Skip to main content

azure_active_directory_object Resource

Use the azure_active_directory_object InSpec audit resource to test the properties of an Azure Active Directory object.

Azure REST API Version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The api_version can be defined as a resource parameter. If not provided, this resource uses the latest version. For more information, refer to the azure_generic_resource document.

Unless defined, this resource uses the azure_cloud global endpoint and default values for the HTTP client. For more information, refer to the resource pack README.

Install

This resource is available in the Chef InSpec Azure resource pack.

For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.

Syntax

describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
  it { should exist }
end

Parameters

Parameter id is mandatory.

id
The Active Directory object ID.

Example: 0bf29229-50d7-433c-b08e-2a5d8b293cb5

Properties

id
The object’s globally unique ID.
deletedDateTime
The date and time that the object was deleted.
classification
The classification of the AD object.
createdDateTime
The created Datetime of the AD object.
creationOptions
The creationOptions of the AD object.
description
The description of the AD object.
displayName
The display name of the AD object.
expirationDateTime
The expiration Datetime of the AD object.
groupTypes
The group types of the AD object group.
isAssignableToRole
The roles assignable to the AD object.
mail
The configured mail for the AD object.
mailEnabled
The mail-enabled configuration parameter.
mailNickname
The mail nickname configuration.
membershipRule
The membership rule for the AD object.
membershipRuleProcessingState
The processing state of the membership rule.
onPremisesDomainName
The specified domain name for the on-premises domain.
onPremisesLastSyncDateTime
The on-premises latest sync date time.
onPremisesNetBiosName
The on-premises net bios name.
onPremisesSamAccountName
The on-premises SAM account name.
onPremisesSecurityIdentifier
The on-premises security identifier.
onPremisesSyncEnabled
The on-premises sync enabled configuration.
onPremisesProvisioningErrors
The on-premises provisioning errors.
preferredDataLocation
The preferred data location.
preferredLanguage
The preferred language.
proxyAddresses
The proxy addresses for the object.
renewedDateTime
The renewed date time of the AD object.
resourceBehaviorOptions
The behavior options set for the resource.
resourceProvisioningOptions
The resource provisioning options set.
securityEnabled
The security-enabled configured.
securityIdentifier
The security identifier configured.
theme
The theme of the object.
visibility
The visibility status of the object.

Examples

Test if an Active Directory object is referenced with a valid ID

describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
  it { should exist }
end

Test if an Active Directory object is referenced with an invalid ID

describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
  it { should_not exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

describe azure_active_directory_object(id: 'ACTIVE_DIRECTORY_OBJECT_ID') do
  it { should exist }
end

Azure Permissions

Graph resources require specific privileges granted to your service principal. Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Edit this page on GitHub

Thank you for your feedback!

×