azurerm_subnets

Use the azurerm\_subnets InSpec audit resource to test properties related to subnets for a resource group.


Azure REST API version

This resource interacts with version 2018-02-01 of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.

Availability

Installation

This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

depends:
  - name: inspec-azure
    git: https://github.com/inspec/inspec-azure.git

You’ll also need to setup your Azure credentials; see the resource pack README.

Version

This resource first became available in 1.2.0 of the inspec-azure resource pack.

Syntax

The resource_group and ‘vnet’ must be given as a parameter.

describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  ...
end

Examples

# Exists if any subnetss exist for a given virtual network in the resource group
describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  it { should exist }
end


Parameters

  • resource_group, ‘vnet’

Parameter Examples

resource_group (required)

Defines the resource group of the subnet that you wish to test resides in.

describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  ...
end

vnet (required)

Defines the virtual network that the subnet that you wish to test is a part of.

describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  ...
end


name

Filters the results to only those that match the given name.

# Insist that MySubnet exists
describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  .where(name: 'MySubnet') do
  it { should exist }
end

Attributes

  • names

names

Gives a list of all the subnet names in the virtual network.

its('names') { should include('SubnetName1', 'SubnetName2') }

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exists

# Should not exist if no subnets are in the virtual network
describe azurerm_subnets(resource_group: 'MyResourceGroup', vnet: 'MyVnetName') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.