mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(api): add Oracle Cloud Infrastructure (OCI) provider support (#8927)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
This commit is contained in:
@@ -88,7 +88,7 @@ prowler dashboard
|
||||
| Kubernetes | 83 | 7 | 5 | 7 | Official | Stable | UI, API, CLI |
|
||||
| GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
|
||||
| M365 | 70 | 7 | 3 | 2 | Official | Stable | UI, API, CLI |
|
||||
| OCI | 51 | 13 | 1 | 10 | Official | Stable | CLI |
|
||||
| OCI | 51 | 13 | 1 | 10 | Official | Stable | API, CLI |
|
||||
| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | Beta | CLI |
|
||||
| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | Beta | CLI |
|
||||
| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | Beta | CLI |
|
||||
|
||||
@@ -8,6 +8,7 @@ All notable changes to the **Prowler API** are documented in this file.
|
||||
- Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
|
||||
- New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
|
||||
- Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
|
||||
- Support for Oracle Cloud Infrastructure (OCI) provider [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
|
||||
|
||||
## [1.14.0] (Prowler 5.13.0)
|
||||
|
||||
|
||||
@@ -9,6 +9,25 @@ PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
|
||||
PROWLER_CHECKS = {}
|
||||
AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
|
||||
|
||||
# Map API provider names to Prowler directory names
|
||||
# This is needed because the OCI provider directory is 'oraclecloud' but the provider type is 'oci'
|
||||
PROVIDER_NAME_MAPPING = {
|
||||
"oci": "oraclecloud",
|
||||
}
|
||||
|
||||
|
||||
def get_prowler_provider_name(provider_type: str) -> str:
|
||||
"""
|
||||
Map API provider type to Prowler provider directory name.
|
||||
|
||||
Args:
|
||||
provider_type: The provider type from the API (e.g., 'oci', 'aws', 'azure')
|
||||
|
||||
Returns:
|
||||
The provider name used in Prowler's directory structure (e.g., 'oraclecloud', 'aws', 'azure')
|
||||
"""
|
||||
return PROVIDER_NAME_MAPPING.get(provider_type, provider_type)
|
||||
|
||||
|
||||
def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
|
||||
"""
|
||||
@@ -28,8 +47,9 @@ def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[s
|
||||
"""
|
||||
global AVAILABLE_COMPLIANCE_FRAMEWORKS
|
||||
if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
|
||||
prowler_provider_name = get_prowler_provider_name(provider_type)
|
||||
AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
|
||||
get_available_compliance_frameworks(provider_type)
|
||||
get_available_compliance_frameworks(prowler_provider_name)
|
||||
)
|
||||
|
||||
return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]
|
||||
@@ -49,7 +69,8 @@ def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
|
||||
Returns:
|
||||
Iterable[str]: An iterable of check IDs associated with the specified provider type.
|
||||
"""
|
||||
return CheckMetadata.get_bulk(provider_type).keys()
|
||||
prowler_provider_name = get_prowler_provider_name(provider_type)
|
||||
return CheckMetadata.get_bulk(prowler_provider_name).keys()
|
||||
|
||||
|
||||
def get_prowler_provider_compliance(provider_type: Provider.ProviderChoices) -> dict:
|
||||
@@ -67,7 +88,8 @@ def get_prowler_provider_compliance(provider_type: Provider.ProviderChoices) ->
|
||||
dict: A dictionary mapping compliance framework names to their respective
|
||||
Compliance objects for the specified provider.
|
||||
"""
|
||||
return Compliance.get_bulk(provider_type)
|
||||
prowler_provider_name = get_prowler_provider_name(provider_type)
|
||||
return Compliance.get_bulk(prowler_provider_name)
|
||||
|
||||
|
||||
def load_prowler_compliance():
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
# Generated by Django 5.1.7 on 2025-10-14 00:00
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
import api.db_utils
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("api", "0050_lighthouse_multi_llm"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="provider",
|
||||
name="provider",
|
||||
field=api.db_utils.ProviderEnumField(
|
||||
choices=[
|
||||
("aws", "AWS"),
|
||||
("azure", "Azure"),
|
||||
("gcp", "GCP"),
|
||||
("kubernetes", "Kubernetes"),
|
||||
("m365", "M365"),
|
||||
("github", "GitHub"),
|
||||
("oci", "Oracle Cloud Infrastructure"),
|
||||
],
|
||||
default="aws",
|
||||
),
|
||||
),
|
||||
migrations.RunSQL(
|
||||
"ALTER TYPE provider ADD VALUE IF NOT EXISTS 'oci';",
|
||||
reverse_sql=migrations.RunSQL.noop,
|
||||
),
|
||||
]
|
||||
@@ -284,6 +284,7 @@ class Provider(RowLevelSecurityProtectedModel):
|
||||
KUBERNETES = "kubernetes", _("Kubernetes")
|
||||
M365 = "m365", _("M365")
|
||||
GITHUB = "github", _("GitHub")
|
||||
OCI = "oci", _("Oracle Cloud Infrastructure")
|
||||
|
||||
@staticmethod
|
||||
def validate_aws_uid(value):
|
||||
@@ -354,6 +355,18 @@ class Provider(RowLevelSecurityProtectedModel):
|
||||
pointer="/data/attributes/uid",
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def validate_oci_uid(value):
|
||||
if not re.match(
|
||||
r"^ocid1\.([a-z0-9_-]+)\.([a-z0-9_-]+)\.([a-z0-9_-]*)\.([a-z0-9]+)$", value
|
||||
):
|
||||
raise ModelValidationError(
|
||||
detail="Oracle Cloud Infrastructure provider ID must be a valid tenancy OCID in the format: "
|
||||
"ocid1.<resource_type>.<realm>.<region>.<unique_id>",
|
||||
code="oci-uid",
|
||||
pointer="/data/attributes/uid",
|
||||
)
|
||||
|
||||
id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
|
||||
inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
|
||||
updated_at = models.DateTimeField(auto_now=True, editable=False)
|
||||
|
||||
@@ -869,7 +869,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -877,6 +877,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -884,13 +885,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -898,6 +900,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -907,6 +910,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -1396,7 +1400,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -1404,6 +1408,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -1411,13 +1416,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -1425,6 +1431,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -1434,6 +1441,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -1831,7 +1839,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -1839,6 +1847,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -1846,13 +1855,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -1860,6 +1870,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -1869,6 +1880,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -2264,7 +2276,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -2272,6 +2284,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -2279,13 +2292,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -2293,6 +2307,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -2302,6 +2317,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -2685,7 +2701,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -2693,6 +2709,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -2700,13 +2717,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -2714,6 +2732,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -2723,6 +2742,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -4210,7 +4230,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4218,6 +4238,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -4225,13 +4246,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4239,6 +4261,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -4248,6 +4271,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -4387,7 +4411,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4395,6 +4419,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -4402,13 +4427,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4416,6 +4442,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -4425,6 +4452,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -4630,7 +4658,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4638,6 +4666,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -4645,13 +4674,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -4659,6 +4689,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -4668,6 +4699,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -5353,7 +5385,7 @@ paths:
|
||||
name: filter[provider]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -5361,6 +5393,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -5368,13 +5401,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -5382,6 +5416,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -5391,6 +5426,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -6032,7 +6068,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6040,6 +6076,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -6047,13 +6084,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6061,6 +6099,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -6070,6 +6109,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -6397,7 +6437,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6405,6 +6445,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -6412,13 +6453,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6426,6 +6468,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -6435,6 +6478,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -6663,7 +6707,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6671,6 +6715,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -6678,13 +6723,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6692,6 +6738,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -6701,6 +6748,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -6935,7 +6983,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6943,6 +6991,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -6950,13 +6999,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -6964,6 +7014,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -6973,6 +7024,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -7770,7 +7822,7 @@ paths:
|
||||
name: filter[provider_type]
|
||||
schema:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -7778,6 +7830,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
* `azure` - Azure
|
||||
@@ -7785,13 +7838,14 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
- in: query
|
||||
name: filter[provider_type__in]
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
enum:
|
||||
- aws
|
||||
- azure
|
||||
@@ -7799,6 +7853,7 @@ paths:
|
||||
- github
|
||||
- kubernetes
|
||||
- m365
|
||||
- oci
|
||||
description: |-
|
||||
Multiple values may be separated by commas.
|
||||
|
||||
@@ -7808,6 +7863,7 @@ paths:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
explode: false
|
||||
style: form
|
||||
- in: query
|
||||
@@ -13270,6 +13326,39 @@ components:
|
||||
required:
|
||||
- github_app_id
|
||||
- github_app_key
|
||||
- type: object
|
||||
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
|
||||
properties:
|
||||
user:
|
||||
type: string
|
||||
description: The OCID of the user to authenticate with.
|
||||
fingerprint:
|
||||
type: string
|
||||
description: The fingerprint of the API signing key.
|
||||
key_file:
|
||||
type: string
|
||||
description: The path to the private key file for API signing.
|
||||
Either key_file or key_content must be provided.
|
||||
key_content:
|
||||
type: string
|
||||
description: The content of the private key for API signing
|
||||
(base64 encoded). Either key_file or key_content must be
|
||||
provided.
|
||||
tenancy:
|
||||
type: string
|
||||
description: The OCID of the tenancy.
|
||||
region:
|
||||
type: string
|
||||
description: The OCI region identifier (e.g., us-ashburn-1,
|
||||
us-phoenix-1).
|
||||
pass_phrase:
|
||||
type: string
|
||||
description: The passphrase for the private key, if encrypted.
|
||||
required:
|
||||
- user
|
||||
- fingerprint
|
||||
- tenancy
|
||||
- region
|
||||
writeOnly: true
|
||||
required:
|
||||
- secret
|
||||
@@ -14264,6 +14353,7 @@ components:
|
||||
- kubernetes
|
||||
- m365
|
||||
- github
|
||||
- oci
|
||||
type: string
|
||||
description: |-
|
||||
* `aws` - AWS
|
||||
@@ -14272,7 +14362,8 @@ components:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
uid:
|
||||
type: string
|
||||
title: Unique identifier for the provider, set by the provider
|
||||
@@ -14384,8 +14475,9 @@ components:
|
||||
- kubernetes
|
||||
- m365
|
||||
- github
|
||||
- oci
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
description: |-
|
||||
Type of provider to create.
|
||||
|
||||
@@ -14395,6 +14487,7 @@ components:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
uid:
|
||||
type: string
|
||||
title: Unique identifier for the provider, set by the provider
|
||||
@@ -14438,8 +14531,9 @@ components:
|
||||
- kubernetes
|
||||
- m365
|
||||
- github
|
||||
- oci
|
||||
type: string
|
||||
x-spec-enum-id: 4c1e219dad1cc0e7
|
||||
x-spec-enum-id: 6f034074d7104650
|
||||
description: |-
|
||||
Type of provider to create.
|
||||
|
||||
@@ -14449,6 +14543,7 @@ components:
|
||||
* `kubernetes` - Kubernetes
|
||||
* `m365` - M365
|
||||
* `github` - GitHub
|
||||
* `oci` - Oracle Cloud Infrastructure
|
||||
uid:
|
||||
type: string
|
||||
minLength: 3
|
||||
@@ -15157,6 +15252,37 @@ components:
|
||||
required:
|
||||
- github_app_id
|
||||
- github_app_key
|
||||
- type: object
|
||||
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
|
||||
properties:
|
||||
user:
|
||||
type: string
|
||||
description: The OCID of the user to authenticate with.
|
||||
fingerprint:
|
||||
type: string
|
||||
description: The fingerprint of the API signing key.
|
||||
key_file:
|
||||
type: string
|
||||
description: The path to the private key file for API signing.
|
||||
Either key_file or key_content must be provided.
|
||||
key_content:
|
||||
type: string
|
||||
description: The content of the private key for API signing (base64
|
||||
encoded). Either key_file or key_content must be provided.
|
||||
tenancy:
|
||||
type: string
|
||||
description: The OCID of the tenancy.
|
||||
region:
|
||||
type: string
|
||||
description: The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).
|
||||
pass_phrase:
|
||||
type: string
|
||||
description: The passphrase for the private key, if encrypted.
|
||||
required:
|
||||
- user
|
||||
- fingerprint
|
||||
- tenancy
|
||||
- region
|
||||
writeOnly: true
|
||||
required:
|
||||
- secret_type
|
||||
@@ -15426,6 +15552,39 @@ components:
|
||||
required:
|
||||
- github_app_id
|
||||
- github_app_key
|
||||
- type: object
|
||||
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
|
||||
properties:
|
||||
user:
|
||||
type: string
|
||||
description: The OCID of the user to authenticate with.
|
||||
fingerprint:
|
||||
type: string
|
||||
description: The fingerprint of the API signing key.
|
||||
key_file:
|
||||
type: string
|
||||
description: The path to the private key file for API signing.
|
||||
Either key_file or key_content must be provided.
|
||||
key_content:
|
||||
type: string
|
||||
description: The content of the private key for API signing
|
||||
(base64 encoded). Either key_file or key_content must be
|
||||
provided.
|
||||
tenancy:
|
||||
type: string
|
||||
description: The OCID of the tenancy.
|
||||
region:
|
||||
type: string
|
||||
description: The OCI region identifier (e.g., us-ashburn-1,
|
||||
us-phoenix-1).
|
||||
pass_phrase:
|
||||
type: string
|
||||
description: The passphrase for the private key, if encrypted.
|
||||
required:
|
||||
- user
|
||||
- fingerprint
|
||||
- tenancy
|
||||
- region
|
||||
writeOnly: true
|
||||
required:
|
||||
- secret_type
|
||||
@@ -15711,6 +15870,37 @@ components:
|
||||
required:
|
||||
- github_app_id
|
||||
- github_app_key
|
||||
- type: object
|
||||
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
|
||||
properties:
|
||||
user:
|
||||
type: string
|
||||
description: The OCID of the user to authenticate with.
|
||||
fingerprint:
|
||||
type: string
|
||||
description: The fingerprint of the API signing key.
|
||||
key_file:
|
||||
type: string
|
||||
description: The path to the private key file for API signing.
|
||||
Either key_file or key_content must be provided.
|
||||
key_content:
|
||||
type: string
|
||||
description: The content of the private key for API signing (base64
|
||||
encoded). Either key_file or key_content must be provided.
|
||||
tenancy:
|
||||
type: string
|
||||
description: The OCID of the tenancy.
|
||||
region:
|
||||
type: string
|
||||
description: The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).
|
||||
pass_phrase:
|
||||
type: string
|
||||
description: The passphrase for the private key, if encrypted.
|
||||
required:
|
||||
- user
|
||||
- fingerprint
|
||||
- tenancy
|
||||
- region
|
||||
writeOnly: true
|
||||
required:
|
||||
- secret
|
||||
|
||||
@@ -22,6 +22,7 @@ from prowler.providers.azure.azure_provider import AzureProvider
|
||||
from prowler.providers.gcp.gcp_provider import GcpProvider
|
||||
from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
|
||||
from prowler.providers.m365.m365_provider import M365Provider
|
||||
from prowler.providers.oraclecloud.oci_provider import OciProvider
|
||||
|
||||
|
||||
class TestMergeDicts:
|
||||
@@ -108,6 +109,7 @@ class TestReturnProwlerProvider:
|
||||
(Provider.ProviderChoices.AZURE.value, AzureProvider),
|
||||
(Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
|
||||
(Provider.ProviderChoices.M365.value, M365Provider),
|
||||
(Provider.ProviderChoices.OCI.value, OciProvider),
|
||||
],
|
||||
)
|
||||
def test_return_prowler_provider(self, provider_type, expected_provider):
|
||||
@@ -203,6 +205,10 @@ class TestGetProwlerProviderKwargs:
|
||||
Provider.ProviderChoices.GITHUB.value,
|
||||
{"organizations": ["provider_uid"]},
|
||||
),
|
||||
(
|
||||
Provider.ProviderChoices.OCI.value,
|
||||
{},
|
||||
),
|
||||
],
|
||||
)
|
||||
def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
|
||||
|
||||
@@ -1458,13 +1458,25 @@ class TestProviderViewSet:
|
||||
("provider", "aws", 2),
|
||||
("provider.in", "azure,gcp", 2),
|
||||
("uid", "123456789012", 1),
|
||||
("uid.icontains", "1", 5),
|
||||
(
|
||||
"uid.icontains",
|
||||
"1",
|
||||
6,
|
||||
), # Updated: includes OCI provider with "1" in UID
|
||||
("alias", "aws_testing_1", 1),
|
||||
("alias.icontains", "aws", 2),
|
||||
("inserted_at", TODAY, 6),
|
||||
("inserted_at.gte", "2024-01-01", 6),
|
||||
("inserted_at", TODAY, 7), # Updated: 7 providers now (added OCI)
|
||||
(
|
||||
"inserted_at.gte",
|
||||
"2024-01-01",
|
||||
7,
|
||||
), # Updated: 7 providers now (added OCI)
|
||||
("inserted_at.lte", "2024-01-01", 0),
|
||||
("updated_at.gte", "2024-01-01", 6),
|
||||
(
|
||||
"updated_at.gte",
|
||||
"2024-01-01",
|
||||
7,
|
||||
), # Updated: 7 providers now (added OCI)
|
||||
("updated_at.lte", "2024-01-01", 0),
|
||||
]
|
||||
),
|
||||
@@ -1967,6 +1979,43 @@ class TestProviderSecretViewSet:
|
||||
"password": "supersecret",
|
||||
},
|
||||
),
|
||||
# OCI with API key credentials (with key_content)
|
||||
(
|
||||
Provider.ProviderChoices.OCI.value,
|
||||
ProviderSecret.TypeChoices.STATIC,
|
||||
{
|
||||
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
|
||||
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
|
||||
"key_content": "-----BEGIN RSA PRIVATE KEY-----\ntest-key-content\n-----END RSA PRIVATE KEY-----",
|
||||
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
|
||||
"region": "us-ashburn-1",
|
||||
},
|
||||
),
|
||||
# OCI with API key credentials (with key_file)
|
||||
(
|
||||
Provider.ProviderChoices.OCI.value,
|
||||
ProviderSecret.TypeChoices.STATIC,
|
||||
{
|
||||
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
|
||||
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
|
||||
"key_file": "/path/to/oci_api_key.pem",
|
||||
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
|
||||
"region": "us-ashburn-1",
|
||||
},
|
||||
),
|
||||
# OCI with API key credentials (with passphrase)
|
||||
(
|
||||
Provider.ProviderChoices.OCI.value,
|
||||
ProviderSecret.TypeChoices.STATIC,
|
||||
{
|
||||
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
|
||||
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
|
||||
"key_content": "-----BEGIN RSA PRIVATE KEY-----\ntest-encrypted-key\n-----END RSA PRIVATE KEY-----",
|
||||
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
|
||||
"region": "us-ashburn-1",
|
||||
"pass_phrase": "my-secure-passphrase",
|
||||
},
|
||||
),
|
||||
],
|
||||
)
|
||||
def test_provider_secrets_create_valid(
|
||||
|
||||
@@ -20,6 +20,7 @@ from prowler.providers.gcp.gcp_provider import GcpProvider
|
||||
from prowler.providers.github.github_provider import GithubProvider
|
||||
from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
|
||||
from prowler.providers.m365.m365_provider import M365Provider
|
||||
from prowler.providers.oraclecloud.oci_provider import OciProvider
|
||||
|
||||
|
||||
class CustomOAuth2Client(OAuth2Client):
|
||||
@@ -67,6 +68,7 @@ def return_prowler_provider(
|
||||
| GithubProvider
|
||||
| KubernetesProvider
|
||||
| M365Provider
|
||||
| OciProvider
|
||||
]:
|
||||
"""Return the Prowler provider class based on the given provider type.
|
||||
|
||||
@@ -74,7 +76,7 @@ def return_prowler_provider(
|
||||
provider (Provider): The provider object containing the provider type and associated secrets.
|
||||
|
||||
Returns:
|
||||
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.
|
||||
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider | OciProvider: The corresponding provider class.
|
||||
|
||||
Raises:
|
||||
ValueError: If the provider type specified in `provider.provider` is not supported.
|
||||
@@ -92,6 +94,8 @@ def return_prowler_provider(
|
||||
prowler_provider = M365Provider
|
||||
case Provider.ProviderChoices.GITHUB.value:
|
||||
prowler_provider = GithubProvider
|
||||
case Provider.ProviderChoices.OCI.value:
|
||||
prowler_provider = OciProvider
|
||||
case _:
|
||||
raise ValueError(f"Provider type {provider.provider} not supported")
|
||||
return prowler_provider
|
||||
@@ -147,6 +151,7 @@ def initialize_prowler_provider(
|
||||
| GithubProvider
|
||||
| KubernetesProvider
|
||||
| M365Provider
|
||||
| OciProvider
|
||||
):
|
||||
"""Initialize a Prowler provider instance based on the given provider type.
|
||||
|
||||
@@ -155,8 +160,8 @@ def initialize_prowler_provider(
|
||||
mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.
|
||||
|
||||
Returns:
|
||||
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
|
||||
(`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
|
||||
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider | OciProvider: An instance of the corresponding provider class
|
||||
(`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider`, `M365Provider` or `OciProvider`) initialized with the
|
||||
provider's secrets.
|
||||
"""
|
||||
prowler_provider = return_prowler_provider(provider)
|
||||
|
||||
@@ -239,6 +239,41 @@ from rest_framework_json_api import serializers
|
||||
},
|
||||
"required": ["github_app_id", "github_app_key"],
|
||||
},
|
||||
{
|
||||
"type": "object",
|
||||
"title": "Oracle Cloud Infrastructure (OCI) API Key Credentials",
|
||||
"properties": {
|
||||
"user": {
|
||||
"type": "string",
|
||||
"description": "The OCID of the user to authenticate with.",
|
||||
},
|
||||
"fingerprint": {
|
||||
"type": "string",
|
||||
"description": "The fingerprint of the API signing key.",
|
||||
},
|
||||
"key_file": {
|
||||
"type": "string",
|
||||
"description": "The path to the private key file for API signing. Either key_file or key_content must be provided.",
|
||||
},
|
||||
"key_content": {
|
||||
"type": "string",
|
||||
"description": "The content of the private key for API signing (base64 encoded). Either key_file or key_content must be provided.",
|
||||
},
|
||||
"tenancy": {
|
||||
"type": "string",
|
||||
"description": "The OCID of the tenancy.",
|
||||
},
|
||||
"region": {
|
||||
"type": "string",
|
||||
"description": "The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).",
|
||||
},
|
||||
"pass_phrase": {
|
||||
"type": "string",
|
||||
"description": "The passphrase for the private key, if encrypted.",
|
||||
},
|
||||
},
|
||||
"required": ["user", "fingerprint", "tenancy", "region"],
|
||||
},
|
||||
]
|
||||
}
|
||||
)
|
||||
|
||||
@@ -1359,6 +1359,8 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
|
||||
serializer = KubernetesProviderSecret(data=secret)
|
||||
elif provider_type == Provider.ProviderChoices.M365.value:
|
||||
serializer = M365ProviderSecret(data=secret)
|
||||
elif provider_type == Provider.ProviderChoices.OCI.value:
|
||||
serializer = OracleCloudProviderSecret(data=secret)
|
||||
else:
|
||||
raise serializers.ValidationError(
|
||||
{"provider": f"Provider type not supported {provider_type}"}
|
||||
@@ -1472,6 +1474,19 @@ class GithubProviderSecret(serializers.Serializer):
|
||||
resource_name = "provider-secrets"
|
||||
|
||||
|
||||
class OracleCloudProviderSecret(serializers.Serializer):
|
||||
user = serializers.CharField()
|
||||
fingerprint = serializers.CharField()
|
||||
key_file = serializers.CharField(required=False)
|
||||
key_content = serializers.CharField(required=False)
|
||||
tenancy = serializers.CharField()
|
||||
region = serializers.CharField()
|
||||
pass_phrase = serializers.CharField(required=False)
|
||||
|
||||
class Meta:
|
||||
resource_name = "provider-secrets"
|
||||
|
||||
|
||||
class AWSRoleAssumptionProviderSecret(serializers.Serializer):
|
||||
role_arn = serializers.CharField()
|
||||
external_id = serializers.CharField()
|
||||
|
||||
@@ -499,8 +499,14 @@ def providers_fixture(tenants_fixture):
|
||||
alias="m365_testing",
|
||||
tenant_id=tenant.id,
|
||||
)
|
||||
provider7 = Provider.objects.create(
|
||||
provider="oci",
|
||||
uid="ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
|
||||
alias="oci_testing",
|
||||
tenant_id=tenant.id,
|
||||
)
|
||||
|
||||
return provider1, provider2, provider3, provider4, provider5, provider6
|
||||
return provider1, provider2, provider3, provider4, provider5, provider6, provider7
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
||||
@@ -30,6 +30,7 @@ from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
|
||||
from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
|
||||
from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
|
||||
from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
|
||||
from prowler.lib.outputs.compliance.cis.cis_oci import OCICIS
|
||||
from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
|
||||
from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
|
||||
from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
|
||||
@@ -108,6 +109,9 @@ COMPLIANCE_CLASS_MAP = {
|
||||
"github": [
|
||||
(lambda name: name.startswith("cis_"), GithubCIS),
|
||||
],
|
||||
"oci": [
|
||||
(lambda name: name.startswith("cis_"), OCICIS),
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ The supported providers right now are:
|
||||
| [Kubernetes](/user-guide/providers/kubernetes/in-cluster) | Official | UI, API, CLI |
|
||||
| [M365](/user-guide/providers/microsoft365/getting-started-m365) | Official | UI, API, CLI |
|
||||
| [Github](/user-guide/providers/github/getting-started-github) | Official | UI, API, CLI |
|
||||
| [Oracle Cloud](/user-guide/providers/oci/getting-started-oci) | Official | CLI |
|
||||
| [Oracle Cloud](/user-guide/providers/oci/getting-started-oci) | Official | CLI, API |
|
||||
| [Infra as Code](/user-guide/providers/iac/getting-started-iac) | Official | CLI |
|
||||
| [MongoDB Atlas](/user-guide/providers/mongodbatlas/getting-started-mongodbatlas) | Official | CLI |
|
||||
| [LLM](/user-guide/providers/llm/getting-started-llm) | Official | CLI |
|
||||
|
||||
@@ -6,6 +6,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
|
||||
|
||||
### Added
|
||||
- GitHub provider check `organization_default_repository_permission_strict` [(#8785)](https://github.com/prowler-cloud/prowler/pull/8785)
|
||||
- Add OCI mapping to scan and check classes [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
|
||||
- `codepipeline_project_repo_private` check for AWS provider [(#5915)](https://github.com/prowler-cloud/prowler/pull/5915)
|
||||
- `cloudstorage_bucket_versioning_enabled` check for GCP provider [(#9014)](https://github.com/prowler-cloud/prowler/pull/9014)
|
||||
|
||||
|
||||
@@ -438,8 +438,16 @@ def execute_checks(
|
||||
service = check_name.split("_")[0]
|
||||
try:
|
||||
try:
|
||||
# Map CLI provider names to directory names (for cases where they differ)
|
||||
provider_directory_map = {
|
||||
"oci": "oraclecloud", # OCI SDK conflict avoidance
|
||||
}
|
||||
provider_directory = provider_directory_map.get(
|
||||
global_provider.type, global_provider.type
|
||||
)
|
||||
|
||||
# Import check module
|
||||
check_module_path = f"prowler.providers.{global_provider.type}.services.{service}.{check_name}.{check_name}"
|
||||
check_module_path = f"prowler.providers.{provider_directory}.services.{service}.{check_name}.{check_name}"
|
||||
lib = import_check(check_module_path)
|
||||
# Recover functions from check
|
||||
check_to_execute = getattr(lib, check_name)
|
||||
|
||||
@@ -407,6 +407,8 @@ class Finding(BaseModel):
|
||||
finding.subscription = list(provider.identity.subscriptions.keys())[0]
|
||||
elif provider.type == "gcp":
|
||||
finding.project_id = list(provider.projects.keys())[0]
|
||||
elif provider.type == "oci":
|
||||
finding.compartment_id = getattr(finding, "compartment_id", "")
|
||||
|
||||
finding.check_metadata = CheckMetadata(
|
||||
Provider=finding.check_metadata["provider"],
|
||||
|
||||
@@ -271,8 +271,16 @@ class Scan:
|
||||
# Recover service from check name
|
||||
service = get_service_name_from_check_name(check_name)
|
||||
try:
|
||||
# Map CLI provider names to directory names (for cases where they differ)
|
||||
provider_directory_map = {
|
||||
"oci": "oraclecloud", # OCI SDK conflict avoidance
|
||||
}
|
||||
provider_directory = provider_directory_map.get(
|
||||
self._provider.type, self._provider.type
|
||||
)
|
||||
|
||||
# Import check module
|
||||
check_module_path = f"prowler.providers.{self._provider.type}.services.{service}.{check_name}.{check_name}"
|
||||
check_module_path = f"prowler.providers.{provider_directory}.services.{service}.{check_name}.{check_name}"
|
||||
lib = import_check(check_module_path)
|
||||
# Recover functions from check
|
||||
check_to_execute = getattr(lib, check_name)
|
||||
|
||||
Reference in New Issue
Block a user