Skip to main content

azure_graph_generic_resource resource

Use the azure_graph_generic_resource Inspec audit resource to test any valid Azure resource available through Microsoft Azure Graph API.

Azure REST API version, endpoint, and HTTP client parameters

This resource interacts with API versions supported by the resource provider. You can specify the api_version as a resource parameter to use a specific version of the Azure REST API. If you don’t specify an API version, this resource uses the latest version available. For more information about API versioning, see the azure_generic_resource.

By default, this resource uses the azure_cloud global endpoint and default HTTP client settings. You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China). For more information about configuration options, see the resource pack README.

Syntax

describe azure_graph_generic_resource(resource: 'RESOURCE', id: 'GUID', select: %w(attributes to be tested)) do
  its('property') { should eq 'value' }
end

where:

  • Resource parameters are used to query Azure Graph API endpoint for the resource to be tested.
  • property - This generic resource dynamically creates the properties on the fly based on the property names provided with the select parameter.
  • value is the expected output from the chosen property.

Parameters

The following parameters can be passed for targeting a specific Azure resource.

resource
Azure resource type where the targeted resource belongs. For example, users.
id
Globally unique ID of the targeted resource. For example, jdoe@example.com.
select
The list of query parameters defining which attributes the resource will expose. If not provided, then the predefined attributes will be returned from the API. For example, givenName, surname, and department.
api_version
API version of the GRAPH API to use when interrogating the resource. If not set, then the predefined stable version will be used. For example, v1.0, or beta.

Properties

The properties that can be tested are entirely dependent on the Azure Resource that is tested and the query parameters provided with the select parameter.

Examples

Test properties of a user account:

describe azure_graph_generic_resource(resource: 'USERS', id: 'jdoe@contoso.com', select: %w{ surname givenName }) do
  its('surname') { should cmp 'Doe' }
  its('givenName') { should cmp 'John' }
end

For more examples, see the integration tests.

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

# Should not exist if there is no resource with a given name.

describe azure_graph_generic_resource(resource: 'users', id: 'fake_id') do
  it { should_not exist }
end

not_exists

# Should exist if there is one resource with a given name.

describe azure_graph_generic_resource(resource: 'users', id: 'valid_id') do
  it { should exist }
end

Azure permissions

Graph resources require specific privileges granted to your service principal.

Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Thank you for your feedback!

×