Skip to main content

azure_cosmosdb_database_account resource

Use the azure_cosmosdb_database_account InSpec audit resource to test the properties and configuration of an Azure CosmosDb Database account within a resource group.

Azure REST API version, endpoint, and HTTP client parameters

This resource interacts with API versions supported by the resource provider. You can specify the api_version as a resource parameter to use a specific version of the Azure REST API. If you don’t specify an API version, this resource uses the latest version available. For more information about API versioning, see the azure_generic_resource.

By default, this resource uses the azure_cloud global endpoint and default HTTP client settings. You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China). For more information about configuration options, see the resource pack README.

Syntax

resource_group and name, or the resource_id are required parameters.

describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do
  it { should exist }
end

describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do
  it { should exist }
end

Parameters

resource_group
Azure resource group where the targeted resource resides.
name
The unique name of the targeted resource.
cosmosdb_database_account
Alias for the name parameter.
resource_id
The unique resource ID.

Either one of the parameter sets can be provided for a valid query:

  • resource_id
  • resource_group and name
  • resource_group and cosmosdb_database_account

Properties

location
Resource location. For example, eastus.
kind
Indicates the type of database account. For example, GlobalDocumentDB, MongoDB.

For properties applicable to all resources, such as type, name, id, and properties, refer to azure_generic_resource.

Also, see the Azure documentation for other available properties. You can access any attribute in the response with the key names separated by dots (.).

Examples

Test if a GlobalDocumentDB is accessible on public network:

describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'NAME') do
  its('properties.publicNetworkAccess') { should cmp 'Enabled' }
end

describe azure_cosmosdb_database_account(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}') do
  its('properties.publicNetworkAccess') { should cmp 'Enabled' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exists

# If we expect 'MY-COSMOS-DB' to always exist.

describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'MY-COSMOS-DB) do
  it { should exist }
end

not_exists

# If we expect 'MY-COSMOS-DB' to never exist.

describe azure_cosmosdb_database_account(resource_group: 'RESOURCE_GROUP', name: 'MY-COSMOS-DB') do
  it { should_not exist }
end

Azure permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

Thank you for your feedback!

×