Skip to main content

azure_virtual_network_gateway_connections resource

Use the azure_virtual_network_gateway_connections InSpec audit resource to test the properties related to all Azure Virtual Network Gateway connections within a project.

Azure REST API version, endpoint, and HTTP client parameters

This resource interacts with API versions supported by the resource provider. You can specify the api_version as a resource parameter to use a specific version of the Azure REST API. If you don’t specify an API version, this resource uses the latest version available. For more information about API versioning, see the azure_generic_resource.

By default, this resource uses the azure_cloud global endpoint and default HTTP client settings. You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China). For more information about configuration options, see the resource pack README.

Syntax

An azure_virtual_network_gateway_connections resource block returns all Azure Virtual Network Gateway connections within a project.

describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
  #...
end

Parameters

resource_group
Azure resource group name where the targeted resource resides.

The parameter set should be provided for a valid query:

  • resource_group

Properties

ids
A list of resource IDs.

Field: id

names
A list of resource names.

Field: name

types
A list of types.

Field: type

eTags
A list of eTags.

Field: eTag

locations
A list of all locations.

Field: location

properties
A list of Properties for all the virtual network gateway connections.

Field: properties

provisioningStates
A list of provisioning states.

Field: provisioningState

connectionTypes
A list of gateway connection types.

Field: connectionType

connectionProtocols
A list of connection protocols used for this connection.

Field: connectionProtocol

useLocalAzureIpAddresses
A list of private local Azure IPs for the connection.

Field: datacenterManagementServerName

ipsecPolicies
A list of all the IPSec policies to be considered by this connection.

Field: ipsecPolicies

Note

For information on using filter criteria on plural resources, see the documentation on FilterTable

Examples

Loop through Virtual Network Gateway connection by their names:

azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').names.each do |name|
  describe azure_virtual_network_gateway_connection(resource_group: 'RESOURCE_GROUP', name: name) do
    it { should exist }
  end
end

Test that there are Virtual Network Gateway connections with IPsec type:

describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP').where(connectionType: 'VPN_CONNECTION_TYPE') do
  it { should exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

# Should not exist if no Virtual Network Gateway connection is present in the project and the resource group.

describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
  it { should_not exist }
end

not_exists

# Should exist if the filter returns at least one Virtual Network Gateway connection in the project and the resource group.

describe azure_virtual_network_gateway_connections(resource_group: 'RESOURCE_GROUP') do
  it { should exist }
end

Azure permissions

Your Service Principal must be set up with at least a reader role on the subscription you wish to test.

Thank you for your feedback!

×