ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-03-22 03:08:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(provider-secret): make existing external_id field mandatory (#6510)

Browse Source
This commit is contained in:
Adrián Jesús Peña Rodríguez
2025-01-15 10:14:44 +01:00
committed by GitHub
parent b73b89242f
commit f9a3b5f3cd
2 changed files with 22 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/src/backend/api/specs/v1.yaml
View File

@@ -7141,6 +7141,9 @@ components:
type: string
description: The Amazon Resource Name (ARN) of the role to
assume. Required for AWS role assumption.
external_id:
type: string
description: An identifier to enhance security for role assumption.
aws_access_key_id:
type: string
description: The AWS access key ID. Only required if the environment
@@ -7159,10 +7162,6 @@ components:
maximum: 43200
default: 3600
description: The duration (in seconds) for the role session.
external_id:
type: string
description: An optional identifier to enhance security for
role assumption; may be required by the role administrator.
role_session_name:
type: string
description: |-
@@ -7175,6 +7174,7 @@ components:
pattern: ^[a-zA-Z0-9=,.@_-]+$
required:
- role_arn
- external_id
- type: object
title: Azure Static Credentials
properties:
@@ -8352,6 +8352,9 @@ components:
type: string
description: The Amazon Resource Name (ARN) of the role to assume.
Required for AWS role assumption.
external_id:
type: string
description: An identifier to enhance security for role assumption.
aws_access_key_id:
type: string
description: The AWS access key ID. Only required if the environment
@@ -8369,10 +8372,6 @@ components:
maximum: 43200
default: 3600
description: The duration (in seconds) for the role session.
external_id:
type: string
description: An optional identifier to enhance security for role
assumption; may be required by the role administrator.
role_session_name:
type: string
description: |-
@@ -8385,6 +8384,7 @@ components:
pattern: ^[a-zA-Z0-9=,.@_-]+$
required:
- role_arn
- external_id
- type: object
title: Azure Static Credentials
properties:
@@ -8533,6 +8533,9 @@ components:
type: string
description: The Amazon Resource Name (ARN) of the role to
assume. Required for AWS role assumption.
external_id:
type: string
description: An identifier to enhance security for role assumption.
aws_access_key_id:
type: string
description: The AWS access key ID. Only required if the environment
@@ -8551,10 +8554,6 @@ components:
maximum: 43200
default: 3600
description: The duration (in seconds) for the role session.
external_id:
type: string
description: An optional identifier to enhance security for
role assumption; may be required by the role administrator.
role_session_name:
type: string
description: |-
@@ -8567,6 +8566,7 @@ components:
pattern: ^[a-zA-Z0-9=,.@_-]+$
required:
- role_arn
- external_id
- type: object
title: Azure Static Credentials
properties:
@@ -8732,6 +8732,9 @@ components:
type: string
description: The Amazon Resource Name (ARN) of the role to assume.
Required for AWS role assumption.
external_id:
type: string
description: An identifier to enhance security for role assumption.
aws_access_key_id:
type: string
description: The AWS access key ID. Only required if the environment
@@ -8749,10 +8752,6 @@ components:
maximum: 43200
default: 3600
description: The duration (in seconds) for the role session.
external_id:
type: string
description: An optional identifier to enhance security for role
assumption; may be required by the role administrator.
role_session_name:
type: string
description: |-
@@ -8765,6 +8764,7 @@ components:
pattern: ^[a-zA-Z0-9=,.@_-]+$
required:
- role_arn
- external_id
- type: object
title: Azure Static Credentials
properties:

13
api/src/backend/api/v1/serializers.py
View File

@@ -1010,7 +1010,7 @@ class KubernetesProviderSecret(serializers.Serializer):
class AWSRoleAssumptionProviderSecret(serializers.Serializer):
role_arn = serializers.CharField()
external_id = serializers.CharField(required=False)
external_id = serializers.CharField()
role_session_name = serializers.CharField(required=False)
session_duration = serializers.IntegerField(
required=False, min_value=900, max_value=43200
@@ -1057,6 +1057,10 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
"description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
"assumption.",
},
"external_id": {
"type": "string",
"description": "An identifier to enhance security for role assumption.",
},
"aws_access_key_id": {
"type": "string",
"description": "The AWS access key ID. Only required if the environment lacks pre-configured "
@@ -1078,11 +1082,6 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
"default": 3600,
"description": "The duration (in seconds) for the role session.",
},
"external_id": {
"type": "string",
"description": "An optional identifier to enhance security for role assumption; may be "
"required by the role administrator.",
},
"role_session_name": {
"type": "string",
"description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
@@ -1096,7 +1095,7 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
"pattern": "^[a-zA-Z0-9=,.@_-]+$",
},
},
"required": ["role_arn"],
"required": ["role_arn", "external_id"],
},
{
"type": "object",