azure_subscriptions resource
Use the azure_subscriptions InSpec audit resource to test the properties and configuration of all Azure subscriptions for a tenant.
Azure REST API version, endpoint, and HTTP client parameters
This resource interacts with API versions supported by the resource provider.
You can specify the api_version as a resource parameter to use a specific version of the Azure REST API.
If you don’t specify an API version, this resource uses the latest version available.
For more information about API versioning, see the azure_generic_resource.
By default, this resource uses the azure_cloud global endpoint and default HTTP client settings.
You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China).
For more information about configuration options, see the resource pack README.
Syntax
An azure_subscriptions resource block returns all subscriptions for a tenant.
describe azure_subscriptions do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
ids- A list of the subscription IDs.
Field:
id names- A list of display names of all the subscriptions.
Field:
name - A list of
tag:valuepairs defined on the subscriptions.Field:
tags tenant_ids- A list of tenant IDs of all the subscriptions.
Field:
tenant_id
Note
Examples
Check a specific subscription is present:
describe azure_subscriptions do
its('names') { should include 'my-subscription' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exists
The control passes if the filter returns at least one result. Use should_not if you expect zero matches.
describe azure_subscriptions do
it { should exist }
end
Azure permissions
Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.