diff --git a/README.md b/README.md
index 407987fc1..9926eb814 100644
--- a/README.md
+++ b/README.md
@@ -121,11 +121,15 @@ The static resources derived from the generic resources prepended with `azure_`
- [azure_network_interfaces](docs/resources/azure_network_interfaces.md)
- [azure_network_security_group](docs/resources/azure_network_security_group.md)
- [azure_network_security_groups](docs/resources/azure_network_security_groups.md)
+- [azure_policy_definition](docs/resources/azure_policy_definition.md)
+- [azure_policy_definitions](docs/resources/azure_policy_definitions.md)
- [azure_postgresql_database](docs/resources/azure_postgresql_database.md)
- [azure_postgresql_databases](docs/resources/azure_postgresql_databases.md)
- [azure_postgresql_server](docs/resources/azure_postgresql_server.md)
- [azure_postgresql_servers](docs/resources/azure_postgresql_servers.md)
- [azure_public_ip](docs/resources/azure_public_ip.md)
+- [azure_resource_group](docs/resources/azure_resource_group.md)
+- [azure_resource_groups](docs/resources/azure_resource_groups.md)
- [azure_sql_server](docs/resources/azure_sql_server.md)
- [azure_sql_servers](docs/resources/azure_sql_servers.md)
- [azure_storage_account_blob_container](docs/resources/azure_storage_account_blob_container.md)
@@ -344,15 +348,16 @@ If you'd like to contribute to this project please see [Contributing Rules](CONT
The easiest way to start is checking the existing static resources. They have detailed information on how to leverage the backend class within their comments.
The common parameters are:
-- `resource_provider`: Such as `Microsoft.Compute/virtualMachines`. It has to be hardcoded in the code by the resource author.
+- `resource_provider`: Such as `Microsoft.Compute/virtualMachines`. It has to be hardcoded in the code by the resource author via the `specific_resource_constraint` method, and it should be the first parameter defined in the resource. This method includes user-supplied input validation.
- `display_name`: A generic one will be created unless defined.
- `required_parameters`: Define mandatory parameters. The `resource_group` and resource `name` in the singular resources are default mandatory in the base class.
- `allowed_parameters`: Define optional parameters. The `resource_group` is default optional, but this can be made mandatory in the static resource.
+- `resource_uri`: Azure REST API URI of a resource. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` to be set to either `true` or `false`. See [azure_policy_definition](libraries/azure_policy_definition.rb) and [azure_policy_definitions](libraries/azure_policy_definitions.rb).
+- `add_subscription_id`: It indicates whether the subscription ID should be included in the `resource_uri` or not.
### Singular Resources
-- In most cases `resource_group` and resource `name` should be required from the users and a single API call would be enough for creating methods on the resource.
-See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties.
+- In most cases `resource_group` and resource `name` should be required from the users and a single API call would be enough for creating methods on the resource. See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties.
- If it is beneficial to accept the resource name with a more specific keyword, such as `server_name`, see [azure_mysql_server](libraries/azure_mysql_server.rb).
- If a resource exists in another resource, such as a subnet on a virtual network, see [azure_subnet](libraries/azure_subnet.rb).
- If it is necessary to make an additional API call within a static method, the `create_additional_properties` should be used. See [azure_key_vault](libraries/azure_key_vault.rb).
@@ -362,9 +367,7 @@ See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard s
- A standard plural resource does not require a parameter, except optional `resource_group`. See [azure_mysql_servers](libraries/azure_mysql_servers.rb).
- All plural resources use [FilterTable](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) to be able to provide filtering within returned resources. The filter criteria must be defined `table_schema` Hash variable.
- If the properties of the resource are to be manipulated before populating the FilterTable, a `populate_table` method has to be defined. See [azure_virtual_machines](libraries/azure_virtual_machines.rb).
-- If the resources exist in another resource, such as subnets of a virtual network, a `resource_path` has to be created.
-For that, the identifiers of the parent resource, `resource_group` and virtual network name `vnet`, must be required from the users.
-See [azure_subnets](libraries/azure_subnets.rb).
+- If the resources exist in another resource, such as subnets of a virtual network, a `resource_path` has to be created. For that, the identifiers of the parent resource, `resource_group` and virtual network name `vnet`, must be required from the users. See [azure_subnets](libraries/azure_subnets.rb).
The following instructions will help you get your development environment setup to run integration tests.
diff --git a/docs/resources/azure_aks_cluster.md b/docs/resources/azure_aks_cluster.md
index 2d6d10f76..621da2bf8 100644
--- a/docs/resources/azure_aks_cluster.md
+++ b/docs/resources/azure_aks_cluster.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_aks_clusters.md b/docs/resources/azure_aks_clusters.md
index 2a5275aa5..f847c7dd5 100644
--- a/docs/resources/azure_aks_clusters.md
+++ b/docs/resources/azure_aks_clusters.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -52,7 +52,7 @@ end
| tags | A list of `tag:value` pairs defined on the resources being interrogated. | `tags` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_api_management.md b/docs/resources/azure_api_management.md
index bbde2d4ee..fd81d7131 100644
--- a/docs/resources/azure_api_management.md
+++ b/docs/resources/azure_api_management.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_api_managements.md b/docs/resources/azure_api_managements.md
index 0b20a4f8b..c5c2c7b78 100644
--- a/docs/resources/azure_api_managements.md
+++ b/docs/resources/azure_api_managements.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_application_gateway.md b/docs/resources/azure_application_gateway.md
index 8cb3ab0e1..925af7142 100644
--- a/docs/resources/azure_application_gateway.md
+++ b/docs/resources/azure_application_gateway.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_application_gateways.md b/docs/resources/azure_application_gateways.md
index e2ffd173f..ef5b80711 100644
--- a/docs/resources/azure_application_gateways.md
+++ b/docs/resources/azure_application_gateways.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_cosmosdb_database_account.md b/docs/resources/azure_cosmosdb_database_account.md
index 3eb0b6b8a..c0105af6d 100644
--- a/docs/resources/azure_cosmosdb_database_account.md
+++ b/docs/resources/azure_cosmosdb_database_account.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_event_hub_authorization_rule.md b/docs/resources/azure_event_hub_authorization_rule.md
index c51d768b9..357a57570 100644
--- a/docs/resources/azure_event_hub_authorization_rule.md
+++ b/docs/resources/azure_event_hub_authorization_rule.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_event_hub_event_hub.md b/docs/resources/azure_event_hub_event_hub.md
index f50fa8359..a0b28ef7f 100644
--- a/docs/resources/azure_event_hub_event_hub.md
+++ b/docs/resources/azure_event_hub_event_hub.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_event_hub_namespace.md b/docs/resources/azure_event_hub_namespace.md
index 8b3e346c1..d4ad541f3 100644
--- a/docs/resources/azure_event_hub_namespace.md
+++ b/docs/resources/azure_event_hub_namespace.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_generic_resources.md b/docs/resources/azure_generic_resources.md
index 94f367d29..c7e0ac828 100644
--- a/docs/resources/azure_generic_resources.md
+++ b/docs/resources/azure_generic_resources.md
@@ -73,7 +73,7 @@ It is advised to use these parameter sets to narrow down the targeted resources
| changed_times** | A list of changed times of the resources. | `changed_time`|
| provisioning_states** | A list of provisioning states of the resources. | `provisioning_state`|
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
** These properties are not available when `resource_uri` is used.
diff --git a/docs/resources/azure_graph_generic_resources.md b/docs/resources/azure_graph_generic_resources.md
index 4a59c5631..7b52492b1 100644
--- a/docs/resources/azure_graph_generic_resources.md
+++ b/docs/resources/azure_graph_generic_resources.md
@@ -90,15 +90,15 @@ describe azure_graph_generic_resources(resource: 'users', filter_free_text: "sta
end
```
-## Filter the Results to Only Include Those that Match the Given Country
+### Filter* the Results to Only Include Those that Match the Given Country (Client-Side Filtering is NOT Recommended)
```ruby
describe azure_graph_generic_resources(resource: 'users', select: %w{ country }).where(country: 'United Kingdom') do
it { should exist }
end
```
-Please note that instead of client side filtering with `where`, it is much more efficient to use server side filtering at Azure Graph API with `filter` or `filter_free_text` at resource creation as described previously.
+*For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). Please note that instead of client side filtering with `where`, it is much more efficient to use server side filtering at Azure Graph API with `filter` or `filter_free_text` at resource creation as described in previous examples.
-## Test `given_names` Parameter
+### Test `given_names` Parameter
```ruby
azure_graph_generic_resources(resource: 'users', filter: { starts_with_given_name: 'J' }, select: %w{ givenName }).given_names.each do |name|
describe name do
@@ -106,9 +106,6 @@ azure_graph_generic_resources(resource: 'users', filter: { starts_with_given_nam
end
end
```
-
-Please see [here](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) for more information on how to leverage FilterTable capabilities on plural resources.
-
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
diff --git a/docs/resources/azure_graph_users.md b/docs/resources/azure_graph_users.md
index b3b584435..efdcaa5c4 100644
--- a/docs/resources/azure_graph_users.md
+++ b/docs/resources/azure_graph_users.md
@@ -55,7 +55,7 @@ It is advised to use these parameters to narrow down the targeted resources at t
| user_types | The user types of users, e.g.; `Member`, `Guest`. | `userType` |
| user_principal_names | The user principal names of users, e.g.; `jdoe@contoso.com`. | `userPrincipalName` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_hdinsight_cluster.md b/docs/resources/azure_hdinsight_cluster.md
index 15109a604..199822908 100644
--- a/docs/resources/azure_hdinsight_cluster.md
+++ b/docs/resources/azure_hdinsight_cluster.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_iothub.md b/docs/resources/azure_iothub.md
index 6819036e2..76f43a85a 100644
--- a/docs/resources/azure_iothub.md
+++ b/docs/resources/azure_iothub.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_iothub_event_hub_consumer_group.md b/docs/resources/azure_iothub_event_hub_consumer_group.md
index 47e3649f6..716b7e154 100644
--- a/docs/resources/azure_iothub_event_hub_consumer_group.md
+++ b/docs/resources/azure_iothub_event_hub_consumer_group.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_iothub_event_hub_consumer_groups.md b/docs/resources/azure_iothub_event_hub_consumer_groups.md
index 1d9c4a355..7a426db61 100644
--- a/docs/resources/azure_iothub_event_hub_consumer_groups.md
+++ b/docs/resources/azure_iothub_event_hub_consumer_groups.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| properties | A list of properties for all the resources being interrogated. | `properties` |
| etags | A list of etags defined on the resources. | `etag` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_key_vault.md b/docs/resources/azure_key_vault.md
index 2aae24e3c..97808490a 100644
--- a/docs/resources/azure_key_vault.md
+++ b/docs/resources/azure_key_vault.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_key_vaults.md b/docs/resources/azure_key_vaults.md
index a261a0816..88e62faee 100644
--- a/docs/resources/azure_key_vaults.md
+++ b/docs/resources/azure_key_vaults.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| locations | A list of locations for all the key vaults. | `location` |
| properties | A list of properties for all the key vaults. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_load_balancer.md b/docs/resources/azure_load_balancer.md
index 32146f17c..9342ef0ac 100644
--- a/docs/resources/azure_load_balancer.md
+++ b/docs/resources/azure_load_balancer.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_load_balancers.md b/docs/resources/azure_load_balancers.md
index b4f0d0467..c936b6f63 100644
--- a/docs/resources/azure_load_balancers.md
+++ b/docs/resources/azure_load_balancers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -54,8 +54,7 @@ end
| properties | A list of properties for all the resources being interrogated. | `properties` |
| skus | A list of the SKUs of the resources being interrogated. | `sku` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
-
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_mariadb_server.md b/docs/resources/azure_mariadb_server.md
index 2a9d5e717..40aa41dcc 100644
--- a/docs/resources/azure_mariadb_server.md
+++ b/docs/resources/azure_mariadb_server.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_mariadb_servers.md b/docs/resources/azure_mariadb_servers.md
index e9f617425..018303d45 100644
--- a/docs/resources/azure_mariadb_servers.md
+++ b/docs/resources/azure_mariadb_servers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -54,7 +54,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_monitor_activity_log_alert.md b/docs/resources/azure_monitor_activity_log_alert.md
index 37c6a75a2..76555dd24 100644
--- a/docs/resources/azure_monitor_activity_log_alert.md
+++ b/docs/resources/azure_monitor_activity_log_alert.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_monitor_activity_log_alerts.md b/docs/resources/azure_monitor_activity_log_alerts.md
index e8be0e3f0..cfde9d5f3 100644
--- a/docs/resources/azure_monitor_activity_log_alerts.md
+++ b/docs/resources/azure_monitor_activity_log_alerts.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| operations | A list of operations for all the resources being interrogated. | `operations` |
| resource_group | Azure resource group that the targeted resource resides in. | `resource_group` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_mysql_database.md b/docs/resources/azure_mysql_database.md
index 52616011c..a3f8a9c8e 100644
--- a/docs/resources/azure_mysql_database.md
+++ b/docs/resources/azure_mysql_database.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_mysql_databases.md b/docs/resources/azure_mysql_databases.md
index 482712fbb..d65dd6447 100644
--- a/docs/resources/azure_mysql_databases.md
+++ b/docs/resources/azure_mysql_databases.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -49,8 +49,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
-
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_mysql_server.md b/docs/resources/azure_mysql_server.md
index 8f3c70747..ce618edeb 100644
--- a/docs/resources/azure_mysql_server.md
+++ b/docs/resources/azure_mysql_server.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_mysql_servers.md b/docs/resources/azure_mysql_servers.md
index 9bff1fbbe..a837d207b 100644
--- a/docs/resources/azure_mysql_servers.md
+++ b/docs/resources/azure_mysql_servers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| skus | A list of the SKUs (pricing tiers) of the servers. | `sku` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_network_interface.md b/docs/resources/azure_network_interface.md
index 40fe0a68c..dd258842e 100644
--- a/docs/resources/azure_network_interface.md
+++ b/docs/resources/azure_network_interface.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_network_interfaces.md b/docs/resources/azure_network_interfaces.md
index 595ce7516..33e163b3d 100644
--- a/docs/resources/azure_network_interfaces.md
+++ b/docs/resources/azure_network_interfaces.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_network_security_group.md b/docs/resources/azure_network_security_group.md
index f4e1d2367..2db0382e4 100644
--- a/docs/resources/azure_network_security_group.md
+++ b/docs/resources/azure_network_security_group.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_network_security_groups.md b/docs/resources/azure_network_security_groups.md
index fb6d4635a..f56d71301 100644
--- a/docs/resources/azure_network_security_groups.md
+++ b/docs/resources/azure_network_security_groups.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -52,7 +52,7 @@ end
| tags | A list of `tag:value` pairs defined on the resources. | `tags` |
| etags | A list of etags defined on the resources. | `etag` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_policy_definition.md b/docs/resources/azure_policy_definition.md
new file mode 100644
index 000000000..74dd8788f
--- /dev/null
+++ b/docs/resources/azure_policy_definition.md
@@ -0,0 +1,106 @@
+---
+title: About the azure_policy_definition Resource
+platform: azure
+---
+
+# azure_policy_definition
+
+Use the `azure_policy_definition` InSpec audit resource to test properties and configuration of an Azure policy definition.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+`name` or the `resource_id` must be given as a parameter.
+```ruby
+describe azure_policy_definition(name: 'my_policy') do
+ it { should exist }
+end
+```
+```ruby
+describe azure_policy_definition(resource_id: '/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}') do
+ it { should exist }
+end
+```
+## Parameters
+
+| Name | Description |
+|---------------------------------------|-------------|
+| name | Name of the policy definition. `policyDefinitionName` |
+| built_in | Indicates whether the policy definition is built-in. Optional. Defaults to `false` if not supplied. This should not be used when `resource_id` is provided. |
+| resource_id | The unique resource ID. `/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}` |
+
+Either one of the parameter sets can be provided for a valid query:
+- `resource_id`
+- `name`
+- `name` and `built_in`
+
+## Properties
+
+| Property | Description |
+|---------------------------|-------------|
+| properties.description | The policy definition description. |
+| properties.displayName | The display name of the policy definition. |
+| properties.policyType | The type of policy definition. Possible values are `NotSpecified`, `BuiltIn`, `Custom`, and `Static`. |
+| properties.policyRule | The policy rule. |
+
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/get#policydefinition) for other properties available.
+Any attribute in the response may be accessed with the key names separated by dots (`.`), eg. `properties.`.
+
+## Examples
+
+### Test a Policy Definition Display Name
+```ruby
+describe azure_policy_definition(name: 'my_policy') do
+ its('properties.displayName') { should cmp "Enforce 'owner' tag on resource groups" }
+end
+```
+### Test a Policy Definition Rule
+```ruby
+describe azure_policy_definition(name: 'my_policy', built_in: true ) do
+ its('properties.policyRule.then.effect') { should cmp 'deny' }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### custom
+Test if a policy definition type is `Custom` or not.
+```ruby
+describe azure_policy_definition(name: 'my_policy') do
+ it { should be_custom }
+end
+```
+### exists
+```ruby
+# If we expect a resource to always exist
+describe azure_policy_definition(name: 'my_policy', built_in: true ) do
+ it { should exist }
+end
+# If we expect a resource to never exist
+describe azure_policy_definition(name: 'my_policy') do
+ it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
diff --git a/docs/resources/azure_policy_definitions.md b/docs/resources/azure_policy_definitions.md
new file mode 100644
index 000000000..9e27f21d2
--- /dev/null
+++ b/docs/resources/azure_policy_definitions.md
@@ -0,0 +1,90 @@
+---
+title: About the azure_policy_definitions Resource
+platform: azure
+---
+
+# azure_policy_definitions
+
+Use the `azure_policy_definitions` InSpec audit resource to test properties and configuration of multiple Azure policy definitions.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_policy_definitions` resource block returns all policy definitions, either built-in (if `built_in_only: true`), or within a subscription.
+```ruby
+describe azure_policy_definitions do
+ it { should exist }
+end
+```
+or
+```ruby
+describe azure_policy_definitions(built_in_only: true) do
+ it { should exist }
+end
+```
+## Parameters
+
+- `built_in_only`: Indicates whether the interrogated policy definitions are built-in only. Optional. Defaults to `false` if not supplied.
+
+## Properties
+
+|Property | Description | Filter Criteria* |
+|---------------|--------------------------------------------------------------------------------------|-----------------|
+| ids | A list of the unique resource ids. | `id` |
+| names | A list of names of all the resources being interrogated. | `name` |
+| properties | A list of properties for all the resources being interrogated. | `properties` |
+
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
+
+## Examples
+
+### Check a Specific Policy Definition is Present
+```ruby
+describe azure_policy_definitions do
+ its('names') { should include 'my-policy' }
+end
+```
+### Filters the Results to Include Only Those Policy Definitions which Include the Given Name
+```ruby
+describe azure_policy_definitions.where{ name.include?('my-policy') } do
+ it { should exist }
+end
+```
+## Filters the Results to Include Only The Custom Policy Definitions
+```ruby
+describe azure_policy_definitions.where{ properties.has_key?(:policyType) && properties[:policyType] == "Custom" } do
+ it { should exist }
+ its('count') { should be 15 }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
+```ruby
+describe azure_policy_definitions do
+ it { should exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
diff --git a/docs/resources/azure_postgresql_database.md b/docs/resources/azure_postgresql_database.md
index d7f3cbc61..8fd1bff60 100644
--- a/docs/resources/azure_postgresql_database.md
+++ b/docs/resources/azure_postgresql_database.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_postgresql_databases.md b/docs/resources/azure_postgresql_databases.md
index 834301070..c7eff8735 100644
--- a/docs/resources/azure_postgresql_databases.md
+++ b/docs/resources/azure_postgresql_databases.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -49,8 +49,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
-
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_postgresql_server.md b/docs/resources/azure_postgresql_server.md
index 52608bd86..c28b707b9 100644
--- a/docs/resources/azure_postgresql_server.md
+++ b/docs/resources/azure_postgresql_server.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_postgresql_servers.md b/docs/resources/azure_postgresql_servers.md
index d6c7253a5..62da3a827 100644
--- a/docs/resources/azure_postgresql_servers.md
+++ b/docs/resources/azure_postgresql_servers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -54,7 +54,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_public_ip.md b/docs/resources/azure_public_ip.md
index a6e8b442e..a4be1b0bf 100644
--- a/docs/resources/azure_public_ip.md
+++ b/docs/resources/azure_public_ip.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_resource_group.md b/docs/resources/azure_resource_group.md
new file mode 100644
index 000000000..a688904d8
--- /dev/null
+++ b/docs/resources/azure_resource_group.md
@@ -0,0 +1,100 @@
+---
+title: About the azure_resource_group Resource
+platform: azure
+---
+
+# azure_resource_group
+
+Use the `azure_resource_group` InSpec audit resource to test properties and configuration of an Azure resource group.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+`name` or the `resource_id` must be given as a parameter.
+```ruby
+describe azure_resource_group(name: 'my_resource_group') do
+ it { should exist }
+end
+```
+```ruby
+describe azure_resource_group(resource_id: '/{subscriptionId}/resourcegroups/{resourceGroupName}') do
+ it { should exist }
+end
+```
+## Parameters
+
+| Name | Description |
+|---------------------------------------|-------------|
+| name | Name of the resource group. `resourceGroupName` |
+| resource_id | The unique resource ID. `/{subscriptionId}/resourcegroups/{resourceGroupName}` |
+
+Either one of the parameter sets can be provided for a valid query:
+- `resource_id`
+- `name`
+
+## Properties
+
+| Property | Description |
+|------------------------------|-------------|
+| properties.provisioningState | The provisioning state. `Succeeded` |
+
+For properties applicable to all resources, such as `type`, `name`, `id`, `location`, `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties).
+
+Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/get#policydefinition) for other properties available.
+Any attribute in the response may be accessed with the key names separated by dots (`.`), eg. `properties.`.
+
+## Examples
+
+### Test a Resource Group Location
+```ruby
+describe azure_resource_group(name: 'my_resource_group') do
+ its('location') { should cmp 'eastus' }
+end
+```
+### Test a Resource Group Provisioning State
+```ruby
+describe azure_resource_group(name: 'my_resource_group') do
+ its('properties.provisioningState') { should cmp 'Succeeded' }
+end
+```
+### Test a Resource Group Tags
+```ruby
+describe azure_resource_group(name: 'my_resource_group') do
+ its('tags') { should include(:owner) }
+ its('tags') { should include(owner: 'InSpec') }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+```ruby
+# If we expect a resource group to always exist
+describe azure_resource_group(name: 'my_resource_group') do
+ it { should exist }
+end
+# If we expect a resource group to never exist
+describe azure_resource_group(name: 'my_resource_group') do
+ it { should_not exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
diff --git a/docs/resources/azure_resource_groups.md b/docs/resources/azure_resource_groups.md
new file mode 100644
index 000000000..e0db5d90c
--- /dev/null
+++ b/docs/resources/azure_resource_groups.md
@@ -0,0 +1,85 @@
+---
+title: About the azure_resource_groups Resource
+platform: azure
+---
+
+# azure_resource_groups
+
+Use the `azure_resource_groups` InSpec audit resource to test properties and configuration of multiple Azure resource groups.
+
+## Azure REST API version, endpoint and http client parameters
+
+This resource interacts with api versions supported by the resource provider.
+The `api_version` can be defined as a resource parameter.
+If not provided, the latest version will be used.
+For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
+
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
+For more information, refer to the resource pack [README](../../README.md).
+
+## Availability
+
+### Installation
+
+This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure).
+For an example `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal).
+
+## Syntax
+
+An `azure_resource_groups` resource block returns all resource groups within a subscription.
+```ruby
+describe azure_resource_groups do
+ it { should exist }
+end
+```
+## Parameters
+
+- None required.
+
+## Properties
+
+|Property | Description | Filter Criteria* |
+|---------------|-------------------------------------------------------------|-----------------|
+| ids | A list of the unique resource group ids. | `id` |
+| names | A list of names of all the resource groups. | `name` |
+| tags | A list of `tag:value` pairs defined on the resource groups. | `tags` |
+| locations | A list of locations of all the resource groups. | `location` |
+
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
+
+## Examples
+
+### Check a Specific Resource Group is Present
+```ruby
+describe azure_resource_groups do
+ its('names') { should include 'my-resource-group' }
+end
+```
+### Filters the Results to Include Only Those Resource Groups which Include the Given Name
+```ruby
+describe azure_resource_groups.where{ name.include?('my-resource-group') } do
+ it { should exist }
+end
+```
+## Filters the Results to Include Only The Resource Groups that Have Certain Tag
+```ruby
+describe azure_resource_groups.where{ tags.has_key?('owner') && tags['owner'] == "InSpec" } do
+ it { should exist }
+ its('count') { should be 15 }
+end
+```
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
+```ruby
+describe azure_resource_groups do
+ it { should exist }
+end
+```
+## Azure Permissions
+
+Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be setup with a `contributor` role on the subscription you wish to test.
diff --git a/docs/resources/azure_sql_server.md b/docs/resources/azure_sql_server.md
index 879e8477b..325f5c2b5 100644
--- a/docs/resources/azure_sql_server.md
+++ b/docs/resources/azure_sql_server.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -110,7 +110,7 @@ end
```
## Matchers
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/).
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists
```ruby
diff --git a/docs/resources/azure_sql_servers.md b/docs/resources/azure_sql_servers.md
index 91af6eb74..2f5530eb1 100644
--- a/docs/resources/azure_sql_servers.md
+++ b/docs/resources/azure_sql_servers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -55,7 +55,7 @@ end
| types | A list of the types of resources being interrogated. | `type` |
| properties | A list of properties for all the resources being interrogated. | `properties` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_storage_account_blob_container.md b/docs/resources/azure_storage_account_blob_container.md
index 6309c5615..3c96eb5c9 100644
--- a/docs/resources/azure_storage_account_blob_container.md
+++ b/docs/resources/azure_storage_account_blob_container.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_storage_account_blob_containers.md b/docs/resources/azure_storage_account_blob_containers.md
index 92f68c106..4aa053435 100644
--- a/docs/resources/azure_storage_account_blob_containers.md
+++ b/docs/resources/azure_storage_account_blob_containers.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -49,7 +49,7 @@ end
| tags | A list of `tag:value` pairs defined on the resources being interrogated. | `tags` |
| etags | A list of etags defined on the resources. | `etag` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_subnet.md b/docs/resources/azure_subnet.md
index 52b4fbd66..3f0dffc0d 100644
--- a/docs/resources/azure_subnet.md
+++ b/docs/resources/azure_subnet.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_subnets.md b/docs/resources/azure_subnets.md
index a8657a4f2..0a3d865e5 100644
--- a/docs/resources/azure_subnets.md
+++ b/docs/resources/azure_subnets.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -47,7 +47,7 @@ end
| names | A list of all the resources being interrogated. | `name` |
| etags | A list of etags defined on the resources. | `etag` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_virtual_machine.md b/docs/resources/azure_virtual_machine.md
index 6cd098217..bee552f2c 100644
--- a/docs/resources/azure_virtual_machine.md
+++ b/docs/resources/azure_virtual_machine.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_virtual_machines.md b/docs/resources/azure_virtual_machines.md
index 9a17efc6e..fa861ad53 100644
--- a/docs/resources/azure_virtual_machines.md
+++ b/docs/resources/azure_virtual_machines.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -53,7 +53,7 @@ end
| platforms | A list of virtual machine operation system platforms. Supported values are `windows` and `linux`.| `platform`|
| tags | A list of `tag:value` pairs defined on the resources. | `tags` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azure_virtual_network.md b/docs/resources/azure_virtual_network.md
index 7e8c91add..3910e46a5 100644
--- a/docs/resources/azure_virtual_network.md
+++ b/docs/resources/azure_virtual_network.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
diff --git a/docs/resources/azure_virtual_networks.md b/docs/resources/azure_virtual_networks.md
index dd50f0e1f..87e7ac372 100644
--- a/docs/resources/azure_virtual_networks.md
+++ b/docs/resources/azure_virtual_networks.md
@@ -14,7 +14,7 @@ The `api_version` can be defined as a resource parameter.
If not provided, the latest version will be used.
For more information, refer to [`azure_generic_resource`](azure_generic_resource.md).
-Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used .
+Unless defined, `azure_cloud` global endpoint, and default values for the http client will be used.
For more information, refer to the resource pack [README](../../README.md).
## Availability
@@ -56,7 +56,7 @@ end
| tags | A list of `tag:value` pairs defined on the resources. | `tags` |
| etags | A list of etags defined on the resources. | `etag` |
-* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
## Examples
diff --git a/docs/resources/azurerm_resource_groups.md b/docs/resources/azurerm_resource_groups.md
index 14b886d60..0329ed1d1 100644
--- a/docs/resources/azurerm_resource_groups.md
+++ b/docs/resources/azurerm_resource_groups.md
@@ -3,6 +3,8 @@ title: About the azurerm_resource_groups Resource
platform: azure
---
+> WARNING This resource will be deprecated in InSpec Azure Resource Pack version **2**. Please start using fully backward compatible [`azure_resource_groups`](azure_resource_groups.md) InSpec audit resource.
+
# azurerm\_resource\_groups
Use the `azurerm_resource_groups` InSpec audit resource to test properties of
diff --git a/libraries/azure_policy_definition.rb b/libraries/azure_policy_definition.rb
new file mode 100644
index 000000000..38ac0e86a
--- /dev/null
+++ b/libraries/azure_policy_definition.rb
@@ -0,0 +1,71 @@
+require 'azure_generic_resource'
+
+class AzurePolicyDefinition < AzureGenericResource
+ name 'azure_policy_definition'
+ desc 'Verifies settings for a policy definition'
+ example <<-EXAMPLE
+ describe azure_policy_definition(name: 'policy_name') do
+ it { should exist }
+ end
+ EXAMPLE
+
+ def initialize(opts = {})
+ # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+ raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+ # Azure REST API endpoint URL format for the resource:
+ # for a policy in a subscription:
+ # GET https://management.azure.com/subscriptions/{subscriptionId}/providers/
+ # Microsoft.Authorization/policyDefinitions/{policyDefinitionName}?api-version=2019-09-01
+ #
+ # for a built-in policy: see => https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies
+ # GET https://management.azure.com/providers/
+ # Microsoft.Authorization/policyDefinitions/{policyDefinitionName}?api-version=2019-09-01
+ #
+ # The dynamic part that has to be created in this resource:
+ # Microsoft.Authorization/policyDefinitions/{policyDefinitionName}?api-version=2019-09-01
+ #
+ # Parameters acquired from environment variables:
+ # - {subscriptionId} => Optional parameter. It will be acquired by the backend from environment variables.
+ #
+ # User supplied parameters:
+ # - name => Required parameter unless `resource_id` is provided. Policy definition name. {policyDefinitionName}
+ # - built_in => Optional parameter. Indicates whether the policy definition is built-in. Default is `false`.
+ # - resource_id => Optional parameter. If exists, `name` or `built_in` must not be provided.
+ # In the following format:
+ # /{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}
+ # - api_version => Optional parameter. The latest version will be used unless provided.
+ #
+ #
+ # Following resource parameters have to be defined here.
+ # - resource_provider => Microsoft.Authorization/policyDefinitions
+ # The `specific_resource_constraint` method will validate the user input
+ # not to accept a different `resource_provider`.
+ # It should be the first parameter defined.
+ # - resource_uri => /providers/Microsoft.Authorization/policyDefinitions
+ # - add_subscription_id => Indicates whether subscription ID should be added to the resource_uri or not.
+ # This is `false` for built-in policy definitions and it is bound to user-supplied `built_in` parameter.
+ # Default is `true`.
+ #
+ opts[:resource_provider] = specific_resource_constraint('Microsoft.Authorization/policyDefinitions', opts)
+
+ # `built_in` is a resource specific parameter as oppose to `name` and `api_version`.
+ # That's why it should be put in allowed_parameters to be able to pass the parameter validation in the backend.
+ opts[:allowed_parameters] = %i(built_in)
+
+ opts[:resource_uri] = '/providers/Microsoft.Authorization/policyDefinitions'
+ opts[:add_subscription_id] = opts.dig(:built_in) != true
+
+ # static_resource parameter must be true for setting the resource_provider in the backend.
+ super(opts, true)
+ end
+
+ def to_s
+ super(AzurePolicyDefinition)
+ end
+
+ def custom?
+ return unless exists?
+ properties&.policyType&.downcase == 'custom'
+ end
+end
diff --git a/libraries/azure_policy_definitions.rb b/libraries/azure_policy_definitions.rb
new file mode 100644
index 000000000..9a08f86bc
--- /dev/null
+++ b/libraries/azure_policy_definitions.rb
@@ -0,0 +1,79 @@
+require 'azure_generic_resources'
+
+class AzurePolicyDefinitions < AzureGenericResources
+ name 'azure_policy_definitions'
+ desc 'Verifies settings for multiple policy definitions'
+ example <<-EXAMPLE
+ azure_policy_definitions(built_in: true) do
+ it{ should exist }
+ end
+ EXAMPLE
+
+ attr_reader :table
+
+ def initialize(opts = {})
+ # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+ raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+ # Azure REST API endpoint URL format for the resource:
+ # for a policy in a subscription:
+ # GET https://management.azure.com/subscriptions/{subscriptionId}/providers/
+ # Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
+ #
+ # for a built-in policy: see => https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies
+ # GET https://management.azure.com/providers/
+ # Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
+ #
+ # The dynamic part that has to be created in this resource:
+ # Microsoft.Authorization/policyDefinitions?api-version=2019-09-01
+ #
+ # Parameters acquired from environment variables:
+ # - {subscriptionId} => Optional parameter. It will be acquired by the backend from environment variables.
+ #
+ # User supplied parameters:
+ # - built_in_only => Optional parameter. Indicates whether the policy definitions are built-in. Default is `false`.
+ # - api_version => Optional parameter. The latest version will be used unless provided.
+ #
+ # Following resource parameters have to be defined here.
+ # - resource_provider => Microsoft.Authorization/policyDefinitions
+ # The `specific_resource_constraint` method will validate the user input
+ # not to accept a different `resource_provider`.
+ # It should be the first parameter defined.
+ # - resource_uri => /providers/Microsoft.Authorization/policyDefinitions
+ # - add_subscription_id => Indicates whether subscription ID should be added to the resource_uri or not.
+ # This is `false` for built-in policy definitions and it is bound to user-supplied `built_in_only` parameter.
+ # Default is `true`.
+ #
+
+ opts[:resource_provider] = specific_resource_constraint('Microsoft.Authorization/policyDefinitions', opts)
+
+ # `built_in_only` is a resource specific parameter as oppose to the `api_version`.
+ # That's why it should be put in allowed_parameters to be able to pass the parameter validation in the backend.
+ opts[:allowed_parameters] = %i(built_in_only)
+ opts[:resource_uri] = '/providers/Microsoft.Authorization/policyDefinitions'
+ opts[:add_subscription_id] = opts.dig(:built_in_only) != true
+
+ # static_resource parameter must be true for setting the resource_provider in the backend.
+ super(opts, true)
+
+ # Check if the resource is failed.
+ # It is recommended to check that after every usage of inherited methods or making API calls.
+ return if failed_resource?
+
+ # Define the column and field names for FilterTable.
+ # In most cases, the `column` should be the pluralized form of the `field`.
+ # @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
+ table_schema = [
+ { column: :names, field: :name },
+ { column: :ids, field: :id },
+ { column: :properties, field: :properties },
+ ]
+
+ # FilterTable is populated at the very end due to being an expensive operation.
+ AzureGenericResources.populate_filter_table(:table, table_schema)
+ end
+
+ def to_s
+ super(AzurePolicyDefinitions)
+ end
+end
diff --git a/libraries/azure_resource_group.rb b/libraries/azure_resource_group.rb
new file mode 100644
index 000000000..547aaa902
--- /dev/null
+++ b/libraries/azure_resource_group.rb
@@ -0,0 +1,28 @@
+require 'azure_generic_resource'
+
+class AzureResourceGroup < AzureGenericResource
+ name 'azure_resource_group'
+ desc 'Verifies settings for an Azure resource group'
+ example <<-EXAMPLE
+ describe azure_resource_group(name: 'my_resource_group_name') do
+ it { should exist }
+ end
+ EXAMPLE
+
+ def initialize(opts = {})
+ # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+ raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+ opts[:resource_provider] = specific_resource_constraint('/resourcegroups/', opts)
+ # See azure_policy_definitions resource for how to use `resource_uri` and `add_subscription_id` parameters.
+ opts[:resource_uri] = '/resourcegroups/'
+ opts[:add_subscription_id] = true
+
+ # static_resource parameter must be true for setting the resource_provider in the backend.
+ super(opts, true)
+ end
+
+ def to_s
+ super(AzureResourceGroup)
+ end
+end
diff --git a/libraries/azure_resource_groups.rb b/libraries/azure_resource_groups.rb
new file mode 100644
index 000000000..1e7ca54af
--- /dev/null
+++ b/libraries/azure_resource_groups.rb
@@ -0,0 +1,79 @@
+require 'azure_generic_resources'
+
+class AzureResourceGroups < AzureGenericResources
+ name 'azure_resource_groups'
+ desc 'Fetches all available resource groups'
+ example <<-EXAMPLE
+ describe azure_resource_groups do
+ its('names') { should include('example-group') }
+ end
+ EXAMPLE
+
+ attr_reader :table
+
+ def initialize(opts = {})
+ # Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
+ raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
+
+ opts[:resource_provider] = specific_resource_constraint('/resourcegroups/', opts)
+ # See azure_policy_definitions resource for how to use `resource_uri` and `add_subscription_id` parameters.
+ opts[:resource_uri] = '/resourcegroups/'
+ opts[:add_subscription_id] = true
+
+ # static_resource parameter must be true for setting the resource_provider in the backend.
+ super(opts, true)
+
+ # Check if the resource is failed.
+ # It is recommended to check that after every usage of inherited methods or making API calls.
+ return if failed_resource?
+
+ # Define the column and field names for FilterTable.
+ # In most cases, the `column` should be the pluralized form of the `field`.
+ # @see https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md
+ table_schema = [
+ { column: :names, field: :name },
+ { column: :ids, field: :id },
+ { column: :tags, field: :tags },
+ { column: :locations, field: :location },
+ ]
+
+ # FilterTable is populated at the very end due to being an expensive operation.
+ AzureGenericResources.populate_filter_table(:table, table_schema)
+ end
+
+ def to_s
+ super(AzurePolicyDefinitions)
+ end
+
+ private
+
+ # This is for backward compatibility.
+ def populate_table
+ return [] if @resources.empty?
+ @resources.each do |resource|
+ @table << {
+ id: resource[:id],
+ name: resource[:name],
+ tags: resource[:tags].nil? ? {} : resource[:tags].each_with_object({}) { |(k, v), tags| tags[k.to_s] = v },
+ location: resource[:location],
+ }
+ end
+ end
+end
+
+# Provide the same functionality under the old resource name.
+# This is for backward compatibility.
+class AzurermResourceGroups < AzureResourceGroups
+ name 'azurerm_resource_groups'
+ desc 'Fetches all available resource groups'
+ example <<-EXAMPLE
+ describe azurerm_resource_groups do
+ its('names') { should include('example-group') }
+ end
+ EXAMPLE
+
+ def initialize(opts = {})
+ Inspec::Log.warn Helpers.resource_deprecation_message(@__resource_name__, AzureResourceGroups.name)
+ super
+ end
+end
diff --git a/libraries/azurerm_resource_groups.rb b/libraries/azurerm_resource_groups.rb
deleted file mode 100644
index e0d5a082f..000000000
--- a/libraries/azurerm_resource_groups.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require 'azurerm_resource'
-
-class AzurermResourceGroups < AzurermPluralResource
- name 'azurerm_resource_groups'
- desc 'Fetches all available resource groups'
- example <<-EXAMPLE
- describe azurerm_resource_groups do
- its('names') { should include('example-group') }
- end
- EXAMPLE
-
- FilterTable.create
- .register_column(:names, field: :name)
- .register_column(:ids, field: :id)
- .register_column(:tags, field: :tags)
- .install_filter_methods_on_resource(self, :table)
-
- attr_reader :table
-
- def initialize
- resp = management.resource_groups
- return if has_error?(resp)
-
- resp.map! do |r|
- r=r.to_h
- r[:tags]={} unless r[:tags]
- r
- end
- @table = resp
- end
-
- include Azure::Deprecations::StringsInWhereClause
-
- def to_s
- 'Resource Groups'
- end
-end
diff --git a/test/integration/verify/controls/azure_policy_definition.rb b/test/integration/verify/controls/azure_policy_definition.rb
new file mode 100644
index 000000000..55acc7dee
--- /dev/null
+++ b/test/integration/verify/controls/azure_policy_definition.rb
@@ -0,0 +1,8 @@
+control 'azure_policy_definition' do
+ describe azure_policy_definition(name: '0062eb8b-dc75-4718-8ea5-9bb4a9606655', built_in: true) do
+ it { should exist }
+ its('properties.policyType') { should cmp 'Static' }
+ its('properties.policyRule.then.effect') { should cmp 'audit' }
+ it { should_not be_custom }
+ end
+end
diff --git a/test/integration/verify/controls/azure_policy_definitions.rb b/test/integration/verify/controls/azure_policy_definitions.rb
new file mode 100644
index 000000000..ce28a7767
--- /dev/null
+++ b/test/integration/verify/controls/azure_policy_definitions.rb
@@ -0,0 +1,5 @@
+control 'azure_policy_definitions' do
+ describe azure_policy_definitions(built_in_only: true) do
+ it { should exist }
+ end
+end
diff --git a/test/integration/verify/controls/azure_resource_group.rb b/test/integration/verify/controls/azure_resource_group.rb
new file mode 100644
index 000000000..c166713c5
--- /dev/null
+++ b/test/integration/verify/controls/azure_resource_group.rb
@@ -0,0 +1,7 @@
+resource_group = input('resource_group', value: nil)
+
+control 'azure_resource_group' do
+ describe azure_resource_group(name: resource_group) do
+ its('tags') { should include('ExampleTag'=>'example') }
+ end
+end
diff --git a/test/integration/verify/controls/azurerm_resource_groups.rb b/test/integration/verify/controls/azurerm_resource_groups.rb
index 8152bcaf9..d4b27c8d9 100644
--- a/test/integration/verify/controls/azurerm_resource_groups.rb
+++ b/test/integration/verify/controls/azurerm_resource_groups.rb
@@ -4,11 +4,22 @@
describe azurerm_resource_groups do
it { should exist }
its('names') { should include(resource_group) }
- its('tags') { should include({}) }
end
describe azurerm_resource_groups.where(name: resource_group) do
its('tags.first') { should include('ExampleTag'=>'example') }
end
+end
+control 'azure_resource_groups_loop' do
+ azure_resource_groups.ids.each do |id|
+ describe azure_resource_group(resource_id: id) do
+ it { should exist }
+ end
+ end
+ azure_resource_groups.names.each do |name|
+ describe azure_resource_group(name: name) do
+ it { should exist }
+ end
+ end
end
diff --git a/test/unit/resources/azure_policy_definition_test.rb b/test/unit/resources/azure_policy_definition_test.rb
new file mode 100644
index 000000000..2fb6adb01
--- /dev/null
+++ b/test/unit/resources/azure_policy_definition_test.rb
@@ -0,0 +1,13 @@
+require_relative 'helper'
+require 'azure_policy_definition'
+
+class AzurePolicyDefinitionConstructorTest < Minitest::Test
+ def test_empty_param_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinition.new }
+ end
+
+ # resource_provider should not be allowed.
+ def test_resource_provider_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinition.new(resource_provider: 'some_type') }
+ end
+end
diff --git a/test/unit/resources/azure_policy_definitions_test.rb b/test/unit/resources/azure_policy_definitions_test.rb
new file mode 100644
index 000000000..28a54bd2b
--- /dev/null
+++ b/test/unit/resources/azure_policy_definitions_test.rb
@@ -0,0 +1,25 @@
+require_relative 'helper'
+require 'azure_policy_definitions'
+
+class AzurePolicyDefinitionsConstructorTest < Minitest::Test
+ # resource_type should not be allowed.
+ def test_resource_type_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinitions.new(resource_provider: 'some_type') }
+ end
+
+ def tag_value_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinitions.new(tag_value: 'some_tag_value') }
+ end
+
+ def tag_name_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinitions.new(tag_name: 'some_tag_name') }
+ end
+
+ def test_resource_id_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinitions.new(resource_id: 'some_id') }
+ end
+
+ def test_name_not_ok
+ assert_raises(ArgumentError) { AzurePolicyDefinitions.new(name: 'some_name') }
+ end
+end
diff --git a/test/unit/resources/azure_resource_group_test.rb b/test/unit/resources/azure_resource_group_test.rb
new file mode 100644
index 000000000..8f06c2871
--- /dev/null
+++ b/test/unit/resources/azure_resource_group_test.rb
@@ -0,0 +1,13 @@
+require_relative 'helper'
+require 'azure_resource_group'
+
+class AzureResourceGroupConstructorTest < Minitest::Test
+ def test_empty_param_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroup.new }
+ end
+
+ # resource_provider should not be allowed.
+ def test_resource_provider_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroup.new(resource_provider: 'some_type') }
+ end
+end
diff --git a/test/unit/resources/azure_resource_groups_test.rb b/test/unit/resources/azure_resource_groups_test.rb
new file mode 100644
index 000000000..e711b8997
--- /dev/null
+++ b/test/unit/resources/azure_resource_groups_test.rb
@@ -0,0 +1,25 @@
+require_relative 'helper'
+require 'azure_resource_groups'
+
+class AzureResourceGroupsConstructorTest < Minitest::Test
+ # resource_type should not be allowed.
+ def test_resource_type_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroups.new(resource_provider: 'some_type') }
+ end
+
+ def tag_value_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroups.new(tag_value: 'some_tag_value') }
+ end
+
+ def tag_name_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroups.new(tag_name: 'some_tag_name') }
+ end
+
+ def test_resource_id_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroups.new(resource_id: 'some_id') }
+ end
+
+ def test_name_not_ok
+ assert_raises(ArgumentError) { AzureResourceGroups.new(name: 'some_name') }
+ end
+end