine this will always be false.
314
-
315
- <br>
316
-
317
- ## Tags
318
-
319
- It is possible to test the tags that have been assigned to the resource. There are a number of properties that can be called to check that it has tags, that it has the correct number and that the correct ones are assigned.
320
-
321
- ### have\_tags
322
-
323
- This is a simple test to see if the machine has tags assigned to it or not.
324
-
325
- it { should have_tags }
326
-
327
- ### tag\_count
328
-
329
- Returns the number of tags that are assigned to the resource
330
-
331
- its ('tag_count') { should eq 2 }
332
-
333
- ### tags
334
-
335
- It is possible to check if a specific tag has been set on the resource.
336
-
337
- its('tags') { should include 'Owner' }
338
-
339
- ### xxx\_tag
340
-
341
- To get the value of the tag, a number of tests have been created from the tags that are set.
342
-
343
- For example, if the following tag is set on a resource:
344
-
345
- * owner: J.G. Jingleheimerschmidt
346
-
347
- Then a test is available called `Owner_tag`.
348
-
349
- its('owner_tag') { should cmp 'J.G. Jingleheimerschmidt' }
350
-
351
- Note: The tag name is case sensitive which makes the test case sensitive. E.g. `owner_tag` does not equal `Owner_tag`.
352
-
353
- ## References
354
-
355
- * [Azure Ruby SDK - Resources](https://github.com/Azure/azure-sdk-for-ruby/tree/master/management/azure_mgmt_resources)
356
- * [Virtual Machine External VM](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/virtual_machine_external_vm.rb)
357
- * [Virtual Machine Internal VM](https://github.com/chef/inspec/blob/fc990346f2438690f0ac36a9f6606e61574a79b8/test/azure/verify/controls/virtual_machine_internal_vm.rb)