feat(api): add Oracle Cloud Infrastructure (OCI) provider support (#8927)

Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
This commit is contained in:
Sergio Garcia
2025-10-28 11:43:24 -04:00
committed by GitHub
parent 662296aa0e
commit dad100b87a
18 changed files with 445 additions and 46 deletions
+1 -1
View File
@@ -88,7 +88,7 @@ prowler dashboard
| Kubernetes | 83 | 7 | 5 | 7 | Official | Stable | UI, API, CLI |
| GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
| M365 | 70 | 7 | 3 | 2 | Official | Stable | UI, API, CLI |
| OCI | 51 | 13 | 1 | 10 | Official | Stable | CLI |
| OCI | 51 | 13 | 1 | 10 | Official | Stable | API, CLI |
| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | Beta | CLI |
| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | Beta | CLI |
| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | Beta | CLI |
+1
View File
@@ -8,6 +8,7 @@ All notable changes to the **Prowler API** are documented in this file.
- Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
- Support for Oracle Cloud Infrastructure (OCI) provider [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
## [1.14.0] (Prowler 5.13.0)
+25 -3
View File
@@ -9,6 +9,25 @@ PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
PROWLER_CHECKS = {}
AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
# Map API provider names to Prowler directory names
# This is needed because the OCI provider directory is 'oraclecloud' but the provider type is 'oci'
PROVIDER_NAME_MAPPING = {
"oci": "oraclecloud",
}
def get_prowler_provider_name(provider_type: str) -> str:
"""
Map API provider type to Prowler provider directory name.
Args:
provider_type: The provider type from the API (e.g., 'oci', 'aws', 'azure')
Returns:
The provider name used in Prowler's directory structure (e.g., 'oraclecloud', 'aws', 'azure')
"""
return PROVIDER_NAME_MAPPING.get(provider_type, provider_type)
def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
"""
@@ -28,8 +47,9 @@ def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[s
"""
global AVAILABLE_COMPLIANCE_FRAMEWORKS
if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
prowler_provider_name = get_prowler_provider_name(provider_type)
AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
get_available_compliance_frameworks(provider_type)
get_available_compliance_frameworks(prowler_provider_name)
)
return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]
@@ -49,7 +69,8 @@ def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
Returns:
Iterable[str]: An iterable of check IDs associated with the specified provider type.
"""
return CheckMetadata.get_bulk(provider_type).keys()
prowler_provider_name = get_prowler_provider_name(provider_type)
return CheckMetadata.get_bulk(prowler_provider_name).keys()
def get_prowler_provider_compliance(provider_type: Provider.ProviderChoices) -> dict:
@@ -67,7 +88,8 @@ def get_prowler_provider_compliance(provider_type: Provider.ProviderChoices) ->
dict: A dictionary mapping compliance framework names to their respective
Compliance objects for the specified provider.
"""
return Compliance.get_bulk(provider_type)
prowler_provider_name = get_prowler_provider_name(provider_type)
return Compliance.get_bulk(prowler_provider_name)
def load_prowler_compliance():
@@ -0,0 +1,34 @@
# Generated by Django 5.1.7 on 2025-10-14 00:00
from django.db import migrations
import api.db_utils
class Migration(migrations.Migration):
dependencies = [
("api", "0050_lighthouse_multi_llm"),
]
operations = [
migrations.AlterField(
model_name="provider",
name="provider",
field=api.db_utils.ProviderEnumField(
choices=[
("aws", "AWS"),
("azure", "Azure"),
("gcp", "GCP"),
("kubernetes", "Kubernetes"),
("m365", "M365"),
("github", "GitHub"),
("oci", "Oracle Cloud Infrastructure"),
],
default="aws",
),
),
migrations.RunSQL(
"ALTER TYPE provider ADD VALUE IF NOT EXISTS 'oci';",
reverse_sql=migrations.RunSQL.noop,
),
]
+13
View File
@@ -284,6 +284,7 @@ class Provider(RowLevelSecurityProtectedModel):
KUBERNETES = "kubernetes", _("Kubernetes")
M365 = "m365", _("M365")
GITHUB = "github", _("GitHub")
OCI = "oci", _("Oracle Cloud Infrastructure")
@staticmethod
def validate_aws_uid(value):
@@ -354,6 +355,18 @@ class Provider(RowLevelSecurityProtectedModel):
pointer="/data/attributes/uid",
)
@staticmethod
def validate_oci_uid(value):
if not re.match(
r"^ocid1\.([a-z0-9_-]+)\.([a-z0-9_-]+)\.([a-z0-9_-]*)\.([a-z0-9]+)$", value
):
raise ModelValidationError(
detail="Oracle Cloud Infrastructure provider ID must be a valid tenancy OCID in the format: "
"ocid1.<resource_type>.<realm>.<region>.<unique_id>",
code="oci-uid",
pointer="/data/attributes/uid",
)
id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
updated_at = models.DateTimeField(auto_now=True, editable=False)
+221 -31
View File
@@ -869,7 +869,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -877,6 +877,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -884,13 +885,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -898,6 +900,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -907,6 +910,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -1396,7 +1400,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -1404,6 +1408,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -1411,13 +1416,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -1425,6 +1431,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -1434,6 +1441,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -1831,7 +1839,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -1839,6 +1847,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -1846,13 +1855,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -1860,6 +1870,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -1869,6 +1880,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -2264,7 +2276,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -2272,6 +2284,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -2279,13 +2292,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -2293,6 +2307,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -2302,6 +2317,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -2685,7 +2701,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -2693,6 +2709,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -2700,13 +2717,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -2714,6 +2732,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -2723,6 +2742,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -4210,7 +4230,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4218,6 +4238,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -4225,13 +4246,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4239,6 +4261,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -4248,6 +4271,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -4387,7 +4411,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4395,6 +4419,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -4402,13 +4427,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4416,6 +4442,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -4425,6 +4452,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -4630,7 +4658,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4638,6 +4666,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -4645,13 +4674,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -4659,6 +4689,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -4668,6 +4699,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -5353,7 +5385,7 @@ paths:
name: filter[provider]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -5361,6 +5393,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -5368,13 +5401,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -5382,6 +5416,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -5391,6 +5426,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -6032,7 +6068,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6040,6 +6076,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -6047,13 +6084,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6061,6 +6099,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -6070,6 +6109,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -6397,7 +6437,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6405,6 +6445,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -6412,13 +6453,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6426,6 +6468,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -6435,6 +6478,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -6663,7 +6707,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6671,6 +6715,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -6678,13 +6723,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6692,6 +6738,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -6701,6 +6748,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -6935,7 +6983,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6943,6 +6991,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -6950,13 +6999,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -6964,6 +7014,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -6973,6 +7024,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -7770,7 +7822,7 @@ paths:
name: filter[provider_type]
schema:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -7778,6 +7830,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
* `aws` - AWS
* `azure` - Azure
@@ -7785,13 +7838,14 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
- in: query
name: filter[provider_type__in]
schema:
type: array
items:
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
enum:
- aws
- azure
@@ -7799,6 +7853,7 @@ paths:
- github
- kubernetes
- m365
- oci
description: |-
Multiple values may be separated by commas.
@@ -7808,6 +7863,7 @@ paths:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
explode: false
style: form
- in: query
@@ -13270,6 +13326,39 @@ components:
required:
- github_app_id
- github_app_key
- type: object
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
properties:
user:
type: string
description: The OCID of the user to authenticate with.
fingerprint:
type: string
description: The fingerprint of the API signing key.
key_file:
type: string
description: The path to the private key file for API signing.
Either key_file or key_content must be provided.
key_content:
type: string
description: The content of the private key for API signing
(base64 encoded). Either key_file or key_content must be
provided.
tenancy:
type: string
description: The OCID of the tenancy.
region:
type: string
description: The OCI region identifier (e.g., us-ashburn-1,
us-phoenix-1).
pass_phrase:
type: string
description: The passphrase for the private key, if encrypted.
required:
- user
- fingerprint
- tenancy
- region
writeOnly: true
required:
- secret
@@ -14264,6 +14353,7 @@ components:
- kubernetes
- m365
- github
- oci
type: string
description: |-
* `aws` - AWS
@@ -14272,7 +14362,8 @@ components:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
x-spec-enum-id: 4c1e219dad1cc0e7
* `oci` - Oracle Cloud Infrastructure
x-spec-enum-id: 6f034074d7104650
uid:
type: string
title: Unique identifier for the provider, set by the provider
@@ -14384,8 +14475,9 @@ components:
- kubernetes
- m365
- github
- oci
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
description: |-
Type of provider to create.
@@ -14395,6 +14487,7 @@ components:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
uid:
type: string
title: Unique identifier for the provider, set by the provider
@@ -14438,8 +14531,9 @@ components:
- kubernetes
- m365
- github
- oci
type: string
x-spec-enum-id: 4c1e219dad1cc0e7
x-spec-enum-id: 6f034074d7104650
description: |-
Type of provider to create.
@@ -14449,6 +14543,7 @@ components:
* `kubernetes` - Kubernetes
* `m365` - M365
* `github` - GitHub
* `oci` - Oracle Cloud Infrastructure
uid:
type: string
minLength: 3
@@ -15157,6 +15252,37 @@ components:
required:
- github_app_id
- github_app_key
- type: object
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
properties:
user:
type: string
description: The OCID of the user to authenticate with.
fingerprint:
type: string
description: The fingerprint of the API signing key.
key_file:
type: string
description: The path to the private key file for API signing.
Either key_file or key_content must be provided.
key_content:
type: string
description: The content of the private key for API signing (base64
encoded). Either key_file or key_content must be provided.
tenancy:
type: string
description: The OCID of the tenancy.
region:
type: string
description: The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).
pass_phrase:
type: string
description: The passphrase for the private key, if encrypted.
required:
- user
- fingerprint
- tenancy
- region
writeOnly: true
required:
- secret_type
@@ -15426,6 +15552,39 @@ components:
required:
- github_app_id
- github_app_key
- type: object
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
properties:
user:
type: string
description: The OCID of the user to authenticate with.
fingerprint:
type: string
description: The fingerprint of the API signing key.
key_file:
type: string
description: The path to the private key file for API signing.
Either key_file or key_content must be provided.
key_content:
type: string
description: The content of the private key for API signing
(base64 encoded). Either key_file or key_content must be
provided.
tenancy:
type: string
description: The OCID of the tenancy.
region:
type: string
description: The OCI region identifier (e.g., us-ashburn-1,
us-phoenix-1).
pass_phrase:
type: string
description: The passphrase for the private key, if encrypted.
required:
- user
- fingerprint
- tenancy
- region
writeOnly: true
required:
- secret_type
@@ -15711,6 +15870,37 @@ components:
required:
- github_app_id
- github_app_key
- type: object
title: Oracle Cloud Infrastructure (OCI) API Key Credentials
properties:
user:
type: string
description: The OCID of the user to authenticate with.
fingerprint:
type: string
description: The fingerprint of the API signing key.
key_file:
type: string
description: The path to the private key file for API signing.
Either key_file or key_content must be provided.
key_content:
type: string
description: The content of the private key for API signing (base64
encoded). Either key_file or key_content must be provided.
tenancy:
type: string
description: The OCID of the tenancy.
region:
type: string
description: The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).
pass_phrase:
type: string
description: The passphrase for the private key, if encrypted.
required:
- user
- fingerprint
- tenancy
- region
writeOnly: true
required:
- secret
+6
View File
@@ -22,6 +22,7 @@ from prowler.providers.azure.azure_provider import AzureProvider
from prowler.providers.gcp.gcp_provider import GcpProvider
from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
from prowler.providers.m365.m365_provider import M365Provider
from prowler.providers.oraclecloud.oci_provider import OciProvider
class TestMergeDicts:
@@ -108,6 +109,7 @@ class TestReturnProwlerProvider:
(Provider.ProviderChoices.AZURE.value, AzureProvider),
(Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
(Provider.ProviderChoices.M365.value, M365Provider),
(Provider.ProviderChoices.OCI.value, OciProvider),
],
)
def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -203,6 +205,10 @@ class TestGetProwlerProviderKwargs:
Provider.ProviderChoices.GITHUB.value,
{"organizations": ["provider_uid"]},
),
(
Provider.ProviderChoices.OCI.value,
{},
),
],
)
def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
+53 -4
View File
@@ -1458,13 +1458,25 @@ class TestProviderViewSet:
("provider", "aws", 2),
("provider.in", "azure,gcp", 2),
("uid", "123456789012", 1),
("uid.icontains", "1", 5),
(
"uid.icontains",
"1",
6,
), # Updated: includes OCI provider with "1" in UID
("alias", "aws_testing_1", 1),
("alias.icontains", "aws", 2),
("inserted_at", TODAY, 6),
("inserted_at.gte", "2024-01-01", 6),
("inserted_at", TODAY, 7), # Updated: 7 providers now (added OCI)
(
"inserted_at.gte",
"2024-01-01",
7,
), # Updated: 7 providers now (added OCI)
("inserted_at.lte", "2024-01-01", 0),
("updated_at.gte", "2024-01-01", 6),
(
"updated_at.gte",
"2024-01-01",
7,
), # Updated: 7 providers now (added OCI)
("updated_at.lte", "2024-01-01", 0),
]
),
@@ -1967,6 +1979,43 @@ class TestProviderSecretViewSet:
"password": "supersecret",
},
),
# OCI with API key credentials (with key_content)
(
Provider.ProviderChoices.OCI.value,
ProviderSecret.TypeChoices.STATIC,
{
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
"key_content": "-----BEGIN RSA PRIVATE KEY-----\ntest-key-content\n-----END RSA PRIVATE KEY-----",
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
"region": "us-ashburn-1",
},
),
# OCI with API key credentials (with key_file)
(
Provider.ProviderChoices.OCI.value,
ProviderSecret.TypeChoices.STATIC,
{
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
"key_file": "/path/to/oci_api_key.pem",
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
"region": "us-ashburn-1",
},
),
# OCI with API key credentials (with passphrase)
(
Provider.ProviderChoices.OCI.value,
ProviderSecret.TypeChoices.STATIC,
{
"user": "ocid1.user.oc1..aaaaaaaakldibrbov4ubh25aqdeiroklxjngwka7u6w7no3glmdq3n5sxtkq",
"fingerprint": "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99",
"key_content": "-----BEGIN RSA PRIVATE KEY-----\ntest-encrypted-key\n-----END RSA PRIVATE KEY-----",
"tenancy": "ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
"region": "us-ashburn-1",
"pass_phrase": "my-secure-passphrase",
},
),
],
)
def test_provider_secrets_create_valid(
+8 -3
View File
@@ -20,6 +20,7 @@ from prowler.providers.gcp.gcp_provider import GcpProvider
from prowler.providers.github.github_provider import GithubProvider
from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
from prowler.providers.m365.m365_provider import M365Provider
from prowler.providers.oraclecloud.oci_provider import OciProvider
class CustomOAuth2Client(OAuth2Client):
@@ -67,6 +68,7 @@ def return_prowler_provider(
| GithubProvider
| KubernetesProvider
| M365Provider
| OciProvider
]:
"""Return the Prowler provider class based on the given provider type.
@@ -74,7 +76,7 @@ def return_prowler_provider(
provider (Provider): The provider object containing the provider type and associated secrets.
Returns:
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider | OciProvider: The corresponding provider class.
Raises:
ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -92,6 +94,8 @@ def return_prowler_provider(
prowler_provider = M365Provider
case Provider.ProviderChoices.GITHUB.value:
prowler_provider = GithubProvider
case Provider.ProviderChoices.OCI.value:
prowler_provider = OciProvider
case _:
raise ValueError(f"Provider type {provider.provider} not supported")
return prowler_provider
@@ -147,6 +151,7 @@ def initialize_prowler_provider(
| GithubProvider
| KubernetesProvider
| M365Provider
| OciProvider
):
"""Initialize a Prowler provider instance based on the given provider type.
@@ -155,8 +160,8 @@ def initialize_prowler_provider(
mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.
Returns:
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
(`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider | OciProvider: An instance of the corresponding provider class
(`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider`, `M365Provider` or `OciProvider`) initialized with the
provider's secrets.
"""
prowler_provider = return_prowler_provider(provider)
@@ -239,6 +239,41 @@ from rest_framework_json_api import serializers
},
"required": ["github_app_id", "github_app_key"],
},
{
"type": "object",
"title": "Oracle Cloud Infrastructure (OCI) API Key Credentials",
"properties": {
"user": {
"type": "string",
"description": "The OCID of the user to authenticate with.",
},
"fingerprint": {
"type": "string",
"description": "The fingerprint of the API signing key.",
},
"key_file": {
"type": "string",
"description": "The path to the private key file for API signing. Either key_file or key_content must be provided.",
},
"key_content": {
"type": "string",
"description": "The content of the private key for API signing (base64 encoded). Either key_file or key_content must be provided.",
},
"tenancy": {
"type": "string",
"description": "The OCID of the tenancy.",
},
"region": {
"type": "string",
"description": "The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).",
},
"pass_phrase": {
"type": "string",
"description": "The passphrase for the private key, if encrypted.",
},
},
"required": ["user", "fingerprint", "tenancy", "region"],
},
]
}
)
+15
View File
@@ -1359,6 +1359,8 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
serializer = KubernetesProviderSecret(data=secret)
elif provider_type == Provider.ProviderChoices.M365.value:
serializer = M365ProviderSecret(data=secret)
elif provider_type == Provider.ProviderChoices.OCI.value:
serializer = OracleCloudProviderSecret(data=secret)
else:
raise serializers.ValidationError(
{"provider": f"Provider type not supported {provider_type}"}
@@ -1472,6 +1474,19 @@ class GithubProviderSecret(serializers.Serializer):
resource_name = "provider-secrets"
class OracleCloudProviderSecret(serializers.Serializer):
user = serializers.CharField()
fingerprint = serializers.CharField()
key_file = serializers.CharField(required=False)
key_content = serializers.CharField(required=False)
tenancy = serializers.CharField()
region = serializers.CharField()
pass_phrase = serializers.CharField(required=False)
class Meta:
resource_name = "provider-secrets"
class AWSRoleAssumptionProviderSecret(serializers.Serializer):
role_arn = serializers.CharField()
external_id = serializers.CharField()
+7 -1
View File
@@ -499,8 +499,14 @@ def providers_fixture(tenants_fixture):
alias="m365_testing",
tenant_id=tenant.id,
)
provider7 = Provider.objects.create(
provider="oci",
uid="ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
alias="oci_testing",
tenant_id=tenant.id,
)
return provider1, provider2, provider3, provider4, provider5, provider6
return provider1, provider2, provider3, provider4, provider5, provider6, provider7
@pytest.fixture
+4
View File
@@ -30,6 +30,7 @@ from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
from prowler.lib.outputs.compliance.cis.cis_oci import OCICIS
from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
@@ -108,6 +109,9 @@ COMPLIANCE_CLASS_MAP = {
"github": [
(lambda name: name.startswith("cis_"), GithubCIS),
],
"oci": [
(lambda name: name.startswith("cis_"), OCICIS),
],
}
+1 -1
View File
@@ -31,7 +31,7 @@ The supported providers right now are:
| [Kubernetes](/user-guide/providers/kubernetes/in-cluster) | Official | UI, API, CLI |
| [M365](/user-guide/providers/microsoft365/getting-started-m365) | Official | UI, API, CLI |
| [Github](/user-guide/providers/github/getting-started-github) | Official | UI, API, CLI |
| [Oracle Cloud](/user-guide/providers/oci/getting-started-oci) | Official | CLI |
| [Oracle Cloud](/user-guide/providers/oci/getting-started-oci) | Official | CLI, API |
| [Infra as Code](/user-guide/providers/iac/getting-started-iac) | Official | CLI |
| [MongoDB Atlas](/user-guide/providers/mongodbatlas/getting-started-mongodbatlas) | Official | CLI |
| [LLM](/user-guide/providers/llm/getting-started-llm) | Official | CLI |
+1
View File
@@ -6,6 +6,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
### Added
- GitHub provider check `organization_default_repository_permission_strict` [(#8785)](https://github.com/prowler-cloud/prowler/pull/8785)
- Add OCI mapping to scan and check classes [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
- `codepipeline_project_repo_private` check for AWS provider [(#5915)](https://github.com/prowler-cloud/prowler/pull/5915)
- `cloudstorage_bucket_versioning_enabled` check for GCP provider [(#9014)](https://github.com/prowler-cloud/prowler/pull/9014)
+9 -1
View File
@@ -438,8 +438,16 @@ def execute_checks(
service = check_name.split("_")[0]
try:
try:
# Map CLI provider names to directory names (for cases where they differ)
provider_directory_map = {
"oci": "oraclecloud", # OCI SDK conflict avoidance
}
provider_directory = provider_directory_map.get(
global_provider.type, global_provider.type
)
# Import check module
check_module_path = f"prowler.providers.{global_provider.type}.services.{service}.{check_name}.{check_name}"
check_module_path = f"prowler.providers.{provider_directory}.services.{service}.{check_name}.{check_name}"
lib = import_check(check_module_path)
# Recover functions from check
check_to_execute = getattr(lib, check_name)
+2
View File
@@ -407,6 +407,8 @@ class Finding(BaseModel):
finding.subscription = list(provider.identity.subscriptions.keys())[0]
elif provider.type == "gcp":
finding.project_id = list(provider.projects.keys())[0]
elif provider.type == "oci":
finding.compartment_id = getattr(finding, "compartment_id", "")
finding.check_metadata = CheckMetadata(
Provider=finding.check_metadata["provider"],
+9 -1
View File
@@ -271,8 +271,16 @@ class Scan:
# Recover service from check name
service = get_service_name_from_check_name(check_name)
try:
# Map CLI provider names to directory names (for cases where they differ)
provider_directory_map = {
"oci": "oraclecloud", # OCI SDK conflict avoidance
}
provider_directory = provider_directory_map.get(
self._provider.type, self._provider.type
)
# Import check module
check_module_path = f"prowler.providers.{self._provider.type}.services.{service}.{check_name}.{check_name}"
check_module_path = f"prowler.providers.{provider_directory}.services.{service}.{check_name}.{check_name}"
lib = import_check(check_module_path)
# Recover functions from check
check_to_execute = getattr(lib, check_name)