Skip to main content

azure_management_group Resource

Use the azure_management_group InSpec audit resource to test the properties of an Azure management group.

Azure REST API Version, Endpoint, and HTTP Client Parameters

This resource interacts with API versions supported by the resource provider. The api_version can be defined as a resource parameter. If not provided, this resource uses the latest version. For more information, refer to the azure_generic_resource document.

Unless defined, this resource uses the azure_cloud global endpoint and default values for the HTTP client. For more information, refer to the resource pack README.

Install

This resource is available in the Chef InSpec Azure resource pack.

For information on configuring your Azure environment for Chef InSpec and creating an InSpec profile that uses the InSpec Azure resource pack, see the Chef InSpec documentation for the Azure cloud platform.

Syntax

An azure_management_group resource block identifies a management group by its name or the resource_id.

describe azure_management_group(name: 'ABCD-1234') do
  it { should exist }
end
describe azure_management_group(resource_id: '/providers/Microsoft.Management/managementGroups/{groupId}') do
  it { should exist }
end

Parameters

name
Management group name. 20000000-0001-0000-0000-000000000000.
group_id
Alias for the name parameter.
resource_id
The unique resource ID. /providers/Microsoft.Management/managementGroups/{groupId}.
expand
Optional. The expand: 'children' includes children in the response. The expand: 'path' includes the path from the root group to the current group.
recurse
Optional. The recurse: true includes the entire hierarchy in the response. Note that expand: 'children' will be set if recurse is set to true.
filter Optional
A filter allows the exclusion of subscriptions from results (i.e., filter: 'children.childType ne Subscription').

Either one of the parameter sets can be provided for a valid query along with the optional parameters:

  • resource_id
  • name
  • group_id

Properties

tenant_id
The management group tenant ID.
parent_name
The management group parent name.
parent_id
The management group parent resource ID. /providers/Microsoft.Management/managementGroups/{groupId}.
children_display_names
The list of management group children display names.
children_ids
The list of management group children IDs.
children_names
The list of management group children names.
children_types
The list of management group children types.

For properties applicable to all resources, such as type, name, id, and properties, refer to azure_generic_resource.

Also, refer to Azure documentation for other properties available. Any attribute in the response may be accessed with the key names separated by dots (.).

Examples

Test Tenant ID, Parent Name, Children Display Name

describe azure_management_group(group_id: 'ABC-1234', recurse: true, expand: 'CHILDREN') do
  its('tenant_id') { should eq('00000000-0000-0000-0000-000000000000') }
  its('parent_name') { should eq('MyGroupsParentName') }
  its('children_display_names') { should include('I am a child of the group!') }
end

See integration tests for more examples.

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exists

# If we expect a resource to always exist.

describe azure_management_group(name: 'ABCD-1234') do
  it { should exist }
end

not_exists

# If we expect a resource to never exist.

describe azure_management_group(name: 'ABCD-1234') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

Edit this page on GitHub

Thank you for your feedback!

×