Skip to main content

azure_graph_user resource

Use the azure_graph_user InSpec audit resource to test the properties of an Azure Active Directory user within a Tenant.

Azure REST API version, endpoint, and HTTP client parameters

This resource interacts with API versions supported by the resource provider. You can specify the api_version as a resource parameter to use a specific version of the Azure REST API. If you don’t specify an API version, this resource uses the latest version available. For more information about API versioning, see the azure_generic_resource.

By default, this resource uses the azure_cloud global endpoint and default HTTP client settings. You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China). For more information about configuration options, see the resource pack README.

Syntax

describe azure_graph_user(user_principal_name: 'jdoe@contoso.com') do
  it { should exist }
end

Parameters

Either one of the following parameters is mandatory.

user_principal_name
The user principal name.

For example, jdoe@contoso.com

id
Globally unique identifier.

For example, abcd-1234-efabc-5678

user_id
Globally unique identifier (For backward compatibility).

For example, abcd-1234-efabc-5678

Properties

id
The user’s globally unique ID.
account_enabled
Whether the account is enabled.
city
The user’s city.
country
The user’s country.
department
The user’s department.
display_name
The display name of the user.
facsimile_telephone_number
The user’s facsimile (fax) number.
given_name
The given name for the user.
job_title
The user’s job title.
mail
The primary email address of the user.
mail_nickname
The mail alias for the user.
mobile
The user’s mobile (cell) phone number.
password_policies
The password policies for the user.
password_profile
The password profile for the user.
postal_code
The user’s postal (ZIP) code.
state
The user’s state.
street_address
The user’s street address.
surname
The user’s surname (family name or last name).
telephone_number
The user’s telephone number.
usage_location
A two letter country code (ISO standard 3166). Examples include: US, JP, and GB.
user_principal_name
The principal name of the user.
user_type
A string value that can be used to classify user types in your directory, such as Member or Guest.

Examples

Test if an Active Directory user account is referenced with a valid ID:

describe azure_graph_user(id: 'someValidId')
  it { should exist }
end

Test if an Active Directory user Account is referenced with an invalid ID:

describe azure_graph_user(id: 'someInvalidId')
  it { should_not exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

describe azure_graph_user(user_id: 'someUserId') do
  it { should exist }
end

Azure permissions

Graph resources require specific privileges granted to your service principal. Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Thank you for your feedback!

×