Skip to main content

azure_graph_user Resource

Use the azure_graph_user InSpec audit resource to test the properties of an Azure Active Directory user within a Tenant.

Azure REST API Version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The api_version can be defined as a resource parameter. If not provided, this resource uses the latest version. For more information, refer to the azure_generic_resource document.

Unless defined, this resource uses the azure_cloud global endpoint and default values for the HTTP client. For more information, refer to the resource pack README.

Install

This resource is available in the Chef InSpec Azure resource pack.

For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.

Syntax

describe azure_graph_user(user_principal_name: 'jdoe@contoso.com') do
  it { should exist }
end

Parameters

Either one of the following parameters is mandatory.

user_principal_name
The user principal name.

Example: jdoe@contoso.com

id
Globally unique identifier.

Example: abcd-1234-efabc-5678

user_id
Globally unique identifier (For backward compatibility).

Example: abcd-1234-efabc-5678

Properties

id
The user’s globally unique ID.
account_enabled
Whether the account is enabled.
city
The user’s city.
country
The user’s country.
department
The user’s department.
display_name
The display name of the user.
facsimile_telephone_number
The user’s facsimile (fax) number.
given_name
The given name for the user.
job_title
The user’s job title.
mail
The primary email address of the user.
mail_nickname
The mail alias for the user.
mobile
The user’s mobile (cell) phone number.
password_policies
The password policies for the user.
password_profile
The password profile for the user.
postal_code
The user’s postal (ZIP) code.
state
The user’s state.
street_address
The user’s street address.
surname
The user’s surname (family name or last name).
telephone_number
The user’s telephone number.
usage_location
A two letter country code (ISO standard 3166). Examples include: US, JP, and GB.
user_principal_name
The principal name of the user.
user_type
A string value that can be used to classify user types in your directory, such as Member or Guest.

Examples

Test if an Active Directory user account is referenced with a valid ID

describe azure_graph_user(id: 'someValidId')
  it { should exist }
end

Test if an Active Directory user Account is referenced with an invalid ID

describe azure_graph_user(id: 'someInvalidId')
  it { should_not exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

describe azure_graph_user(user_id: 'someUserId') do
  it { should exist }
end

Azure Permissions

Graph resources require specific privileges granted to your service principal. Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Edit this page on GitHub

Thank you for your feedback!

×