forked from inspec/inspec-azure
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure_virtual_machine.rb
117 lines (101 loc) · 4.59 KB
/
azure_virtual_machine.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
require 'azure_generic_resource'
class AzureVirtualMachine < AzureGenericResource
name 'azure_virtual_machine'
desc 'Verifies settings for an Azure Virtual Machine'
example <<-EXAMPLE
describe azure_virtual_machine(resource_group: 'example', name: 'vm-name') do
it { should have_monitoring_agent_installed }
end
EXAMPLE
def initialize(opts = {})
# Options should be Hash type. Otherwise Ruby will raise an error when we try to access the keys.
raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash)
# Azure REST API endpoint URL format for the resource:
# GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/
# Microsoft.Compute/virtualMachines/{vmName}?api-version=2019-12-01
#
# The dynamic part that has to be created in this resource:
# Microsoft.Compute/virtualMachines/{vmName}?api-version=2019-12-01
#
# Parameters acquired from environment variables:
# - {subscriptionId} => Required parameter. It will be acquired by the backend from environment variables.
#
# User supplied parameters:
# - resource_group => Required parameter unless `resource_id` is provided. {resourceGroupName}
# - name => Required parameter unless `resource_id` is provided. Virtual machine name. {vmName}
# - resource_id => Optional parameter. If exists, `resource_group` and `name` must not be provided.
# In the following format:
# /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/
# Microsoft.Compute/virtualMachines/{vmName}
# - api_version => Optional parameter. The latest version will be used unless provided. api-version
#
# **`resource_group` and (resource) `name` or `resource_id` will be validated in the backend appropriately.
# We don't have to do anything here.
#
# Following resource parameters have to be defined here.
# - resource_provider => Microsoft.Network/virtualNetworks
# The `specific_resource_constraint` method will validate the user input
# not to accept a different `resource_provider`.
#
opts[:resource_provider] = specific_resource_constraint('Microsoft.Compute/virtualMachines', opts)
# static_resource parameter must be true for setting the resource_provider in the backend.
super(opts, true)
end
def to_s
super(AzureVirtualMachine)
end
# Resource specific methods can be created.
# `return unless exists?` is necessary to prevent any unforeseen Ruby error.
# Following methods are created to provide the same functionality with the current resource pack >>>>
# @see https://github.com/inspec/inspec-azure
def admin_username
properties.osProfile.adminUsername if exists?
end
# Following methods are created to provide the same functionality with the current resource pack >>>>
# @see https://github.com/inspec/inspec-azure
def os_disk_name
properties.storageProfile.osDisk.name if exists?
end
def data_disk_names
properties.storageProfile.dataDisks.map(&:name) if exists?
end
def installed_extensions_types
return unless exists?
return [] if resources.nil?
@installed_extensions_types ||= resources.map { |resource| resource.properties.type }
end
def has_only_approved_extensions?(approved_extensions)
(installed_extensions_types - approved_extensions).empty?
end
def has_endpoint_protection_installed?(endpoint_protection_extensions)
installed_extensions_types.any? { |extension| endpoint_protection_extensions.include?(extension) }
end
def installed_extensions_names
return unless exists?
return [] if resources.nil?
@installed_extensions_names ||= resources.map { |resource| resource&.name }
end
def has_monitoring_agent_installed?
return unless exists?
return false if resources.nil?
resources&.select do |res|
res&.properties&.type == 'MicrosoftMonitoringAgent' && res&.properties&.provisioning_state == 'Succeeded'
end
resources.size == 1
end
end
# Provide the same functionality under the old resource name.
# This is for backward compatibility.
class AzurermVirtualMachine < AzureVirtualMachine
name 'azurerm_virtual_machine'
desc 'Verifies settings for an Azure Virtual Machine'
example <<-EXAMPLE
describe azurerm_virtual_machine(resource_group: 'example', name: 'vm-name') do
it { should have_monitoring_agent_installed }
end
EXAMPLE
def initialize(opts = {})
Inspec::Log.warn Helpers.resource_deprecation_message(@__resource_name__, AzureVirtualMachine.name)
super
end
end