forked from mikaelkrief/inspec-azure
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathazurerm_network_security_groups.md.erb
More file actions
94 lines (62 loc) · 2.73 KB
/
azurerm_network_security_groups.md.erb
File metadata and controls
94 lines (62 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
title: About the azurerm_network_security_groups Resource
platform: azure
---
# azurerm\_network\_security\_groups
Use the `azurerm_network_security_groups` InSpec audit resource to enumerate Network
Security Groups.
<br />
## Azure REST API version
This resource interacts with version `2018-02-01` of the Azure Management API.
For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networksecuritygroups/list).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
documentation please open an issue or submit a pull request using the updated
version.
## Availability
### Installation
This resource is available in the `inspec-azure` [resource
pack](https://www.inspec.io/docs/reference/glossary/#resource-pack). To use it, add the
following to your `inspec.yml` in your top-level profile:
depends:
inspec-azure:
git: https://github.com/inspec/inspec-azure.git
You'll also need to setup your Azure credentials; see the resource pack
[README](https://github.com/inspec/inspec-azure#inspec-for-azure).
## Syntax
An `azurerm_network_security_groups` resource block identifies Network Security Groups by
Resource Group.
describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do
...
end
<br />
## Examples
### Test that an example Resource Group has the named Network Security Group
describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do
its('names') { should include('ExampleNetworkSecurityGroup') }
end
<br />
## Attributes
- `names`
### names
The name of the Network Security Group
its('names') { should include('ExampleNetworkSecurityGroup') }
## Matchers
This InSpec audit resource has the following special matchers. For a full list of
available matchers, please visit our [Universal Matchers
page](https://www.inspec.io/docs/reference/matchers/).
### exists
The control will pass if the resource returns a result. Use `should_not` if you expect
zero matches.
# If we expect 'ExampleGroup' Resource Group to have Network Security Groups
describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do
it { should exist }
end
# If we expect 'EmptyExampleGroup' Resource Group to not have Network Security Groups
describe azurerm_network_security_groups(resource_group: 'EmptyExampleGroup') do
it { should_not exist }
end
## Azure Permissions
Your [Service
Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
must be setup with a `contributor` role on the subscription you wish to test.