azure_sql_database_server_vulnerability_assessment Resource
Use the azure_sql_database_server_vulnerability_assessment
InSpec audit resource to test the properties and configuration of an Azure SQL Database server vulnerability assessment.
Syntax
resource_group
and server_name
are required parameters.
describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
Parameters
resource_group
(required)- Azure resource group where the targeted resource resides.
server_name
(required)- The name of the server on which the database resides.
Properties
id
- The ID of the resource.
name
- The name of the resource. The name of the vulnerability assessment is
default
. type
- The type of the resource.
properties.recurringScans.isEnabled
- Recurring scans state.
properties.recurringScans.emailSubscriptionAdmins
- Specifies that the schedule scan notification will be is sent to the subscription administrators.
properties.recurringScans.emails
- Specifies an array of e-mail addresses to which the scan notification is sent.
For properties applicable to all resources, such as type
, name
, id
, and properties
, refer to azure_generic_resource
.
See the Azure documentation for other available properties.
Any attribute in the response may be accessed with the key names separated by dots (.
). For example, properties.<attribute>
.
Examples
Test if a SQL database server vulnerability assessment has recurring scans enabled
describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
its('properties.recurringScans.isEnabled') { should eq false }
end
Verify the type of the resource.
describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
its('type') { should eq 'Microsoft.Sql/servers/vulnerabilityAssessments' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
The control passes if the filter returns a result. Use should_not
if a resource should not exist.
describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should exist }
end
describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
it { should_not exist }
end
Azure Permissions
Your Service Principal must be set up with at least a contributor
role on the subscription you wish to test.
Was this page helpful?