Skip to main content

alicloud_disks resource

Use the alicloud_disks InSpec audit resource to test properties of a collection of Alibaba Cloud EBS cloud disks.

Cloud disks are persistent block storage volumes for use with Alibaba Cloud ECS instances in the Alibaba Cloud.

Syntax

Ensure you have exactly 3 cloud disks

describe alicloud_disks do
  its('ids.count') { should cmp 3 }
end

Parameters

This resource does not require any parameters.

Properties

ids
The IDs of the cloud disks.
names
The names of each cloud disk.
descriptions
The description of each cloud disk.
sizes
The size of each cloud disk, in GiBs.
categories
The category of each cloud disk. Valid values: cloud, cloud_efficiency, cloud_ssd, cloud_essd, local_ssd_pro, local_hdd_pro, ephemeral, ephemeral_ssd.
encrypted_disks
Boolean that indicates whether each cloud disk was encrypted.
kms_key_ids
The ID of the KMS key used by each cloud disk.
enable_auto_snapshot
Boolean that indicates whether the automatic snapshot policy feature was enabled for each cloud disk.
delete_auto_snapshot
Boolean that indicates whether automatic snapshots of the cloud disk are deleted when each disk is released.
delete_with_instance
Boolean that indicates whether each cloud disk is released when its associated instance is released.
entries
Provides access to the raw results of the query, which can be treated as an array of hashes.

Examples

Ensure a specific cloud disk exists:

describe alicloud_disks do
  its('ids') { should include 'd-a1b2c3d4e5f6g7h8' }
end

Use the InSpec resource to request the IDs of all cloud disks, then test in-depth using alicloud_disk to ensure all volumes are encrypted, have a sensible size, and have snapshots enabled:

alicloud_disks.ids.each do |disk_id|
  describe alicloud_disk(disk_id: disk_id) do
    it                          { should be_encrypted }
    its('size')                 { should be > 10 }
    its('enable_auto_snapshot') { should be true }
  end
end

Another way to check that enable auto snapshot is turned on for all disks:

describe alicloud_disks.where(enable_auto_snapshot: false) do
  it { should_not exist }
  its('ids') { should cmp [] }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe alicloud_ebs_volumes do
  it { should exist }
end

describe alicloud_ebs_volumes do
  it { should_not exist }
end

Alibaba Cloud Permissions

Your Principal will need the ecs:DescribeDisks action with Effect set to Allow.

See the Alibaba Cloud Resource Access Management documentation. See the documentation on authentication rules for ECS APIs.

Thank you for your feedback!

×