azurerm_subscription

Use the azurerm_subscription InSpec audit resource to test properties related to the current subscription subscription.


Azure REST API version

This resource interacts with version 2019-10-01 of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.

Availability

Installation

This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

depends:
  - name: inspec-azure
    git: https://github.com/inspec/inspec-azure.git

You’ll also need to setup your Azure credentials; see the resource pack README.

Version

This resource first became available in 1.7.0 of the inspec-azure resource pack.

Syntax

The resource will retrieve the current subscription which Inspec is using, which is specified in your environment/service principal.

describe azurerm_subscription do
  ...
end


Examples

Ensure a location is available in a subscription.

describe azurerm_subscription do
  its('name')      { should eq 'subscription name' }
  its('locations') { should include 'eastus' }
end


Parameters

No parameters required.

Attributes

  • id
  • name
  • locations

id

The subscription’s unique id. e.g. ‘1ea4649e-0132-4f1c-8b68-9f9b2147281c’

name

The subscriptions’s display name.

its('name') { should eq('subscription name') }

locations

An array of locations available in this subscription.

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exists

describe azurerm_subscription do
  it { should exist }
end

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.