AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy

Test Deployed Azure Resources Using InSpec-Azure

2/1/2022

2 Comments

 
What is Inspec
Inspec is an command line, open source tool, provided by Chef witch audit and automated testing framework for integration, compliance and security.
Picture
In this post I will explain how to use InSpec for compliance automation of your Azure infrastructure

It does not require learning a new language, just knowing how to write the desired state of infrastructure resources
Prerequisites
  • InSpec is installed
  • an Azure service principal with contributor rights (CLI: az ad sp create-for-rbac --name ServicePrincipalName --role reader)
  • a .azure/credentials file in your home directory (see "SETTING UP THE AZURE CREDENTIALS FILE")
  • Ruby
  • Bundler installed
Note: Microsoft Azure had integrated Inspec in the Azure Cloud Shell that provide the direct connection with your authentication
Connect with Azure
Either to store the below variables on environment variables or  execute the run like below
AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \ AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \ AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W"  \
AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3"  \
inspec exec my-profile -t azure://

How to Use it?
Step #1:  Create InSpec Profile
inspec init profile --platform azure AnyName
This command create a new folder ”My-Profile” with all necessaries artifacts for inspec tests, with:

  • controls (tests)
  • libraries
  • profil file inspec.yml with some default metadata
Then, we adapt and update this profil file with personal metadata and adding the information of the Azure Resource pack.

Step #2:  Create InSpec Test, inside contols directory
Picture
Step #2: Let's create new testing scenario

vm.rb

rg = 'MyResourceGroup'
vmname = 'MyVmName'

describe azure_virtual_machine(resource_group: rg , name: vmname ) do
  it { should exist }
  it { should have_monitoring_agent_installed }
  it { should have_only_approved_extensions(['ApprovedExtension', 'OtherApprovedExtensions']) }
        its('location') { should eq('westeurope') }
        its('name') { should eq('azl73627') }
        its('type') { should eq 'Microsoft.Compute/virtualMachines' }
        its('installed_extensions_types') { should include('OmsAgentForLinux') }
        its('installed_extensions_names') { should include('OmsAgentForLinux') }

Step #3: Execute the test

inspec exec . -t azure://
or
inspec exec my-profile -t azure://

Inspec is a fast and easy tool that can help you on the field of automated compliance as a code. By supporting many different platforms it enables organizations to use one tool for compliance testing throughout their infrastructure landscape. In the end it might be an option to have tests running in a continuous fashion using a CI pipeline so that any changes to your (Azure) cloud infra is tested in a non-prod environment and then promoted to production
2 Comments
MgTi
2/6/2022 05:37:25 pm

Best explanation I have found for the tool

Keep such post please

Reply
Erlend Ayen
3/30/2022 01:50:10 am

Hi

great post!

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 8 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    November 2022
    October 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.