prowler-cloud 5.13.1__py3-none-any.whl → 5.14.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (295) hide show
  1. dashboard/__main__.py +2 -1
  2. dashboard/compliance/c5_azure.py +43 -0
  3. dashboard/compliance/fedramp_20x_ksi_low_aws.py +46 -0
  4. dashboard/compliance/fedramp_20x_ksi_low_azure.py +46 -0
  5. dashboard/compliance/fedramp_20x_ksi_low_gcp.py +46 -0
  6. dashboard/compliance/hipaa_gcp.py +25 -0
  7. dashboard/compliance/nist_csf_2_0_aws.py +24 -0
  8. dashboard/compliance/prowler_threatscore_kubernetes.py +28 -0
  9. prowler/AGENTS.md +366 -0
  10. prowler/CHANGELOG.md +85 -2
  11. prowler/__main__.py +54 -7
  12. prowler/compliance/aws/ens_rd2022_aws.json +1 -1
  13. prowler/compliance/aws/fedramp_20x_ksi_low_aws.json +347 -0
  14. prowler/compliance/aws/nis2_aws.json +1 -1
  15. prowler/compliance/aws/nist_csf_2.0_aws.json +1781 -0
  16. prowler/compliance/azure/c5_azure.json +9471 -0
  17. prowler/compliance/azure/ens_rd2022_azure.json +1 -1
  18. prowler/compliance/azure/fedramp_20x_ksi_low_azure.json +358 -0
  19. prowler/compliance/azure/nis2_azure.json +1 -1
  20. prowler/compliance/gcp/c5_gcp.json +9401 -0
  21. prowler/compliance/gcp/ens_rd2022_gcp.json +1 -1
  22. prowler/compliance/gcp/fedramp_20x_ksi_low_gcp.json +293 -0
  23. prowler/compliance/gcp/hipaa_gcp.json +415 -0
  24. prowler/compliance/gcp/nis2_gcp.json +1 -1
  25. prowler/compliance/github/cis_1.0_github.json +6 -2
  26. prowler/compliance/kubernetes/prowler_threatscore_kubernetes.json +1269 -0
  27. prowler/compliance/m365/prowler_threatscore_m365.json +6 -6
  28. prowler/compliance/{oci/cis_3.0_oci.json → oraclecloud/cis_3.0_oraclecloud.json} +1 -1
  29. prowler/config/config.py +59 -5
  30. prowler/config/config.yaml +3 -0
  31. prowler/lib/check/check.py +1 -9
  32. prowler/lib/check/checks_loader.py +65 -1
  33. prowler/lib/check/models.py +12 -2
  34. prowler/lib/check/utils.py +1 -7
  35. prowler/lib/cli/parser.py +17 -7
  36. prowler/lib/mutelist/mutelist.py +15 -7
  37. prowler/lib/outputs/compliance/c5/c5_azure.py +92 -0
  38. prowler/lib/outputs/compliance/c5/c5_gcp.py +92 -0
  39. prowler/lib/outputs/compliance/c5/models.py +54 -0
  40. prowler/lib/outputs/compliance/cis/{cis_oci.py → cis_oraclecloud.py} +7 -7
  41. prowler/lib/outputs/compliance/cis/models.py +3 -3
  42. prowler/lib/outputs/compliance/prowler_threatscore/models.py +29 -0
  43. prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_kubernetes.py +98 -0
  44. prowler/lib/outputs/finding.py +16 -5
  45. prowler/lib/outputs/html/html.py +10 -8
  46. prowler/lib/outputs/outputs.py +1 -1
  47. prowler/lib/outputs/summary_table.py +1 -1
  48. prowler/lib/powershell/powershell.py +12 -11
  49. prowler/lib/scan/scan.py +105 -24
  50. prowler/lib/utils/utils.py +1 -1
  51. prowler/providers/aws/aws_regions_by_service.json +73 -15
  52. prowler/providers/aws/lib/quick_inventory/quick_inventory.py +1 -1
  53. prowler/providers/aws/lib/security_hub/security_hub.py +1 -1
  54. prowler/providers/aws/services/account/account_service.py +1 -1
  55. prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +1 -3
  56. prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured.metadata.json +23 -12
  57. prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled.metadata.json +21 -12
  58. prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +23 -12
  59. prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +24 -12
  60. prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +21 -12
  61. prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +17 -11
  62. prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.metadata.json +20 -12
  63. prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled.metadata.json +22 -13
  64. prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json +22 -17
  65. prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_not_publicly_accessible/cloudwatch_log_group_not_publicly_accessible.metadata.json +18 -12
  66. prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled.metadata.json +27 -13
  67. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +20 -12
  68. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +22 -12
  69. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +25 -12
  70. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +23 -12
  71. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.metadata.json +17 -12
  72. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +21 -12
  73. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +21 -12
  74. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +27 -12
  75. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +22 -12
  76. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +26 -12
  77. prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +25 -12
  78. prowler/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled.metadata.json +20 -11
  79. prowler/providers/aws/services/codebuild/codebuild_project_logging_enabled/codebuild_project_logging_enabled.metadata.json +22 -12
  80. prowler/providers/aws/services/codebuild/codebuild_project_no_secrets_in_variables/codebuild_project_no_secrets_in_variables.metadata.json +28 -12
  81. prowler/providers/aws/services/codebuild/codebuild_project_not_publicly_accessible/codebuild_project_not_publicly_accessible.metadata.json +22 -12
  82. prowler/providers/aws/services/codebuild/codebuild_project_older_90_days/codebuild_project_older_90_days.metadata.json +15 -10
  83. prowler/providers/aws/services/codebuild/codebuild_project_s3_logs_encrypted/codebuild_project_s3_logs_encrypted.metadata.json +19 -11
  84. prowler/providers/aws/services/codebuild/codebuild_project_source_repo_url_no_sensitive_credentials/codebuild_project_source_repo_url_no_sensitive_credentials.metadata.json +21 -12
  85. prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.metadata.json +19 -12
  86. prowler/providers/aws/services/codebuild/codebuild_project_uses_allowed_github_organizations/codebuild_project_uses_allowed_github_organizations.metadata.json +24 -13
  87. prowler/providers/aws/services/codebuild/codebuild_report_group_export_encrypted/codebuild_report_group_export_encrypted.metadata.json +35 -13
  88. prowler/providers/aws/services/codepipeline/__init__.py +0 -0
  89. prowler/providers/aws/services/codepipeline/codepipeline_client.py +6 -0
  90. prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/__init__.py +0 -0
  91. prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/codepipeline_project_repo_private.metadata.json +30 -0
  92. prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/codepipeline_project_repo_private.py +95 -0
  93. prowler/providers/aws/services/codepipeline/codepipeline_service.py +164 -0
  94. prowler/providers/aws/services/directconnect/directconnect_connection_redundancy/directconnect_connection_redundancy.metadata.json +18 -12
  95. prowler/providers/aws/services/directconnect/directconnect_virtual_interface_redundancy/directconnect_virtual_interface_redundancy.metadata.json +18 -12
  96. prowler/providers/aws/services/documentdb/documentdb_cluster_backup_enabled/documentdb_cluster_backup_enabled.metadata.json +24 -13
  97. prowler/providers/aws/services/documentdb/documentdb_cluster_cloudwatch_log_export/documentdb_cluster_cloudwatch_log_export.metadata.json +23 -13
  98. prowler/providers/aws/services/documentdb/documentdb_cluster_deletion_protection/documentdb_cluster_deletion_protection.metadata.json +24 -13
  99. prowler/providers/aws/services/documentdb/documentdb_cluster_multi_az_enabled/documentdb_cluster_multi_az_enabled.metadata.json +19 -13
  100. prowler/providers/aws/services/documentdb/documentdb_cluster_public_snapshot/documentdb_cluster_public_snapshot.metadata.json +20 -10
  101. prowler/providers/aws/services/documentdb/documentdb_cluster_storage_encrypted/documentdb_cluster_storage_encrypted.metadata.json +26 -13
  102. prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.metadata.json +20 -10
  103. prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled.metadata.json +18 -11
  104. prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_in_transit_encryption_enabled/dynamodb_accelerator_cluster_in_transit_encryption_enabled.metadata.json +16 -11
  105. prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_multi_az/dynamodb_accelerator_cluster_multi_az.metadata.json +21 -13
  106. prowler/providers/aws/services/dynamodb/dynamodb_table_autoscaling_enabled/dynamodb_table_autoscaling_enabled.metadata.json +20 -12
  107. prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +17 -10
  108. prowler/providers/aws/services/dynamodb/dynamodb_table_deletion_protection_enabled/dynamodb_table_deletion_protection_enabled.metadata.json +21 -13
  109. prowler/providers/aws/services/dynamodb/dynamodb_table_protected_by_backup_plan/dynamodb_table_protected_by_backup_plan.metadata.json +18 -12
  110. prowler/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled.metadata.json +18 -12
  111. prowler/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled.metadata.json +19 -12
  112. prowler/providers/aws/services/ecr/ecr_registry_scan_images_on_push_enabled/ecr_registry_scan_images_on_push_enabled.metadata.json +16 -11
  113. prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.metadata.json +22 -13
  114. prowler/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json +19 -13
  115. prowler/providers/aws/services/ecr/ecr_repositories_scan_images_on_push_enabled/ecr_repositories_scan_images_on_push_enabled.metadata.json +21 -13
  116. prowler/providers/aws/services/ecr/ecr_repositories_scan_vulnerabilities_in_latest_image/ecr_repositories_scan_vulnerabilities_in_latest_image.metadata.json +22 -12
  117. prowler/providers/aws/services/ecr/ecr_repositories_tag_immutability/ecr_repositories_tag_immutability.metadata.json +20 -12
  118. prowler/providers/aws/services/ecs/ecs_cluster_container_insights_enabled/ecs_cluster_container_insights_enabled.metadata.json +21 -11
  119. prowler/providers/aws/services/ecs/ecs_service_fargate_latest_platform_version/ecs_service_fargate_latest_platform_version.metadata.json +20 -11
  120. prowler/providers/aws/services/ecs/ecs_service_no_assign_public_ip/ecs_service_no_assign_public_ip.metadata.json +18 -12
  121. prowler/providers/aws/services/ecs/ecs_task_definitions_containers_readonly_access/ecs_task_definitions_containers_readonly_access.metadata.json +20 -13
  122. prowler/providers/aws/services/ecs/ecs_task_definitions_host_namespace_not_shared/ecs_task_definitions_host_namespace_not_shared.metadata.json +21 -13
  123. prowler/providers/aws/services/ecs/ecs_task_definitions_host_networking_mode_users/ecs_task_definitions_host_networking_mode_users.metadata.json +26 -13
  124. prowler/providers/aws/services/ecs/ecs_task_definitions_logging_block_mode/ecs_task_definitions_logging_block_mode.metadata.json +19 -12
  125. prowler/providers/aws/services/ecs/ecs_task_definitions_logging_enabled/ecs_task_definitions_logging_enabled.metadata.json +18 -12
  126. prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json +16 -12
  127. prowler/providers/aws/services/ecs/ecs_task_definitions_no_privileged_containers/ecs_task_definitions_no_privileged_containers.metadata.json +21 -14
  128. prowler/providers/aws/services/ecs/ecs_task_set_no_assign_public_ip/ecs_task_set_no_assign_public_ip.metadata.json +19 -13
  129. prowler/providers/aws/services/eks/eks_cluster_deletion_protection_enabled/eks_cluster_deletion_protection_enabled.metadata.json +20 -13
  130. prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.metadata.json +20 -13
  131. prowler/providers/aws/services/eks/eks_cluster_network_policy_enabled/eks_cluster_network_policy_enabled.metadata.json +20 -14
  132. prowler/providers/aws/services/eks/eks_cluster_not_publicly_accessible/eks_cluster_not_publicly_accessible.metadata.json +22 -13
  133. prowler/providers/aws/services/eks/eks_cluster_private_nodes_enabled/eks_cluster_private_nodes_enabled.metadata.json +19 -13
  134. prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.metadata.json +21 -12
  135. prowler/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json +20 -13
  136. prowler/providers/aws/services/elasticache/elasticache_cluster_uses_public_subnet/elasticache_cluster_uses_public_subnet.metadata.json +20 -12
  137. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_auto_minor_version_upgrades/elasticache_redis_cluster_auto_minor_version_upgrades.metadata.json +21 -12
  138. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_automatic_failover_enabled/elasticache_redis_cluster_automatic_failover_enabled.metadata.json +20 -13
  139. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_backup_enabled/elasticache_redis_cluster_backup_enabled.metadata.json +23 -13
  140. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_in_transit_encryption_enabled/elasticache_redis_cluster_in_transit_encryption_enabled.metadata.json +21 -12
  141. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_multi_az_enabled/elasticache_redis_cluster_multi_az_enabled.metadata.json +22 -14
  142. prowler/providers/aws/services/elasticache/elasticache_redis_cluster_rest_encryption_enabled/elasticache_redis_cluster_rest_encryption_enabled.metadata.json +20 -11
  143. prowler/providers/aws/services/elasticache/elasticache_redis_replication_group_auth_enabled/elasticache_redis_replication_group_auth_enabled.metadata.json +23 -13
  144. prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_cloudwatch_logging_enabled/elasticbeanstalk_environment_cloudwatch_logging_enabled.metadata.json +18 -12
  145. prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_enhanced_health_reporting/elasticbeanstalk_environment_enhanced_health_reporting.metadata.json +17 -12
  146. prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_managed_updates_enabled/elasticbeanstalk_environment_managed_updates_enabled.metadata.json +17 -11
  147. prowler/providers/aws/services/elb/elb_connection_draining_enabled/elb_connection_draining_enabled.metadata.json +22 -13
  148. prowler/providers/aws/services/elb/elb_cross_zone_load_balancing_enabled/elb_cross_zone_load_balancing_enabled.metadata.json +24 -13
  149. prowler/providers/aws/services/elb/elb_desync_mitigation_mode/elb_desync_mitigation_mode.metadata.json +20 -11
  150. prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.metadata.json +20 -10
  151. prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.metadata.json +20 -11
  152. prowler/providers/aws/services/elb/elb_is_in_multiple_az/elb_is_in_multiple_az.metadata.json +20 -12
  153. prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json +19 -12
  154. prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.metadata.json +19 -11
  155. prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.metadata.json +17 -12
  156. prowler/providers/aws/services/elbv2/elbv2_cross_zone_load_balancing_enabled/elbv2_cross_zone_load_balancing_enabled.metadata.json +21 -13
  157. prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.metadata.json +19 -11
  158. prowler/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode.metadata.json +21 -12
  159. prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.metadata.json +18 -11
  160. prowler/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json +17 -10
  161. prowler/providers/aws/services/elbv2/elbv2_is_in_multiple_az/elbv2_is_in_multiple_az.metadata.json +22 -13
  162. prowler/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath.metadata.json +18 -12
  163. prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.metadata.json +17 -12
  164. prowler/providers/aws/services/elbv2/elbv2_nlb_tls_termination_enabled/elbv2_nlb_tls_termination_enabled.metadata.json +18 -11
  165. prowler/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners.metadata.json +18 -12
  166. prowler/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached.metadata.json +16 -11
  167. prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.metadata.json +21 -13
  168. prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.metadata.json +24 -11
  169. prowler/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible.metadata.json +18 -11
  170. prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +26 -13
  171. prowler/providers/aws/services/eventbridge/eventbridge_bus_exposed/eventbridge_bus_exposed.metadata.json +21 -11
  172. prowler/providers/aws/services/eventbridge/eventbridge_global_endpoint_event_replication_enabled/eventbridge_global_endpoint_event_replication_enabled.metadata.json +24 -13
  173. prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +26 -14
  174. prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.metadata.json +26 -15
  175. prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.py +15 -16
  176. prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.metadata.json +23 -11
  177. prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_backups_enabled/fsx_file_system_copy_tags_to_backups_enabled.metadata.json +19 -12
  178. prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_volumes_enabled/fsx_file_system_copy_tags_to_volumes_enabled.metadata.json +17 -12
  179. prowler/providers/aws/services/fsx/fsx_windows_file_system_multi_az_enabled/fsx_windows_file_system_multi_az_enabled.metadata.json +22 -13
  180. prowler/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access.metadata.json +21 -12
  181. prowler/providers/aws/services/iam/lib/policy.py +24 -16
  182. prowler/providers/aws/services/kinesis/kinesis_stream_data_retention_period/kinesis_stream_data_retention_period.metadata.json +21 -13
  183. prowler/providers/aws/services/kinesis/kinesis_stream_encrypted_at_rest/kinesis_stream_encrypted_at_rest.metadata.json +22 -13
  184. prowler/providers/azure/services/cosmosdb/cosmosdb_service.py +7 -2
  185. prowler/providers/azure/services/defender/defender_service.py +4 -2
  186. prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/__init__.py +0 -0
  187. prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +36 -0
  188. prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py +43 -0
  189. prowler/providers/azure/services/postgresql/postgresql_service.py +66 -9
  190. prowler/providers/azure/services/storage/storage_service.py +13 -4
  191. prowler/providers/azure/services/vm/vm_service.py +4 -7
  192. prowler/providers/common/arguments.py +19 -16
  193. prowler/providers/common/provider.py +2 -18
  194. prowler/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled.metadata.json +16 -15
  195. prowler/providers/gcp/services/cloudresourcemanager/cloudresourcemanager_service.py +30 -4
  196. prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/__init__.py +0 -0
  197. prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/cloudstorage_audit_logs_enabled.metadata.json +36 -0
  198. prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/cloudstorage_audit_logs_enabled.py +61 -0
  199. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_log_retention_policy_lock/cloudstorage_bucket_log_retention_policy_lock.metadata.json +12 -9
  200. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_log_retention_policy_lock/cloudstorage_bucket_log_retention_policy_lock.py +10 -3
  201. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/__init__.py +0 -0
  202. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/cloudstorage_bucket_logging_enabled.metadata.json +36 -0
  203. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/cloudstorage_bucket_logging_enabled.py +40 -0
  204. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/__init__.py +0 -0
  205. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/cloudstorage_bucket_soft_delete_enabled.metadata.json +36 -0
  206. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/cloudstorage_bucket_soft_delete_enabled.py +31 -0
  207. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/__init__.py +0 -0
  208. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/cloudstorage_bucket_sufficient_retention_period.metadata.json +35 -0
  209. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/cloudstorage_bucket_sufficient_retention_period.py +55 -0
  210. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/__init__.py +0 -0
  211. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/cloudstorage_bucket_versioning_enabled.metadata.json +36 -0
  212. prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/cloudstorage_bucket_versioning_enabled.py +30 -0
  213. prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +48 -2
  214. prowler/providers/github/services/organization/organization_default_repository_permission_strict/__init__.py +0 -0
  215. prowler/providers/github/services/organization/organization_default_repository_permission_strict/organization_default_repository_permission_strict.metadata.json +35 -0
  216. prowler/providers/github/services/organization/organization_default_repository_permission_strict/organization_default_repository_permission_strict.py +36 -0
  217. prowler/providers/github/services/organization/organization_members_mfa_required/organization_members_mfa_required.metadata.json +14 -8
  218. prowler/providers/github/services/organization/organization_repository_creation_limited/__init__.py +0 -0
  219. prowler/providers/github/services/organization/organization_repository_creation_limited/organization_repository_creation_limited.metadata.json +30 -0
  220. prowler/providers/github/services/organization/organization_repository_creation_limited/organization_repository_creation_limited.py +106 -0
  221. prowler/providers/github/services/organization/organization_service.py +84 -10
  222. prowler/providers/iac/iac_provider.py +279 -55
  223. prowler/providers/kubernetes/services/etcd/etcd_client_cert_auth/etcd_client_cert_auth.metadata.json +18 -13
  224. prowler/providers/kubernetes/services/etcd/etcd_no_auto_tls/etcd_no_auto_tls.metadata.json +16 -11
  225. prowler/providers/kubernetes/services/etcd/etcd_no_peer_auto_tls/etcd_no_peer_auto_tls.metadata.json +16 -11
  226. prowler/providers/kubernetes/services/etcd/etcd_peer_client_cert_auth/etcd_peer_client_cert_auth.metadata.json +18 -13
  227. prowler/providers/kubernetes/services/etcd/etcd_peer_tls_config/etcd_peer_tls_config.metadata.json +16 -12
  228. prowler/providers/kubernetes/services/etcd/etcd_tls_encryption/etcd_tls_encryption.metadata.json +16 -11
  229. prowler/providers/kubernetes/services/etcd/etcd_unique_ca/etcd_unique_ca.metadata.json +16 -10
  230. prowler/providers/m365/lib/powershell/m365_powershell.py +80 -93
  231. prowler/providers/m365/m365_provider.py +1 -6
  232. prowler/providers/mongodbatlas/exceptions/exceptions.py +16 -0
  233. prowler/providers/mongodbatlas/mongodbatlas_provider.py +15 -3
  234. prowler/providers/mongodbatlas/services/projects/projects_auditing_enabled/projects_auditing_enabled.metadata.json +20 -9
  235. prowler/providers/mongodbatlas/services/projects/projects_network_access_list_exposed_to_internet/projects_network_access_list_exposed_to_internet.metadata.json +14 -9
  236. prowler/providers/oraclecloud/lib/arguments/arguments.py +4 -13
  237. prowler/providers/oraclecloud/lib/service/service.py +3 -3
  238. prowler/providers/oraclecloud/{oci_provider.py → oraclecloud_provider.py} +15 -15
  239. prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +20 -16
  240. prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +17 -17
  241. prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +17 -19
  242. prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +18 -18
  243. prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +17 -18
  244. prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +1 -1
  245. prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +1 -1
  246. prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +1 -1
  247. prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +1 -1
  248. prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +1 -1
  249. prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +1 -1
  250. prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +1 -1
  251. prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +1 -1
  252. prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +1 -1
  253. prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +1 -1
  254. prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +1 -1
  255. prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +1 -1
  256. prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +1 -1
  257. prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +1 -1
  258. prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +1 -1
  259. prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +1 -1
  260. prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +1 -1
  261. prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +1 -1
  262. prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +1 -1
  263. prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +1 -1
  264. prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +1 -1
  265. prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +1 -1
  266. prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +1 -1
  267. prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +1 -1
  268. prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +1 -1
  269. prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +1 -1
  270. prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +1 -1
  271. prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +1 -1
  272. prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +1 -1
  273. prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +1 -1
  274. prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +1 -1
  275. prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +1 -1
  276. prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +1 -1
  277. prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +1 -1
  278. prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +1 -1
  279. prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +1 -1
  280. prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +1 -1
  281. prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +1 -1
  282. prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +1 -1
  283. prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +1 -1
  284. prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +1 -1
  285. prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +1 -1
  286. prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +1 -1
  287. prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +1 -1
  288. prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +1 -1
  289. prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +1 -1
  290. {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/METADATA +17 -16
  291. {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/RECORD +295 -246
  292. /prowler/compliance/{oci → oraclecloud}/__init__.py +0 -0
  293. {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/LICENSE +0 -0
  294. {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/WHEEL +0 -0
  295. {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/entry_points.txt +0 -0
prowler/providers/m365/lib/powershell/m365_powershell.py CHANGED
@@ -2,11 +2,8 @@ import os
2
2
 
3
3
  from prowler.lib.logger import logger
4
4
  from prowler.lib.powershell.powershell import PowerShellSession
5
- from prowler.providers.m365.exceptions.exceptions import (
6
- M365CertificateCreationError,
7
- M365GraphConnectionError,
8
- )
9
- from prowler.providers.m365.lib.jwt.jwt_decoder import decode_jwt, decode_msal_token
5
+ from prowler.providers.m365.exceptions.exceptions import M365CertificateCreationError
6
+ from prowler.providers.m365.lib.jwt.jwt_decoder import decode_msal_token
10
7
  from prowler.providers.m365.models import M365Credentials, M365IdentityInfo
11
8
 
12
9
 
@@ -123,60 +120,20 @@ class M365PowerShell(PowerShellSession):
123
120
  '$graphToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $graphtokenBody | Select-Object -ExpandProperty Access_Token'
124
121
  )
125
122
 
126
- def test_credentials(self, credentials: M365Credentials) -> bool:
123
+ def execute_connect(self, command: str) -> str:
127
124
  """
128
- Test Microsoft 365 credentials by attempting to authenticate against Entra ID.
129
-
130
- Supports testing two authentication methods:
131
- 1. Application authentication (client_id/client_secret)
132
- 2. Certificate authentication (certificate_content in base64/client_id)
125
+ Execute a PowerShell connect command ensuring empty responses surface as timeouts.
133
126
 
134
127
  Args:
135
- credentials (M365Credentials): The credentials object containing
136
- authentication information to test.
128
+ command (str): PowerShell connect command to run.
129
+ timeout (Optional[int]): Timeout in seconds for the command execution.
137
130
 
138
131
  Returns:
139
- bool: True if credentials are valid and authentication succeeds, False otherwise.
132
+ str: Command output or 'Timeout' if the command produced no output.
140
133
  """
141
- # Test Certificate Auth
142
- if credentials.certificate_content and credentials.client_id:
143
- try:
144
- self.test_teams_certificate_connection() or self.test_exchange_certificate_connection()
145
- return True
146
- except Exception as e:
147
- logger.error(f"Exchange Online Certificate connection failed: {e}")
148
-
149
- else:
150
- # Test Microsoft Graph connection
151
- try:
152
- logger.info("Testing Microsoft Graph connection...")
153
- self.test_graph_connection()
154
- logger.info("Microsoft Graph connection successful")
155
- return True
156
- except Exception as e:
157
- logger.error(f"Microsoft Graph connection failed: {e}")
158
- raise M365GraphConnectionError(
159
- file=os.path.basename(__file__),
160
- original_exception=e,
161
- message="Check your Microsoft Application credentials and ensure the app has proper permissions",
162
- )
163
-
164
- def test_graph_connection(self) -> bool:
165
- """Test Microsoft Graph API connection and raise exception if it fails."""
166
- try:
167
- if self.execute("Write-Output $graphToken") == "":
168
- raise M365GraphConnectionError(
169
- file=os.path.basename(__file__),
170
- message="Microsoft Graph token is empty or invalid.",
171
- )
172
- return True
173
- except Exception as e:
174
- logger.error(f"Microsoft Graph connection failed: {e}")
175
- raise M365GraphConnectionError(
176
- file=os.path.basename(__file__),
177
- original_exception=e,
178
- message=f"Failed to connect to Microsoft Graph API: {str(e)}",
179
- )
134
+ connect_timeout = 15
135
+ result = self.execute(command, timeout=connect_timeout)
136
+ return result or "'execute_connect' command timeout reached"
180
137
 
181
138
  def test_teams_connection(self) -> bool:
182
139
  """Test Microsoft Teams API connection and raise exception if it fails."""
@@ -184,18 +141,13 @@ class M365PowerShell(PowerShellSession):
184
141
  self.execute(
185
142
  '$teamstokenBody = @{ Grant_Type = "client_credentials"; Scope = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"; Client_Id = $clientID; Client_Secret = $clientSecret }'
186
143
  )
187
- self.execute(
144
+ result = self.execute(
188
145
  '$teamsToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $teamstokenBody | Select-Object -ExpandProperty Access_Token'
189
146
  )
190
- permissions = decode_jwt(self.execute("Write-Output $teamsToken")).get(
191
- "roles", []
192
- )
193
- if "application_access" not in permissions:
194
- logger.error(
195
- "Microsoft Teams connection failed: Please check your permissions and try again."
196
- )
147
+ if result != "":
148
+ logger.error(f"Microsoft Teams connection failed: {result}")
197
149
  return False
198
- self.execute(
150
+ self.execute_connect(
199
151
  'Connect-MicrosoftTeams -AccessTokens @("$graphToken","$teamsToken")'
200
152
  )
201
153
  return True
@@ -207,7 +159,7 @@ class M365PowerShell(PowerShellSession):
207
159
 
208
160
  def test_teams_certificate_connection(self) -> bool:
209
161
  """Test Microsoft Teams API connection using certificate and raise exception if it fails."""
210
- result = self.execute(
162
+ result = self.execute_connect(
211
163
  "Connect-MicrosoftTeams -Certificate $certificate -ApplicationId $clientID -TenantId $tenantID"
212
164
  )
213
165
  if self.tenant_identity.identity_id not in result:
@@ -231,7 +183,7 @@ class M365PowerShell(PowerShellSession):
231
183
  "Exchange Online connection failed: Please check your permissions and try again."
232
184
  )
233
185
  return False
234
- self.execute(
186
+ self.execute_connect(
235
187
  'Connect-ExchangeOnline -AccessToken $exchangeToken.AccessToken -Organization "$tenantID"'
236
188
  )
237
189
  return True
@@ -243,7 +195,7 @@ class M365PowerShell(PowerShellSession):
243
195
 
244
196
  def test_exchange_certificate_connection(self) -> bool:
245
197
  """Test Exchange Online API connection using certificate and raise exception if it fails."""
246
- result = self.execute(
198
+ result = self.execute_connect(
247
199
  "Connect-ExchangeOnline -Certificate $certificate -AppId $clientID -Organization $tenantDomain"
248
200
  )
249
201
  if "https://aka.ms/exov3-module" not in result:
@@ -290,7 +242,8 @@ class M365PowerShell(PowerShellSession):
290
242
  }
291
243
  """
292
244
  return self.execute(
293
- "Get-CsTeamsClientConfiguration | ConvertTo-Json", json_parse=True
245
+ "Get-CsTeamsClientConfiguration | ConvertTo-Json -Depth 10",
246
+ json_parse=True,
294
247
  )
295
248
 
296
249
  def get_global_meeting_policy(self) -> dict:
@@ -309,7 +262,7 @@ class M365PowerShell(PowerShellSession):
309
262
  }
310
263
  """
311
264
  return self.execute(
312
- "Get-CsTeamsMeetingPolicy -Identity Global | ConvertTo-Json",
265
+ "Get-CsTeamsMeetingPolicy -Identity Global | ConvertTo-Json -Depth 10",
313
266
  json_parse=True,
314
267
  )
315
268
 
@@ -329,7 +282,7 @@ class M365PowerShell(PowerShellSession):
329
282
  }
330
283
  """
331
284
  return self.execute(
332
- "Get-CsTeamsMessagingPolicy -Identity Global | ConvertTo-Json",
285
+ "Get-CsTeamsMessagingPolicy -Identity Global | ConvertTo-Json -Depth 10",
333
286
  json_parse=True,
334
287
  )
335
288
 
@@ -349,7 +302,8 @@ class M365PowerShell(PowerShellSession):
349
302
  }
350
303
  """
351
304
  return self.execute(
352
- "Get-CsTenantFederationConfiguration | ConvertTo-Json", json_parse=True
305
+ "Get-CsTenantFederationConfiguration | ConvertTo-Json -Depth 10",
306
+ json_parse=True,
353
307
  )
354
308
 
355
309
  def connect_exchange_online(self) -> dict:
@@ -389,7 +343,7 @@ class M365PowerShell(PowerShellSession):
389
343
  }
390
344
  """
391
345
  return self.execute(
392
- "Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled | ConvertTo-Json",
346
+ "Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled | ConvertTo-Json -Depth 10",
393
347
  json_parse=True,
394
348
  )
395
349
 
@@ -409,7 +363,9 @@ class M365PowerShell(PowerShellSession):
409
363
  "Identity": "Default"
410
364
  }
411
365
  """
412
- return self.execute("Get-MalwareFilterPolicy | ConvertTo-Json", json_parse=True)
366
+ return self.execute(
367
+ "Get-MalwareFilterPolicy | ConvertTo-Json -Depth 10", json_parse=True
368
+ )
413
369
 
414
370
  def get_malware_filter_rule(self) -> dict:
415
371
  """
@@ -427,7 +383,9 @@ class M365PowerShell(PowerShellSession):
427
383
  "State": "Enabled"
428
384
  }
429
385
  """
430
- return self.execute("Get-MalwareFilterRule | ConvertTo-Json", json_parse=True)
386
+ return self.execute(
387
+ "Get-MalwareFilterRule | ConvertTo-Json -Depth 10", json_parse=True
388
+ )
431
389
 
432
390
  def get_outbound_spam_filter_policy(self) -> dict:
433
391
  """
@@ -448,7 +406,8 @@ class M365PowerShell(PowerShellSession):
448
406
  }
449
407
  """
450
408
  return self.execute(
451
- "Get-HostedOutboundSpamFilterPolicy | ConvertTo-Json", json_parse=True
409
+ "Get-HostedOutboundSpamFilterPolicy | ConvertTo-Json -Depth 10",
410
+ json_parse=True,
452
411
  )
453
412
 
454
413
  def get_outbound_spam_filter_rule(self) -> dict:
@@ -467,7 +426,8 @@ class M365PowerShell(PowerShellSession):
467
426
  }
468
427
  """
469
428
  return self.execute(
470
- "Get-HostedOutboundSpamFilterRule | ConvertTo-Json", json_parse=True
429
+ "Get-HostedOutboundSpamFilterRule | ConvertTo-Json -Depth 10",
430
+ json_parse=True,
471
431
  )
472
432
 
473
433
  def get_antiphishing_policy(self) -> dict:
@@ -493,7 +453,9 @@ class M365PowerShell(PowerShellSession):
493
453
  "IsDefault": false
494
454
  }
495
455
  """
496
- return self.execute("Get-AntiPhishPolicy | ConvertTo-Json", json_parse=True)
456
+ return self.execute(
457
+ "Get-AntiPhishPolicy | ConvertTo-Json -Depth 10", json_parse=True
458
+ )
497
459
 
498
460
  def get_antiphishing_rules(self) -> dict:
499
461
  """
@@ -511,7 +473,9 @@ class M365PowerShell(PowerShellSession):
511
473
  "State": Enabled,
512
474
  }
513
475
  """
514
- return self.execute("Get-AntiPhishRule | ConvertTo-Json", json_parse=True)
476
+ return self.execute(
477
+ "Get-AntiPhishRule | ConvertTo-Json -Depth 10", json_parse=True
478
+ )
515
479
 
516
480
  def get_organization_config(self) -> dict:
517
481
  """
@@ -530,7 +494,9 @@ class M365PowerShell(PowerShellSession):
530
494
  "AuditDisabled": false
531
495
  }
532
496
  """
533
- return self.execute("Get-OrganizationConfig | ConvertTo-Json", json_parse=True)
497
+ return self.execute(
498
+ "Get-OrganizationConfig | ConvertTo-Json -Depth 10", json_parse=True
499
+ )
534
500
 
535
501
  def get_mailbox_audit_config(self) -> dict:
536
502
  """
@@ -550,7 +516,8 @@ class M365PowerShell(PowerShellSession):
550
516
  }
551
517
  """
552
518
  return self.execute(
553
- "Get-MailboxAuditBypassAssociation | ConvertTo-Json", json_parse=True
519
+ "Get-MailboxAuditBypassAssociation | ConvertTo-Json -Depth 10",
520
+ json_parse=True,
554
521
  )
555
522
 
556
523
  def get_mailbox_policy(self) -> dict:
@@ -569,7 +536,9 @@ class M365PowerShell(PowerShellSession):
569
536
  "AdditionalStorageProvidersAvailable": True
570
537
  }
571
538
  """
572
- return self.execute("Get-OwaMailboxPolicy | ConvertTo-Json", json_parse=True)
539
+ return self.execute(
540
+ "Get-OwaMailboxPolicy | ConvertTo-Json -Depth 10", json_parse=True
541
+ )
573
542
 
574
543
  def get_external_mail_config(self) -> dict:
575
544
  """
@@ -587,7 +556,9 @@ class M365PowerShell(PowerShellSession):
587
556
  "ExternalMailTagEnabled": true
588
557
  }
589
558
  """
590
- return self.execute("Get-ExternalInOutlook | ConvertTo-Json", json_parse=True)
559
+ return self.execute(
560
+ "Get-ExternalInOutlook | ConvertTo-Json -Depth 10", json_parse=True
561
+ )
591
562
 
592
563
  def get_transport_rules(self) -> dict:
593
564
  """
@@ -606,7 +577,9 @@ class M365PowerShell(PowerShellSession):
606
577
  "SenderDomainIs": ["example.com"]
607
578
  }
608
579
  """
609
- return self.execute("Get-TransportRule | ConvertTo-Json", json_parse=True)
580
+ return self.execute(
581
+ "Get-TransportRule | ConvertTo-Json -Depth 10", json_parse=True
582
+ )
610
583
 
611
584
  def get_connection_filter_policy(self) -> dict:
612
585
  """
@@ -625,7 +598,7 @@ class M365PowerShell(PowerShellSession):
625
598
  }
626
599
  """
627
600
  return self.execute(
628
- "Get-HostedConnectionFilterPolicy -Identity Default | ConvertTo-Json",
601
+ "Get-HostedConnectionFilterPolicy -Identity Default | ConvertTo-Json -Depth 10",
629
602
  json_parse=True,
630
603
  )
631
604
 
@@ -645,7 +618,9 @@ class M365PowerShell(PowerShellSession):
645
618
  "Enabled": true
646
619
  }
647
620
  """
648
- return self.execute("Get-DkimSigningConfig | ConvertTo-Json", json_parse=True)
621
+ return self.execute(
622
+ "Get-DkimSigningConfig | ConvertTo-Json -Depth 10", json_parse=True
623
+ )
649
624
 
650
625
  def get_inbound_spam_filter_policy(self) -> dict:
651
626
  """
@@ -664,7 +639,8 @@ class M365PowerShell(PowerShellSession):
664
639
  }
665
640
  """
666
641
  return self.execute(
667
- "Get-HostedContentFilterPolicy | ConvertTo-Json", json_parse=True
642
+ "Get-HostedContentFilterPolicy | ConvertTo-Json -Depth 10",
643
+ json_parse=True,
668
644
  )
669
645
 
670
646
  def get_inbound_spam_filter_rule(self) -> dict:
@@ -684,7 +660,8 @@ class M365PowerShell(PowerShellSession):
684
660
  }
685
661
  """
686
662
  return self.execute(
687
- "Get-HostedContentFilterRule | ConvertTo-Json", json_parse=True
663
+ "Get-HostedContentFilterRule | ConvertTo-Json -Depth 10",
664
+ json_parse=True,
688
665
  )
689
666
 
690
667
  def get_report_submission_policy(self) -> dict:
@@ -715,7 +692,8 @@ class M365PowerShell(PowerShellSession):
715
692
  }
716
693
  """
717
694
  return self.execute(
718
- "Get-ReportSubmissionPolicy | ConvertTo-Json", json_parse=True
695
+ "Get-ReportSubmissionPolicy | ConvertTo-Json -Depth 10",
696
+ json_parse=True,
719
697
  )
720
698
 
721
699
  def get_role_assignment_policies(self) -> dict:
@@ -736,7 +714,8 @@ class M365PowerShell(PowerShellSession):
736
714
  }
737
715
  """
738
716
  return self.execute(
739
- "Get-RoleAssignmentPolicy | ConvertTo-Json", json_parse=True
717
+ "Get-RoleAssignmentPolicy | ConvertTo-Json -Depth 10",
718
+ json_parse=True,
740
719
  )
741
720
 
742
721
  def get_mailbox_audit_properties(self) -> dict:
@@ -801,7 +780,7 @@ class M365PowerShell(PowerShellSession):
801
780
  }
802
781
  """
803
782
  return self.execute(
804
- "Get-EXOMailbox -PropertySets Audit -ResultSize Unlimited | ConvertTo-Json",
783
+ "Get-EXOMailbox -PropertySets Audit -ResultSize Unlimited | ConvertTo-Json -Depth 10",
805
784
  json_parse=True,
806
785
  )
807
786
 
@@ -820,7 +799,9 @@ class M365PowerShell(PowerShellSession):
820
799
  "SmtpClientAuthenticationDisabled": True,
821
800
  }
822
801
  """
823
- return self.execute("Get-TransportConfig | ConvertTo-Json", json_parse=True)
802
+ return self.execute(
803
+ "Get-TransportConfig | ConvertTo-Json -Depth 10", json_parse=True
804
+ )
824
805
 
825
806
  def get_sharing_policy(self) -> dict:
826
807
  """
@@ -838,7 +819,9 @@ class M365PowerShell(PowerShellSession):
838
819
  "Enabled": true
839
820
  }
840
821
  """
841
- return self.execute("Get-SharingPolicy | ConvertTo-Json", json_parse=True)
822
+ return self.execute(
823
+ "Get-SharingPolicy | ConvertTo-Json -Depth 10", json_parse=True
824
+ )
842
825
 
843
826
  def get_user_account_status(self) -> dict:
844
827
  """
@@ -850,7 +833,7 @@ class M365PowerShell(PowerShellSession):
850
833
  dict: User account status settings in JSON format.
851
834
  """
852
835
  return self.execute(
853
- "$dict=@{}; Get-User -ResultSize Unlimited | ForEach-Object { $dict[$_.Id] = @{ AccountDisabled = $_.AccountDisabled } }; $dict | ConvertTo-Json",
836
+ "$dict=@{}; Get-User -ResultSize Unlimited | ForEach-Object { $dict[$_.Id] = @{ AccountDisabled = $_.AccountDisabled } }; $dict | ConvertTo-Json -Depth 10",
854
837
  json_parse=True,
855
838
  )
856
839
 
@@ -867,7 +850,11 @@ def initialize_m365_powershell_modules():
867
850
  bool: True if all modules were successfully initialized, False otherwise
868
851
  """
869
852
 
870
- REQUIRED_MODULES = ["ExchangeOnlineManagement", "MicrosoftTeams", "MSAL.PS"]
853
+ REQUIRED_MODULES = [
854
+ "ExchangeOnlineManagement",
855
+ "MicrosoftTeams",
856
+ "MSAL.PS",
857
+ ]
871
858
 
872
859
  pwsh = PowerShellSession()
873
860
  try:
@@ -879,7 +866,7 @@ def initialize_m365_powershell_modules():
879
866
  # Install module if not installed
880
867
  if not result:
881
868
  install_result = pwsh.execute(
882
- f'Install-Module "{module}" -Force -AllowClobber -Scope CurrentUser',
869
+ f"Install-Module {module} -Force -AllowClobber -Scope CurrentUser",
883
870
  timeout=60,
884
871
  )
885
872
  if install_result:
prowler/providers/m365/m365_provider.py CHANGED
@@ -444,12 +444,7 @@ class M365Provider(Provider):
444
444
  try:
445
445
  if init_modules:
446
446
  initialize_m365_powershell_modules()
447
- if test_session.test_credentials(credentials):
448
- return credentials
449
- raise M365ConfigCredentialsError(
450
- file=os.path.basename(__file__),
451
- message="The provided credentials are not valid.",
452
- )
447
+ return credentials
453
448
  finally:
454
449
  test_session.close()
455
450
 
prowler/providers/mongodbatlas/exceptions/exceptions.py CHANGED
@@ -30,6 +30,10 @@ class MongoDBAtlasBaseException(ProwlerException):
30
30
  "message": "MongoDB Atlas API rate limit exceeded",
31
31
  "remediation": "Reduce the number of API requests or wait before making more requests.",
32
32
  },
33
+ (8006, "MongoDBAtlasInvalidOrganizationIdError"): {
34
+ "message": "The provided credentials do not have access to the organization with the provided ID",
35
+ "remediation": "Check the organization ID and ensure it is a valid organization ID and that the credentials have access to it.",
36
+ },
33
37
  }
34
38
 
35
39
  def __init__(self, code, file=None, original_exception=None, message=None):
@@ -116,3 +120,15 @@ class MongoDBAtlasRateLimitError(MongoDBAtlasBaseException):
116
120
  original_exception=original_exception,
117
121
  message=message,
118
122
  )
123
+
124
+
125
+ class MongoDBAtlasInvalidOrganizationIdError(MongoDBAtlasBaseException):
126
+ """Exception for MongoDB Atlas invalid organization ID errors"""
127
+
128
+ def __init__(self, file=None, original_exception=None, message=None):
129
+ super().__init__(
130
+ code=8006,
131
+ file=file,
132
+ original_exception=original_exception,
133
+ message=message,
134
+ )
prowler/providers/mongodbatlas/mongodbatlas_provider.py CHANGED
@@ -17,6 +17,7 @@ from prowler.providers.mongodbatlas.exceptions.exceptions import (
17
17
  MongoDBAtlasAuthenticationError,
18
18
  MongoDBAtlasCredentialsError,
19
19
  MongoDBAtlasIdentityError,
20
+ MongoDBAtlasInvalidOrganizationIdError,
20
21
  MongoDBAtlasSessionError,
21
22
  )
22
23
  from prowler.providers.mongodbatlas.lib.mutelist.mutelist import MongoDBAtlasMutelist
@@ -54,6 +55,7 @@ class MongodbatlasProvider(Provider):
54
55
  mutelist_content: dict = None,
55
56
  # Optional filters
56
57
  atlas_project_id: str = None,
58
+ atlas_organization_id: str = None,
57
59
  ):
58
60
  """
59
61
  MongoDB Atlas Provider constructor
@@ -67,6 +69,7 @@ class MongodbatlasProvider(Provider):
67
69
  mutelist_path: Path to the mutelist file
68
70
  mutelist_content: Mutelist content
69
71
  atlas_project_id: Project ID to filter
72
+ atlas_organization_id: Organization ID
70
73
  """
71
74
  logger.info("Instantiating MongoDB Atlas Provider...")
72
75
 
@@ -79,6 +82,7 @@ class MongodbatlasProvider(Provider):
79
82
 
80
83
  # Store filter options
81
84
  self._project_id = atlas_project_id
85
+ self._organization_id = atlas_organization_id
82
86
 
83
87
  # Audit Config
84
88
  if config_content:
@@ -292,6 +296,7 @@ class MongodbatlasProvider(Provider):
292
296
  atlas_public_key: str = "",
293
297
  atlas_private_key: str = "",
294
298
  raise_on_exception: bool = True,
299
+ provider_id: str = None,
295
300
  ) -> Connection:
296
301
  """
297
302
  Test connection to MongoDB Atlas
@@ -300,7 +305,7 @@ class MongodbatlasProvider(Provider):
300
305
  atlas_public_key: MongoDB Atlas API public key
301
306
  atlas_private_key: MongoDB Atlas API private key
302
307
  raise_on_exception: Whether to raise exceptions
303
-
308
+ provider_id: MongoDB Atlas project ID to validate access (added for API compatibility)
304
309
  Returns:
305
310
  Connection: Connection status
306
311
  """
@@ -310,10 +315,17 @@ class MongodbatlasProvider(Provider):
310
315
  atlas_private_key=atlas_private_key,
311
316
  )
312
317
 
313
- MongodbatlasProvider.setup_identity(session)
318
+ identity = MongodbatlasProvider.setup_identity(session)
314
319
 
315
- return Connection(is_connected=True)
320
+ if provider_id and identity.organization_id != provider_id:
321
+ raise MongoDBAtlasInvalidOrganizationIdError(
322
+ file=os.path.basename(__file__),
323
+ message=f"The provided credentials do not have access to the organization with the provided ID: {provider_id}",
324
+ )
316
325
 
326
+ return Connection(is_connected=True)
327
+ except MongoDBAtlasInvalidOrganizationIdError:
328
+ raise
317
329
  except Exception as error:
318
330
  logger.critical(
319
331
  f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
prowler/providers/mongodbatlas/services/projects/projects_auditing_enabled/projects_auditing_enabled.metadata.json CHANGED
@@ -1,29 +1,40 @@
1
1
  {
2
2
  "Provider": "mongodbatlas",
3
3
  "CheckID": "projects_auditing_enabled",
4
- "CheckTitle": "Ensure database auditing is enabled",
4
+ "CheckTitle": "MongoDB Atlas project has database auditing enabled",
5
5
  "CheckType": [],
6
6
  "ServiceName": "projects",
7
7
  "SubServiceName": "",
8
8
  "ResourceIdTemplate": "",
9
9
  "Severity": "medium",
10
10
  "ResourceType": "MongoDBAtlasProject",
11
- "Description": "Ensure database auditing is enabled to track database operations and security events",
12
- "Risk": "Without auditing enabled, security events and database operations are not logged, making it difficult to detect unauthorized access or troubleshoot issues",
11
+ "Description": "**MongoDB Atlas projects** with **database auditing** capture database operations and administrative events. The evaluation looks for an active audit configuration and, *when present*, notes any configured `audit_filter` that scopes which events are recorded.",
12
+ "Risk": "Without auditing, critical actions lack traceability, reducing **detectability** and impeding **forensics**. Attackers can mask unauthorized reads/writes and privilege changes, threatening data **confidentiality** and **integrity**, and weakening non-repudiation and incident response.",
13
13
  "RelatedUrl": "",
14
+ "AdditionalURLs": [
15
+ "https://www.mongodb.com/docs/manual/tutorial/configure-auditing/",
16
+ "https://www.mongodb.com/docs/atlas/architecture/current/auditing/",
17
+ "https://www.mongodb.com/docs/atlas/architecture/current/auditing-logging/?msockid=0878cc3dfa4e66a707beda0efb5a67b5",
18
+ "https://www.mongodb.com/docs/atlas/operator/current/ak8so-configure-audit-logs/",
19
+ "https://www.mongodb.com/docs/manual/core/auditing/",
20
+ "https://www.mongodb.com/docs/atlas/database-auditing/"
21
+ ],
14
22
  "Remediation": {
15
23
  "Code": {
16
- "CLI": "",
24
+ "CLI": "atlas auditing update --projectId <example_resource_id> --enabled",
17
25
  "NativeIaC": "",
18
- "Other": "",
19
- "Terraform": ""
26
+ "Other": "1. Sign in to MongoDB Atlas and open the target project\n2. In the left sidebar, click Security > Database & Network Access, then click Advanced\n3. Toggle Database Auditing to On\n4. Click Save",
27
+ "Terraform": "```hcl\nresource \"mongodbatlas_auditing\" \"example\" {\n project_id = \"<example_resource_id>\"\n enabled = true # Critical: turns on project-level database auditing to pass the check\n}\n```"
20
28
  },
21
29
  "Recommendation": {
22
- "Text": "Enable database auditing for the MongoDB Atlas project by configuring audit filters and destinations.",
23
- "Url": "https://www.mongodb.com/docs/atlas/database-auditing/"
30
+ "Text": "Enable **auditing** and apply least-privilege filters to capture high-risk events:\n- authentication and session activity\n- DDL/config changes\n- user/role modifications and privilege grants\n\nCentralize logs in a SIEM, enforce retention/immutability with separation of duties, restrict access, and tune `auditAuthorizationSuccess` to balance coverage vs performance.",
31
+ "Url": "https://hub.prowler.com/check/projects_auditing_enabled"
24
32
  }
25
33
  },
26
- "Categories": [],
34
+ "Categories": [
35
+ "logging",
36
+ "forensics-ready"
37
+ ],
27
38
  "DependsOn": [],
28
39
  "RelatedTo": [],
29
40
  "Notes": ""
prowler/providers/mongodbatlas/services/projects/projects_network_access_list_exposed_to_internet/projects_network_access_list_exposed_to_internet.metadata.json CHANGED
@@ -1,29 +1,34 @@
1
1
  {
2
2
  "Provider": "mongodbatlas",
3
3
  "CheckID": "projects_network_access_list_exposed_to_internet",
4
- "CheckTitle": "Ensure MongoDB Atlas project network access list is not exposed to the internet",
4
+ "CheckTitle": "MongoDB Atlas project network access list has entries and excludes 0.0.0.0/0, ::/0, 0.0.0.0, and ::",
5
5
  "CheckType": [],
6
6
  "ServiceName": "projects",
7
7
  "SubServiceName": "",
8
8
  "ResourceIdTemplate": "",
9
9
  "Severity": "high",
10
10
  "ResourceType": "MongoDBAtlasProject",
11
- "Description": "Ensure that MongoDB Atlas projects have properly configured network access lists that don't allow unrestricted access from anywhere on the internet. Network access lists should be configured to allow access only from specific IP addresses, CIDR blocks, or AWS security groups to minimize the attack surface.",
12
- "Risk": "If a MongoDB Atlas project has network access entries that allow unrestricted access (0.0.0.0/0 or ::/0), it exposes the database to potential attacks from anywhere on the internet. This significantly increases the risk of unauthorized access, data breaches, and malicious activities.",
13
- "RelatedUrl": "https://docs.atlas.mongodb.com/security/ip-access-list/",
11
+ "Description": "**MongoDB Atlas project network access list** configuration is evaluated for entries that allow access from anywhere (`0.0.0.0/0`, `::/0`, `0.0.0.0`, `::`) or for missing access lists, instead of restricting connections to specific IPs or CIDRs.",
12
+ "Risk": "Internet-wide access enables scanning, brute force, and credential stuffing against database endpoints. A successful compromise can cause data exfiltration (**confidentiality**), unauthorized writes or drops (**integrity**), and service disruption or lockout (**availability**).",
13
+ "RelatedUrl": "",
14
+ "AdditionalURLs": [
15
+ "https://docs.atlas.mongodb.com/security/ip-access-list/"
16
+ ],
14
17
  "Remediation": {
15
18
  "Code": {
16
19
  "CLI": "",
17
20
  "NativeIaC": "",
18
- "Other": "",
19
- "Terraform": ""
21
+ "Other": "1. In MongoDB Atlas, open your project and go to Security > Database & Network Access > IP Access List\n2. Delete any entries equal to 0.0.0.0/0, ::/0, 0.0.0.0, or ::\n3. If the list becomes empty, click Add IP Address and add a specific IP/CIDR or an AWS Security Group (for a peered VPC)\n4. Click Save",
22
+ "Terraform": "```hcl\nresource \"mongodbatlas_project_ip_access_list\" \"<example_resource_name>\" {\n project_id = \"<example_resource_id>\"\n cidr_block = \"<ALLOWED_CIDR>\" # Critical: add a restricted CIDR (not 0.0.0.0/0 or ::/0) to ensure the list isn't empty and not open to the world\n}\n```"
20
23
  },
21
24
  "Recommendation": {
22
- "Text": "Configure network access lists to allow access only from specific IP addresses, CIDR blocks, or AWS security groups. Remove any entries that allow unrestricted access (0.0.0.0/0 or ::/0) and replace them with more restrictive rules based on your application's requirements.",
23
- "Url": "https://docs.atlas.mongodb.com/security/ip-access-list/"
25
+ "Text": "Apply **least privilege**: permit only required IPs/CIDRs or approved security groups; avoid `0.0.0.0/0` and `::/0`. Prefer **private connectivity** (VPC peering or private endpoints) over public access. Use temporary entries for short-lived admin needs and review lists regularly.",
26
+ "Url": "https://hub.prowler.com/check/projects_network_access_list_exposed_to_internet"
24
27
  }
25
28
  },
26
- "Categories": [],
29
+ "Categories": [
30
+ "internet-exposed"
31
+ ],
27
32
  "DependsOn": [],
28
33
  "RelatedTo": [],
29
34
  "Notes": ""
prowler/providers/oraclecloud/lib/arguments/arguments.py CHANGED
@@ -5,9 +5,11 @@ from prowler.providers.oraclecloud.config import OCI_DEFAULT_CONFIG_FILE, OCI_RE
5
5
 
6
6
 
7
7
  def init_parser(self):
8
- """Init the OCI Provider CLI parser"""
8
+ """Init the Oracle Cloud Infrastructure Provider CLI parser"""
9
9
  oci_parser = self.subparsers.add_parser(
10
- "oci", parents=[self.common_providers_parser], help="OCI Provider"
10
+ "oraclecloud",
11
+ parents=[self.common_providers_parser],
12
+ help="Oracle Cloud Infrastructure Provider",
11
13
  )
12
14
 
13
15
  # Config File Authentication Options
@@ -109,15 +111,4 @@ def validate_arguments(arguments: Namespace) -> tuple[bool, str]:
109
111
  "Cannot use --use-instance-principal with --oci-config-file or --profile options",
110
112
  )
111
113
 
112
- # # Validate compartment OCIDs if provided
113
- # if arguments.compartment_id:
114
- # for compartment_id in arguments.compartment_id:
115
- # if not OciProvider.validate_ocid(compartment_id, "compartment"):
116
- # # Check if it's a tenancy OCID (root compartment)
117
- # if not OciProvider.validate_ocid(compartment_id, "tenancy"):
118
- # return (
119
- # False,
120
- # f"Invalid compartment OCID: {compartment_id}",
121
- # )
122
-
123
114
  return (True, "")