azure_sql_database_server_vulnerability_assessments Resource

[edit on GitHub]

Use the azure_sql_database_server_vulnerability_assessments InSpec audit resource to test the properties and configuration of multiple Azure SQL Database server vulnerability assessments.

Syntax

The resource_group and server_name are required parameters.

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Parameters

resource_group (required): Azure resource group where the targeted resource resides.
server_name (required): The name of the server in which the database resides.

Properties

ids: The ID of the resource.; Field: id
names: The name of the resource. The name of the vulnerability assessment is default.; Field: name
types: The type of the resource.; Field: type
isEnabled: Recurring scans state.; Field: properties.recurringScans.isEnabled
emailSubscriptionAdmins: Specifies that the schedule scan notification will be is sent to the subscription administrators.; Field: properties.recurringScans.emailSubscriptionAdmins
emails: Specifies an array of e-mail addresses to which the scan notification is sent.; Field: properties.recurringScans.emails

Note

See the documentation on FilterTable for information on using filter criteria on plural resources.

Examples

Check resources are present

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
  its('names') { should include 'Default' }
end

Filter the results to include only those with names that match the specified string value

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Verify the types of the resource

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('types') { should include 'Microsoft.Sql/servers/vulnerabilityAssessments' }

Verify whether the recurring scans are enabled or not

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('isEnabled') { should include false }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exist

The control passes if the filter returns at least one result. Use should_not if you expect zero matches.

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

describe azure_sql_database_server_vulnerability_assessments(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

Was this page helpful?