feat(only_logs): remove from parser

feat(only_logs): deprecate only_logs tag
2026-05-18 18:22:46 +00:00 · 2024-11-28 15:37:33 +01:00 · 2024-11-28 14:37:52 +01:00
1697 changed files with 15513 additions and 57667 deletions
@@ -1,98 +0,0 @@
-#### Important Note ####
-# This file is used to store environment variables for the Prowler App.
-# For production, it is recommended to use a secure method to store these variables and change the default secret keys.
-
-#### Prowler UI Configuration ####
-PROWLER_UI_VERSION="latest"
-SITE_URL=http://localhost:3000
-API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
-AUTH_TRUST_HOST=true
-UI_PORT=3000
-# openssl rand -base64 32
-AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
-
-#### Prowler API Configuration ####
-PROWLER_API_VERSION="stable"
-# PostgreSQL settings
-# If running Django and celery on host, use 'localhost', else use 'postgres-db'
-POSTGRES_HOST=postgres-db
-POSTGRES_PORT=5432
-POSTGRES_ADMIN_USER=prowler_admin
-POSTGRES_ADMIN_PASSWORD=postgres
-POSTGRES_USER=prowler
-POSTGRES_PASSWORD=postgres
-POSTGRES_DB=prowler_db
-
-# Valkey settings
-# If running Valkey and celery on host, use localhost, else use 'valkey'
-VALKEY_HOST=valkey
-VALKEY_PORT=6379
-VALKEY_DB=0
-
-# Django settings
-DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,prowler-api
-DJANGO_BIND_ADDRESS=0.0.0.0
-DJANGO_PORT=8080
-DJANGO_DEBUG=False
-DJANGO_SETTINGS_MODULE=config.django.production
-# Select one of [ndjson|human_readable]
-DJANGO_LOGGING_FORMATTER=human_readable
-# Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
-# Applies to both Django and Celery Workers
-DJANGO_LOGGING_LEVEL=INFO
-# Defaults to the maximum available based on CPU cores if not set.
-DJANGO_WORKERS=4
-# Token lifetime is in minutes
-DJANGO_ACCESS_TOKEN_LIFETIME=30
-# Token lifetime is in minutes
-DJANGO_REFRESH_TOKEN_LIFETIME=1440
-DJANGO_CACHE_MAX_AGE=3600
-DJANGO_STALE_WHILE_REVALIDATE=60
-DJANGO_MANAGE_DB_PARTITIONS=True
-# openssl genrsa -out private.pem 2048
-DJANGO_TOKEN_SIGNING_KEY="-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDs4e+kt7SnUJek
-6V5r9zMGzXCoU5qnChfPiqu+BgANyawz+MyVZPs6RCRfeo6tlCknPQtOziyXYM2I
-7X+qckmuzsjqp8+u+o1mw3VvUuJew5k2SQLPYwsiTzuFNVJEOgRo3hywGiGwS2iv
-/5nh2QAl7fq2qLqZEXQa5+/xJlQggS1CYxOJgggvLyra50QZlBvPve/AxKJ/EV/Q
-irWTZU5lLNI8sH2iZR05vQeBsxZ0dCnGMT+vGl+cGkqrvzQzKsYbDmabMcfTYhYi
-78fpv6A4uharJFHayypYBjE39PwhMyyeycrNXlpm1jpq+03HgmDuDMHydk1tNwuT
-nEC7m7iNAgMBAAECggEAA2m48nJcJbn9SVi8bclMwKkWmbJErOnyEGEy2sTK3Of+
-NWx9BB0FmqAPNxn0ss8K7cANKOhDD7ZLF9E2MO4/HgfoMKtUzHRbM7MWvtEepldi
-nnvcUMEgULD8Dk4HnqiIVjt3BdmGiTv46OpBnRWrkSBV56pUL+7msZmMZTjUZvh2
-ZWv0+I3gtDIjo2Zo/FiwDV7CfwRjJarRpYUj/0YyuSA4FuOUYl41WAX1I301FKMH
-xo3jiAYi1s7IneJ16OtPpOA34Wg5F6ebm/UO0uNe+iD4kCXKaZmxYQPh5tfB0Qa3
-qj1T7GNpFNyvtG7VVdauhkb8iu8X/wl6PCwbg0RCKQKBgQD9HfpnpH0lDlHMRw9K
-X7Vby/1fSYy1BQtlXFEIPTN/btJ/asGxLmAVwJ2HAPXWlrfSjVAH7CtVmzN7v8oj
-HeIHfeSgoWEu1syvnv2AMaYSo03UjFFlfc/GUxF7DUScRIhcJUPCP8jkAROz9nFv
-DByNjUL17Q9r43DmDiRsy0IFqQKBgQDvlJ9Uhl+Sp7gRgKYwa/IG0+I4AduAM+Gz
-Dxbm52QrMGMTjaJFLmLHBUZ/ot+pge7tZZGws8YR8ufpyMJbMqPjxhIvRRa/p1Tf
-E3TQPW93FMsHUvxAgY3MV5MzXFPhlNAKb+akP/RcXUhetGAuZKLubtDCWa55ZQuL
-wj2OS+niRQKBgE7K8zUqNi6/22S8xhy/2GPgB1qPObbsABUofK0U6CAGLo6te+gc
-6Jo84IyzFtQbDNQFW2Fr+j1m18rw9AqkdcUhQndiZS9AfG07D+zFB86LeWHt4DS4
-ymIRX8Kvaak/iDcu/n3Mf0vCrhB6aetImObTj4GgrwlFvtJOmrYnO8EpAoGAIXXP
-Xt25gWD9OyyNiVu6HKwA/zN7NYeJcRmdaDhO7B1A6R0x2Zml4AfjlbXoqOLlvLAf
-zd79vcoAC82nH1eOPiSOq51plPDI0LMF8IN0CtyTkn1Lj7LIXA6rF1RAvtOqzppc
-SvpHpZK9pcRpXnFdtBE0BMDDtl6fYzCIqlP94UUCgYEAnhXbAQMF7LQifEm34Dx8
-BizRMOKcqJGPvbO2+Iyt50O5X6onU2ITzSV1QHtOvAazu+B1aG9pEuBFDQ+ASxEu
-L9ruJElkOkb/o45TSF6KCsHd55ReTZ8AqnRjf5R+lyzPqTZCXXb8KTcRvWT4zQa3
-VxyT2PnaSqEcexWUy4+UXoQ=
-----END PRIVATE KEY-----"
-# openssl rsa -in private.pem -pubout -out public.pem
-DJANGO_TOKEN_VERIFYING_KEY="-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OHvpLe0p1CXpOlea/cz
-Bs1wqFOapwoXz4qrvgYADcmsM/jMlWT7OkQkX3qOrZQpJz0LTs4sl2DNiO1/qnJJ
-rs7I6qfPrvqNZsN1b1LiXsOZNkkCz2MLIk87hTVSRDoEaN4csBohsEtor/+Z4dkA
-Je36tqi6mRF0Gufv8SZUIIEtQmMTiYIILy8q2udEGZQbz73vwMSifxFf0Iq1k2VO
-ZSzSPLB9omUdOb0HgbMWdHQpxjE/rxpfnBpKq780MyrGGw5mmzHH02IWIu/H6b+g
-OLoWqyRR2ssqWAYxN/T8ITMsnsnKzV5aZtY6avtNx4Jg7gzB8nZNbTcLk5xAu5u4
-jQIDAQAB
-----END PUBLIC KEY-----"
-# openssl rand -base64 32
-DJANGO_SECRETS_ENCRYPTION_KEY="oE/ltOhp/n1TdbHjVmzcjDPLcLA41CVI/4Rk+UB5ESc="
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_DB_CONNECTION_POOL_MIN_SIZE=4
-DJANGO_DB_CONNECTION_POOL_MAX_SIZE=10
-DJANGO_DB_CONNECTION_POOL_MAX_IDLE=36000
-DJANGO_DB_CONNECTION_POOL_MAX_LIFETIME=86400
@@ -1,3 +1,3 @@
-name: "API - CodeQL Config"
+name: "Custom CodeQL Config for API"
 paths:
-  - "api/"
+  - 'api/'
@@ -0,0 +1,4 @@
+name: "Custom CodeQL Config"
+paths-ignore:
+  - 'api/'
+  - 'ui/'
@@ -1,4 +0,0 @@
-name: "SDK - CodeQL Config"
-paths-ignore:
-  - "api/"
-  - "ui/"
@@ -1,3 +1,3 @@
-name: "UI - CodeQL Config"
+name: "Custom CodeQL Config for UI"
 paths:
  - "ui/"
@@ -5,7 +5,6 @@

 version: 2
 updates:
-  # v5
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
@@ -15,18 +14,6 @@ updates:
    labels:
      - "dependencies"
      - "pip"
-
-  - package-ecosystem: "pip"
-    directory: "/api"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "pip"
-      - "component/api"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
@@ -37,77 +24,20 @@ updates:
      - "dependencies"
      - "github_actions"

-  - package-ecosystem: "npm"
-    directory: "/ui"
+  - package-ecosystem: "pip"
+    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "npm"
-      - "component/ui"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "docker"
-
-  # v4.6
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "pip"
-      - "v4"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v4"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "docker"
-      - "v4"
-
-  # v3
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 10
    target-branch: v3
    labels:
      - "dependencies"
      - "pip"
      - "v3"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "monthly"
+      interval: "daily"
    open-pull-requests-limit: 10
    target-branch: v3
    labels:
@@ -22,11 +22,6 @@ provider/kubernetes:
      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/**"

-provider/github:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/github/**"
-      - any-glob-to-any-file: "tests/providers/github/**"
-
 github_actions:
  - changed-files:
      - any-glob-to-any-file: ".github/workflows/*"
@@ -15,8 +15,7 @@ Please include a summary of the change and which issue is fixed. List any depend
 - [ ] Review if the code is being covered by tests.
 - [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
 - [ ] Review if backport is needed.
- [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)

 ### License

-By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -1,98 +0,0 @@
-name: API - Build and Push containers
-
-on:
-  push:
-    branches:
-      - "master"
-    paths:
-      - "api/**"
-      - ".github/workflows/api-build-lint-push-containers.yml"
-
-  # Uncomment the code below to test this action on PRs
-  # pull_request:
-  #   branches:
-  #     - "master"
-  #   paths:
-  #     - "api/**"
-  #     - ".github/workflows/api-build-lint-push-containers.yml"
-
-  release:
-    types: [published]
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-
-  WORKING_DIRECTORY: ./api
-
-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
-
-jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
-  # Build Prowler OSS container
-  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push container image (latest)
-        # Comment the following line for testing
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          # Set push: false for testing
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push container image (release)
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
@@ -9,18 +9,22 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: API - CodeQL
+name: "API - CodeQL"

 on:
  push:
-    branches:
+    branches: 
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
  pull_request:
-    branches:
+    branches: 
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
@@ -1,16 +1,14 @@
-name: API - Pull Request
+name: "API - Pull Request"

 on:
  push:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"
  pull_request:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"

@@ -71,7 +69,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
        uses: tj-actions/changed-files@v45
@@ -83,21 +80,18 @@ jobs:
            api/permissions/**
            api/README.md
            api/mkdocs.yml
-
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
-
+          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
-
      - name: Install dependencies
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -114,60 +108,49 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
-
+          poetry lock --check
      - name: Lint with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run ruff check . --exclude contrib
-
      - name: Check Format with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run ruff format --check . --exclude contrib
-
      - name: Lint with pylint
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
-
      - name: Bandit
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
-
      - name: Safety
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run safety check --ignore 70612,66963
-
      - name: Vulture
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
-
      - name: Hadolint
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013
-
      - name: Test with pytest
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pytest --cov=./src/backend --cov-report=xml src/backend
-
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: api
@@ -1,47 +1,42 @@
-name: Prowler - Automatic Backport
+name: Automatic Backport

 on:
  pull_request_target:
    branches: ['master']
    types: ['labeled', 'closed']

-env:
-  # The prefix of the label that triggers the backport must not contain the branch name
-  # so, for example, if the branch is 'master', the label should be 'backport-to-<branch>'
-  BACKPORT_LABEL_PREFIX: backport-to-
-  BACKPORT_LABEL_IGNORE: was-backported
-
 jobs:
  backport:
    name: Backport PR
-    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
+    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport'))
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      pull-requests: write
      contents: write
    steps:
-      - name: Check labels
-        id: preview_label_check
-        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
-        with:
-          allow_failure: true
-          prefix_mode: true
-          any_of: ${{ env.BACKPORT_LABEL_PREFIX }}
-          none_of: ${{ env.BACKPORT_LABEL_IGNORE }}
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
+      # Workaround not to fail the workflow if the PR does not need a backport
+      # https://github.com/sorenlouv/backport-github-action/issues/127#issuecomment-2258561266
+      - name: Check for backport labels
+        id: check_labels
+        run: |-
+          labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
+          echo "$labels"
+          matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-to-"))) | length')
+          echo "matched=$matched"
+          echo "matched=$matched" >> $GITHUB_OUTPUT

      - name: Backport Action
-        if: steps.preview_label_check.outputs.label_check == 'success'
+        if: fromJSON(steps.check_labels.outputs.matched) > 0
        uses: sorenlouv/backport-github-action@v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
+          auto_backport_label_prefix: backport-to-

      - name: Info log
-        if: ${{ success() && steps.preview_label_check.outputs.label_check == 'success' }}
+        if: ${{ success() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
        run: cat ~/.backport/backport.info.log

      - name: Debug log
-        if: ${{ failure() && steps.preview_label_check.outputs.label_check == 'success' }}
+        if: ${{ failure() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
        run: cat ~/.backport/backport.debug.log
@@ -1,4 +1,4 @@
-name: Prowler - Pull Request Documentation Link
+name: Pull Request Documentation Link

 on:
  pull_request:
@@ -1,13 +1,9 @@
-name: SDK - Build and Push containers
+name: Build and Push containers

 on:
  push:
    branches:
-      # For `v3-latest`
      - "v3"
-      # For `v4-latest`
-      - "v4.6"
-      # For `latest`
      - "master"
    paths-ignore:
      - ".github/**"
@@ -42,10 +38,6 @@ env:
  # Python configuration
  PYTHON_VERSION: 3.12

-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
-
 jobs:
  # Build Prowler OSS container
  container-build-push:
@@ -68,7 +60,7 @@ jobs:

      - name: Install Poetry
        run: |
-          pipx install poetry==1.8.5
+          pipx install poetry
          pipx inject poetry poetry-bumpversion

      - name: Get Prowler version
@@ -89,13 +81,7 @@ jobs:
              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
              ;;

-
          4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
-              ;;
-
-          5)
              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
              ;;
@@ -133,7 +119,6 @@ jobs:
          tags: |
            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
          file: ${{ env.DOCKERFILE_PATH }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
@@ -151,8 +136,6 @@ jobs:
            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          file: ${{ env.DOCKERFILE_PATH }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
@@ -9,24 +9,22 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: SDK - CodeQL
+name: "CodeQL"

 on:
  push:
-    branches:
+    branches: 
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
  pull_request:
-    branches:
+    branches: 
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
@@ -57,7 +55,7 @@ jobs:
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
-        config-file: ./.github/codeql/sdk-codeql-config.yml
+        config-file: ./.github/codeql/codeql-config.yml

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
@@ -1,4 +1,4 @@
-name: Prowler - Find secrets
+name: Find secrets

 on: pull_request

@@ -11,9 +11,9 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.88.2
+        uses: trufflesecurity/trufflehog@v3.84.1
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
          head: HEAD
-          extra_args: --only-verified
+          extra_args: --only-verified
@@ -1,4 +1,4 @@
-name: Prowler - PR Labeler
+name: "Pull Request Labeler"

 on:
    pull_request_target:
@@ -1,4 +1,4 @@
-name: SDK - Pull Request
+name: "Pull Request" 

 on:
  push:
@@ -22,7 +22,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
        uses: tj-actions/changed-files@v45
@@ -37,22 +36,17 @@ jobs:
            README.md
            mkdocs.yml
            .backportrc.json
-            .env
-            docker-compose*
-
      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
-
+          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
-
      - name: Install dependencies
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
@@ -63,56 +57,44 @@ jobs:
            sed -E 's/.*"v([^"]+)".*/\1/' \
            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
            && chmod +x /tmp/hadolint
-
      - name: Poetry check
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
-
+          poetry lock --check
      - name: Lint with flake8
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
-
      - name: Checking format with black
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run black --exclude api ui --check .
-
      - name: Lint with pylint
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
-
      - name: Bandit
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
-
      - name: Safety
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run safety check --ignore 70612 -r pyproject.toml
-
      - name: Vulture
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
-
      - name: Hadolint
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013
-
      - name: Test with pytest
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
-
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler
@@ -1,4 +1,4 @@
-name: SDK - PyPI release
+name: PyPI release

 on:
  release:
@@ -10,40 +10,12 @@ env:
  CACHE: "poetry"

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  release-prowler-job:
    runs-on: ubuntu-latest
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    env:
      POETRY_VIRTUALENVS_CREATE: "false"
    name: Release Prowler to PyPI
    steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
-                  echo "This action only runs for prowler-cloud/prowler"
-                  exit 1
-              fi
-
      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
@@ -55,9 +27,6 @@ jobs:
          4)
              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
              ;;
-          5)
-              echo "Releasing Prowler v5 with tag ${PROWLER_VERSION}"
-              ;;
          *)
              echo "Releasing another Prowler major version, aborting..."
              exit 1
@@ -68,7 +37,7 @@ jobs:

      - name: Install dependencies
        run: |
-          pipx install poetry==1.8.5
+          pipx install poetry

      - name: Setup Python
        uses: actions/setup-python@v5
@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions

-name: SDK - Refresh AWS services' regions
+name: Refresh regions of AWS services

 on:
  schedule:
@@ -1,98 +0,0 @@
-name: UI - Build and Push containers
-
-on:
-  push:
-    branches:
-      - "master"
-    paths:
-      - "ui/**"
-      - ".github/workflows/ui-build-lint-push-containers.yml"
-
-  # Uncomment the below code to test this action on PRs
-  # pull_request:
-  #   branches:
-  #     - "master"
-  #   paths:
-  #     - "ui/**"
-  #     - ".github/workflows/ui-build-lint-push-containers.yml"
-
-  release:
-    types: [published]
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-
-  WORKING_DIRECTORY: ./ui
-
-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-
-jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
-  # Build Prowler OSS container
-  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push container image (latest)
-        # Comment the following line for testing
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          # Set push: false for testing
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push container image (release)
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
@@ -1,16 +1,9 @@
-name: UI - Pull Request
+name: "UI - Pull Request"

 on:
-  push:
-    branches:
-      - "master"
-      - "v5.*"
-    paths:
-      - "ui/**"
  pull_request:
    branches:
      - master
-      - "v5.*"
    paths:
      - 'ui/**'

@@ -27,7 +20,7 @@ jobs:
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
@@ -38,4 +31,4 @@ jobs:
        run: npm run healthcheck
      - name: Build the application
        working-directory: ./ui
-        run: npm run build
+        run: npm run build
@@ -9,18 +9,20 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: UI - CodeQL
+name: "UI - CodeQL"

 on:
  push:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
  pull_request:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
@@ -45,11 +45,9 @@ junit-reports/
 # Terraform
 .terraform*
 *.tfstate
-*.tfstate.*

 # .env
-ui/.env*
-api/.env*
+.env*

 # Coverage
 .coverage*
@@ -58,6 +56,3 @@ coverage*

 # Node
 node_modules
-
-# Persistent data
-_data/
@@ -27,7 +27,6 @@ repos:
    hooks:
      - id: shellcheck
        exclude: contrib
-
  ## PYTHON
  - repo: https://github.com/myint/autoflake
    rev: v2.3.1
@@ -62,25 +61,8 @@ repos:
    rev: 1.8.0
    hooks:
      - id: poetry-check
-        name: API - poetry-check
-        args: ["--directory=./api"]
-        pass_filenames: false
-
      - id: poetry-lock
-        name: API - poetry-lock
-        args: ["--no-update", "--directory=./api"]
-        pass_filenames: false
-
-      - id: poetry-check
-        name: SDK - poetry-check
-        args: ["--directory=./"]
-        pass_filenames: false
-
-      - id: poetry-lock
-        name: SDK - poetry-lock
-        args: ["--no-update", "--directory=./"]
-        pass_filenames: false
-
+        args: ["--no-update"]

  - repo: https://github.com/hadolint/hadolint
    rev: v2.13.0-beta
@@ -108,7 +90,7 @@ repos:
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
-        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
        language: system
        files: '.*\.py'

@@ -121,6 +103,7 @@ repos:
      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
-        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
+        entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
+        exclude: 'api/src/backend/'
        language: system
        files: '.*\.py'
@@ -1,4 +1,4 @@
-FROM python:3.12.8-alpine3.20
+FROM python:3.12-alpine

 LABEL maintainer="https://github.com/prowler-cloud/prowler"

@@ -3,7 +3,7 @@
  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
 </p>
 <p align="center">
-  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
 </p>
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
@@ -29,7 +29,7 @@
 <p align="center">
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler/issues"><img alt="Issues" src="https://img.shields.io/github/issues/prowler-cloud/prowler"></a>
-  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler?include_prereleases"></a>
  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/release-date/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Contributors" src="https://img.shields.io/github/contributors-anon/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler"><img alt="License" src="https://img.shields.io/github/license/prowler-cloud/prowler"></a>
@@ -43,15 +43,7 @@

 # Description

-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
-
-## Prowler App
-
-Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.
-
-![Prowler App](docs/img/overview.png)
-
->More details at [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.

 ## Prowler CLI

@@ -71,135 +63,42 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 561 | 81 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
-| GCP | 77 | 13 -> `prowler gcp --list-services` | 4 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 139 | 18 -> `prowler azure --list-services` | 5 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
-| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 2 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |
+| AWS | 553 | 77 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 3 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 138 | 17 -> `prowler azure --list-services` | 4 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |

 # 💻 Installation

-## Prowler App
-
-Prowler App can be installed in different ways, depending on your environment:
-
-> See how to use Prowler App in the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).
-
-### Docker Compose
-
-**Requirements**
-
-* `Docker Compose` installed: https://docs.docker.com/compose/install/.
-
-**Commands**
-
-``` console
-curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml
-curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
-docker compose up -d
-```
-
-> Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
-> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
-
-### From GitHub
-
-**Requirements**
-
-* `git` installed.
-* `poetry` installed: [poetry installation](https://python-poetry.org/docs/#installation).
-* `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
-* `Docker Compose` installed: https://docs.docker.com/compose/install/.
-
-**Commands to run the API**
-
-``` console
-git clone https://github.com/prowler-cloud/prowler
-cd prowler/api
-poetry install
-poetry shell
-set -a
-source .env
-docker compose up postgres valkey -d
-cd src/backend
-python manage.py migrate --database admin
-gunicorn -c config/guniconf.py config.wsgi:application
-```
-
-> Now, you can access the API documentation at http://localhost:8080/api/v1/docs.
-
-**Commands to run the API Worker**
-
-``` console
-git clone https://github.com/prowler-cloud/prowler
-cd prowler/api
-poetry install
-poetry shell
-set -a
-source .env
-cd src/backend
-python -m celery -A config.celery worker -l info -E
-```
-
-**Commands to run the API Scheduler**
-
-``` console
-git clone https://github.com/prowler-cloud/prowler
-cd prowler/api
-poetry install
-poetry shell
-set -a
-source .env
-cd src/backend
-python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler
-```
-
-**Commands to run the UI**
-
-``` console
-git clone https://github.com/prowler-cloud/prowler
-cd prowler/ui
-npm install
-npm run build
-npm start
-```
-
-> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
-
-## Prowler CLI
-### Pip package
-Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:
+## Pip package
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:

 ```console
 pip install prowler
 prowler -v
 ```
->More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)
+>More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)

-### Containers
+## Containers

-The available versions of Prowler CLI are the following:
+The available versions of Prowler are the following:

 - `latest`: in sync with `master` branch (bear in mind that it is not a stable version)
- `v4-latest`: in sync with `v4` branch (bear in mind that it is not a stable version)
 - `v3-latest`: in sync with `v3` branch (bear in mind that it is not a stable version)
 - `<x.y.z>` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.
 - `stable`: this tag always point to the latest release.
- `v4-stable`: this tag always point to the latest release for v4.
 - `v3-stable`: this tag always point to the latest release for v3.

 The container images are available here:
- Prowler CLI:
-    - [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)
-    - [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)
- Prowler App:
-    - [DockerHub - Prowler UI](https://hub.docker.com/r/prowlercloud/prowler-ui/tags)
-    - [DockerHub - Prowler API](https://hub.docker.com/r/prowlercloud/prowler-api/tags)

-### From GitHub
+- [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)
+- [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)
+
+## From GitHub

 Python >= 3.9, < 3.13 is required with pip and poetry:

-``` console
+```
 git clone https://github.com/prowler-cloud/prowler
 cd prowler
 poetry shell
@@ -209,16 +108,6 @@ python prowler.py -v
 > If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
 # 📐✏️ High level architecture

-## Prowler App
-The **Prowler App** consists of three main components:
-
- **Prowler UI**: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
- **Prowler API**: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
- **Prowler SDK**: A Python SDK that integrates with the Prowler CLI for advanced functionality.
-
-![Prowler App Architecture](docs/img/prowler-app-architecture.png)
-
-## Prowler CLI
 You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.

 ![Architecture](docs/img/architecture.png)
@@ -21,12 +21,6 @@ DJANGO_STALE_WHILE_REVALIDATE=60
 DJANGO_SECRETS_ENCRYPTION_KEY=""
 # Decide whether to allow Django manage database table partitions
 DJANGO_MANAGE_DB_PARTITIONS=[True|False]
-DJANGO_CELERY_DEADLOCK_ATTEMPTS=5
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_DB_CONNECTION_POOL_MIN_SIZE=4
-DJANGO_DB_CONNECTION_POOL_MAX_SIZE=10
-DJANGO_DB_CONNECTION_POOL_MAX_IDLE=36000
-DJANGO_DB_CONNECTION_POOL_MAX_LIFETIME=86400

 # PostgreSQL settings
 # If running django and celery on host, use 'localhost', else use 'postgres-db'
@@ -1,4 +1,4 @@
-FROM python:3.12.8-alpine3.20 AS build
+FROM python:3.12-alpine AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

@@ -8,11 +8,11 @@ description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
 name = "prowler-api"
 package-mode = false
-version = "1.3.0"
+version = "1.0.0"

 [tool.poetry.dependencies]
 celery = {extras = ["pytest"], version = "^5.4.0"}
-django = "5.1.5"
+django = "5.1.1"
 django-celery-beat = "^2.7.0"
 django-celery-results = "^2.5.1"
 django-cors-headers = "4.4.0"
@@ -27,8 +27,8 @@ drf-nested-routers = "^0.94.1"
 drf-spectacular = "0.27.2"
 drf-spectacular-jsonapi = "0.5.1"
 gunicorn = "23.0.0"
-prowler = {git = "https://github.com/prowler-cloud/prowler.git", branch = "v5.2"}
-psycopg = {extras = ["pool", "binary"], version = "3.2.3"}
+prowler = {git = "https://github.com/prowler-cloud/prowler.git", branch = "master"}
+psycopg2-binary = "2.9.9"
 pytest-celery = {extras = ["redis"], version = "^1.0.1"}
 # Needed for prowler compatibility
 python = ">=3.11,<3.13"
@@ -48,8 +48,8 @@ pytest-env = "1.1.3"
 pytest-randomly = "3.15.0"
 pytest-xdist = "3.6.1"
 ruff = "0.5.0"
-safety = "3.2.9"
-vulture = "2.14"
+safety = "3.2.3"
+vulture = "2.11"

 [tool.poetry.scripts]
 celery = "src.backend.config.settings.celery"
@@ -1,23 +1,20 @@
-from django.core.exceptions import ObjectDoesNotExist
-from django.db import transaction
+import uuid
+
+from django.db import transaction, connection
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
 from rest_framework.filters import SearchFilter
 from rest_framework_json_api import filters
+from rest_framework_json_api.serializers import ValidationError
 from rest_framework_json_api.views import ModelViewSet
 from rest_framework_simplejwt.authentication import JWTAuthentication

-from api.db_router import MainRouter
-from api.db_utils import POSTGRES_USER_VAR, rls_transaction
 from api.filters import CustomDjangoFilterBackend
-from api.models import Role, Tenant
-from api.rbac.permissions import HasPermissions


 class BaseViewSet(ModelViewSet):
    authentication_classes = [JWTAuthentication]
-    required_permissions = []
-    permission_classes = [permissions.IsAuthenticated, HasPermissions]
+    permission_classes = [permissions.IsAuthenticated]
    filter_backends = [
        filters.QueryParameterValidationFilter,
        filters.OrderingFilter,
@@ -31,17 +28,6 @@ class BaseViewSet(ModelViewSet):
    ordering_fields = "__all__"
    ordering = ["id"]

-    def initial(self, request, *args, **kwargs):
-        """
-        Sets required_permissions before permissions are checked.
-        """
-        self.set_required_permissions()
-        super().initial(request, *args, **kwargs)
-
-    def set_required_permissions(self):
-        """This is an abstract method that must be implemented by subclasses."""
-        NotImplemented
-
    def get_queryset(self):
        raise NotImplementedError

@@ -61,7 +47,13 @@ class BaseRLSViewSet(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)

@@ -74,60 +66,13 @@ class BaseRLSViewSet(BaseViewSet):
 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
        with transaction.atomic():
-            tenant = super().dispatch(request, *args, **kwargs)
-
-        try:
-            # If the request is a POST, create the admin role
-            if request.method == "POST":
-                isinstance(tenant, dict) and self._create_admin_role(tenant.data["id"])
-        except Exception as e:
-            self._handle_creation_error(e, tenant)
-            raise
-
-        return tenant
-
-    def _create_admin_role(self, tenant_id):
-        Role.objects.using(MainRouter.admin_db).create(
-            name="admin",
-            tenant_id=tenant_id,
-            manage_users=True,
-            manage_account=True,
-            manage_billing=True,
-            manage_providers=True,
-            manage_integrations=True,
-            manage_scans=True,
-            unlimited_visibility=True,
-        )
-
-    def _handle_creation_error(self, error, tenant):
-        if tenant.data.get("id"):
-            try:
-                Tenant.objects.using(MainRouter.admin_db).filter(
-                    id=tenant.data["id"]
-                ).delete()
-            except ObjectDoesNotExist:
-                pass  # Tenant might not exist, handle gracefully
+            return super().dispatch(request, *args, **kwargs)

    def initial(self, request, *args, **kwargs):
-        if (
-            request.resolver_match.url_name != "tenant-detail"
-            and request.method != "DELETE"
-        ):
-            user_id = str(request.user.id)
+        user_id = str(request.user.id)

-            with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
-                return super().initial(request, *args, **kwargs)
-
-        # TODO: DRY this when we have time
-        if request.auth is None:
-            raise NotAuthenticated
-
-        tenant_id = request.auth.get("tenant_id")
-        if tenant_id is None:
-            raise NotAuthenticated("Tenant ID is not present in token")
-
-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.user_id', '{user_id}', TRUE);")
            return super().initial(request, *args, **kwargs)


@@ -147,6 +92,12 @@ class BaseUserViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)
@@ -1,16 +1,12 @@
 import secrets
-import uuid
 from contextlib import contextmanager
-from datetime import datetime, timedelta, timezone
+from datetime import datetime, timezone, timedelta

 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
-from django.db import connection, models, transaction
-from psycopg import connect as psycopg_connect
-from psycopg.adapt import Dumper
-from psycopg.types import TypeInfo
-from psycopg.types.string import TextLoader
-from rest_framework_json_api.serializers import ValidationError
+from django.db import models, transaction, connection
+from psycopg2 import connect as psycopg2_connect
+from psycopg2.extensions import new_type, register_type, register_adapter, AsIs

 DB_USER = settings.DATABASES["default"]["USER"] if not settings.TESTING else "test"
 DB_PASSWORD = (
@@ -22,55 +18,35 @@ DB_PROWLER_USER = (
 DB_PROWLER_PASSWORD = (
    settings.DATABASES["prowler_user"]["PASSWORD"] if not settings.TESTING else "test"
 )
-
 TASK_RUNNER_DB_TABLE = "django_celery_results_taskresult"
 POSTGRES_TENANT_VAR = "api.tenant_id"
 POSTGRES_USER_VAR = "api.user_id"

-SET_CONFIG_QUERY = "SELECT set_config(%s, %s::text, TRUE);"
-

@contextmanager
 def psycopg_connection(database_alias: str):
-    """
-    Context manager returning a psycopg 3 connection
-    for the specified 'database_alias' in Django settings.
-    """
-    pg_conn = None
+    psycopg2_connection = None
    try:
        admin_db = settings.DATABASES[database_alias]

-        pg_conn = psycopg_connect(
+        psycopg2_connection = psycopg2_connect(
            dbname=admin_db["NAME"],
            user=admin_db["USER"],
            password=admin_db["PASSWORD"],
            host=admin_db["HOST"],
            port=admin_db["PORT"],
        )
-        yield pg_conn
+        yield psycopg2_connection
    finally:
-        if pg_conn is not None:
-            pg_conn.close()
+        if psycopg2_connection is not None:
+            psycopg2_connection.close()


@contextmanager
-def rls_transaction(value: str, parameter: str = POSTGRES_TENANT_VAR):
-    """
-    Creates a new database transaction setting the given configuration value for Postgres RLS. It validates the
-    if the value is a valid UUID.
-
-    Args:
-        value (str): Database configuration parameter value.
-        parameter (str): Database configuration parameter name, by default is 'api.tenant_id'.
-    """
+def tenant_transaction(tenant_id: str):
    with transaction.atomic():
        with connection.cursor() as cursor:
-            try:
-                # Just in case the value is a UUID object
-                uuid.UUID(str(value))
-            except ValueError:
-                raise ValidationError("Must be a valid UUID")
-            cursor.execute(SET_CONFIG_QUERY, [parameter, value])
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            yield cursor


@@ -112,38 +88,6 @@ def generate_random_token(length: int = 14, symbols: str | None = None) -> str:
    return "".join(secrets.choice(symbols or _symbols) for _ in range(length))


-def batch_delete(queryset, batch_size=5000):
-    """
-    Deletes objects in batches and returns the total number of deletions and a summary.
-
-    Args:
-        queryset (QuerySet): The queryset of objects to delete.
-        batch_size (int): The number of objects to delete in each batch.
-
-    Returns:
-        tuple: (total_deleted, deletion_summary)
-    """
-    total_deleted = 0
-    deletion_summary = {}
-
-    while True:
-        # Get a batch of IDs to delete
-        batch_ids = set(
-            queryset.values_list("id", flat=True).order_by("id")[:batch_size]
-        )
-        if not batch_ids:
-            # No more objects to delete
-            break
-
-        deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()
-
-        total_deleted += deleted_count
-        for model_label, count in deleted_info.items():
-            deletion_summary[model_label] = deletion_summary.get(model_label, 0) + count
-
-    return total_deleted, deletion_summary
-
-
 # Postgres Enums


@@ -194,24 +138,32 @@ class EnumType:
        return self.value


-def register_enum(apps, schema_editor, enum_class):
-    """
-    psycopg 3 approach: register a loader + dumper for the given enum_class,
-    so we can read/write the custom Postgres ENUM seamlessly.
-    """
-    with psycopg_connection(schema_editor.connection.alias) as conn:
-        ti = TypeInfo.fetch(conn, enum_class.enum_type_name)
+def enum_adapter(enum_obj):
+    return AsIs(f"'{enum_obj.value}'::{enum_obj.__class__.enum_type_name}")

-        class EnumLoader(TextLoader):
-            def load(self, data):
-                return data

-        class EnumDumper(Dumper):
-            def dump(self, obj):
-                return f"'{obj.value}'::{obj.__class__.enum_type_name}"
+def get_enum_oid(connection, enum_type_name: str):
+    with connection.cursor() as cursor:
+        cursor.execute("SELECT oid FROM pg_type WHERE typname = %s;", (enum_type_name,))
+        result = cursor.fetchone()
+    if result is None:
+        raise ValueError(f"Enum type '{enum_type_name}' not found")
+    return result[0]

-        conn.adapters.register_loader(ti.oid, EnumLoader)
-        conn.adapters.register_dumper(enum_class, EnumDumper)
+
+def register_enum(apps, schema_editor, enum_class):  # noqa: F841
+    with psycopg_connection(schema_editor.connection.alias) as connection:
+        enum_oid = get_enum_oid(connection, enum_class.enum_type_name)
+        enum_instance = new_type(
+            (enum_oid,),
+            enum_class.enum_type_name,
+            lambda value, cur: value,  # noqa: F841
+        )
+        register_type(enum_instance, connection)
+        register_adapter(enum_class, enum_adapter)
+
+
+# Postgres enum definition for member role


 class MemberRoleEnum(EnumType):
@@ -1,10 +1,6 @@
-import uuid
 from functools import wraps

 from django.db import connection, transaction
-from rest_framework_json_api.serializers import ValidationError
-
-from api.db_utils import POSTGRES_TENANT_VAR, SET_CONFIG_QUERY


 def set_tenant(func):
@@ -35,7 +31,7 @@ def set_tenant(func):
            pass

        # When calling the task
-        some_task.delay(arg1, tenant_id="8db7ca86-03cc-4d42-99f6-5e480baf6ab5")
+        some_task.delay(arg1, tenant_id="1234-abcd-5678")

        # The tenant context will be set before the task logic executes.
    """
@@ -47,12 +43,9 @@ def set_tenant(func):
            tenant_id = kwargs.pop("tenant_id")
        except KeyError:
            raise KeyError("This task requires the tenant_id")
-        try:
-            uuid.UUID(tenant_id)
-        except ValueError:
-            raise ValidationError("Tenant ID must be a valid UUID")
+
        with connection.cursor() as cursor:
-            cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")

        return func(*args, **kwargs)

@@ -26,13 +26,11 @@ from api.models import (
    Finding,
    Invitation,
    Membership,
-    PermissionChoices,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
    Scan,
    ScanSummary,
    SeverityChoices,
@@ -166,12 +164,7 @@ class ScanFilter(ProviderRelationshipFilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    completed_at = DateFilter(field_name="completed_at", lookup_expr="date")
    started_at = DateFilter(field_name="started_at", lookup_expr="date")
-    next_scan_at = DateFilter(field_name="next_scan_at", lookup_expr="date")
    trigger = ChoiceFilter(choices=Scan.TriggerChoices.choices)
-    state = ChoiceFilter(choices=StateChoices.choices)
-    state__in = ChoiceInFilter(
-        field_name="state", choices=StateChoices.choices, lookup_expr="in"
-    )

    class Meta:
        model = Scan
@@ -179,7 +172,6 @@ class ScanFilter(ProviderRelationshipFilterSet):
            "provider": ["exact", "in"],
            "name": ["exact", "icontains"],
            "started_at": ["gte", "lte"],
-            "next_scan_at": ["gte", "lte"],
            "trigger": ["exact"],
        }

@@ -319,27 +311,6 @@ class FindingFilter(FilterSet):
        field_name="resources__type", lookup_expr="icontains"
    )

-    resource_tag_key = CharFilter(field_name="resources__tags__key")
-    resource_tag_key__in = CharInFilter(
-        field_name="resources__tags__key", lookup_expr="in"
-    )
-    resource_tag_key__icontains = CharFilter(
-        field_name="resources__tags__key", lookup_expr="icontains"
-    )
-    resource_tag_value = CharFilter(field_name="resources__tags__value")
-    resource_tag_value__in = CharInFilter(
-        field_name="resources__tags__value", lookup_expr="in"
-    )
-    resource_tag_value__icontains = CharFilter(
-        field_name="resources__tags__value", lookup_expr="icontains"
-    )
-    resource_tags = CharInFilter(
-        method="filter_resource_tag",
-        lookup_expr="in",
-        help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
-        "separated by commas.",
-    )
-
    scan = UUIDFilter(method="filter_scan_id")
    scan__in = UUIDInFilter(method="filter_scan_id_in")

@@ -374,12 +345,6 @@ class FindingFilter(FilterSet):
            },
        }

-    @property
-    def qs(self):
-        # Force distinct results to prevent duplicates with many-to-many relationships
-        parent_qs = super().qs
-        return parent_qs.distinct()
-
    #  Convert filter values to UUIDv7 values for use with partitioning
    def filter_scan_id(self, queryset, name, value):
        try:
@@ -453,16 +418,6 @@ class FindingFilter(FilterSet):

        return queryset.filter(id__lte=end).filter(inserted_at__lte=value)

-    def filter_resource_tag(self, queryset, name, value):
-        overall_query = Q()
-        for key_value_pair in value:
-            tag_key, tag_value = key_value_pair.split(":", 1)
-            overall_query |= Q(
-                resources__tags__key__icontains=tag_key,
-                resources__tags__value__icontains=tag_value,
-            )
-        return queryset.filter(overall_query).distinct()
-
    @staticmethod
    def maybe_date_to_datetime(value):
        dt = value
@@ -520,26 +475,6 @@ class UserFilter(FilterSet):
        }


-class RoleFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    permission_state = ChoiceFilter(
-        choices=PermissionChoices.choices, method="filter_permission_state"
-    )
-
-    def filter_permission_state(self, queryset, name, value):
-        return Role.filter_by_permission_state(queryset, value)
-
-    class Meta:
-        model = Role
-        fields = {
-            "id": ["exact", "in"],
-            "name": ["exact", "in"],
-            "inserted_at": ["gte", "lte"],
-            "updated_at": ["gte", "lte"],
-        }
-
-
 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    provider_type = ChoiceFilter(choices=Provider.ProviderChoices.choices)
@@ -580,25 +515,3 @@ class ScanSummaryFilter(FilterSet):
            "inserted_at": ["date", "gte", "lte"],
            "region": ["exact", "icontains", "in"],
        }
-
-
-class ServiceOverviewFilter(ScanSummaryFilter):
-    muted_findings = None
-
-    def is_valid(self):
-        # Check if at least one of the inserted_at filters is present
-        inserted_at_filters = [
-            self.data.get("inserted_at"),
-            self.data.get("inserted_at__gte"),
-            self.data.get("inserted_at__lte"),
-        ]
-        if not any(inserted_at_filters):
-            raise ValidationError(
-                {
-                    "inserted_at": [
-                        "At least one of filter[inserted_at], filter[inserted_at__gte], or "
-                        "filter[inserted_at__lte] is required."
-                    ]
-                }
-            )
-        return super().is_valid()
@@ -6,7 +6,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.823Z",
      "updated_at": "2024-10-18T10:46:04.841Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -62,7 +61,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.855Z",
      "updated_at": "2024-10-18T10:46:04.858Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -118,7 +116,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.869Z",
      "updated_at": "2024-10-18T10:46:04.876Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -174,7 +171,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.888Z",
      "updated_at": "2024-10-18T10:46:04.892Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -230,7 +226,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.901Z",
      "updated_at": "2024-10-18T10:46:04.905Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -286,7 +281,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.915Z",
      "updated_at": "2024-10-18T10:46:04.919Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -342,7 +336,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.929Z",
      "updated_at": "2024-10-18T10:46:04.934Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -398,7 +391,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.944Z",
      "updated_at": "2024-10-18T10:46:04.947Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -454,7 +446,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.957Z",
      "updated_at": "2024-10-18T10:46:04.962Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": "new",
      "status": "PASS",
@@ -510,7 +501,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.971Z",
      "updated_at": "2024-10-18T10:46:04.975Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -566,7 +556,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.984Z",
      "updated_at": "2024-10-18T10:46:04.989Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -622,7 +611,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.999Z",
      "updated_at": "2024-10-18T10:46:05.003Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -678,7 +666,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.013Z",
      "updated_at": "2024-10-18T10:46:05.018Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -734,7 +721,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.029Z",
      "updated_at": "2024-10-18T10:46:05.033Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -790,7 +776,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.045Z",
      "updated_at": "2024-10-18T10:46:05.050Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -846,7 +831,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.061Z",
      "updated_at": "2024-10-18T10:46:05.065Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -902,7 +886,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.080Z",
      "updated_at": "2024-10-18T10:46:05.085Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -958,7 +941,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.099Z",
      "updated_at": "2024-10-18T10:46:05.104Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1014,7 +996,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.115Z",
      "updated_at": "2024-10-18T10:46:05.121Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1070,7 +1051,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.489Z",
      "updated_at": "2024-10-18T11:16:24.506Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1126,7 +1106,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.518Z",
      "updated_at": "2024-10-18T11:16:24.521Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1182,7 +1161,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.526Z",
      "updated_at": "2024-10-18T11:16:24.529Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1238,7 +1216,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.535Z",
      "updated_at": "2024-10-18T11:16:24.538Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1294,7 +1271,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.544Z",
      "updated_at": "2024-10-18T11:16:24.546Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1350,7 +1326,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.551Z",
      "updated_at": "2024-10-18T11:16:24.554Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1406,7 +1381,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.560Z",
      "updated_at": "2024-10-18T11:16:24.562Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1462,7 +1436,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.567Z",
      "updated_at": "2024-10-18T11:16:24.569Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1518,7 +1491,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.573Z",
      "updated_at": "2024-10-18T11:16:24.575Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": null,
      "status": "PASS",
@@ -1574,7 +1546,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.580Z",
      "updated_at": "2024-10-18T11:16:24.582Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1630,7 +1601,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.587Z",
      "updated_at": "2024-10-18T11:16:24.589Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1686,7 +1656,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.595Z",
      "updated_at": "2024-10-18T11:16:24.597Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1742,7 +1711,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.602Z",
      "updated_at": "2024-10-18T11:16:24.604Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1798,7 +1766,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.610Z",
      "updated_at": "2024-10-18T11:16:24.612Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1854,7 +1821,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.617Z",
      "updated_at": "2024-10-18T11:16:24.620Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1910,7 +1876,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.625Z",
      "updated_at": "2024-10-18T11:16:24.627Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1966,7 +1931,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.632Z",
      "updated_at": "2024-10-18T11:16:24.634Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2022,7 +1986,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.639Z",
      "updated_at": "2024-10-18T11:16:24.642Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2078,7 +2041,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.646Z",
      "updated_at": "2024-10-18T11:16:24.648Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2134,7 +2096,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:26.033Z",
      "updated_at": "2024-10-18T11:16:26.045Z",
-      "first_seen_at": "2024-10-18T11:16:26.033Z",
      "uid": "prowler-aws-account_security_contact_information_is_registered-112233445566-us-east-1-112233445566",
      "delta": "new",
      "status": "MANUAL",
@@ -58,96 +58,5 @@
      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
      "inserted_at": "2024-11-13T11:55:41.237Z"
    }
-  },
-  {
-    "model": "api.role",
-    "pk": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "admin_test",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": true,
-      "manage_scans": true,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-11-20T15:32:42.402Z",
-      "updated_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.role",
-    "pk": "845ff03a-87ef-42ba-9786-6577c70c4df0",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "first_role",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": false,
-      "manage_scans": false,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-11-20T15:31:53.239Z",
-      "updated_at": "2024-11-20T15:31:53.239Z"
-    }
-  },
-  {
-    "model": "api.role",
-    "pk": "902d726c-4bd5-413a-a2a4-f7b4754b6b20",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "third_role",
-      "manage_users": false,
-      "manage_account": false,
-      "manage_billing": false,
-      "manage_providers": false,
-      "manage_integrations": false,
-      "manage_scans": true,
-      "unlimited_visibility": false,
-      "inserted_at": "2024-11-20T15:34:05.440Z",
-      "updated_at": "2024-11-20T15:34:05.440Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "57fd024a-0a7f-49b4-a092-fa0979a07aaf",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "3fe28fb8-e545-424c-9b8f-69aff638f430",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "a3cd0099-1c13-4df1-a5e5-ecdfec561b35",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "481769f5-db2b-447b-8b00-1dee18db90ec",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "cfd84182-a058-40c2-af3c-0189b174940f",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.userrolerelationship",
-    "pk": "92339663-e954-4fd8-98fb-8bfe15949975",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "user": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
-      "inserted_at": "2024-11-20T15:36:14.302Z"
-    }
  }
 ]
@@ -387,7 +387,6 @@ class Migration(migrations.Migration):
                ),
                ("inserted_at", models.DateTimeField(auto_now_add=True)),
                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("is_deleted", models.BooleanField(default=False)),
                (
                    "provider",
                    ProviderEnumField(
@@ -679,7 +678,6 @@ class Migration(migrations.Migration):
                ("updated_at", models.DateTimeField(auto_now=True)),
                ("started_at", models.DateTimeField(null=True, blank=True)),
                ("completed_at", models.DateTimeField(null=True, blank=True)),
-                ("next_scan_at", models.DateTimeField(null=True, blank=True)),
                (
                    "provider",
                    models.ForeignKey(
@@ -1095,7 +1093,7 @@ class Migration(migrations.Migration):
            },
            bases=(PostgresPartitionedModel,),
            managers=[
-                ("objects", api.models.ActiveProviderPartitionedManager()),
+                ("objects", PostgresManager()),
            ],
        ),
        migrations.RunSQL(
@@ -1,23 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-20 13:16
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0002_token_migrations"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
@@ -1,248 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-05 12:29
-
-import uuid
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0003_update_provider_unique_constraint_with_is_deleted"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Role",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("name", models.CharField(max_length=255)),
-                ("manage_users", models.BooleanField(default=False)),
-                ("manage_account", models.BooleanField(default=False)),
-                ("manage_billing", models.BooleanField(default=False)),
-                ("manage_providers", models.BooleanField(default=False)),
-                ("manage_integrations", models.BooleanField(default=False)),
-                ("manage_scans", models.BooleanField(default=False)),
-                ("unlimited_visibility", models.BooleanField(default=False)),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "roles",
-            },
-        ),
-        migrations.CreateModel(
-            name="RoleProviderGroupRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_provider_group_relationship",
-            },
-        ),
-        migrations.CreateModel(
-            name="UserRoleRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_user_relationship",
-            },
-        ),
-        migrations.AddField(
-            model_name="roleprovidergrouprelationship",
-            name="provider_group",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.providergroup"
-            ),
-        ),
-        migrations.AddField(
-            model_name="roleprovidergrouprelationship",
-            name="role",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.role"
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="provider_groups",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.RoleProviderGroupRelationship",
-                to="api.providergroup",
-            ),
-        ),
-        migrations.AddField(
-            model_name="userrolerelationship",
-            name="role",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.role"
-            ),
-        ),
-        migrations.AddField(
-            model_name="userrolerelationship",
-            name="user",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="users",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.UserRoleRelationship",
-                to=settings.AUTH_USER_MODEL,
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="roleprovidergrouprelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "provider_group_id"),
-                name="unique_role_provider_group_relationship",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="roleprovidergrouprelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_roleprovidergrouprelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="userrolerelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "user_id"), name="unique_role_user_relationship"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="userrolerelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_userrolerelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="role",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "name"), name="unique_role_per_tenant"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="role",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_role",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.CreateModel(
-            name="InvitationRoleRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "invitation",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.invitation"
-                    ),
-                ),
-                (
-                    "role",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.role"
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_invitation_relationship",
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="invitationrolerelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "invitation_id"),
-                name="unique_role_invitation_relationship",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="invitationrolerelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_invitationrolerelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="invitations",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.InvitationRoleRelationship",
-                to="api.invitation",
-            ),
-        ),
-    ]
@@ -1,44 +0,0 @@
-from django.db import migrations
-
-from api.db_router import MainRouter
-
-
-def create_admin_role(apps, schema_editor):
-    Tenant = apps.get_model("api", "Tenant")
-    Role = apps.get_model("api", "Role")
-    User = apps.get_model("api", "User")
-    UserRoleRelationship = apps.get_model("api", "UserRoleRelationship")
-
-    for tenant in Tenant.objects.using(MainRouter.admin_db).all():
-        admin_role, _ = Role.objects.using(MainRouter.admin_db).get_or_create(
-            name="admin",
-            tenant=tenant,
-            defaults={
-                "manage_users": True,
-                "manage_account": True,
-                "manage_billing": True,
-                "manage_providers": True,
-                "manage_integrations": True,
-                "manage_scans": True,
-                "unlimited_visibility": True,
-            },
-        )
-        users = User.objects.using(MainRouter.admin_db).filter(
-            membership__tenant=tenant
-        )
-        for user in users:
-            UserRoleRelationship.objects.using(MainRouter.admin_db).get_or_create(
-                user=user,
-                role=admin_role,
-                tenant=tenant,
-            )
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0004_rbac"),
-    ]
-
-    operations = [
-        migrations.RunPython(create_admin_role),
-    ]
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0005_rbac_missing_admin_roles"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="first_seen_at",
-            field=models.DateTimeField(editable=False, null=True),
-        ),
-    ]
@@ -9,10 +9,8 @@ from django.contrib.postgres.indexes import GinIndex
 from django.contrib.postgres.search import SearchVector, SearchVectorField
 from django.core.validators import MinLengthValidator
 from django.db import models
-from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
 from django_celery_results.models import TaskResult
-from psqlextra.manager import PostgresManager
 from psqlextra.models import PostgresPartitionedModel
 from psqlextra.types import PostgresPartitioningMethod
 from uuid6 import uuid7
@@ -69,39 +67,6 @@ class StateChoices(models.TextChoices):
    CANCELLED = "cancelled", _("Cancelled")


-class PermissionChoices(models.TextChoices):
-    """
-    Represents the different permission states that a role can have.
-
-    Attributes:
-        UNLIMITED: Indicates that the role possesses all permissions.
-        LIMITED: Indicates that the role has some permissions but not all.
-        NONE: Indicates that the role does not have any permissions.
-    """
-
-    UNLIMITED = "unlimited", _("Unlimited permissions")
-    LIMITED = "limited", _("Limited permissions")
-    NONE = "none", _("No permissions")
-
-
-class ActiveProviderManager(models.Manager):
-    def get_queryset(self):
-        return super().get_queryset().filter(self.active_provider_filter())
-
-    def active_provider_filter(self):
-        if self.model is Provider:
-            return Q(is_deleted=False)
-        elif self.model in [Finding, ComplianceOverview, ScanSummary]:
-            return Q(scan__provider__is_deleted=False)
-        else:
-            return Q(provider__is_deleted=False)
-
-
-class ActiveProviderPartitionedManager(PostgresManager, ActiveProviderManager):
-    def get_queryset(self):
-        return super().get_queryset().filter(self.active_provider_filter())
-
-
 class User(AbstractBaseUser):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    name = models.CharField(max_length=150, validators=[MinLengthValidator(3)])
@@ -182,9 +147,6 @@ class Membership(models.Model):


 class Provider(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    class ProviderChoices(models.TextChoices):
        AWS = "aws", _("AWS")
        AZURE = "azure", _("Azure")
@@ -225,14 +187,10 @@ class Provider(RowLevelSecurityProtectedModel):

    @staticmethod
    def validate_kubernetes_uid(value):
-        if not re.match(
-            r"(^[a-z0-9]([-a-z0-9]{1,61}[a-z0-9])?$)|(^arn:aws(-cn|-us-gov|-iso|-iso-b)?:[a-zA-Z0-9\-]+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:[a-zA-Z0-9\-_\/:\.\*]+(:\d+)?$)",
-            value,
-        ):
+        if not re.match(r"^[a-z0-9]([-a-z0-9]{1,61}[a-z0-9])?$", value):
            raise ModelValidationError(
-                detail="The value must either be a valid Kubernetes UID (up to 63 characters, "
-                "starting and ending with a lowercase letter or number, containing only "
-                "lowercase alphanumeric characters and hyphens) or a valid EKS ARN.",
+                detail="K8s provider ID must be up to 63 characters, start and end with a lowercase letter or number, "
+                "and contain only lowercase alphanumeric characters and hyphens.",
                code="kubernetes-uid",
                pointer="/data/attributes/uid",
            )
@@ -240,7 +198,6 @@ class Provider(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    is_deleted = models.BooleanField(default=False)
    provider = ProviderEnumField(
        choices=ProviderChoices.choices, default=ProviderChoices.AWS
    )
@@ -271,7 +228,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
+                fields=("tenant_id", "provider", "uid"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -314,9 +271,15 @@ class ProviderGroup(RowLevelSecurityProtectedModel):

 class ProviderGroupMembership(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
-    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
+    provider = models.ForeignKey(
+        Provider,
+        on_delete=models.CASCADE,
+    )
+    provider_group = models.ForeignKey(
+        ProviderGroup,
+        on_delete=models.CASCADE,
+    )
+    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)

    class Meta:
        db_table = "provider_group_memberships"
@@ -333,7 +296,7 @@ class ProviderGroupMembership(RowLevelSecurityProtectedModel):
        ]

    class JSONAPIMeta:
-        resource_name = "provider_groups-provider"
+        resource_name = "provider-group-memberships"


 class Task(RowLevelSecurityProtectedModel):
@@ -371,9 +334,6 @@ class Task(RowLevelSecurityProtectedModel):


 class Scan(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    class TriggerChoices(models.TextChoices):
        SCHEDULED = "scheduled", _("Scheduled")
        MANUAL = "manual", _("Manual")
@@ -409,7 +369,6 @@ class Scan(RowLevelSecurityProtectedModel):
    updated_at = models.DateTimeField(auto_now=True, editable=False)
    started_at = models.DateTimeField(null=True, blank=True)
    completed_at = models.DateTimeField(null=True, blank=True)
-    next_scan_at = models.DateTimeField(null=True, blank=True)
    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
@@ -472,9 +431,6 @@ class ResourceTag(RowLevelSecurityProtectedModel):


 class Resource(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -515,8 +471,8 @@ class Resource(RowLevelSecurityProtectedModel):
        through="ResourceTagMapping",
    )

-    def get_tags(self, tenant_id: str) -> dict:
-        return {tag.key: tag.value for tag in self.tags.filter(tenant_id=tenant_id)}
+    def get_tags(self) -> dict:
+        return {tag.key: tag.value for tag in self.tags.all()}

    def clear_tags(self):
        self.tags.clear()
@@ -601,9 +557,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    Note when creating migrations, you must use `python manage.py pgmakemigrations` to create the migrations.
    """

-    objects = ActiveProviderPartitionedManager()
-    all_objects = models.Manager()
-
    class PartitioningMeta:
        method = PostgresPartitioningMethod.RANGE
        key = ["id"]
@@ -615,7 +568,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid7, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    first_seen_at = models.DateTimeField(editable=False, null=True)

    uid = models.CharField(max_length=300)
    delta = FindingDeltaEnumField(
@@ -756,9 +708,6 @@ class ResourceFindingMapping(PostgresPartitionedModel, RowLevelSecurityProtected


 class ProviderSecret(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    class TypeChoices(models.TextChoices):
        STATIC = "static", _("Key-value pairs")
        ROLE = "role", _("Role assumption")
@@ -858,154 +807,7 @@ class Invitation(RowLevelSecurityProtectedModel):
        resource_name = "invitations"


-class Role(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    name = models.CharField(max_length=255)
-    manage_users = models.BooleanField(default=False)
-    manage_account = models.BooleanField(default=False)
-    manage_billing = models.BooleanField(default=False)
-    manage_providers = models.BooleanField(default=False)
-    manage_integrations = models.BooleanField(default=False)
-    manage_scans = models.BooleanField(default=False)
-    unlimited_visibility = models.BooleanField(default=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    provider_groups = models.ManyToManyField(
-        ProviderGroup, through="RoleProviderGroupRelationship", related_name="roles"
-    )
-    users = models.ManyToManyField(
-        User, through="UserRoleRelationship", related_name="roles"
-    )
-    invitations = models.ManyToManyField(
-        Invitation, through="InvitationRoleRelationship", related_name="roles"
-    )
-
-    # Filter permission_state
-    PERMISSION_FIELDS = [
-        "manage_users",
-        "manage_account",
-        "manage_billing",
-        "manage_providers",
-        "manage_integrations",
-        "manage_scans",
-    ]
-
-    @property
-    def permission_state(self):
-        values = [getattr(self, field) for field in self.PERMISSION_FIELDS]
-        if all(values):
-            return PermissionChoices.UNLIMITED
-        elif not any(values):
-            return PermissionChoices.NONE
-        else:
-            return PermissionChoices.LIMITED
-
-    @classmethod
-    def filter_by_permission_state(cls, queryset, value):
-        q_all_true = Q(**{field: True for field in cls.PERMISSION_FIELDS})
-        q_all_false = Q(**{field: False for field in cls.PERMISSION_FIELDS})
-
-        if value == PermissionChoices.UNLIMITED:
-            return queryset.filter(q_all_true)
-        elif value == PermissionChoices.NONE:
-            return queryset.filter(q_all_false)
-        else:
-            return queryset.exclude(q_all_true | q_all_false)
-
-    class Meta:
-        db_table = "roles"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["tenant_id", "name"],
-                name="unique_role_per_tenant",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "roles"
-
-
-class RoleProviderGroupRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_provider_group_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "provider_group_id"],
-                name="unique_role_provider_group_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "role-provider_groups"
-
-
-class UserRoleRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    user = models.ForeignKey(User, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_user_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "user_id"],
-                name="unique_role_user_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "user-roles"
-
-
-class InvitationRoleRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    invitation = models.ForeignKey(Invitation, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_invitation_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "invitation_id"],
-                name="unique_role_invitation_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "invitation-roles"
-
-
 class ComplianceOverview(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    compliance_id = models.CharField(max_length=100, blank=False, null=False)
@@ -1055,9 +857,6 @@ class ComplianceOverview(RowLevelSecurityProtectedModel):


 class ScanSummary(RowLevelSecurityProtectedModel):
-    objects = ActiveProviderManager()
-    all_objects = models.Manager()
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    check_id = models.CharField(max_length=100, blank=False, null=False)
@@ -1,75 +0,0 @@
-from enum import Enum
-from typing import Optional
-
-from django.db.models import QuerySet
-from rest_framework.permissions import BasePermission
-
-from api.db_router import MainRouter
-from api.models import Provider, Role, User
-
-
-class Permissions(Enum):
-    MANAGE_USERS = "manage_users"
-    MANAGE_ACCOUNT = "manage_account"
-    MANAGE_BILLING = "manage_billing"
-    MANAGE_PROVIDERS = "manage_providers"
-    MANAGE_INTEGRATIONS = "manage_integrations"
-    MANAGE_SCANS = "manage_scans"
-    UNLIMITED_VISIBILITY = "unlimited_visibility"
-
-
-class HasPermissions(BasePermission):
-    """
-    Custom permission to check if the user's role has the required permissions.
-    The required permissions should be specified in the view as a list in `required_permissions`.
-    """
-
-    def has_permission(self, request, view):
-        required_permissions = getattr(view, "required_permissions", [])
-        if not required_permissions:
-            return True
-
-        user_roles = (
-            User.objects.using(MainRouter.admin_db).get(id=request.user.id).roles.all()
-        )
-        if not user_roles:
-            return False
-
-        for perm in required_permissions:
-            if not getattr(user_roles[0], perm.value, False):
-                return False
-
-        return True
-
-
-def get_role(user: User) -> Optional[Role]:
-    """
-    Retrieve the first role assigned to the given user.
-
-    Returns:
-        The user's first Role instance if the user has any roles, otherwise None.
-    """
-    return user.roles.first()
-
-
-def get_providers(role: Role) -> QuerySet[Provider]:
-    """
-    Return a distinct queryset of Providers accessible by the given role.
-
-    If the role has no associated provider groups, an empty queryset is returned.
-
-    Args:
-        role: A Role instance.
-
-    Returns:
-        A QuerySet of Provider objects filtered by the role's provider groups.
-        If the role has no provider groups, returns an empty queryset.
-    """
-    tenant = role.tenant
-    provider_groups = role.provider_groups.all()
-    if not provider_groups.exists():
-        return Provider.objects.none()
-
-    return Provider.objects.filter(
-        tenant=tenant, provider_groups__in=provider_groups
-    ).distinct()
@@ -2,7 +2,7 @@ from contextlib import nullcontext

 from rest_framework_json_api.renderers import JSONRenderer

-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction


 class APIJSONRenderer(JSONRenderer):
@@ -13,9 +13,9 @@ class APIJSONRenderer(JSONRenderer):
        tenant_id = getattr(request, "tenant_id", None) if request else None
        include_param_present = "include" in request.query_params if request else False

-        # Use rls_transaction if needed for included resources, otherwise do nothing
+        # Use tenant_transaction if needed for included resources, otherwise do nothing
        context_manager = (
-            rls_transaction(tenant_id)
+            tenant_transaction(tenant_id)
            if tenant_id and include_param_present
            else nullcontext()
        )
@@ -1,9 +1,12 @@
 import pytest
-from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header
 from django.urls import reverse
+from unittest.mock import patch
 from rest_framework.test import APIClient

+from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header

+
+@patch("api.v1.views.MainRouter.admin_db", new="default")
@pytest.mark.django_db
 def test_basic_authentication():
    client = APIClient()
@@ -95,85 +98,3 @@ def test_refresh_token(create_test_user, tenants_fixture):
        format="vnd.api+json",
    )
    assert new_refresh_response.status_code == 200
-
-
-@pytest.mark.django_db
-def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fixture):
-    client = APIClient()
-
-    role = roles_fixture[0]
-
-    user1_email = "user1@testing.com"
-    user2_email = "user2@testing.com"
-
-    password = "thisisapassword123"
-
-    user1_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user1",
-                    "email": user1_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user1_response.status_code == 201
-
-    user1_access_token, _ = get_api_tokens(client, user1_email, password)
-    user1_headers = get_authorization_header(user1_access_token)
-
-    user2_invitation = client.post(
-        reverse("invitation-list"),
-        data={
-            "data": {
-                "type": "invitations",
-                "attributes": {"email": user2_email},
-                "relationships": {
-                    "roles": {
-                        "data": [
-                            {
-                                "type": "roles",
-                                "id": str(role.id),
-                            }
-                        ]
-                    }
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=user1_headers,
-    )
-    assert user2_invitation.status_code == 201
-    invitation_token = user2_invitation.json()["data"]["attributes"]["token"]
-
-    user2_response = client.post(
-        reverse("user-list") + f"?invitation_token={invitation_token}",
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user2",
-                    "email": user2_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user2_response.status_code == 201
-
-    user2_access_token, _ = get_api_tokens(client, user2_email, password)
-    user2_headers = get_authorization_header(user2_access_token)
-
-    user1_me = client.get(reverse("user-me"), headers=user1_headers)
-    assert user1_me.status_code == 200
-    assert user1_me.json()["data"]["attributes"]["email"] == user1_email
-
-    user2_me = client.get(reverse("user-me"), headers=user2_headers)
-    assert user2_me.status_code == 200
-    assert user2_me.json()["data"]["attributes"]["email"] == user2_email
@@ -1,85 +0,0 @@
-from unittest.mock import Mock, patch
-
-import pytest
-from conftest import get_api_tokens, get_authorization_header
-from django.urls import reverse
-from rest_framework.test import APIClient
-
-from api.models import Provider
-
-
-@patch("api.v1.views.Task.objects.get")
-@patch("api.v1.views.delete_provider_task.delay")
-@pytest.mark.django_db
-def test_delete_provider_without_executing_task(
-    mock_delete_task, mock_task_get, create_test_user, tenants_fixture, tasks_fixture
-):
-    client = APIClient()
-
-    test_user = "test_email@prowler.com"
-    test_password = "test_password"
-
-    prowler_task = tasks_fixture[0]
-    task_mock = Mock()
-    task_mock.id = prowler_task.id
-    mock_delete_task.return_value = task_mock
-    mock_task_get.return_value = prowler_task
-
-    user_creation_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "test",
-                    "email": test_user,
-                    "password": test_password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user_creation_response.status_code == 201
-
-    access_token, _ = get_api_tokens(client, test_user, test_password)
-    auth_headers = get_authorization_header(access_token)
-
-    create_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": "123456789012",
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert create_provider_response.status_code == 201
-    provider_id = create_provider_response.json()["data"]["id"]
-    provider_uid = create_provider_response.json()["data"]["attributes"]["uid"]
-
-    remove_provider = client.delete(
-        reverse("provider-detail", kwargs={"pk": provider_id}),
-        headers=auth_headers,
-    )
-    assert remove_provider.status_code == 202
-
-    recreate_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": provider_uid,
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert recreate_provider_response.status_code == 201
@@ -13,7 +13,6 @@ def test_check_resources_between_different_tenants(
    enforce_test_user_db_connection,
    authenticated_api_client,
    tenants_fixture,
-    set_user_admin_roles_fixture,
 ):
    client = authenticated_api_client

@@ -6,10 +6,8 @@ from django.db.utils import ConnectionRouter
 from api.db_router import MainRouter
 from api.rls import Tenant
 from config.django.base import DATABASE_ROUTERS as PROD_DATABASE_ROUTERS
-from unittest.mock import patch


-@patch("api.db_router.MainRouter.admin_db", new="admin")
 class TestMainDatabaseRouter:
    @pytest.fixture(scope="module")
    def router(self):
@@ -2,15 +2,7 @@ from datetime import datetime, timezone
 from enum import Enum
 from unittest.mock import patch

-import pytest
-
-from api.db_utils import (
-    batch_delete,
-    enum_to_choices,
-    generate_random_token,
-    one_week_from_now,
-)
-from api.models import Provider
+from api.db_utils import enum_to_choices, one_week_from_now, generate_random_token


 class TestEnumToChoices:
@@ -114,26 +106,3 @@ class TestGenerateRandomToken:
        token = generate_random_token(length=5, symbols="")
        # Default symbols
        assert len(token) == 5
-
-
-class TestBatchDelete:
-    @pytest.fixture
-    def create_test_providers(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        provider_id = 123456789012
-        provider_count = 10
-        for i in range(provider_count):
-            Provider.objects.create(
-                tenant=tenant,
-                uid=f"{provider_id + i}",
-                provider=Provider.ProviderChoices.AWS,
-            )
-        return provider_count
-
-    @pytest.mark.django_db
-    def test_batch_delete(self, create_test_providers):
-        _, summary = batch_delete(
-            Provider.objects.all(), batch_size=create_test_providers // 2
-        )
-        assert Provider.objects.all().count() == 0
-        assert summary == {"api.Provider": create_test_providers}
@@ -1,9 +1,7 @@
-import uuid
-from unittest.mock import call, patch
+from unittest.mock import patch, call

 import pytest

-from api.db_utils import POSTGRES_TENANT_VAR, SET_CONFIG_QUERY
 from api.decorators import set_tenant


@@ -17,12 +15,12 @@ class TestSetTenantDecorator:
        def random_func(arg):
            return arg

-        tenant_id = str(uuid.uuid4())
+        tenant_id = "1234-abcd-5678"

        result = random_func("test_arg", tenant_id=tenant_id)

        assert (
-            call(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
+            call(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            in mock_cursor.execute.mock_calls
        )
        assert result == "test_arg"
@@ -7,10 +7,9 @@ from api.models import Resource, ResourceTag
 class TestResourceModel:
    def test_setting_tags(self, providers_fixture):
        provider, *_ = providers_fixture
-        tenant_id = provider.tenant_id

        resource = Resource.objects.create(
-            tenant_id=tenant_id,
+            tenant_id=provider.tenant_id,
            provider=provider,
            uid="arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
            name="My Instance 1",
@@ -21,12 +20,12 @@ class TestResourceModel:

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key",
                value="value",
            ),
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key2",
                value="value2",
            ),
@@ -34,9 +33,9 @@ class TestResourceModel:

        resource.upsert_or_delete_tags(tags)

-        assert len(tags) == len(resource.tags.filter(tenant_id=tenant_id))
+        assert len(tags) == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        for tag in tags:
            assert tag.key in tags_dict
@@ -44,51 +43,47 @@ class TestResourceModel:

    def test_adding_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=resource.tenant_id,
                key="env",
                value="test",
            ),
        ]
-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

-        assert before_count + 1 == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count + 1 == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        assert "env" in tags_dict
        assert tags_dict["env"] == "test"

    def test_adding_duplicate_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

-        tags = resource.tags.filter(tenant_id=tenant_id)
+        tags = resource.tags.all()

-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

        # should be the same number of tags
-        assert before_count == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count == len(resource.tags.all())

    def test_add_tags_none(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.upsert_or_delete_tags(None)

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}

    def test_clear_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.clear_tags()

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}
@@ -1,306 +0,0 @@
-import pytest
-from django.urls import reverse
-from rest_framework import status
-from unittest.mock import patch, ANY, Mock
-
-
-@pytest.mark.django_db
-class TestUserViewSet:
-    def test_list_users_with_all_permissions(self, authenticated_client_rbac):
-        response = authenticated_client_rbac.get(reverse("user-list"))
-        assert response.status_code == status.HTTP_200_OK
-        assert isinstance(response.json()["data"], list)
-
-    def test_list_users_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        response = authenticated_client_no_permissions_rbac.get(reverse("user-list"))
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_retrieve_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.get(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert (
-            response.json()["data"]["attributes"]["email"]
-            == create_test_user_rbac.email
-        )
-
-    def test_retrieve_user_with_no_roles(
-        self, authenticated_client_rbac_noroles, create_test_user_rbac_no_roles
-    ):
-        response = authenticated_client_rbac_noroles.get(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac_no_roles.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_retrieve_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("user-detail", kwargs={"pk": create_test_user.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
-        valid_user_payload = {
-            "name": "test",
-            "password": "newpassword123",
-            "email": "new_user@test.com",
-        }
-        response = authenticated_client_rbac.post(
-            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
-
-    def test_create_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        valid_user_payload = {
-            "name": "test",
-            "password": "newpassword123",
-            "email": "new_user@test.com",
-        }
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
-
-    def test_partial_update_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        updated_data = {
-            "data": {
-                "type": "users",
-                "id": str(create_test_user_rbac.id),
-                "attributes": {"name": "Updated Name"},
-            },
-        }
-        response = authenticated_client_rbac.patch(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id}),
-            data=updated_data,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["name"] == "Updated Name"
-
-    def test_partial_update_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        updated_data = {
-            "data": {
-                "type": "users",
-                "attributes": {"name": "Updated Name"},
-            }
-        }
-        response = authenticated_client_no_permissions_rbac.patch(
-            reverse("user-detail", kwargs={"pk": create_test_user.id}),
-            data=updated_data,
-            format="vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_delete_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.delete(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
-        )
-        assert response.status_code == status.HTTP_204_NO_CONTENT
-
-    def test_delete_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.delete(
-            reverse("user-detail", kwargs={"pk": create_test_user.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_me_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.get(reverse("user-me"))
-        assert response.status_code == status.HTTP_200_OK
-        assert (
-            response.json()["data"]["attributes"]["email"]
-            == create_test_user_rbac.email
-        )
-
-    def test_me_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.get(reverse("user-me"))
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["email"] == "rbac_limited@rbac.com"
-
-
-@pytest.mark.django_db
-class TestProviderViewSet:
-    def test_list_providers_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        response = authenticated_client_rbac.get(reverse("provider-list"))
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == len(providers_fixture)
-
-    def test_list_providers_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("provider-list")
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-
-    def test_retrieve_provider_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_rbac.get(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["alias"] == provider.alias
-
-    def test_retrieve_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_404_NOT_FOUND
-
-    def test_create_provider_with_all_permissions(self, authenticated_client_rbac):
-        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
-        response = authenticated_client_rbac.post(
-            reverse("provider-list"), data=payload, format="json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["alias"] == "new_alias"
-
-    def test_create_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("provider-list"), data=payload, format="json"
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_partial_update_provider_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        payload = {
-            "data": {
-                "type": "providers",
-                "id": provider.id,
-                "attributes": {"alias": "updated_alias"},
-            },
-        }
-        response = authenticated_client_rbac.patch(
-            reverse("provider-detail", kwargs={"pk": provider.id}),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["alias"] == "updated_alias"
-
-    def test_partial_update_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        update_payload = {
-            "data": {
-                "type": "providers",
-                "attributes": {"alias": "updated_alias"},
-            }
-        }
-        response = authenticated_client_no_permissions_rbac.patch(
-            reverse("provider-detail", kwargs={"pk": provider.id}),
-            data=update_payload,
-            format="vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    @patch("api.v1.views.Task.objects.get")
-    @patch("api.v1.views.delete_provider_task.delay")
-    def test_delete_provider_with_all_permissions(
-        self,
-        mock_delete_task,
-        mock_task_get,
-        authenticated_client_rbac,
-        providers_fixture,
-        tasks_fixture,
-    ):
-        prowler_task = tasks_fixture[0]
-        task_mock = Mock()
-        task_mock.id = prowler_task.id
-        mock_delete_task.return_value = task_mock
-        mock_task_get.return_value = prowler_task
-
-        provider1, *_ = providers_fixture
-        response = authenticated_client_rbac.delete(
-            reverse("provider-detail", kwargs={"pk": provider1.id})
-        )
-        assert response.status_code == status.HTTP_202_ACCEPTED
-        mock_delete_task.assert_called_once_with(
-            provider_id=str(provider1.id), tenant_id=ANY
-        )
-        assert "Content-Location" in response.headers
-        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
-
-    def test_delete_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.delete(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    @patch("api.v1.views.Task.objects.get")
-    @patch("api.v1.views.check_provider_connection_task.delay")
-    def test_connection_with_all_permissions(
-        self,
-        mock_provider_connection,
-        mock_task_get,
-        authenticated_client_rbac,
-        providers_fixture,
-        tasks_fixture,
-    ):
-        prowler_task = tasks_fixture[0]
-        task_mock = Mock()
-        task_mock.id = prowler_task.id
-        task_mock.status = "PENDING"
-        mock_provider_connection.return_value = task_mock
-        mock_task_get.return_value = prowler_task
-
-        provider1, *_ = providers_fixture
-        assert provider1.connected is None
-        assert provider1.connection_last_checked_at is None
-
-        response = authenticated_client_rbac.post(
-            reverse("provider-connection", kwargs={"pk": provider1.id})
-        )
-        assert response.status_code == status.HTTP_202_ACCEPTED
-        mock_provider_connection.assert_called_once_with(
-            provider_id=str(provider1.id), tenant_id=ANY
-        )
-        assert "Content-Location" in response.headers
-        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
-
-    def test_connection_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("provider-connection", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
@@ -17,7 +17,6 @@ from api.models import (
    ComplianceOverview,
    Finding,
    Invitation,
-    InvitationRoleRelationship,
    Membership,
    Provider,
    ProviderGroup,
@@ -25,13 +24,10 @@ from api.models import (
    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
-    RoleProviderGroupRelationship,
    Scan,
    StateChoices,
    Task,
    User,
-    UserRoleRelationship,
 )
 from api.rls import Tenant

@@ -180,26 +176,10 @@ class UserSerializer(BaseSerializerV1):
    """

    memberships = serializers.ResourceRelatedField(many=True, read_only=True)
-    roles = serializers.ResourceRelatedField(many=True, read_only=True)

    class Meta:
        model = User
-        fields = [
-            "id",
-            "name",
-            "email",
-            "company_name",
-            "date_joined",
-            "memberships",
-            "roles",
-        ]
-        extra_kwargs = {
-            "roles": {"read_only": True},
-        }
-
-    included_serializers = {
-        "roles": "api.v1.serializers.RoleSerializer",
-    }
+        fields = ["id", "name", "email", "company_name", "date_joined", "memberships"]


 class UserCreateSerializer(BaseWriteSerializer):
@@ -255,73 +235,6 @@ class UserUpdateSerializer(BaseWriteSerializer):
        return super().update(instance, validated_data)


-class RoleResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "role-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class UserRoleRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for modifying user memberships
-    """
-
-    roles = serializers.ListField(
-        child=RoleResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing roles.",
-    )
-
-    def create(self, validated_data):
-        role_ids = [item["id"] for item in validated_data["roles"]]
-        roles = Role.objects.filter(id__in=role_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        new_relationships = [
-            UserRoleRelationship(
-                user=self.context.get("user"), role=r, tenant_id=tenant_id
-            )
-            for r in roles
-        ]
-        UserRoleRelationship.objects.bulk_create(new_relationships)
-
-        return self.context.get("user")
-
-    def update(self, instance, validated_data):
-        role_ids = [item["id"] for item in validated_data["roles"]]
-        roles = Role.objects.filter(id__in=role_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.roles.clear()
-        new_relationships = [
-            UserRoleRelationship(user=instance, role=r, tenant_id=tenant_id)
-            for r in roles
-        ]
-        UserRoleRelationship.objects.bulk_create(new_relationships)
-
-        return instance
-
-    class Meta:
-        model = UserRoleRelationship
-        fields = ["id", "roles"]
-
-
 # Tasks
 class TaskBase(serializers.ModelSerializer):
    state_mapping = {
@@ -445,199 +358,83 @@ class MembershipSerializer(serializers.ModelSerializer):

 # Provider Groups
 class ProviderGroupSerializer(RLSSerializer, BaseWriteSerializer):
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-    roles = serializers.ResourceRelatedField(
-        queryset=Role.objects.all(), many=True, required=False
-    )
+    providers = serializers.ResourceRelatedField(many=True, read_only=True)

    def validate(self, attrs):
-        if ProviderGroup.objects.filter(name=attrs.get("name")).exists():
+        tenant = self.context["tenant_id"]
+        name = attrs.get("name", self.instance.name if self.instance else None)
+
+        # Exclude the current instance when checking for uniqueness during updates
+        queryset = ProviderGroup.objects.filter(tenant=tenant, name=name)
+        if self.instance:
+            queryset = queryset.exclude(pk=self.instance.pk)
+
+        if queryset.exists():
            raise serializers.ValidationError(
-                {"name": "A provider group with this name already exists."}
+                {
+                    "name": "A provider group with this name already exists for this tenant."
+                }
            )

        return super().validate(attrs)

    class Meta:
        model = ProviderGroup
-        fields = [
-            "id",
-            "name",
-            "inserted_at",
-            "updated_at",
-            "providers",
-            "roles",
-            "url",
-        ]
+        fields = ["id", "name", "inserted_at", "updated_at", "providers", "url"]
+        read_only_fields = ["id", "inserted_at", "updated_at"]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
-            "roles": {"read_only": True},
-            "url": {"read_only": True},
        }


-class ProviderGroupIncludedSerializer(ProviderGroupSerializer):
+class ProviderGroupUpdateSerializer(RLSSerializer, BaseWriteSerializer):
+    """
+    Serializer for updating the ProviderGroup model.
+    Only allows "name" field to be updated.
+    """
+
    class Meta:
        model = ProviderGroup
        fields = ["id", "name"]


-class ProviderGroupCreateSerializer(ProviderGroupSerializer):
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-    roles = serializers.ResourceRelatedField(
-        queryset=Role.objects.all(), many=True, required=False
+class ProviderGroupMembershipUpdateSerializer(RLSSerializer, BaseWriteSerializer):
+    """
+    Serializer for modifying provider group memberships
+    """
+
+    provider_ids = serializers.ListField(
+        child=serializers.UUIDField(),
+        help_text="List of provider UUIDs to add to the group",
    )

-    class Meta:
-        model = ProviderGroup
-        fields = [
-            "id",
-            "name",
-            "inserted_at",
-            "updated_at",
-            "providers",
-            "roles",
-        ]
+    def validate(self, attrs):
+        tenant_id = self.context["tenant_id"]
+        provider_ids = attrs.get("provider_ids", [])

-    def create(self, validated_data):
-        providers = validated_data.pop("providers", [])
-        roles = validated_data.pop("roles", [])
-        tenant_id = self.context.get("tenant_id")
-        provider_group = ProviderGroup.objects.create(
-            tenant_id=tenant_id, **validated_data
+        existing_provider_ids = set(
+            Provider.objects.filter(
+                id__in=provider_ids, tenant_id=tenant_id
+            ).values_list("id", flat=True)
        )
+        provided_provider_ids = set(provider_ids)

-        through_model_instances = [
-            ProviderGroupMembership(
-                provider_group=provider_group,
-                provider=provider,
-                tenant_id=tenant_id,
+        missing_provider_ids = provided_provider_ids - existing_provider_ids
+
+        if missing_provider_ids:
+            raise serializers.ValidationError(
+                {
+                    "provider_ids": f"The following provider IDs do not exist: {', '.join(str(id) for id in missing_provider_ids)}"
+                }
            )
-            for provider in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(through_model_instances)

-        through_model_instances = [
-            RoleProviderGroupRelationship(
-                provider_group=provider_group,
-                role=role,
-                tenant_id=tenant_id,
-            )
-            for role in roles
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        return provider_group
-
-
-class ProviderGroupUpdateSerializer(ProviderGroupSerializer):
-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-
-        if "providers" in validated_data:
-            providers = validated_data.pop("providers")
-            instance.providers.clear()
-            through_model_instances = [
-                ProviderGroupMembership(
-                    provider_group=instance,
-                    provider=provider,
-                    tenant_id=tenant_id,
-                )
-                for provider in providers
-            ]
-            ProviderGroupMembership.objects.bulk_create(through_model_instances)
-
-        if "roles" in validated_data:
-            roles = validated_data.pop("roles")
-            instance.roles.clear()
-            through_model_instances = [
-                RoleProviderGroupRelationship(
-                    provider_group=instance,
-                    role=role,
-                    tenant_id=tenant_id,
-                )
-                for role in roles
-            ]
-            RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        return super().update(instance, validated_data)
-
-
-class ProviderResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "provider-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class ProviderGroupMembershipSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for modifying provider_group memberships
-    """
-
-    providers = serializers.ListField(
-        child=ProviderResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing providers.",
-    )
-
-    def create(self, validated_data):
-        provider_ids = [item["id"] for item in validated_data["providers"]]
-        providers = Provider.objects.filter(id__in=provider_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        new_relationships = [
-            ProviderGroupMembership(
-                provider_group=self.context.get("provider_group"),
-                provider=p,
-                tenant_id=tenant_id,
-            )
-            for p in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(new_relationships)
-
-        return self.context.get("provider_group")
-
-    def update(self, instance, validated_data):
-        provider_ids = [item["id"] for item in validated_data["providers"]]
-        providers = Provider.objects.filter(id__in=provider_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.providers.clear()
-        new_relationships = [
-            ProviderGroupMembership(
-                provider_group=instance, provider=p, tenant_id=tenant_id
-            )
-            for p in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(new_relationships)
-
-        return instance
+        return super().validate(attrs)

    class Meta:
        model = ProviderGroupMembership
-        fields = ["id", "providers"]
+        fields = ["id", "provider_ids"]


 # Providers
@@ -655,10 +452,6 @@ class ProviderSerializer(RLSSerializer):
    provider = ProviderEnumSerializerField()
    connection = serializers.SerializerMethodField(read_only=True)

-    included_serializers = {
-        "provider_groups": "api.v1.serializers.ProviderGroupIncludedSerializer",
-    }
-
    class Meta:
        model = Provider
        fields = [
@@ -671,7 +464,6 @@ class ProviderSerializer(RLSSerializer):
            "connection",
            # "scanner_args",
            "secret",
-            "provider_groups",
            "url",
        ]

@@ -744,11 +536,9 @@ class ScanSerializer(RLSSerializer):
            "duration",
            "provider",
            "task",
-            "inserted_at",
            "started_at",
            "completed_at",
            "scheduled_at",
-            "next_scan_at",
            "url",
        ]

@@ -874,7 +664,7 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        return obj.get_tags(self.context.get("tenant_id"))
+        return obj.get_tags()

    def get_fields(self):
        """`type` is a Python reserved keyword."""
@@ -905,7 +695,6 @@ class FindingSerializer(RLSSerializer):
            "raw_result",
            "inserted_at",
            "updated_at",
-            "first_seen_at",
            "url",
            # Relationships
            "scan",
@@ -918,27 +707,6 @@ class FindingSerializer(RLSSerializer):
    }


-# To be removed when the related endpoint is removed as well
-class FindingDynamicFilterSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-
-    class Meta:
-        resource_name = "finding-dynamic-filters"
-
-
-class FindingMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    resource_types = serializers.ListField(
-        child=serializers.CharField(), allow_empty=True
-    )
-    tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "findings-metadata"
-
-
 # Provider secrets
 class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
    @staticmethod
@@ -1011,7 +779,7 @@ class KubernetesProviderSecret(serializers.Serializer):

 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
-    external_id = serializers.CharField()
+    external_id = serializers.CharField(required=False)
    role_session_name = serializers.CharField(required=False)
    session_duration = serializers.IntegerField(
        required=False, min_value=900, max_value=43200
@@ -1058,10 +826,6 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
                        "assumption.",
                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
                    "aws_access_key_id": {
                        "type": "string",
                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
@@ -1083,6 +847,11 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "default": 3600,
                        "description": "The duration (in seconds) for the role session.",
                    },
+                    "external_id": {
+                        "type": "string",
+                        "description": "An optional identifier to enhance security for role assumption; may be "
+                        "required by the role administrator.",
+                    },
                    "role_session_name": {
                        "type": "string",
                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
@@ -1096,7 +865,7 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
                    },
                },
-                "required": ["role_arn", "external_id"],
+                "required": ["role_arn"],
            },
            {
                "type": "object",
@@ -1244,14 +1013,6 @@ class InvitationSerializer(RLSSerializer):
    Serializer for the Invitation model.
    """

-    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    class Meta:
        model = Invitation
        fields = [
@@ -1261,7 +1022,6 @@ class InvitationSerializer(RLSSerializer):
            "email",
            "state",
            "token",
-            "roles",
            "expires_at",
            "inviter",
            "url",
@@ -1269,14 +1029,6 @@ class InvitationSerializer(RLSSerializer):


 class InvitationBaseWriteSerializer(BaseWriteSerializer):
-    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    def validate_email(self, value):
        user = User.objects.filter(email=value).first()
        tenant_id = self.context["tenant_id"]
@@ -1313,62 +1065,31 @@ class InvitationCreateSerializer(InvitationBaseWriteSerializer, RLSSerializer):

    class Meta:
        model = Invitation
-        fields = ["email", "expires_at", "state", "token", "inviter", "roles"]
+        fields = ["email", "expires_at", "state", "token", "inviter"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "inviter": {"read_only": True},
            "expires_at": {"required": False},
-            "roles": {"required": False},
        }

    def create(self, validated_data):
        inviter = self.context.get("request").user
-        tenant_id = self.context.get("tenant_id")
        validated_data["inviter"] = inviter
-        roles = validated_data.pop("roles", [])
-        invitation = super().create(validated_data)
-        for role in roles:
-            InvitationRoleRelationship.objects.create(
-                role=role, invitation=invitation, tenant_id=tenant_id
-            )
-
-        return invitation
+        return super().create(validated_data)


 class InvitationUpdateSerializer(InvitationBaseWriteSerializer):
-    roles = serializers.ResourceRelatedField(
-        required=False, many=True, queryset=Role.objects.all()
-    )
-
    class Meta:
        model = Invitation
-        fields = ["id", "email", "expires_at", "state", "token", "roles"]
+        fields = ["id", "email", "expires_at", "state", "token"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "expires_at": {"required": False},
            "email": {"required": False},
-            "roles": {"required": False},
        }

-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-        if "roles" in validated_data:
-            roles = validated_data.pop("roles")
-            instance.roles.clear()
-            new_relationships = [
-                InvitationRoleRelationship(
-                    role=r, invitation=instance, tenant_id=tenant_id
-                )
-                for r in roles
-            ]
-            InvitationRoleRelationship.objects.bulk_create(new_relationships)
-
-        invitation = super().update(instance, validated_data)
-
-        return invitation
-

 class InvitationAcceptSerializer(RLSSerializer):
    """Serializer for accepting an invitation."""
@@ -1380,218 +1101,6 @@ class InvitationAcceptSerializer(RLSSerializer):
        fields = ["invitation_token"]


-# Roles
-
-
-class RoleSerializer(RLSSerializer, BaseWriteSerializer):
-    permission_state = serializers.SerializerMethodField()
-    users = serializers.ResourceRelatedField(
-        queryset=User.objects.all(), many=True, required=False
-    )
-    provider_groups = serializers.ResourceRelatedField(
-        queryset=ProviderGroup.objects.all(), many=True, required=False
-    )
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["users"].queryset = User.objects.filter(
-                membership__tenant__id=tenant_id
-            )
-            self.fields["provider_groups"].queryset = ProviderGroup.objects.filter(
-                tenant_id=self.context.get("tenant_id")
-            )
-
-    def get_permission_state(self, obj) -> str:
-        return obj.permission_state
-
-    def validate(self, attrs):
-        if Role.objects.filter(name=attrs.get("name")).exists():
-            raise serializers.ValidationError(
-                {"name": "A role with this name already exists."}
-            )
-
-        if attrs.get("manage_providers"):
-            attrs["unlimited_visibility"] = True
-
-        # Prevent updates to the admin role
-        if getattr(self.instance, "name", None) == "admin":
-            raise serializers.ValidationError(
-                {"name": "The admin role cannot be updated."}
-            )
-
-        return super().validate(attrs)
-
-    class Meta:
-        model = Role
-        fields = [
-            "id",
-            "name",
-            "manage_users",
-            "manage_account",
-            # Disable for the first release
-            # "manage_billing",
-            # "manage_integrations",
-            # /Disable for the first release
-            "manage_providers",
-            "manage_scans",
-            "permission_state",
-            "unlimited_visibility",
-            "inserted_at",
-            "updated_at",
-            "provider_groups",
-            "users",
-            "invitations",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True},
-        }
-
-
-class RoleCreateSerializer(RoleSerializer):
-    provider_groups = serializers.ResourceRelatedField(
-        many=True, queryset=ProviderGroup.objects.all(), required=False
-    )
-    users = serializers.ResourceRelatedField(
-        many=True, queryset=User.objects.all(), required=False
-    )
-
-    def create(self, validated_data):
-        provider_groups = validated_data.pop("provider_groups", [])
-        users = validated_data.pop("users", [])
-        tenant_id = self.context.get("tenant_id")
-        role = Role.objects.create(tenant_id=tenant_id, **validated_data)
-
-        through_model_instances = [
-            RoleProviderGroupRelationship(
-                role=role,
-                provider_group=provider_group,
-                tenant_id=tenant_id,
-            )
-            for provider_group in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        through_model_instances = [
-            UserRoleRelationship(
-                role=role,
-                user=user,
-                tenant_id=tenant_id,
-            )
-            for user in users
-        ]
-        UserRoleRelationship.objects.bulk_create(through_model_instances)
-
-        return role
-
-
-class RoleUpdateSerializer(RoleSerializer):
-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-
-        if "provider_groups" in validated_data:
-            provider_groups = validated_data.pop("provider_groups")
-            instance.provider_groups.clear()
-            through_model_instances = [
-                RoleProviderGroupRelationship(
-                    role=instance,
-                    provider_group=provider_group,
-                    tenant_id=tenant_id,
-                )
-                for provider_group in provider_groups
-            ]
-            RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        if "users" in validated_data:
-            users = validated_data.pop("users")
-            instance.users.clear()
-            through_model_instances = [
-                UserRoleRelationship(
-                    role=instance,
-                    user=user,
-                    tenant_id=tenant_id,
-                )
-                for user in users
-            ]
-            UserRoleRelationship.objects.bulk_create(through_model_instances)
-
-        return super().update(instance, validated_data)
-
-
-class ProviderGroupResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "provider-group-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class RoleProviderGroupRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for modifying role memberships
-    """
-
-    provider_groups = serializers.ListField(
-        child=ProviderGroupResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing provider groups.",
-    )
-
-    def create(self, validated_data):
-        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
-        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        new_relationships = [
-            RoleProviderGroupRelationship(
-                role=self.context.get("role"), provider_group=pg, tenant_id=tenant_id
-            )
-            for pg in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
-
-        return self.context.get("role")
-
-    def update(self, instance, validated_data):
-        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
-        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.provider_groups.clear()
-        new_relationships = [
-            RoleProviderGroupRelationship(
-                role=instance, provider_group=pg, tenant_id=tenant_id
-            )
-            for pg in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
-
-        return instance
-
-    class Meta:
-        model = RoleProviderGroupRelationship
-        fields = ["id", "provider_groups"]
-
-
 # Compliance overview


@@ -1802,40 +1311,3 @@ class OverviewSeveritySerializer(serializers.Serializer):

    def get_root_meta(self, _resource, _many):
        return {"version": "v1"}
-
-
-class OverviewServiceSerializer(serializers.Serializer):
-    id = serializers.CharField(source="service")
-    total = serializers.IntegerField()
-    _pass = serializers.IntegerField()
-    fail = serializers.IntegerField()
-    muted = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "services-overview"
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["pass"] = self.fields.pop("_pass")
-
-    def get_root_meta(self, _resource, _many):
-        return {"version": "v1"}
-
-
-# Schedules
-
-
-class ScheduleDailyCreateSerializer(serializers.Serializer):
-    provider_id = serializers.UUIDField(required=True)
-
-    class JSONAPIMeta:
-        resource_name = "daily-schedules"
-
-    # TODO: DRY this when we have more time
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
@@ -1,31 +1,26 @@
-from django.urls import include, path
+from django.urls import path, include
 from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers

 from api.v1.views import (
    CustomTokenObtainView,
    CustomTokenRefreshView,
-    FindingViewSet,
+    SchemaView,
+    UserViewSet,
+    TenantViewSet,
+    TenantMembersViewSet,
    MembershipViewSet,
+    ProviderViewSet,
+    ScanViewSet,
+    TaskViewSet,
+    ResourceViewSet,
+    FindingViewSet,
    ProviderGroupViewSet,
-    ProviderGroupProvidersRelationshipView,
    ProviderSecretViewSet,
    InvitationViewSet,
    InvitationAcceptViewSet,
-    RoleViewSet,
-    RoleProviderGroupRelationshipView,
-    UserRoleRelationshipView,
    OverviewViewSet,
    ComplianceOverviewViewSet,
-    ProviderViewSet,
-    ResourceViewSet,
-    ScanViewSet,
-    ScheduleViewSet,
-    SchemaView,
-    TaskViewSet,
-    TenantMembersViewSet,
-    TenantViewSet,
-    UserViewSet,
 )

 router = routers.DefaultRouter(trailing_slash=False)
@@ -33,17 +28,15 @@ router = routers.DefaultRouter(trailing_slash=False)
 router.register(r"users", UserViewSet, basename="user")
 router.register(r"tenants", TenantViewSet, basename="tenant")
 router.register(r"providers", ProviderViewSet, basename="provider")
-router.register(r"provider-groups", ProviderGroupViewSet, basename="providergroup")
+router.register(r"provider_groups", ProviderGroupViewSet, basename="providergroup")
 router.register(r"scans", ScanViewSet, basename="scan")
 router.register(r"tasks", TaskViewSet, basename="task")
 router.register(r"resources", ResourceViewSet, basename="resource")
 router.register(r"findings", FindingViewSet, basename="finding")
-router.register(r"roles", RoleViewSet, basename="role")
 router.register(
    r"compliance-overviews", ComplianceOverviewViewSet, basename="complianceoverview"
 )
 router.register(r"overviews", OverviewViewSet, basename="overview")
-router.register(r"schedules", ScheduleViewSet, basename="schedule")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -85,27 +78,6 @@ urlpatterns = [
        InvitationAcceptViewSet.as_view({"post": "accept"}),
        name="invitation-accept",
    ),
-    path(
-        "roles/<uuid:pk>/relationships/provider_groups",
-        RoleProviderGroupRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="role-provider-groups-relationship",
-    ),
-    path(
-        "users/<uuid:pk>/relationships/roles",
-        UserRoleRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="user-roles-relationship",
-    ),
-    path(
-        "provider-groups/<uuid:pk>/relationships/providers",
-        ProviderGroupProvidersRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="provider_group-providers-relationship",
-    ),
    path("", include(router.urls)),
    path("", include(tenants_router.urls)),
    path("", include(users_router.urls)),
@@ -1,20 +1,9 @@
 from celery import Celery, Task
-from config.env import env
-
-BROKER_VISIBILITY_TIMEOUT = env.int("DJANGO_BROKER_VISIBILITY_TIMEOUT", default=86400)

 celery_app = Celery("tasks")

 celery_app.config_from_object("django.conf:settings", namespace="CELERY")
-celery_app.conf.update(result_extended=True, result_expires=None)
-
-celery_app.conf.broker_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.result_backend_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.visibility_timeout = BROKER_VISIBILITY_TIMEOUT
+celery_app.conf.update(result_extended=True)

 celery_app.autodiscover_tasks(["api"])

@@ -31,9 +20,8 @@ class RLSTask(Task):
        shadow=None,
        **options,
    ):
-        from django_celery_results.models import TaskResult
-
        from api.models import Task as APITask
+        from django_celery_results.models import TaskResult

        result = super().apply_async(
            args=args,
@@ -46,10 +34,10 @@ class RLSTask(Task):
            **options,
        )
        task_result_instance = TaskResult.objects.get(task_id=result.task_id)
-        from api.db_utils import rls_transaction
+        from api.db_utils import tenant_transaction

        tenant_id = kwargs.get("tenant_id")
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            APITask.objects.create(
                id=task_result_instance.task_id,
                tenant_id=tenant_id,
@@ -115,12 +115,6 @@ DJANGO_GUID = {

 DATABASE_ROUTERS = ["api.db_router.MainRouter"]

-# Database connection pool
-DB_CP_MIN_SIZE = env.int("DJANGO_DB_CONNECTION_POOL_MIN_SIZE", 4)
-DB_CP_MAX_SIZE = env.int("DJANGO_DB_CONNECTION_POOL_MAX_SIZE", 10)
-DB_CP_MAX_IDLE = env.int("DJANGO_DB_CONNECTION_POOL_MAX_IDLE", 36000)
-DB_CP_MAX_LIFETIME = env.int("DJANGO_DB_CONNECTION_POOL_MAX_LIFETIME", 86400)
-

 # Password validation
 # https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=True)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["*"])

@@ -13,14 +14,6 @@ DATABASES = {
        "PASSWORD": env("POSTGRES_PASSWORD", default="prowler"),
        "HOST": env("POSTGRES_HOST", default="postgres-db"),
        "PORT": env("POSTGRES_PORT", default="5432"),
-        "OPTIONS": {
-            "pool": {
-                "min_size": DB_CP_MIN_SIZE,  # noqa: F405
-                "max_size": DB_CP_MAX_SIZE,  # noqa: F405
-                "max_idle": DB_CP_MAX_IDLE,  # noqa: F405
-                "max_lifetime": DB_CP_MAX_LIFETIME,  # noqa: F405
-            }
-        },
    },
    "admin": {
        "ENGINE": "psqlextra.backend",
@@ -29,14 +22,6 @@ DATABASES = {
        "PASSWORD": env("POSTGRES_ADMIN_PASSWORD", default="S3cret"),
        "HOST": env("POSTGRES_HOST", default="postgres-db"),
        "PORT": env("POSTGRES_PORT", default="5432"),
-        "OPTIONS": {
-            "pool": {
-                "min_size": DB_CP_MIN_SIZE,  # noqa: F405
-                "max_size": DB_CP_MAX_SIZE,  # noqa: F405
-                "max_idle": DB_CP_MAX_IDLE,  # noqa: F405
-                "max_lifetime": DB_CP_MAX_LIFETIME,  # noqa: F405
-            }
-        },
    },
 }
 DATABASES["default"] = DATABASES["prowler_user"]
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

@@ -14,14 +15,6 @@ DATABASES = {
        "PASSWORD": env("POSTGRES_PASSWORD"),
        "HOST": env("POSTGRES_HOST"),
        "PORT": env("POSTGRES_PORT"),
-        "OPTIONS": {
-            "pool": {
-                "min_size": DB_CP_MIN_SIZE,  # noqa: F405
-                "max_size": DB_CP_MAX_SIZE,  # noqa: F405
-                "max_idle": DB_CP_MAX_IDLE,  # noqa: F405
-                "max_lifetime": DB_CP_MAX_LIFETIME,  # noqa: F405
-            }
-        },
    },
    "admin": {
        "ENGINE": "psqlextra.backend",
@@ -30,14 +23,6 @@ DATABASES = {
        "PASSWORD": env("POSTGRES_ADMIN_PASSWORD"),
        "HOST": env("POSTGRES_HOST"),
        "PORT": env("POSTGRES_PORT"),
-        "OPTIONS": {
-            "pool": {
-                "min_size": DB_CP_MIN_SIZE,  # noqa: F405
-                "max_size": DB_CP_MAX_SIZE,  # noqa: F405
-                "max_idle": DB_CP_MAX_IDLE,  # noqa: F405
-                "max_lifetime": DB_CP_MAX_LIFETIME,  # noqa: F405
-            }
-        },
    },
 }
 DATABASES["default"] = DATABASES["prowler_user"]
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

@@ -9,18 +10,10 @@ DATABASES = {
    "default": {
        "ENGINE": "psqlextra.backend",
        "NAME": "prowler_db_test",
-        "USER": env("POSTGRES_USER", default="prowler_admin"),
-        "PASSWORD": env("POSTGRES_PASSWORD", default="postgres"),
+        "USER": env("POSTGRES_USER", default="prowler"),
+        "PASSWORD": env("POSTGRES_PASSWORD", default="S3cret"),
        "HOST": env("POSTGRES_HOST", default="localhost"),
        "PORT": env("POSTGRES_PORT", default="5432"),
-        "OPTIONS": {
-            "pool": {
-                "min_size": DB_CP_MIN_SIZE,  # noqa: F405
-                "max_size": DB_CP_MAX_SIZE,  # noqa: F405
-                "max_idle": DB_CP_MAX_IDLE,  # noqa: F405
-                "max_lifetime": DB_CP_MAX_LIFETIME,  # noqa: F405
-            }
-        },
    },
 }

@@ -9,5 +9,3 @@ CELERY_RESULT_BACKEND = "django-db"
 CELERY_TASK_TRACK_STARTED = True

 CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True
-
-CELERY_DEADLOCK_ATTEMPTS = env.int("DJANGO_CELERY_DEADLOCK_ATTEMPTS", default=5)
@@ -1,39 +1,35 @@
 import logging
-from datetime import datetime, timedelta, timezone
-from unittest.mock import patch

 import pytest
 from django.conf import settings
-from django.db import connection as django_connection
-from django.db import connections as django_connections
+from datetime import datetime, timezone, timedelta
+from django.db import connections as django_connections, connection as django_connection
 from django.urls import reverse
 from django_celery_results.models import TaskResult
+from prowler.lib.check.models import Severity
+from prowler.lib.outputs.finding import Status
 from rest_framework import status
 from rest_framework.test import APIClient

-from api.db_utils import rls_transaction
 from api.models import (
-    ComplianceOverview,
    Finding,
-    Invitation,
-    Membership,
+)
+from api.models import (
+    User,
    Provider,
    ProviderGroup,
-    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
    Scan,
-    ScanSummary,
    StateChoices,
    Task,
-    User,
-    UserRoleRelationship,
+    Membership,
+    ProviderSecret,
+    Invitation,
+    ComplianceOverview,
 )
 from api.rls import Tenant
 from api.v1.serializers import TokenSerializer
-from prowler.lib.check.models import Severity
-from prowler.lib.outputs.finding import Status

 API_JSON_CONTENT_TYPE = "application/vnd.api+json"
 NO_TENANT_HTTP_STATUS = status.HTTP_401_UNAUTHORIZED
@@ -87,150 +83,8 @@ def create_test_user(django_db_setup, django_db_blocker):
    return user


-@pytest.fixture(scope="function")
-def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing",
-            email="rbac@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = tenants_fixture[0]
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-        Role.objects.create(
-            name="admin",
-            tenant_id=tenant.id,
-            manage_users=True,
-            manage_account=True,
-            manage_billing=True,
-            manage_providers=True,
-            manage_integrations=True,
-            manage_scans=True,
-            unlimited_visibility=True,
-        )
-        UserRoleRelationship.objects.create(
-            user=user,
-            role=Role.objects.get(name="admin"),
-            tenant_id=tenant.id,
-        )
-    return user
-
-
-@pytest.fixture(scope="function")
-def create_test_user_rbac_no_roles(django_db_setup, django_db_blocker, tenants_fixture):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing",
-            email="rbac_noroles@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = tenants_fixture[0]
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-
-    return user
-
-
-@pytest.fixture(scope="function")
-def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing_limited",
-            email="rbac_limited@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = Tenant.objects.create(
-            name="Tenant Test",
-        )
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-        Role.objects.create(
-            name="limited",
-            tenant_id=tenant.id,
-            manage_users=False,
-            manage_account=False,
-            manage_billing=False,
-            manage_providers=False,
-            manage_integrations=False,
-            manage_scans=False,
-            unlimited_visibility=False,
-        )
-        UserRoleRelationship.objects.create(
-            user=user,
-            role=Role.objects.get(name="limited"),
-            tenant_id=tenant.id,
-        )
-    return user
-
-
@pytest.fixture
-def authenticated_client_rbac(create_test_user_rbac, tenants_fixture, client):
-    client.user = create_test_user_rbac
-    tenant_id = tenants_fixture[0].id
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac@rbac.com",
-            "password": TEST_PASSWORD,
-            "tenant_id": tenant_id,
-        }
-    )
-    serializer.is_valid(raise_exception=True)
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client_rbac_noroles(
-    create_test_user_rbac_no_roles, tenants_fixture, client
-):
-    client.user = create_test_user_rbac_no_roles
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac_noroles@rbac.com",
-            "password": TEST_PASSWORD,
-        }
-    )
-    serializer.is_valid()
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client_no_permissions_rbac(
-    create_test_user_rbac_limited, tenants_fixture, client
-):
-    client.user = create_test_user_rbac_limited
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac_limited@rbac.com",
-            "password": TEST_PASSWORD,
-        }
-    )
-    serializer.is_valid()
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client(
-    create_test_user, tenants_fixture, set_user_admin_roles_fixture, client
-):
+def authenticated_client(create_test_user, tenants_fixture, client):
    client.user = create_test_user
    serializer = TokenSerializer(
        data={"type": "tokens", "email": TEST_USER, "password": TEST_PASSWORD}
@@ -250,7 +104,6 @@ def authenticated_api_client(create_test_user, tenants_fixture):
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-
    return client


@@ -275,37 +128,13 @@ def tenants_fixture(create_test_user):
    tenant3 = Tenant.objects.create(
        name="Tenant Three",
    )
-
    return tenant1, tenant2, tenant3


-@pytest.fixture
-def set_user_admin_roles_fixture(create_test_user, tenants_fixture):
-    user = create_test_user
-    for tenant in tenants_fixture[:2]:
-        with rls_transaction(str(tenant.id)):
-            role = Role.objects.create(
-                name="admin",
-                tenant_id=tenant.id,
-                manage_users=True,
-                manage_account=True,
-                manage_billing=True,
-                manage_providers=True,
-                manage_integrations=True,
-                manage_scans=True,
-                unlimited_visibility=True,
-            )
-            UserRoleRelationship.objects.create(
-                user=user,
-                role=role,
-                tenant_id=tenant.id,
-            )
-
-
@pytest.fixture
 def invitations_fixture(create_test_user, tenants_fixture):
    user = create_test_user
-    tenant = tenants_fixture[0]
+    *_, tenant = tenants_fixture
    valid_invitation = Invitation.objects.create(
        email="testing@prowler.com",
        state=Invitation.State.PENDING,
@@ -324,20 +153,6 @@ def invitations_fixture(create_test_user, tenants_fixture):
    return valid_invitation, expired_invitation


-@pytest.fixture
-def users_fixture(django_user_model):
-    user1 = User.objects.create_user(
-        name="user1", email="test_unit0@prowler.com", password="S3cret"
-    )
-    user2 = User.objects.create_user(
-        name="user2", email="test_unit1@prowler.com", password="S3cret"
-    )
-    user3 = User.objects.create_user(
-        name="user3", email="test_unit2@prowler.com", password="S3cret"
-    )
-    return user1, user2, user3
-
-
@pytest.fixture
 def providers_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -395,74 +210,6 @@ def provider_groups_fixture(tenants_fixture):
    return pgroup1, pgroup2, pgroup3


-@pytest.fixture
-def admin_role_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-
-    return Role.objects.get_or_create(
-        name="admin",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )[0]
-
-
-@pytest.fixture
-def roles_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-    role1 = Role.objects.create(
-        name="Role One",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=False,
-        manage_scans=True,
-        unlimited_visibility=False,
-    )
-    role2 = Role.objects.create(
-        name="Role Two",
-        tenant_id=tenant.id,
-        manage_users=False,
-        manage_account=False,
-        manage_billing=False,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )
-    role3 = Role.objects.create(
-        name="Role Three",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )
-    role4 = Role.objects.create(
-        name="Role Four",
-        tenant_id=tenant.id,
-        manage_users=False,
-        manage_account=False,
-        manage_billing=False,
-        manage_providers=False,
-        manage_integrations=False,
-        manage_scans=False,
-        unlimited_visibility=False,
-    )
-
-    return role1, role2, role3, role4
-
-
@pytest.fixture
 def provider_secret_fixture(providers_fixture):
    return tuple(
@@ -626,7 +373,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding1.add_resources([resource1])
@@ -652,7 +398,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding2.add_resources([resource2])
@@ -792,107 +537,10 @@ def get_api_tokens(
        data=json_body,
        format="vnd.api+json",
    )
-    return (
-        response.json()["data"]["attributes"]["access"],
-        response.json()["data"]["attributes"]["refresh"],
-    )
-
-
-@pytest.fixture
-def scan_summaries_fixture(tenants_fixture, providers_fixture):
-    tenant = tenants_fixture[0]
-    provider = providers_fixture[0]
-    scan = Scan.objects.create(
-        name="overview scan",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant=tenant,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region2",
-        _pass=0,
-        fail=1,
-        muted=1,
-        total=2,
-        new=2,
-        changed=0,
-        unchanged=0,
-        fail_new=1,
-        fail_changed=0,
-        pass_new=0,
-        pass_changed=0,
-        muted_new=1,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check2",
-        service="service2",
-        severity="critical",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
+    return response.json()["data"]["attributes"]["access"], response.json()["data"][
+        "attributes"
+    ]["refresh"]


 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}
-
-
-def pytest_collection_modifyitems(items):
-    """Ensure test_rbac.py is executed first."""
-    items.sort(key=lambda item: 0 if "test_rbac.py" in item.nodeid else 1)
-
-
-def pytest_configure(config):
-    # Apply the mock before the test session starts. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch("api.db_router.MainRouter.admin_db", new="default").start()
-
-
-def pytest_unconfigure(config):
-    # Stop all patches after the test session ends. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch.stopall()
@@ -1,9 +1,7 @@
 import json
-from datetime import datetime, timedelta, timezone

-from django_celery_beat.models import IntervalSchedule, PeriodicTask
-from rest_framework_json_api.serializers import ValidationError
-from tasks.tasks import perform_scheduled_scan_task
+from django.utils import timezone
+from django_celery_beat.models import PeriodicTask, IntervalSchedule

 from api.models import Provider

@@ -18,7 +16,7 @@ def schedule_provider_scan(provider_instance: Provider):
    task_name = f"scan-perform-scheduled-{provider_instance.id}"

    # Schedule the task
-    _, created = PeriodicTask.objects.get_or_create(
+    PeriodicTask.objects.create(
        interval=schedule,
        name=task_name,
        task="scan-perform-scheduled",
@@ -28,26 +26,6 @@ def schedule_provider_scan(provider_instance: Provider):
                "provider_id": str(provider_instance.id),
            }
        ),
+        start_time=provider_instance.inserted_at + timezone.timedelta(hours=24),
        one_off=False,
-        defaults={
-            "start_time": datetime.now(timezone.utc) + timedelta(hours=24),
-        },
-    )
-    if not created:
-        raise ValidationError(
-            [
-                {
-                    "detail": "There is already a scheduled scan for this provider.",
-                    "status": 400,
-                    "source": {"pointer": "/data/attributes/provider_id"},
-                    "code": "invalid",
-                }
-            ]
-        )
-
-    return perform_scheduled_scan_task.apply_async(
-        kwargs={
-            "tenant_id": str(provider_instance.tenant_id),
-            "provider_id": str(provider_instance.id),
-        },
    )
@@ -1,75 +1,25 @@
 from celery.utils.log import get_task_logger
-from django.db import transaction
-
-from api.db_router import MainRouter
-from api.db_utils import batch_delete, rls_transaction
-from api.models import Finding, Provider, Resource, Scan, ScanSummary, Tenant

 logger = get_task_logger(__name__)


-def delete_provider(pk: str):
+def delete_instance(model, pk: str):
    """
-    Gracefully deletes an instance of a provider along with its related data.
+    Deletes an instance of the specified model.
+
+    This function retrieves an instance of the provided model using its primary key
+    and deletes it from the database.

    Args:
-        pk (str): The primary key of the Provider instance to delete.
+        model (Model): The Django model class from which to delete an instance.
+        pk (str): The primary key of the instance to delete.

    Returns:
-        dict: A dictionary with the count of deleted objects per model,
-              including related models.
+        tuple: A tuple containing the number of objects deleted and a dictionary
+               with the count of deleted objects per model,
+               including related models if applicable.

    Raises:
-        Provider.DoesNotExist: If no instance with the provided primary key exists.
+        model.DoesNotExist: If no instance with the provided primary key exists.
    """
-    instance = Provider.all_objects.get(pk=pk)
-    deletion_summary = {}
-
-    with transaction.atomic():
-        # Delete Scan Summaries
-        scan_summaries_qs = ScanSummary.all_objects.filter(scan__provider=instance)
-        _, scans_summ_summary = batch_delete(scan_summaries_qs)
-        deletion_summary.update(scans_summ_summary)
-
-        # Delete Findings
-        findings_qs = Finding.all_objects.filter(scan__provider=instance)
-        _, findings_summary = batch_delete(findings_qs)
-        deletion_summary.update(findings_summary)
-
-        # Delete Resources
-        resources_qs = Resource.all_objects.filter(provider=instance)
-        _, resources_summary = batch_delete(resources_qs)
-        deletion_summary.update(resources_summary)
-
-        # Delete Scans
-        scans_qs = Scan.all_objects.filter(provider=instance)
-        _, scans_summary = batch_delete(scans_qs)
-        deletion_summary.update(scans_summary)
-
-        provider_deleted_count, provider_summary = instance.delete()
-        deletion_summary.update(provider_summary)
-
-    return deletion_summary
-
-
-def delete_tenant(pk: str):
-    """
-    Gracefully deletes an instance of a tenant along with its related data.
-
-    Args:
-        pk (str): The primary key of the Tenant instance to delete.
-
-    Returns:
-        dict: A dictionary with the count of deleted objects per model,
-              including related models.
-    """
-    deletion_summary = {}
-
-    for provider in Provider.objects.using(MainRouter.admin_db).filter(tenant_id=pk):
-        with rls_transaction(pk):
-            summary = delete_provider(provider.id)
-            deletion_summary.update(summary)
-
-    Tenant.objects.using(MainRouter.admin_db).filter(id=pk).delete()
-
-    return deletion_summary
+    return model.objects.get(pk=pk).delete()
@@ -3,15 +3,13 @@ from copy import deepcopy
 from datetime import datetime, timezone

 from celery.utils.log import get_task_logger
-from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
-from django.db import IntegrityError, OperationalError
 from django.db.models import Case, Count, IntegerField, Sum, When

 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction
 from api.models import (
    ComplianceOverview,
    Finding,
@@ -69,7 +67,7 @@ def _store_resources(
            - tuple[str, str]: A tuple containing the resource UID and region.

    """
-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        resource_instance, created = Resource.objects.get_or_create(
            tenant_id=tenant_id,
            provider=provider_instance,
@@ -86,7 +84,7 @@ def _store_resources(
            resource_instance.service = finding.service_name
            resource_instance.type = finding.resource_type
            resource_instance.save()
-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        tags = [
            ResourceTag.objects.get_or_create(
                tenant_id=tenant_id, key=key, value=value
@@ -116,12 +114,13 @@ def perform_prowler_scan(
        ValueError: If the provider cannot be connected.

    """
+    generate_compliance = False
    check_status_by_region = {}
    exception = None
    unique_resources = set()
    start_time = time.time()

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        provider_instance = Provider.objects.get(pk=provider_id)
        scan_instance = Scan.objects.get(pk=scan_id)
        scan_instance.state = StateChoices.EXECUTING
@@ -129,7 +128,7 @@ def perform_prowler_scan(
        scan_instance.save()

    try:
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            try:
                prowler_provider = initialize_prowler_provider(provider_instance)
                provider_instance.connected = True
@@ -144,6 +143,7 @@ def perform_prowler_scan(
                )
                provider_instance.save()

+        generate_compliance = provider_instance.provider != Provider.ProviderChoices.GCP
        prowler_scan = ProwlerScan(provider=prowler_provider, checks=checks_to_execute)

        resource_cache = {}
@@ -151,57 +151,43 @@ def perform_prowler_scan(
        last_status_cache = {}

        for progress, findings in prowler_scan.scan():
-            for finding in findings:
-                for attempt in range(CELERY_DEADLOCK_ATTEMPTS):
-                    try:
-                        with rls_transaction(tenant_id):
-                            # Process resource
-                            resource_uid = finding.resource_uid
-                            if resource_uid not in resource_cache:
-                                # Get or create the resource
-                                resource_instance, _ = Resource.objects.get_or_create(
-                                    tenant_id=tenant_id,
-                                    provider=provider_instance,
-                                    uid=resource_uid,
-                                    defaults={
-                                        "region": finding.region,
-                                        "service": finding.service_name,
-                                        "type": finding.resource_type,
-                                        "name": finding.resource_name,
-                                    },
-                                )
-                                resource_cache[resource_uid] = resource_instance
-                            else:
-                                resource_instance = resource_cache[resource_uid]
+            with tenant_transaction(tenant_id):
+                for finding in findings:
+                    # Process resource
+                    resource_uid = finding.resource_uid
+                    if resource_uid not in resource_cache:
+                        # Get or create the resource
+                        resource_instance, _ = Resource.objects.get_or_create(
+                            tenant_id=tenant_id,
+                            provider=provider_instance,
+                            uid=resource_uid,
+                            defaults={
+                                "region": finding.region,
+                                "service": finding.service_name,
+                                "type": finding.resource_type,
+                                "name": finding.resource_name,
+                            },
+                        )
+                        resource_cache[resource_uid] = resource_instance
+                    else:
+                        resource_instance = resource_cache[resource_uid]

-                        # Update resource fields if necessary
-                        updated_fields = []
-                        if resource_instance.region != finding.region:
-                            resource_instance.region = finding.region
-                            updated_fields.append("region")
-                        if resource_instance.service != finding.service_name:
-                            resource_instance.service = finding.service_name
-                            updated_fields.append("service")
-                        if resource_instance.type != finding.resource_type:
-                            resource_instance.type = finding.resource_type
-                            updated_fields.append("type")
-                        if updated_fields:
-                            with rls_transaction(tenant_id):
-                                resource_instance.save(update_fields=updated_fields)
-                    except (OperationalError, IntegrityError) as db_err:
-                        if attempt < CELERY_DEADLOCK_ATTEMPTS - 1:
-                            logger.warning(
-                                f"{'Deadlock error' if isinstance(db_err, OperationalError) else 'Integrity error'} "
-                                f"detected when processing resource {resource_uid} on scan {scan_id}. Retrying..."
-                            )
-                            time.sleep(0.1 * (2**attempt))
-                            continue
-                        else:
-                            raise db_err
+                    # Update resource fields if necessary
+                    updated_fields = []
+                    if resource_instance.region != finding.region:
+                        resource_instance.region = finding.region
+                        updated_fields.append("region")
+                    if resource_instance.service != finding.service_name:
+                        resource_instance.service = finding.service_name
+                        updated_fields.append("service")
+                    if resource_instance.type != finding.resource_type:
+                        resource_instance.type = finding.resource_type
+                        updated_fields.append("type")
+                    if updated_fields:
+                        resource_instance.save(update_fields=updated_fields)

-                # Update tags
-                tags = []
-                with rls_transaction(tenant_id):
+                    # Update tags
+                    tags = []
                    for key, value in finding.resource_tags.items():
                        tag_key = (key, value)
                        if tag_key not in tag_cache:
@@ -214,33 +200,30 @@ def perform_prowler_scan(
                        tags.append(tag_instance)
                    resource_instance.upsert_or_delete_tags(tags=tags)

-                unique_resources.add((resource_instance.uid, resource_instance.region))
+                    unique_resources.add(
+                        (resource_instance.uid, resource_instance.region)
+                    )

-                # Process finding
-                with rls_transaction(tenant_id):
+                    # Process finding
                    finding_uid = finding.uid
-                    last_first_seen_at = None
                    if finding_uid not in last_status_cache:
                        most_recent_finding = (
                            Finding.objects.filter(uid=finding_uid)
                            .order_by("-id")
-                            .values("status", "first_seen_at")
+                            .values("status")
                            .first()
                        )
-                        last_status = None
-                        if most_recent_finding:
-                            last_status = most_recent_finding["status"]
-                            last_first_seen_at = most_recent_finding["first_seen_at"]
-                        last_status_cache[finding_uid] = last_status, last_first_seen_at
+                        last_status = (
+                            most_recent_finding["status"]
+                            if most_recent_finding
+                            else None
+                        )
+                        last_status_cache[finding_uid] = last_status
                    else:
-                        last_status, last_first_seen_at = last_status_cache[finding_uid]
+                        last_status = last_status_cache[finding_uid]

                    status = FindingStatus[finding.status]
                    delta = _create_finding_delta(last_status, status)
-                    # For the findings prior to the change, when a first finding is found with delta!="new" it will be assigned a current date as first_seen_at and the successive findings with the same UID will always get the date of the previous finding.
-                    # For new findings, when a finding (delta="new") is found for the first time, the first_seen_at attribute will be assigned the current date, the following findings will get that date.
-                    if not last_first_seen_at:
-                        last_first_seen_at = datetime.now(tz=timezone.utc)

                    # Create the finding
                    finding_instance = Finding.objects.create(
@@ -255,22 +238,21 @@ def perform_prowler_scan(
                        raw_result=finding.raw,
                        check_id=finding.check_id,
                        scan=scan_instance,
-                        first_seen_at=last_first_seen_at,
                    )
                    finding_instance.add_resources([resource_instance])

-                # Update compliance data if applicable
-                if finding.status.value == "MUTED":
-                    continue
+                    # Update compliance data if applicable
+                    if not generate_compliance or finding.status.value == "MUTED":
+                        continue

-                region_dict = check_status_by_region.setdefault(finding.region, {})
-                current_status = region_dict.get(finding.check_id)
-                if current_status == "FAIL":
-                    continue
-                region_dict[finding.check_id] = finding.status.value
+                    region_dict = check_status_by_region.setdefault(finding.region, {})
+                    current_status = region_dict.get(finding.check_id)
+                    if current_status == "FAIL":
+                        continue
+                    region_dict[finding.check_id] = finding.status.value

            # Update scan progress
-            with rls_transaction(tenant_id):
+            with tenant_transaction(tenant_id):
                scan_instance.progress = progress
                scan_instance.save()

@@ -282,13 +264,13 @@ def perform_prowler_scan(
        scan_instance.state = StateChoices.FAILED

    finally:
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            scan_instance.duration = time.time() - start_time
            scan_instance.completed_at = datetime.now(tz=timezone.utc)
            scan_instance.unique_resource_count = len(unique_resources)
            scan_instance.save()

-    if exception is None:
+    if exception is None and generate_compliance:
        try:
            regions = prowler_provider.get_regions()
        except AttributeError:
@@ -333,7 +315,7 @@ def perform_prowler_scan(
                        total_requirements=compliance["total_requirements"],
                    )
                )
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            ComplianceOverview.objects.bulk_create(compliance_overview_objects)

    if exception is not None:
@@ -371,7 +353,7 @@ def aggregate_findings(tenant_id: str, scan_id: str):
        - muted_new: Muted findings with a delta of 'new'.
        - muted_changed: Muted findings with a delta of 'changed'.
    """
-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        findings = Finding.objects.filter(scan_id=scan_id)

        aggregation = findings.values(
@@ -467,7 +449,7 @@ def aggregate_findings(tenant_id: str, scan_id: str):
            ),
        )

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        scan_aggregations = {
            ScanSummary(
                tenant_id=tenant_id,
@@ -1,13 +1,10 @@
-from datetime import datetime, timedelta, timezone
-
 from celery import shared_task
 from config.celery import RLSTask
-from django_celery_beat.models import PeriodicTask
 from tasks.jobs.connection import check_provider_connection
-from tasks.jobs.deletion import delete_provider, delete_tenant
+from tasks.jobs.deletion import delete_instance
 from tasks.jobs.scan import aggregate_findings, perform_prowler_scan

-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction
 from api.decorators import set_tenant
 from api.models import Provider, Scan

@@ -35,8 +32,6 @@ def delete_provider_task(provider_id: str):
    """
    Task to delete a specific Provider instance.

-    It will delete in batches all the related resources first.
-
    Args:
        provider_id (str): The primary key of the `Provider` instance to be deleted.

@@ -46,7 +41,7 @@ def delete_provider_task(provider_id: str):
            - A dictionary with the count of deleted instances per model,
              including related models if cascading deletes were triggered.
    """
-    return delete_provider(pk=provider_id)
+    return delete_instance(model=Provider, pk=provider_id)


@shared_task(base=RLSTask, name="scan-perform", queue="scans")
@@ -99,43 +94,24 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
    """
    task_id = self.request.id

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        provider_instance = Provider.objects.get(pk=provider_id)
-        periodic_task_instance = PeriodicTask.objects.get(
-            name=f"scan-perform-scheduled-{provider_id}"
-        )
-        next_scan_date = datetime.combine(
-            datetime.now(timezone.utc), periodic_task_instance.start_time.time()
-        ) + timedelta(hours=24)

        scan_instance = Scan.objects.create(
            tenant_id=tenant_id,
            name="Daily scheduled scan",
            provider=provider_instance,
            trigger=Scan.TriggerChoices.SCHEDULED,
-            next_scan_at=next_scan_date,
            task_id=task_id,
        )

-    result = perform_prowler_scan(
+    return perform_prowler_scan(
        tenant_id=tenant_id,
        scan_id=str(scan_instance.id),
        provider_id=provider_id,
    )
-    perform_scan_summary_task.apply_async(
-        kwargs={
-            "tenant_id": tenant_id,
-            "scan_id": str(scan_instance.id),
-        }
-    )
-    return result


@shared_task(name="scan-summary")
 def perform_scan_summary_task(tenant_id: str, scan_id: str):
    return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)
-
-
-@shared_task(name="tenant-deletion")
-def delete_tenant_task(tenant_id: str):
-    return delete_tenant(pk=tenant_id)
@@ -1,53 +0,0 @@
-import json
-from unittest.mock import patch
-
-import pytest
-from django_celery_beat.models import IntervalSchedule, PeriodicTask
-from rest_framework_json_api.serializers import ValidationError
-from tasks.beat import schedule_provider_scan
-
-
-@pytest.mark.django_db
-class TestScheduleProviderScan:
-    def test_schedule_provider_scan_success(self, providers_fixture):
-        provider_instance, *_ = providers_fixture
-
-        with patch(
-            "tasks.tasks.perform_scheduled_scan_task.apply_async"
-        ) as mock_apply_async:
-            result = schedule_provider_scan(provider_instance)
-
-            assert result is not None
-
-            mock_apply_async.assert_called_once_with(
-                kwargs={
-                    "tenant_id": str(provider_instance.tenant_id),
-                    "provider_id": str(provider_instance.id),
-                },
-            )
-
-            task_name = f"scan-perform-scheduled-{provider_instance.id}"
-            periodic_task = PeriodicTask.objects.get(name=task_name)
-            assert periodic_task is not None
-            assert periodic_task.interval.every == 24
-            assert periodic_task.interval.period == IntervalSchedule.HOURS
-            assert periodic_task.task == "scan-perform-scheduled"
-            assert json.loads(periodic_task.kwargs) == {
-                "tenant_id": str(provider_instance.tenant_id),
-                "provider_id": str(provider_instance.id),
-            }
-
-    def test_schedule_provider_scan_already_exists(self, providers_fixture):
-        provider_instance, *_ = providers_fixture
-
-        # First, schedule the scan
-        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
-            schedule_provider_scan(provider_instance)
-
-        # Now, try scheduling again, should raise ValidationError
-        with pytest.raises(ValidationError) as exc_info:
-            schedule_provider_scan(provider_instance)
-
-        assert "There is already a scheduled scan for this provider." in str(
-            exc_info.value
-        )
@@ -1,60 +1,22 @@
 import pytest
 from django.core.exceptions import ObjectDoesNotExist
-from tasks.jobs.deletion import delete_provider, delete_tenant

-from api.models import Provider, Tenant
+from api.models import Provider
+from tasks.jobs.deletion import delete_instance


@pytest.mark.django_db
-class TestDeleteProvider:
-    def test_delete_provider_success(self, providers_fixture):
+class TestDeleteInstance:
+    def test_delete_instance_success(self, providers_fixture):
        instance = providers_fixture[0]
-        result = delete_provider(instance.id)
+        result = delete_instance(Provider, instance.id)

        assert result
        with pytest.raises(ObjectDoesNotExist):
            Provider.objects.get(pk=instance.id)

-    def test_delete_provider_does_not_exist(self):
+    def test_delete_instance_does_not_exist(self):
        non_existent_pk = "babf6796-cfcc-4fd3-9dcf-88d012247645"

        with pytest.raises(ObjectDoesNotExist):
-            delete_provider(non_existent_pk)
-
-
-@pytest.mark.django_db
-class TestDeleteTenant:
-    def test_delete_tenant_success(self, tenants_fixture, providers_fixture):
-        """
-        Test successful deletion of a tenant and its related data.
-        """
-        tenant = tenants_fixture[0]
-        providers = Provider.objects.filter(tenant_id=tenant.id)
-
-        # Ensure the tenant and related providers exist before deletion
-        assert Tenant.objects.filter(id=tenant.id).exists()
-        assert providers.exists()
-
-        # Call the function and validate the result
-        deletion_summary = delete_tenant(tenant.id)
-
-        assert deletion_summary is not None
-        assert not Tenant.objects.filter(id=tenant.id).exists()
-        assert not Provider.objects.filter(tenant_id=tenant.id).exists()
-
-    def test_delete_tenant_with_no_providers(self, tenants_fixture):
-        """
-        Test deletion of a tenant with no related providers.
-        """
-        tenant = tenants_fixture[1]  # Assume this tenant has no providers
-        providers = Provider.objects.filter(tenant_id=tenant.id)
-
-        # Ensure the tenant exists but has no related providers
-        assert Tenant.objects.filter(id=tenant.id).exists()
-        assert not providers.exists()
-
-        # Call the function and validate the result
-        deletion_summary = delete_tenant(tenant.id)
-
-        assert deletion_summary == {}  # No providers, so empty summary
-        assert not Tenant.objects.filter(id=tenant.id).exists()
+            delete_instance(Provider, non_existent_pk)
@@ -1,4 +1,3 @@
-import uuid
 from unittest.mock import MagicMock, patch

 import pytest
@@ -27,7 +26,7 @@ class TestPerformScan:
        providers_fixture,
    ):
        with (
-            patch("api.db_utils.rls_transaction"),
+            patch("api.db_utils.tenant_transaction"),
            patch(
                "tasks.jobs.scan.initialize_prowler_provider"
            ) as mock_initialize_prowler_provider,
@@ -166,10 +165,10 @@ class TestPerformScan:
        "tasks.jobs.scan.initialize_prowler_provider",
        side_effect=Exception("Connection error"),
    )
-    @patch("api.db_utils.rls_transaction")
+    @patch("api.db_utils.tenant_transaction")
    def test_perform_prowler_scan_no_connection(
        self,
-        mock_rls_transaction,
+        mock_tenant_transaction,
        mock_initialize_prowler_provider,
        mock_prowler_scan_class,
        tenants_fixture,
@@ -206,14 +205,14 @@ class TestPerformScan:

    @patch("api.models.ResourceTag.objects.get_or_create")
    @patch("api.models.Resource.objects.get_or_create")
-    @patch("api.db_utils.rls_transaction")
+    @patch("api.db_utils.tenant_transaction")
    def test_store_resources_new_resource(
        self,
-        mock_rls_transaction,
+        mock_tenant_transaction,
        mock_get_or_create_resource,
        mock_get_or_create_tag,
    ):
-        tenant_id = uuid.uuid4()
+        tenant_id = "tenant123"
        provider_instance = MagicMock()
        provider_instance.id = "provider456"

@@ -254,14 +253,14 @@ class TestPerformScan:

    @patch("api.models.ResourceTag.objects.get_or_create")
    @patch("api.models.Resource.objects.get_or_create")
-    @patch("api.db_utils.rls_transaction")
+    @patch("api.db_utils.tenant_transaction")
    def test_store_resources_existing_resource(
        self,
-        mock_rls_transaction,
+        mock_tenant_transaction,
        mock_get_or_create_resource,
        mock_get_or_create_tag,
    ):
-        tenant_id = uuid.uuid4()
+        tenant_id = "tenant123"
        provider_instance = MagicMock()
        provider_instance.id = "provider456"

@@ -311,14 +310,14 @@ class TestPerformScan:

    @patch("api.models.ResourceTag.objects.get_or_create")
    @patch("api.models.Resource.objects.get_or_create")
-    @patch("api.db_utils.rls_transaction")
+    @patch("api.db_utils.tenant_transaction")
    def test_store_resources_with_tags(
        self,
-        mock_rls_transaction,
+        mock_tenant_transaction,
        mock_get_or_create_resource,
        mock_get_or_create_tag,
    ):
-        tenant_id = uuid.uuid4()
+        tenant_id = "tenant123"
        provider_instance = MagicMock()
        provider_instance.id = "provider456"

@@ -1,11 +0,0 @@
-component_management:
-  individual_components:
-    - component_id: "prowler"
-      paths:
-        - "prowler/**"
-    - component_id: "api"
-      paths:
-        - "api/**"
-
-comment:
-  layout: "header, diff, flags, components"
@@ -1,301 +0,0 @@
-# AWS SSO to Prowler Automation Script
-
-## Table of Contents
- [Introduction](#introduction)
- [Prerequisites](#prerequisites)
- [Setup](#setup)
- [Script Overview](#script-overview)
- [Usage](#usage)
- [Troubleshooting](#troubleshooting)
- [Customization](#customization)
- [Security Considerations](#security-considerations)
- [License](#license)
-
-## Introduction
-
-This repository provides a Bash script that automates the process of logging into AWS Single Sign-On (SSO), extracting temporary AWS credentials, and running **Prowler**—a security tool that performs AWS security best practices assessments—inside a Docker container using those credentials.
-
-By following this guide, you can streamline your AWS security assessments, ensuring that you consistently apply best practices across your AWS accounts.
-
-## Prerequisites
-
-Before you begin, ensure that you have the following tools installed and properly configured on your system:
-
-1. **AWS CLI v2**
-   - AWS SSO support is available from AWS CLI version 2 onwards.
-   - [Installation Guide](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
-
-2. **jq**
-   - A lightweight and flexible command-line JSON processor.
-   - **macOS (Homebrew):**
-     ```bash
-     brew install jq
-     ```
-   - **Ubuntu/Debian:**
-     ```bash
-     sudo apt-get update
-     sudo apt-get install -y jq
-     ```
-   - **Windows:**
-     - [Download jq](https://stedolan.github.io/jq/download/)
-
-3. **Docker**
-   - Ensure Docker is installed and running on your system.
-   - [Docker Installation Guide](https://docs.docker.com/get-docker/)
-
-4. **AWS SSO Profile Configuration**
-   - Ensure that you have configured an AWS CLI profile with SSO.
-   - [Configuring AWS CLI with SSO](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)
-
-## Setup
-
-1. **Clone the Repository**
-   ```bash
-   git clone https://github.com/your-username/aws-sso-prowler-automation.git
-   cd aws-sso-prowler-automation
-   ```
-
-2. **Create the Automation Script**
-   Create a new Bash script named `run_prowler_sso.sh` and make it executable.
-
-   ```bash
-   nano run_prowler_sso.sh
-   chmod +x run_prowler_sso.sh
-   ```
-
-3. **Add the Script Content**
-   Paste the following content into `run_prowler_sso.sh`:
-
-4. **Configure AWS SSO Profile**
-   Ensure that your AWS CLI profile (`twodragon` in this case) is correctly configured for SSO.
-
-   ```bash
-   aws configure sso --profile twodragon
-   ```
-
-   **Example Configuration Prompts:**
-   ```
-   SSO session name (Recommended): [twodragon]
-   SSO start URL [None]: https://twodragon.awsapps.com/start
-   SSO region [None]: ap-northeast-2
-   SSO account ID [None]: 123456789012
-   SSO role name [None]: ReadOnlyAccess
-   CLI default client region [None]: ap-northeast-2
-   CLI default output format [None]: json
-   CLI profile name [twodragon]: twodragon
-   ```
-
-## Script Overview
-
-The `run_prowler_sso.sh` script performs the following actions:
-
-1. **AWS SSO Login:**
-   - Initiates AWS SSO login for the specified profile.
-   - Opens the SSO authorization page in the default browser for user authentication.
-
-2. **Extract Temporary Credentials:**
-   - Locates the most recent SSO cache file containing the `accessToken`.
-   - Uses `jq` to parse and extract the `accessToken` from the cache file.
-   - Retrieves the `sso_role_name` and `sso_account_id` from the AWS CLI configuration.
-   - Obtains temporary AWS credentials (`AccessKeyId`, `SecretAccessKey`, `SessionToken`) using the extracted `accessToken`.
-
-3. **Set Environment Variables:**
-   - Exports the extracted AWS credentials as environment variables to be used by the Docker container.
-
-4. **Run Prowler:**
-   - Executes the **Prowler** Docker container, passing the AWS credentials as environment variables for security assessments.
-
-## Usage
-
-1. **Make the Script Executable**
-   Ensure the script has execute permissions.
-
-   ```bash
-   chmod +x run_prowler_sso.sh
-   ```
-
-2. **Run the Script**
-   Execute the script to start the AWS SSO login process and run Prowler.
-
-   ```bash
-   ./run_prowler_sso.sh
-   ```
-
-3. **Follow the Prompts**
-   - A browser window will open prompting you to authenticate via AWS SSO.
-   - Complete the authentication process in the browser.
-   - Upon successful login, the script will extract temporary credentials and run Prowler.
-
-4. **Review Prowler Output**
-   - Prowler will analyze your AWS environment based on the specified checks and output the results directly in the terminal.
-
-## Troubleshooting
-
-If you encounter issues during the script execution, follow these steps to diagnose and resolve them.
-
-### 1. Verify AWS CLI Version
-
-Ensure you are using AWS CLI version 2 or later.
-
-```bash
-aws --version
-```
-
-**Expected Output:**
-```
-aws-cli/2.11.10 Python/3.9.12 Darwin/20.3.0 exe/x86_64 prompt/off
-```
-
-If you are not using version 2, [install or update AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html).
-
-### 2. Confirm AWS SSO Profile Configuration
-
-Check that the `twodragon` profile is correctly configured.
-
-```bash
-aws configure list-profiles
-```
-
-**Expected Output:**
-```
-default
-twodragon
-```
-
-Review the profile details:
-
-```bash
-aws configure get sso_start_url --profile twodragon
-aws configure get sso_region --profile twodragon
-aws configure get sso_account_id --profile twodragon
-aws configure get sso_role_name --profile twodragon
-```
-
-Ensure all fields return the correct values.
-
-### 3. Check SSO Cache File
-
-Ensure that the SSO cache file contains a valid `accessToken`.
-
-```bash
-cat ~/.aws/sso/cache/*.json
-```
-
-**Example Content:**
-```json
-{
-  "accessToken": "eyJz93a...k4laUWw",
-  "expiresAt": "2024-12-22T14:07:55Z",
-  "clientId": "example-client-id",
-  "clientSecret": "example-client-secret",
-  "startUrl": "https://twodragon.awsapps.com/start#"
-}
-```
-
-If `accessToken` is `null` or missing, retry the AWS SSO login:
-
-```bash
-aws sso login --profile twodragon
-```
-
-### 4. Validate `jq` Installation
-
-Ensure that `jq` is installed and functioning correctly.
-
-```bash
-jq --version
-```
-
-**Expected Output:**
-```
-jq-1.6
-```
-
-If `jq` is not installed, install it using the instructions in the [Prerequisites](#prerequisites) section.
-
-### 5. Test Docker Environment Variables
-
-Verify that the Docker container receives the AWS credentials correctly.
-
-```bash
-docker run --platform linux/amd64 \
-    -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-    -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-    -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
-    toniblyx/prowler /bin/bash -c 'echo $AWS_ACCESS_KEY_ID; echo $AWS_SECRET_ACCESS_KEY; echo $AWS_SESSION_TOKEN'
-```
-
-**Expected Output:**
-```
-ASIA...
-wJalrFEMI/K7MDENG/bPxRfiCY...
-IQoJb3JpZ2luX2VjEHwaCXVz...
-```
-
-Ensure that none of the environment variables are empty.
-
-### 6. Review Script Output
-
-Run the script with debugging enabled to get detailed output.
-
-1. **Enable Debugging in Script**
-   Add `set -x` for verbose output.
-
-   ```bash
-   #!/bin/bash
-   set -e
-   set -x
-   # ... rest of the script ...
-   ```
-
-2. **Run the Script**
-
-   ```bash
-   ./run_prowler_sso.sh
-   ```
-
-3. **Analyze Output**
-   Look for any errors or unexpected values in the output to identify where the script is failing.
-
-## Customization
-
-You can modify the script to suit your specific needs, such as:
-
- **Changing the AWS Profile Name:**
-  Update the `PROFILE` variable at the top of the script.
-
-  ```bash
-  PROFILE="your-profile-name"
-  ```
-
- **Adding Prowler Options:**
-  Pass additional options to Prowler for customized checks or output formats.
-
-  ```bash
-  docker run --platform linux/amd64 \
-      -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-      -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-      -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
-      toniblyx/prowler -c check123 -M json
-  ```
-
-## Security Considerations
-
- **Handle Credentials Securely:**
-  - Avoid sharing or exposing your AWS credentials.
-  - Do not include sensitive information in logs or version control.
-
- **Script Permissions:**
-  - Ensure the script file has appropriate permissions to prevent unauthorized access.
-
-    ```bash
-    chmod 700 run_prowler_sso.sh
-    ```
-
- **Environment Variables:**
-  - Be cautious when exporting credentials as environment variables.
-  - Consider using more secure methods for credential management if necessary.
-
-## License
-
-This project is licensed under the [MIT License](LICENSE).
@@ -1,136 +0,0 @@
-#!/bin/bash
-set -e
-
-# Set the profile name
-PROFILE="twodragon"
-
-# Set the Prowler output directory
-OUTPUT_DIR=~/prowler-output
-mkdir -p "$OUTPUT_DIR"
-
-# Set the port for the local web server
-WEB_SERVER_PORT=8000
-
-# ----------------------------------------------
-# Functions
-# ----------------------------------------------
-
-# Function to open the HTML report in the default browser
-open_report() {
-    local report_path="$1"
-
-    if [[ "$OSTYPE" == "darwin"* ]]; then
-        open "$report_path"
-    elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
-        xdg-open "$report_path"
-    elif [[ "$OSTYPE" == "msys" ]]; then
-        start "" "$report_path"
-    else
-        echo "Automatic method to open Prowler HTML report is not supported on this OS."
-        echo "Please open the report manually at: $report_path"
-    fi
-}
-
-# Function to start a simple HTTP server to host the Prowler reports
-start_web_server() {
-    local directory="$1"
-    local port="$2"
-
-    echo "Starting local web server to host Prowler reports at http://localhost:$port"
-    echo "Press Ctrl+C to stop the web server."
-
-    # Change to the output directory
-    cd "$directory"
-
-    # Start the HTTP server in the foreground
-    # Python 3 is required
-    python3 -m http.server "$port"
-}
-
-# ----------------------------------------------
-# Main Script
-# ----------------------------------------------
-
-# AWS SSO Login
-echo "Logging into AWS SSO..."
-aws sso login --profile "$PROFILE"
-
-# Extract temporary credentials
-echo "Extracting temporary credentials..."
-
-# Find the most recently modified SSO cache file
-CACHE_FILE=$(ls -t ~/.aws/sso/cache/*.json 2>/dev/null | head -n 1)
-echo "Cache File: $CACHE_FILE"
-
-if [ -z "$CACHE_FILE" ]; then
-    echo "SSO cache file not found. Please ensure AWS SSO login was successful."
-    exit 1
-fi
-
-# Extract accessToken using jq
-ACCESS_TOKEN=$(jq -r '.accessToken' "$CACHE_FILE")
-echo "Access Token: $ACCESS_TOKEN"
-
-if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
-    echo "Unable to extract accessToken. Please check your SSO login and cache file."
-    exit 1
-fi
-
-# Extract role name and account ID from AWS CLI configuration
-ROLE_NAME=$(aws configure get sso_role_name --profile "$PROFILE")
-ACCOUNT_ID=$(aws configure get sso_account_id --profile "$PROFILE")
-echo "Role Name: $ROLE_NAME"
-echo "Account ID: $ACCOUNT_ID"
-
-if [ -z "$ROLE_NAME" ] || [ -z "$ACCOUNT_ID" ]; then
-    echo "Unable to extract sso_role_name or sso_account_id. Please check your profile configuration."
-    exit 1
-fi
-
-# Obtain temporary credentials using AWS SSO
-TEMP_CREDS=$(aws sso get-role-credentials \
-    --role-name "$ROLE_NAME" \
-    --account-id "$ACCOUNT_ID" \
-    --access-token "$ACCESS_TOKEN" \
-    --profile "$PROFILE")
-
-echo "TEMP_CREDS: $TEMP_CREDS"
-
-# Extract credentials from the JSON response
-AWS_ACCESS_KEY_ID=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.accessKeyId')
-AWS_SECRET_ACCESS_KEY=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.secretAccessKey')
-AWS_SESSION_TOKEN=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.sessionToken')
-
-# Verify that all credentials were extracted successfully
-if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ] || [ -z "$AWS_SESSION_TOKEN" ]; then
-    echo "Unable to extract temporary credentials."
-    exit 1
-fi
-
-# Export AWS credentials as environment variables
-export AWS_ACCESS_KEY_ID
-export AWS_SECRET_ACCESS_KEY
-export AWS_SESSION_TOKEN
-
-echo "AWS credentials have been set."
-
-# Run Prowler in Docker container
-echo "Running Prowler Docker container..."
-
-docker run --platform linux/amd64 \
-    -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
-    -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
-    -e AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \
-    -v "$OUTPUT_DIR":/home/prowler/output \
-    toniblyx/prowler -M html -M csv -M json-ocsf --output-directory /home/prowler/output --output-filename prowler-output
-
-echo "Prowler has finished running. Reports are saved in $OUTPUT_DIR."
-
-# Open the HTML report in the default browser
-REPORT_PATH="$OUTPUT_DIR/prowler-output.html"
-echo "Opening Prowler HTML report..."
-open_report "$REPORT_PATH" &
-
-# Start the local web server to host the Prowler dashboard
-# This will run in the foreground. To run it in the background, append an ampersand (&) at the end of the command.
-start_web_server "$OUTPUT_DIR" "$WEB_SERVER_PORT"
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: prowler-api
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "5.1.1"
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prowler-api.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prowler-api.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prowler-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prowler-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prowler-api.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prowler-api.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prowler-api.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "prowler-api.labels" -}}
-helm.sh/chart: {{ include "prowler-api.chart" . }}
-{{ include "prowler-api.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "prowler-api.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "prowler-api.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler-api.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "prowler-api.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "prowler-api.fullname" . }}-config
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-data:
-  config.yaml: |-
-    {{- toYaml .Values.mainConfig | nindent 4 }}
@@ -1,85 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "prowler-api.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler-api.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler-api.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-      {{- range $name,$config := .Values.containers }}
-      {{- if $config.enabled }}
-        - name: {{ $name }}
-          securityContext:
-            {{- toYaml $config.securityContext | nindent 12 }}
-          image: "{{ $config.image.repository }}:{{ $config.image.tag | default $.Chart.AppVersion }}"
-          imagePullPolicy: {{ $config.image.pullPolicy }}
-          envFrom:
-            - secretRef:
-                name: {{ include "prowler-api.fullname" $ }}
-          command:
-            {{- toYaml $config.command | nindent 12 }}
-          {{- if $config.ports }}
-          ports:
-            {{- toYaml $config.ports | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            {{- toYaml $config.livenessProbe | nindent 12 }}
-          readinessProbe:
-            {{- toYaml $config.readinessProbe | nindent 12 }}
-          resources:
-            {{- toYaml $config.resources | nindent 12 }}
-          volumeMounts:
-            - name: {{ include "prowler-api.fullname" $ }}-config
-              mountPath: {{ $.Values.releaseConfigRoot }}{{ $.Values.releaseConfigPath }}
-              subPath: config.yaml
-          {{- with .volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- end }}
-      {{- end }}
-      volumes:
-        - name: {{ include "prowler-api.fullname" . }}-config
-          configMap:
-            name: {{ include "prowler-api.fullname" . }}-config
-      {{- with .Values.volumes }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler-api.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- range $k, $v := .Values.secrets }}
-  {{ $k }}: {{ $v | toString | b64enc | quote }}
-  {{- end }}
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-  {{- range $name,$config := .Values.containers }}
-    {{- if $config.ports }}
-    {{- range $p := $config.ports }}
-    - port: {{ $p.containerPort }}
-      targetPort: {{ $p.containerPort }}
-      protocol: TCP
-      name: {{ $config.name }}
-    {{- end }}
-    {{- end }}
-  {{- end }}
-  selector:
-    {{- include "prowler-api.selectorLabels" . | nindent 4 }}
@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler-api.serviceAccountName" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}
@@ -1,625 +0,0 @@
-# Default values for prowler-api.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-containers:
-  prowler-api:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    ports:
-      - name: http
-        containerPort: 8080
-        protocol: TCP
-    command: ["/home/prowler/docker-entrypoint.sh", "prod"]
-  worker:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    command: ["/home/prowler/docker-entrypoint.sh", "worker"]
-  worker-beat:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    command: ["../docker-entrypoint.sh", "beat"]
-
-secrets:
-  POSTGRES_HOST:
-  POSTGRES_PORT: 5432
-  POSTGRES_ADMIN_USER:
-  POSTGRES_ADMIN_PASSWORD:
-  POSTGRES_USER:
-  POSTGRES_PASSWORD:
-  POSTGRES_DB:
-  # Valkey settings
-  VALKEY_HOST: valkey-headless
-  VALKEY_PORT: "6379"
-  VALKEY_DB: "0"
-  # Django settings
-  DJANGO_ALLOWED_HOSTS: localhost,127.0.0.1,prowler-api
-  DJANGO_BIND_ADDRESS: 0.0.0.0
-  DJANGO_PORT: "8080"
-  DJANGO_DEBUG: False
-  DJANGO_SETTINGS_MODULE: config.django.production
-  # Select one of [ndjson|human_readable]
-  DJANGO_LOGGING_FORMATTER: human_readable
-  # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
-  # Applies to both Django and Celery Workers
-  DJANGO_LOGGING_LEVEL: INFO
-  # Defaults to the maximum available based on CPU cores if not set.
-  DJANGO_WORKERS: 2
-  # Token lifetime is in minutes
-  DJANGO_ACCESS_TOKEN_LIFETIME: "30"
-  # Token lifetime is in minutes
-  DJANGO_REFRESH_TOKEN_LIFETIME: "1440"
-  DJANGO_CACHE_MAX_AGE: "3600"
-  DJANGO_STALE_WHILE_REVALIDATE: "60"
-  DJANGO_MANAGE_DB_PARTITIONS: "False"
-  # openssl genrsa -out private.pem 2048
-  DJANGO_TOKEN_SIGNING_KEY:
-  # openssl rsa -in private.pem -pubout -out public.pem
-  DJANGO_TOKEN_VERIFYING_KEY:
-  # openssl rand -base64 32
-  DJANGO_SECRETS_ENCRYPTION_KEY:
-  DJANGO_BROKER_VISIBILITY_TIMEOUT: 86400
-
-releaseConfigRoot: /home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/
-releaseConfigPath: prowler/config/config.yaml
-
-mainConfig:
-  # AWS Configuration
-  aws:
-    # AWS Global Configuration
-    # aws.mute_non_default_regions --> Set to True to muted failed findings in non-default regions for AccessAnalyzer, GuardDuty, SecurityHub, DRS and Config
-    mute_non_default_regions: False
-    # If you want to mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w mutelist.yaml`:
-    # Mutelist:
-    #  Accounts:
-    #   "*":
-    #     Checks:
-    #       "*":
-    #         Regions:
-    #           - "ap-southeast-1"
-    #           - "ap-southeast-2"
-    #         Resources:
-    #           - "*"
-
-    # AWS IAM Configuration
-    # aws.iam_user_accesskey_unused --> CIS recommends 45 days
-    max_unused_access_keys_days: 45
-    # aws.iam_user_console_access_unused --> CIS recommends 45 days
-    max_console_access_days: 45
-
-    # AWS EC2 Configuration
-    # aws.ec2_elastic_ip_shodan
-    # TODO: create common config
-    shodan_api_key: null
-    # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
-    max_security_group_rules: 50
-    # aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
-    max_ec2_instance_age_in_days: 180
-    # aws.ec2_securitygroup_allow_ingress_from_internet_to_any_port
-    # allowed network interface types for security groups open to the Internet
-    ec2_allowed_interface_types:
-      [
-          "api_gateway_managed",
-          "vpc_endpoint",
-      ]
-    # allowed network interface owners for security groups open to the Internet
-    ec2_allowed_instance_owners:
-      [
-          "amazon-elb"
-      ]
-    # aws.ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
-    ec2_high_risk_ports:
-      [
-          25,
-          110,
-          135,
-          143,
-          445,
-          3000,
-          4333,
-          5000,
-          5500,
-          8080,
-          8088,
-      ]
-
-    # AWS ECS Configuration
-    # aws.ecs_service_fargate_latest_platform_version
-    fargate_linux_latest_version: "1.4.0"
-    fargate_windows_latest_version: "1.0.0"
-
-    # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-    # AWS SSM Configuration (aws.ssm_documents_set_as_public)
-    # Single account environment: No action required. The AWS account number will be automatically added by the checks.
-    # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
-    # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
-    trusted_account_ids: []
-
-    # AWS Cloudwatch Configuration
-    # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
-    log_group_retention_days: 365
-
-    # AWS CloudFormation Configuration
-    # cloudformation_stack_cdktoolkit_bootstrap_version --> by default is 21
-    recommended_cdk_bootstrap_version: 21
-
-    # AWS AppStream Session Configuration
-    # aws.appstream_fleet_session_idle_disconnect_timeout
-    max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
-    # aws.appstream_fleet_session_disconnect_timeout
-    max_disconnect_timeout_in_seconds: 300 # 5 Minutes
-    # aws.appstream_fleet_maximum_session_duration
-    max_session_duration_seconds: 36000 # 10 Hours
-
-    # AWS Lambda Configuration
-    # aws.awslambda_function_using_supported_runtimes
-    obsolete_lambda_runtimes:
-      [
-        "java8",
-        "go1.x",
-        "provided",
-        "python3.6",
-        "python2.7",
-        "python3.7",
-        "nodejs4.3",
-        "nodejs4.3-edge",
-        "nodejs6.10",
-        "nodejs",
-        "nodejs8.10",
-        "nodejs10.x",
-        "nodejs12.x",
-        "nodejs14.x",
-        "nodejs16.x",
-        "dotnet5.0",
-        "dotnet7",
-        "dotnetcore1.0",
-        "dotnetcore2.0",
-        "dotnetcore2.1",
-        "dotnetcore3.1",
-        "ruby2.5",
-        "ruby2.7",
-      ]
-    # aws.awslambda_function_vpc_is_in_multi_azs
-    lambda_min_azs: 2
-
-    # AWS Organizations
-    # aws.organizations_scp_check_deny_regions
-    # aws.organizations_enabled_regions: [
-    #   "eu-central-1",
-    #   "eu-west-1",
-    #   "us-east-1"
-    # ]
-    organizations_enabled_regions: []
-    organizations_trusted_delegated_administrators: []
-
-    # AWS ECR
-    # aws.ecr_repositories_scan_vulnerabilities_in_latest_image
-    # CRITICAL
-    # HIGH
-    # MEDIUM
-    ecr_repository_vulnerability_minimum_severity: "MEDIUM"
-
-    # AWS Trusted Advisor
-    # aws.trustedadvisor_premium_support_plan_subscribed
-    verify_premium_support_plans: True
-
-    # AWS CloudTrail Configuration
-    # aws.cloudtrail_threat_detection_privilege_escalation
-    threat_detection_privilege_escalation_threshold: 0.2 # Percentage of actions found to decide if it is an privilege_escalation attack event, by default is 0.2 (20%)
-    threat_detection_privilege_escalation_minutes: 1440 # Past minutes to search from now for privilege_escalation attacks, by default is 1440 minutes (24 hours)
-    threat_detection_privilege_escalation_actions:
-      [
-        "AddPermission",
-        "AddRoleToInstanceProfile",
-        "AddUserToGroup",
-        "AssociateAccessPolicy",
-        "AssumeRole",
-        "AttachGroupPolicy",
-        "AttachRolePolicy",
-        "AttachUserPolicy",
-        "ChangePassword",
-        "CreateAccessEntry",
-        "CreateAccessKey",
-        "CreateDevEndpoint",
-        "CreateEventSourceMapping",
-        "CreateFunction",
-        "CreateGroup",
-        "CreateJob",
-        "CreateKeyPair",
-        "CreateLoginProfile",
-        "CreatePipeline",
-        "CreatePolicyVersion",
-        "CreateRole",
-        "CreateStack",
-        "DeleteRolePermissionsBoundary",
-        "DeleteRolePolicy",
-        "DeleteUserPermissionsBoundary",
-        "DeleteUserPolicy",
-        "DetachRolePolicy",
-        "DetachUserPolicy",
-        "GetCredentialsForIdentity",
-        "GetId",
-        "GetPolicyVersion",
-        "GetUserPolicy",
-        "Invoke",
-        "ModifyInstanceAttribute",
-        "PassRole",
-        "PutGroupPolicy",
-        "PutPipelineDefinition",
-        "PutRolePermissionsBoundary",
-        "PutRolePolicy",
-        "PutUserPermissionsBoundary",
-        "PutUserPolicy",
-        "ReplaceIamInstanceProfileAssociation",
-        "RunInstances",
-        "SetDefaultPolicyVersion",
-        "UpdateAccessKey",
-        "UpdateAssumeRolePolicy",
-        "UpdateDevEndpoint",
-        "UpdateEventSourceMapping",
-        "UpdateFunctionCode",
-        "UpdateJob",
-        "UpdateLoginProfile",
-      ]
-    # aws.cloudtrail_threat_detection_enumeration
-    threat_detection_enumeration_threshold: 0.3 # Percentage of actions found to decide if it is an enumeration attack event, by default is 0.3 (30%)
-    threat_detection_enumeration_minutes: 1440 # Past minutes to search from now for enumeration attacks, by default is 1440 minutes (24 hours)
-    threat_detection_enumeration_actions:
-      [
-        "DescribeAccessEntry",
-        "DescribeAccountAttributes",
-        "DescribeAvailabilityZones",
-        "DescribeBundleTasks",
-        "DescribeCarrierGateways",
-        "DescribeClientVpnRoutes",
-        "DescribeCluster",
-        "DescribeDhcpOptions",
-        "DescribeFlowLogs",
-        "DescribeImages",
-        "DescribeInstanceAttribute",
-        "DescribeInstanceInformation",
-        "DescribeInstanceTypes",
-        "DescribeInstances",
-        "DescribeInstances",
-        "DescribeKeyPairs",
-        "DescribeLogGroups",
-        "DescribeLogStreams",
-        "DescribeOrganization",
-        "DescribeRegions",
-        "DescribeSecurityGroups",
-        "DescribeSnapshotAttribute",
-        "DescribeSnapshotTierStatus",
-        "DescribeSubscriptionFilters",
-        "DescribeTransitGatewayMulticastDomains",
-        "DescribeVolumes",
-        "DescribeVolumesModifications",
-        "DescribeVpcEndpointConnectionNotifications",
-        "DescribeVpcs",
-        "GetAccount",
-        "GetAccountAuthorizationDetails",
-        "GetAccountSendingEnabled",
-        "GetBucketAcl",
-        "GetBucketLogging",
-        "GetBucketPolicy",
-        "GetBucketReplication",
-        "GetBucketVersioning",
-        "GetCallerIdentity",
-        "GetCertificate",
-        "GetConsoleScreenshot",
-        "GetCostAndUsage",
-        "GetDetector",
-        "GetEbsDefaultKmsKeyId",
-        "GetEbsEncryptionByDefault",
-        "GetFindings",
-        "GetFlowLogsIntegrationTemplate",
-        "GetIdentityVerificationAttributes",
-        "GetInstances",
-        "GetIntrospectionSchema",
-        "GetLaunchTemplateData",
-        "GetLaunchTemplateData",
-        "GetLogRecord",
-        "GetParameters",
-        "GetPolicyVersion",
-        "GetPublicAccessBlock",
-        "GetQueryResults",
-        "GetRegions",
-        "GetSMSAttributes",
-        "GetSMSSandboxAccountStatus",
-        "GetSendQuota",
-        "GetTransitGatewayRouteTableAssociations",
-        "GetUserPolicy",
-        "HeadObject",
-        "ListAccessKeys",
-        "ListAccounts",
-        "ListAllMyBuckets",
-        "ListAssociatedAccessPolicies",
-        "ListAttachedUserPolicies",
-        "ListClusters",
-        "ListDetectors",
-        "ListDomains",
-        "ListFindings",
-        "ListHostedZones",
-        "ListIPSets",
-        "ListIdentities",
-        "ListInstanceProfiles",
-        "ListObjects",
-        "ListOrganizationalUnitsForParent",
-        "ListOriginationNumbers",
-        "ListPolicyVersions",
-        "ListRoles",
-        "ListRoles",
-        "ListRules",
-        "ListServiceQuotas",
-        "ListSubscriptions",
-        "ListTargetsByRule",
-        "ListTopics",
-        "ListUsers",
-        "LookupEvents",
-        "Search",
-      ]
-    # aws.cloudtrail_threat_detection_llm_jacking
-    threat_detection_llm_jacking_threshold: 0.4 # Percentage of actions found to decide if it is an LLM Jacking attack event, by default is 0.4 (40%)
-    threat_detection_llm_jacking_minutes: 1440 # Past minutes to search from now for LLM Jacking attacks, by default is 1440 minutes (24 hours)
-    threat_detection_llm_jacking_actions:
-      [
-      "PutUseCaseForModelAccess",  # Submits a use case for model access, providing justification (Write).
-      "PutFoundationModelEntitlement",  # Grants entitlement for accessing a foundation model (Write).
-      "PutModelInvocationLoggingConfiguration", # Configures logging for model invocations (Write).
-      "CreateFoundationModelAgreement",  # Creates a new agreement to use a foundation model (Write).
-      "InvokeModel",  # Invokes a specified Bedrock model for inference using provided prompt and parameters (Read).
-      "InvokeModelWithResponseStream",  # Invokes a Bedrock model for inference with real-time token streaming (Read).
-      "GetUseCaseForModelAccess",  # Retrieves an existing use case for model access (Read).
-      "GetModelInvocationLoggingConfiguration",  # Fetches the logging configuration for model invocations (Read).
-      "GetFoundationModelAvailability",  # Checks the availability of a foundation model for use (Read).
-      "ListFoundationModelAgreementOffers",  # Lists available agreement offers for accessing foundation models (List).
-      "ListFoundationModels",  # Lists the available foundation models in Bedrock (List).
-      "ListProvisionedModelThroughputs",  # Lists the provisioned throughput for previously created models (List).
-      ]
-
-    # AWS RDS Configuration
-    # aws.rds_instance_backup_enabled
-    # Whether to check RDS instance replicas or not
-    check_rds_instance_replicas: False
-
-    # AWS ACM Configuration
-    # aws.acm_certificates_expiration_check
-    days_to_expire_threshold: 7
-    # aws.acm_certificates_with_secure_key_algorithms
-    insecure_key_algorithms:
-      [
-        "RSA-1024",
-        "P-192",
-        "SHA-1",
-      ]
-
-    # AWS EKS Configuration
-    # aws.eks_control_plane_logging_all_types_enabled
-    # EKS control plane logging types that must be enabled
-    eks_required_log_types:
-      [
-        "api",
-        "audit",
-        "authenticator",
-        "controllerManager",
-        "scheduler",
-      ]
-
-    # aws.eks_cluster_uses_a_supported_version
-    # EKS clusters must be version 1.28 or higher
-    eks_cluster_oldest_version_supported: "1.28"
-
-    # AWS CodeBuild Configuration
-    # aws.codebuild_project_no_secrets_in_variables
-    # CodeBuild sensitive variables that are excluded from the check
-    excluded_sensitive_environment_variables:
-      [
-
-      ]
-
-    # AWS ELB Configuration
-    # aws.elb_is_in_multiple_az
-    # Minimum number of Availability Zones that an CLB must be in
-    elb_min_azs: 2
-
-    # AWS ELBv2 Configuration
-    # aws.elbv2_is_in_multiple_az
-    # Minimum number of Availability Zones that an ELBv2 must be in
-    elbv2_min_azs: 2
-
-
-    # AWS Secrets Configuration
-    # Patterns to ignore in the secrets checks
-    secrets_ignore_patterns: []
-
-    # AWS Secrets Manager Configuration
-    # aws.secretsmanager_secret_unused
-    # Maximum number of days a secret can be unused
-    max_days_secret_unused: 90
-
-    # aws.secretsmanager_secret_rotated_periodically
-    # Maximum number of days a secret should be rotated
-    max_days_secret_unrotated: 90
-
-    # AWS Kinesis Configuration
-    # Minimum retention period in hours for Kinesis streams
-    min_kinesis_stream_retention_hours: 168 # 7 days
-
-
-  # Azure Configuration
-  azure:
-    # Azure Network Configuration
-    # azure.network_public_ip_shodan
-    # TODO: create common config
-    shodan_api_key: null
-
-    # Azure App Service
-    # azure.app_ensure_php_version_is_latest
-    php_latest_version: "8.2"
-    # azure.app_ensure_python_version_is_latest
-    python_latest_version: "3.12"
-    # azure.app_ensure_java_version_is_latest
-    java_latest_version: "17"
-
-    # Azure SQL Server
-    # azure.sqlserver_minimal_tls_version
-    recommended_minimal_tls_versions:
-      [
-        "1.2",
-        "1.3",
-      ]
-
-  # GCP Configuration
-  gcp:
-    # GCP Compute Configuration
-    # gcp.compute_public_address_shodan
-    shodan_api_key: null
-
-  # Kubernetes Configuration
-  kubernetes:
-    # Kubernetes API Server
-    # kubernetes.apiserver_audit_log_maxbackup_set
-    audit_log_maxbackup: 10
-    # kubernetes.apiserver_audit_log_maxsize_set
-    audit_log_maxsize: 100
-    # kubernetes.apiserver_audit_log_maxage_set
-    audit_log_maxage: 30
-    # kubernetes.apiserver_strong_ciphers_only
-    apiserver_strong_ciphers:
-      [
-        "TLS_AES_128_GCM_SHA256",
-        "TLS_AES_256_GCM_SHA384",
-        "TLS_CHACHA20_POLY1305_SHA256",
-      ]
-    # Kubelet
-    # kubernetes.kubelet_strong_ciphers_only
-    kubelet_strong_ciphers:
-      [
-        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
-        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        "TLS_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_RSA_WITH_AES_128_GCM_SHA256",
-      ]
-
-
-# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-#This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 80
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-
-#This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: prowler-ui
-description: A Helm chart for Kubernetes
-type: application
-version: 0.1.0
-appVersion: "5.1.1"
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prowler-ui.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prowler-ui.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prowler-ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prowler-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prowler-ui.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prowler-ui.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prowler-ui.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "prowler-ui.labels" -}}
-helm.sh/chart: {{ include "prowler-ui.chart" . }}
-{{ include "prowler-ui.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "prowler-ui.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "prowler-ui.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler-ui.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "prowler-ui.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "prowler-ui.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler-ui.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler-ui.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-            - secretRef:
-                name: {{ include "prowler-ui.fullname" $ }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            {{- toYaml .Values.livenessProbe | nindent 12 }}
-          readinessProbe:
-            {{- toYaml .Values.readinessProbe | nindent 12 }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler-ui.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- range $k, $v := .Values.secrets }}
-  {{ $k }}: {{ $v | toString | b64enc | quote }}
-  {{- end }}
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "prowler-ui.selectorLabels" . | nindent 4 }}
@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler-ui.serviceAccountName" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}
@@ -1,132 +0,0 @@
-# Default values for prowler-ui.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-image:
-  repository: prowlercloud/prowler-ui
-  # This sets the pull policy for images.
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-secrets:
-  SITE_URL: http://localhost:3000
-  API_BASE_URL: http://prowler-api:8080/api/v1
-  NEXT_PUBLIC_API_DOCS_URL: http://prowler-api:8080/api/v1/docs
-  AUTH_TRUST_HOST: True
-  UI_PORT: 3000
-  # openssl rand -base64 32
-  AUTH_SECRET:
-
-#This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 3000
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-
-#This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pedrooot	b0141aad21	feat(only_logs): remove from parser	2024-11-28 15:37:33 +01:00
pedrooot	6f60d80b2c	feat(only_logs): deprecate only_logs tag	2024-11-28 14:37:52 +01:00