Commit Graph

296 Commits

Author SHA1 Message Date
Andoni A. 60350794da feat(api): show only production URL in API reference playground 2025-11-12 09:47:28 +01:00
Andoni Alonso 6a876a3205 Merge branch 'master' into DEVREL-98-include-open-api-specification-in-mintlify 2025-11-12 09:22:08 +01:00
Pedro Martín 427dab6810 fix(compliance): handle check_id not in Prowler Checks (#9208) 2025-11-12 09:11:34 +01:00
Josema Camacho 7cb0ed052d chore(security): upgrading django to 5.1.14 (#9176) 2025-11-11 16:51:28 +01:00
Adrián Jesús Peña Rodríguez beec37b0da feat(threatscore): implement ThreatScoreSnapshot model, filter, serializer, and view for ThreatScore metrics retrieval (#9148) 2025-11-11 10:19:48 +01:00
Andoni A. e9f6bc8604 chore: update CHANGELOG 2025-11-11 07:36:18 +01:00
Andoni A. dc71d86c35 chore(api): regenerate openapi schema 2025-11-10 08:57:34 +01:00
Andoni Alonso 7a54900a62 Merge branch 'master' into DEVREL-98-include-open-api-specification-in-mintlify 2025-11-10 08:39:59 +01:00
Rakan Farhouda f0b1c4c29e fix(api): update unique constraint for Provider model to exclude soft… (#9054) 2025-11-07 13:16:55 +01:00
Daniel Barranquero 7e03b423dd feat(api): add MongoDBAtlas provider to api (#9167) 2025-11-06 16:37:38 -05:00
Andoni A. 1d62b8d64e fix(docs): json version is not needed 2025-11-05 14:52:23 +01:00
Andoni A. 676a11bb13 feat(docs): use symlink to point to openapi spec 2025-11-05 12:43:16 +01:00
Andoni A. 4b80544f0a chore: update CHANGELOG 2025-11-05 12:35:44 +01:00
Andoni A. 6815a9dd86 feat(api): add dynamic server URL configuration to OpenAPI schema
Add a new postprocessing hook 'add_api_servers' that dynamically configures
the servers array in the OpenAPI specification based on the request environment.

This hook:
- Detects the current environment (local, staging, or production) from the
  request host
- Adds the current server URL as the primary option
- Includes production (https://api.prowler.com) as a fallback option when
  generating from non-production environments
- Enables users to toggle between local and production servers in Mintlify's
  API playground via a dropdown

Server detection logic:
- localhost/127.0.0.1 → "Local Development Server"
- hosts with 'dev' or 'staging' → "Development/Staging API"
- api.prowler.com → "Prowler Cloud API"

This enables the "Try it out" feature in Mintlify documentation and allows
testing against different environments without modifying the spec.
2025-11-05 12:04:18 +01:00
Andoni A. 00441e776d feat(api): add OpenAPI schema postprocessing hooks for Mintlify compatibility
Add three postprocessing hooks to fix OpenAPI 3.0.x compatibility issues
generated by drf-spectacular-jsonapi:

1. fix_empty_id_fields: Fixes empty id field definitions ({}) in JSON:API
   request schemas (particularly PATCH/update requests) by replacing them
   with proper schema: {"type": "string", "format": "uuid", "description": "..."}

2. fix_pattern_properties: Converts patternProperties to additionalProperties
   for OpenAPI 3.0 compatibility. patternProperties is only available in
   OpenAPI 3.1+, but drf-spectacular generates 3.0.3 specs. This is needed
   for the Prowler mutelist configuration which uses dynamic keys.

3. fix_type_formats: Fixes invalid type values like "email" that
   drf-spectacular generates from Django's EmailField. Converts them to
   proper OpenAPI format: "type": "string" with "format": "email".
   Also handles "url" → "uri" and "uuid" formats.

These hooks ensure the generated OpenAPI schema validates correctly with
Mintlify and other OpenAPI 3.0.x tools.
2025-11-05 11:36:24 +01:00
Andoni A. 4037927c61 Merge branch 'master' into try-openapi 2025-11-05 10:36:07 +01:00
Sergio Garcia f16f94acf3 chore(oci): rename OCI provider to oraclecloud with oci alias (#9126) 2025-11-04 11:44:56 -05:00
Andoni Alonso 601495166c feat(iac): add IaC to Prowler App (#8751) 2025-11-04 10:01:58 +01:00
Sergio Garcia 39710a6841 fix(api): correct OCI provider compliance directory mapping (#9111) 2025-10-31 10:33:13 -04:00
Chandrapal Badshah c3940c7454 feat: Add Amazon Bedrock & OpenAI Compatible provider to Lighthouse AI (#8957)
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com>
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>
2025-10-31 13:54:15 +01:00
Víctor Fernández Poyatos c5e88f4a74 feat(rls-transaction): add retry for read replica connections (#9064) 2025-10-31 11:09:05 +01:00
Víctor Fernández Poyatos 5d4415d090 feat(mute-rules): Support simple muting in API (#9051) 2025-10-31 10:49:17 +01:00
Andoni A. 20337b7e0c poc: test yq to create json schema 2025-10-31 08:24:21 +01:00
Pedro Martín f831171a21 feat(compliance): add C5 for GCP provider (#9097) 2025-10-30 15:55:07 +01:00
Chandrapal Badshah f9afb50ed9 fix(api): standardize JSON:API resource types for Lighthouse endpoints (#9085)
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com>
2025-10-30 13:36:51 +01:00
Adrián Jesús Peña Rodríguez aa8be0b2fe fix(api): update database routing logic in MainRouter (#9080) 2025-10-30 12:30:53 +01:00
Pedro Martín fcf817618a feat(compliance): add c5 azure base (#9081)
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>
2025-10-30 09:54:50 +01:00
Pepe Fagoaga 3b7eba64aa chore: remove not used admin interface (#9059) 2025-10-29 17:37:09 +05:45
Adrián Jesús Peña Rodríguez 6c34945829 feat(api): enhance overview provider aggregation and resource counting (#9053) 2025-10-29 10:31:40 +01:00
Sergio Garcia dad100b87a feat(api): add Oracle Cloud Infrastructure (OCI) provider support (#8927)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2025-10-28 16:43:24 +01:00
Adrián Jesús Peña Rodríguez 662296aa0e feat(api): enhance provider filtering and pagination capabilities (#8975) 2025-10-28 16:36:35 +01:00
Chandrapal Badshah 8ebefb8aa1 feat: add lighthouse support for multiple providers (#8772)
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com>
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>
2025-10-27 16:23:54 +01:00
Víctor Fernández Poyatos ba8dbb0d28 fix(s3): file uploading for threatscore (#8993) 2025-10-23 16:07:06 +05:45
Josema Camacho 51baa88644 chore(api): Update changelog for API's version 1.14.0 to Prowler 5.13.0 (#8992) 2025-10-23 12:03:07 +02:00
Pedro Martín 9f372902ad feat(threatscore): support compliance pdf reporting (#8867)
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>
2025-10-22 15:59:56 +02:00
Adrián Jesús Peña Rodríguez 524209bdf2 feat(api): add provider_id__in filter for ScanSummary queries (#8951) 2025-10-21 15:24:09 +02:00
Pedro Martín 4a61578dd8 feat(compliance): add CCC catalogs for AWS, Azure and GCP (#8000)
Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com>
2025-10-15 21:48:20 +05:45
Hugo Pereira Brito 8773751779 chore(api): enhance m365 user auth deprecation (#8913)
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>
2025-10-15 15:41:40 +02:00
Pedro Martín 564ad56d2f feat(compliance): add C5 Germany for aws (#8830)
Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com>
2025-10-15 11:47:23 +02:00
dependabot[bot] fc1d3d4a47 chore(deps-dev): bump authlib from 1.6.4 to 1.6.5 in /api (#8910)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-14 09:49:52 -04:00
Víctor Fernández Poyatos 5789e87f4f fix(api-keys): update created field to never update (#8908) 2025-10-14 13:30:41 +02:00
Víctor Fernández Poyatos 8794515318 fix(api-keys): make name required and unique (#8891) 2025-10-10 12:35:27 +02:00
Víctor Fernández Poyatos 335db928dc feat(database): add db read replica support (#8869) 2025-10-10 12:27:43 +02:00
Hugo Pereira Brito b74744b135 feat(m365): add M365 certificate auth to API (#8538) 2025-10-09 16:50:28 +02:00
Adrián Jesús Peña Rodríguez 1ba22f6f45 feat(api): update role mapping logic in TenantFinishACSView to handle single/manage account users (#8882) 2025-10-09 14:30:26 +02:00
Pedro Martín 1a7f52fc9c fix(threatscore): improve the way ThreatScore is calculated (#8582)
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
2025-10-09 11:50:10 +02:00
Víctor Fernández Poyatos b630234cdf fix(api-key): use admin connector to validate authentication (#8883) 2025-10-09 11:26:21 +02:00
Víctor Fernández Poyatos d6685eec1f feat(api-keys): support include parameter for entity details (#8876) 2025-10-09 11:14:13 +02:00
Rubén De la Torre Vico 71e444d4ae chore: improve API docs for Provider endpoints (#8723)
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>
2025-10-07 15:30:14 +02:00
Víctor Fernández Poyatos 42b7f0f1a9 fix(migrations): API key RLS migration (#8863) 2025-10-07 12:39:30 +02:00