forked from mikaelkrief/inspec-azure
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazurerm_storage_account_blob_container.md.erb
147 lines (98 loc) · 4.47 KB
/
azurerm_storage_account_blob_container.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
---
title: About the azurerm_storage_account_blob_container Resource
platform: azure
---
# azurerm\_storage\_account\_blob\_container
Use the `azurerm_storage_account_blob_container` InSpec audit resource to test properties related to a
Blob Container in an Azure Storage Account.
<br />
## Azure REST API version
This resource interacts with version `2018-07-01` of the Azure
Management API. For more information see the [official Azure documentation](https://docs.microsoft.com/en-us/rest/api/storagerp/blobcontainers/blobcontainers_get).
At the moment, there doesn't appear to be a way to select the version of the
Azure API docs. If you notice a newer version being referenced in the official
documentation please open an issue or submit a pull request using the updated
version.
## Availability
### Installation
This resource is available in the `inspec-azure` [resource
pack](https://www.inspec.io/docs/reference/glossary/#resource-pack). To use it, add the
following to your `inspec.yml` in your top-level profile:
depends:
inspec-azure:
git: https://github.com/inspec/inspec-azure.git
You'll also need to setup your Azure credentials; see the resource pack
[README](https://github.com/inspec/inspec-azure#inspec-for-azure).
### Version
This resource first became available in 1.3.0 of the inspec-azure resource pack.
## Syntax
An `azurerm_storage_account_blob_container` block returns the requested Blob Container within an Azure Storage Account.
The `resource_group`, `storage_account_name` and `blob_container_name` must be given as
parameters.
describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production',
blob_container_name: 'logs') do
...
...
end
<br />
## Examples
### Ensure that the Blob Container exists
describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'default',
blob_container_name: 'logs') do
it { should exist }
its('name') { should eq('logs') }
end
### Ensure that the Blob Container is private
describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production',
blob_container_name: 'logs') do
its('properties') { should have_attributes(publicAccess: 'None') }
end
<br />
## Parameters
- `resource_group`
- `storage_account_name`
- `blob_container_name`
## Attributes
- `id`
- `name`
- `etag`
- `properties`
- `type`
### id
Fully qualified resource ID for the resource, e.g.
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
### name
The name of the resource
### etag
Resource Etag, e.g.
\"0x8D592D74CC20EBA\"
### properties
Additional properties relating to the Blob Container, e.g.
its('properties') { should have_attributes(publicAccess: 'None') }
### type
The resource type, e.g.
Microsoft.Storage/storageAccounts/blobServices/containers
### Other Attributes
There are additional attributes that may be accessed that we have not
documented. Please take a look at the [Azure documentation](#-Azure-REST-API-version).
Any attribute in the response may be accessed with the key names separated by
dots (`.`).
The API may not always return keys that do not have any associated data. There
may be cases where the deeply nested property may not have the desired
attribute along your call chain. If you find yourself writing tests against
properties that may be nil, fork this resource pack and add an accessor to the
resource. Within that accessor you'll be able to guard against nil keys. Pull
requests are always welcome.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of
available matchers, please visit our [Universal Matchers
page](https://www.inspec.io/docs/reference/matchers/).
### exists
describe azurerm_storage_account_blob_container(resource_group: 'rg', storage_account_name: 'production',
blob_container_name: 'logs') do
it { should exist }
end
## Azure Permissions
Your [Service
Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
must be setup with a `contributor` role on the subscription you wish to test.