inspec · rmoles · Sep 23, 2020 · Sep 22, 2020 · Sep 22, 2020 · Sep 23, 2020
diff --git a/README.md b/README.md
@@ -121,11 +121,15 @@ The static resources derived from the generic resources prepended with `azure_`
 - [azure_network_interfaces](docs/resources/azure_network_interfaces.md)
 - [azure_network_security_group](docs/resources/azure_network_security_group.md)
 - [azure_network_security_groups](docs/resources/azure_network_security_groups.md)
+- [azure_policy_definition](docs/resources/azure_policy_definition.md)
+- [azure_policy_definitions](docs/resources/azure_policy_definitions.md)
 - [azure_postgresql_database](docs/resources/azure_postgresql_database.md)
 - [azure_postgresql_databases](docs/resources/azure_postgresql_databases.md)
 - [azure_postgresql_server](docs/resources/azure_postgresql_server.md)
 - [azure_postgresql_servers](docs/resources/azure_postgresql_servers.md)
 - [azure_public_ip](docs/resources/azure_public_ip.md)
+- [azure_resource_group](docs/resources/azure_resource_group.md)
+- [azure_resource_groups](docs/resources/azure_resource_groups.md)
 - [azure_sql_server](docs/resources/azure_sql_server.md)
 - [azure_sql_servers](docs/resources/azure_sql_servers.md)
 - [azure_storage_account_blob_container](docs/resources/azure_storage_account_blob_container.md)
@@ -344,15 +348,16 @@ If you'd like to contribute to this project please see [Contributing Rules](CONT
 The easiest way to start is checking the existing static resources. They have detailed information on how to leverage the backend class within their comments.
 
 The common parameters are:
-- `resource_provider`: Such as `Microsoft.Compute/virtualMachines`. It has to be hardcoded in the code by the resource author.
+- `resource_provider`: Such as `Microsoft.Compute/virtualMachines`. It has to be hardcoded in the code by the resource author via the `specific_resource_constraint` method, and it should be the first parameter defined in the resource. This method includes user-supplied input validation.  
 - `display_name`: A generic one will be created unless defined.
 - `required_parameters`: Define mandatory parameters. The `resource_group` and resource `name` in the singular resources are default mandatory in the base class.
 - `allowed_parameters`: Define optional parameters. The `resource_group` is default optional, but this can be made mandatory in the static resource. 
+- `resource_uri`: Azure REST API URI of a resource. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` is set to either `true` or `false`. See [azure_policy_definition](libraries/azure_policy_definition.rb) and [azure_policy_definitions](libraries/azure_policy_definitions.rb).
+- `add_subscription_id`: It indicates whether the subscription ID should be included in the `resource_uri` or not.
 
 ### Singular Resources
 
-- In most cases `resource_group` and resource `name` should be required from the users and a single API call would be enough for creating methods on the  resource.
-See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties.
+- In most cases `resource_group` and resource `name` should be required from the users and a single API call would be enough for creating methods on the  resource. See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard singular resource and how to create static methods from resource properties.
 - If it is beneficial to accept the resource name with a more specific keyword, such as `server_name`, see [azure_mysql_server](libraries/azure_mysql_server.rb).
 - If a resource exists in another resource, such as a subnet on a virtual network, see [azure_subnet](libraries/azure_subnet.rb).
 - If it is necessary to make an additional API call within a static method, the `create_additional_properties` should be used. See [azure_key_vault](libraries/azure_key_vault.rb). 
@@ -362,9 +367,7 @@ See [azure_virtual_machine](libraries/azure_virtual_machine.rb) for a standard s
 - A standard plural resource does not require a parameter, except optional `resource_group`. See [azure_mysql_servers](libraries/azure_mysql_servers.rb).
 - All plural resources use [FilterTable](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) to be able to provide filtering within returned resources. The filter criteria must be defined `table_schema` Hash variable.
 - If the properties of the resource are to be manipulated before populating the FilterTable, a `populate_table` method has to be defined. See [azure_virtual_machines](libraries/azure_virtual_machines.rb).
-- If the resources exist in another resource, such as subnets of a virtual network, a `resource_path` has to be created. 
-For that, the identifiers of the parent resource, `resource_group` and virtual network name `vnet`, must be required from the users. 
-See [azure_subnets](libraries/azure_subnets.rb).
+- If the resources exist in another resource, such as subnets of a virtual network, a `resource_path` has to be created. For that, the identifiers of the parent resource, `resource_group` and virtual network name `vnet`, must be required from the users. See [azure_subnets](libraries/azure_subnets.rb).
 
 The following instructions will help you get your development environment setup to run integration tests.
 

diff --git a/docs/resources/azure_aks_clusters.md b/docs/resources/azure_aks_clusters.md
@@ -52,7 +52,7 @@ end
 | tags          | A list of `tag:value` pairs defined on the resources being interrogated.             | `tags`          |
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_api_managements.md b/docs/resources/azure_api_managements.md
@@ -53,7 +53,7 @@ end
 | types         | A list of the types of resources being interrogated.                                 | `type`          |
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_application_gateways.md b/docs/resources/azure_application_gateways.md
@@ -53,7 +53,7 @@ end
 | types         | A list of the types of resources being interrogated.                                 | `type`          |
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_generic_resource.md b/docs/resources/azure_generic_resource.md
@@ -38,7 +38,7 @@ The following parameters can be passed for targeting a specific Azure resource.
 | resource_provider                    | Azure resource provider of the resource to be tested. `Microsoft.Compute/virtualMachines`                |
 | resource_path                        | Relative path to the resource if it is defined on another resource. Resource path of a subnet in a virtual network would be: `{virtualNetworkName}/subnets`. |
 | resource_id                          | Unique id of Azure resource to be tested. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}` |
-| resource_uri                         | Azure REST API URI of the resource to be tested. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` and `name` parameters to be provided together. `/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/` |
+| resource_uri                         | Azure REST API URI of the resource to be tested. This parameter should be used when a resource does not reside in a resource group. It requires `add_subscription_id` and `name` parameters to be provided together. `/providers/Microsoft.Authorization/policyDefinitions/` |
 | add_subscription_id                  | Indicates whether the `resource_uri` contains the subscription id. `true` or `false`                     |
 | tag_name<superscript>*</superscript> | Tag name defined on the Azure resource. `name`                                                           |
 | tag_value                            | Tag value of the tag defined with the `tag_name`. `external_linux`                                       |

diff --git a/docs/resources/azure_generic_resources.md b/docs/resources/azure_generic_resources.md
@@ -38,7 +38,7 @@ All of them are optional.
 | resource_provider              | Azure resource provider of the resources to be tested.                                                                    | `Microsoft.Compute/virtualMachines` |
 | tag_name<superscript>*</superscript> | Tag name defined on the Azure resources.                                                                            | `name`                              |
 | tag_value                      | Tag value of the tag defined with the `tag_name`.                                                                         | `external_linux`                    |
-| resource_uri                   | Azure REST API URI of the resources to be tested. This parameter should be used when resources do not reside in resource groups. It requires `add_subscription_id` parameter to be provided together. `/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/` |
+| resource_uri                   | Azure REST API URI of the resources to be tested. This parameter should be used when resources do not reside in resource groups. It requires `add_subscription_id` parameter to be provided together. `/providers/Microsoft.Authorization/policyDefinitions/` |
 | add_subscription_id            | Indicates whether the `resource_uri` contains the subscription id. `true` or `false` |
 
 <superscript>*</superscript> When resources are filtered by a tag name and value, the tags for each resource are not returned in the results.
@@ -73,7 +73,7 @@ It is advised to use these parameter sets to narrow down the targeted resources
 | changed_times<superscript>**</superscript> | A list of changed times of the resources. | `changed_time`|
 | provisioning_states<superscript>**</superscript> | A list of provisioning states of the resources. | `provisioning_state`|
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 <superscript>**</superscript> These properties are not available when `resource_uri` is used.
 

diff --git a/docs/resources/azure_graph_generic_resources.md b/docs/resources/azure_graph_generic_resources.md
@@ -107,7 +107,7 @@ azure_graph_generic_resources(resource: 'users', filter: { starts_with_given_nam
 end  
 ```
 
-Please see [here](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) for more information on how to leverage FilterTable capabilities on plural resources. 
+For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Matchers
 

diff --git a/docs/resources/azure_graph_users.md b/docs/resources/azure_graph_users.md
@@ -55,7 +55,7 @@ It is advised to use these parameters to narrow down the targeted resources at t
 | user_types            | The user types of users, e.g.; `Member`, `Guest`.  | `userType` |
 | user_principal_names  | The user principal names of users, e.g.; `jdoe@contoso.com`.  | `userPrincipalName` |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_iothub_event_hub_consumer_groups.md b/docs/resources/azure_iothub_event_hub_consumer_groups.md
@@ -53,7 +53,7 @@ end
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 | etags         | A list of etags defined on the resources.                                            | `etag`          |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_key_vault.md b/docs/resources/azure_key_vault.md
@@ -40,12 +40,13 @@ end
 ```
 ## Parameters
 
-| Name                           | Description                                                                      |
-|--------------------------------|----------------------------------------------------------------------------------|
-| resource_group                 | Azure resource group that the targeted resource resides in. `MyResourceGroup`    |
-| name                           | Name of the Azure resource to test. `MyVault`                                    |
-| vault_name                     | Name of the Azure resource to test (for backward compatibility). `MyVault`       |
-| resource_id                    | The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.KeyVault/vaults/{vaultName}` |
+| Name                            | Description                                                                      |
+|---------------------------------|----------------------------------------------------------------------------------|
+| resource_group                  | Azure resource group that the targeted resource resides in. `MyResourceGroup`    |
+| name                            | Name of the Azure resource to test. `MyVault`                                    |
+| vault_name                      | Name of the Azure resource to test (for backward compatibility). `MyVault`       |
+| resource_id                     | The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.KeyVault/vaults/{vaultName}` |
+| diagnostic_settings_api_version | The endpoint api version for the `diagnostic_settings` property. `2017-05-01-preview` will be used for backward compatibility unless provided. |
 
 Either one of the parameter sets can be provided for a valid query:
 - `resource_id`

diff --git a/docs/resources/azure_key_vaults.md b/docs/resources/azure_key_vaults.md
@@ -53,7 +53,7 @@ end
 | locations     | A list of locations for all the key vaults.                                          | `location`      |
 | properties    | A list of properties for all the key vaults.                                         | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_load_balancers.md b/docs/resources/azure_load_balancers.md
@@ -54,8 +54,7 @@ end
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 | skus          | A list of the SKUs of the resources being interrogated.                              | `sku`           |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
-
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_mariadb_server.md b/docs/resources/azure_mariadb_server.md
@@ -45,6 +45,7 @@ end
 | name                           | Name of the MariaDB server to test. `MyServer`                                    |
 | server_name                    | Alias for the `name` parameter.                                                   |
 | resource_id                    | The unique resource ID. `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.DBforMariaDB/servers/{serverName}` |
+| firewall_rules_api_version     | The endpoint api version for the `firewall_rules` property. The latest version will be used unless provided. |
 
 Either one of the parameter sets can be provided for a valid query:
 - `resource_id`

diff --git a/docs/resources/azure_mariadb_servers.md b/docs/resources/azure_mariadb_servers.md
@@ -54,7 +54,7 @@ end
 | types         | A list of the types of resources being interrogated.                                 | `type`          |
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_monitor_activity_log_alerts.md b/docs/resources/azure_monitor_activity_log_alerts.md
@@ -53,7 +53,7 @@ end
 | operations      | A list of operations for all the resources being interrogated.                       | `operations`    |
 | resource_group  | Azure resource group that the targeted resource resides in.                          | `resource_group`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
 

diff --git a/docs/resources/azure_mysql_databases.md b/docs/resources/azure_mysql_databases.md
@@ -49,8 +49,7 @@ end
 | types         | A list of the types of resources being interrogated.                                 | `type`          |
 | properties    | A list of properties for all the resources being interrogated.                       | `properties`    |
 
-<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md#a-where-method-you-can-call-with-hash-params-with-loose-matching).
-
+<superscript>*</superscript> For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
 
 ## Examples
-Original file line number
+Diff line change
@@ Expand Up @@
     end
     ```
-    Please see [here](https://github.com/inspec/inspec/blob/master/docs/dev/filtertable-usage.md) for more information on how to leverage FilterTable capabilities on plural resources.
+    For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md).
     ## Matchers
@@ Expand Down @@