search

ernestio / ernest

Ernest is a tool to define, manage and collaborate on your infrastructure
http://ernest.io/
Mozilla Public License 2.0
17 stars 6 forks source link

Azure policy counter issue for `network_interface` and `virtual_machine` #890

Closed reidjc closed 6 years ago

reidjc commented 6 years ago

Policy only takes an exact match: e.g. web does not work, but web-1 does.

g3kk0 commented 6 years ago

I don't think this possible due to the fact that the network_interface resource tests values that have a direct mapping to a specific machine.

e.g.

describe azure_network_interface('myNic') do
  it {should have_ip_configuration('name' => 'myIpCfg', 'subnet' => 'mySubnet', 'private_ip_address_allocation' => 'static', 'private_ip_address' => '1.2.3.4'}
end

With the above how would you test against a private ip on the second instance count without targeting ('myNIC-2') directly?

g3kk0 commented 6 years ago

After further discussion this should be supported.

g3kk0 commented 6 years ago

The following tests now support matching on <resource-name>-x for the azure_network_interface resource

describe azure_network_interface('myNic') do
  its('security_group') {should be 'mySG'}
  its('internal_dns_name_label') {should be 'myVM.internal'}
  its('enable_ip_forwarding') {should be false}
  its('dns_servers') {should be ['8.8.8.8']} 
  it {should have_tag('foo' => 'bar')} 
end

For testing unique attributes on individual resources we can deploy a Ruby loop within the policy document.

(1..2).each do |i|
  describe azure_network_interface("myNic-#{i}") do
    it {should exist}
    it {should have_ip_configuration('name' => 'myIpCfg', 'subnet' => 'mySubnet', 'private_ip_address_allocation' => 'static', 'private_ip_address' => "1.2.3.#{i}", 'load_balancer_backend_address_pools' => ['myPool'])}
  end
end