PyPI - prowler - Versions diffs - 5.17.1__py3-none-any.whl → 5.18.0__py3-none-any.whl - Mend

prowler 5.17.1py3-none-any.whl → 5.18.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (219) hide show

prowler/providers/openstack/exceptions/exceptions.py ADDED Viewed

@@ -0,0 +1,166 @@
+from prowler.exceptions.exceptions import ProwlerException
+# Exceptions codes from 10000 to 10999 are reserved for OpenStack exceptions
+class OpenStackBaseException(ProwlerException):
+    """Base class for OpenStack Errors."""
+    OPENSTACK_ERROR_CODES = {
+        (10000, "OpenStackCredentialsError"): {
+            "message": "OpenStack credentials not found or invalid",
+            "remediation": "Check the OpenStack API credentials and ensure they are properly set.",
+        },
+        (10001, "OpenStackAuthenticationError"): {
+            "message": "OpenStack authentication failed",
+            "remediation": "Check the OpenStack API credentials and ensure they are valid.",
+        },
+        (10002, "OpenStackSessionError"): {
+            "message": "OpenStack session setup failed",
+            "remediation": "Check the session setup and ensure it is properly configured.",
+        },
+        (10003, "OpenStackIdentityError"): {
+            "message": "OpenStack identity setup failed",
+            "remediation": "Check credentials and ensure they are properly set up for OpenStack.",
+        },
+        (10004, "OpenStackAPIError"): {
+            "message": "OpenStack API call failed",
+            "remediation": "Check the API request and ensure it is properly formatted.",
+        },
+        (10005, "OpenStackRateLimitError"): {
+            "message": "OpenStack API rate limit exceeded",
+            "remediation": "Reduce the number of API requests or wait before making more requests.",
+        },
+        (10006, "OpenStackConfigFileNotFoundError"): {
+            "message": "OpenStack clouds.yaml configuration file not found",
+            "remediation": "Check that the clouds.yaml file exists at the specified path or in standard locations (~/.config/openstack/clouds.yaml, /etc/openstack/clouds.yaml, ./clouds.yaml).",
+        },
+        (10007, "OpenStackCloudNotFoundError"): {
+            "message": "Specified cloud not found in clouds.yaml configuration",
+            "remediation": "Check that the cloud name exists in your clouds.yaml file and is properly configured.",
+        },
+        (10008, "OpenStackInvalidConfigError"): {
+            "message": "Invalid or malformed clouds.yaml configuration file",
+            "remediation": "Check that the clouds.yaml file is valid YAML and follows the OpenStack configuration format.",
+        },
+    }
+    def __init__(self, code, file=None, original_exception=None, message=None):
+        provider = "OpenStack"
+        error_info = self.OPENSTACK_ERROR_CODES.get((code, self.__class__.__name__))
+        if message:
+            error_info["message"] = message
+        super().__init__(
+            code=code,
+            source=provider,
+            file=file,
+            original_exception=original_exception,
+            error_info=error_info,
+        )
+class OpenStackCredentialsError(OpenStackBaseException):
+    """Exception for OpenStack credentials errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10000,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackAuthenticationError(OpenStackBaseException):
+    """Exception for OpenStack authentication errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10001,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackSessionError(OpenStackBaseException):
+    """Exception for OpenStack session setup errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10002,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackIdentityError(OpenStackBaseException):
+    """Exception for OpenStack identity setup errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10003,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackAPIError(OpenStackBaseException):
+    """Exception for OpenStack API errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10004,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackRateLimitError(OpenStackBaseException):
+    """Exception for OpenStack rate limit errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10005,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackConfigFileNotFoundError(OpenStackBaseException):
+    """Exception for clouds.yaml file not found errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10006,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackCloudNotFoundError(OpenStackBaseException):
+    """Exception for cloud not found in clouds.yaml errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10007,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )
+class OpenStackInvalidConfigError(OpenStackBaseException):
+    """Exception for invalid clouds.yaml configuration errors"""
+    def __init__(self, file=None, original_exception=None, message=None):
+        super().__init__(
+            code=10008,
+            file=file,
+            original_exception=original_exception,
+            message=message,
+        )

prowler/providers/openstack/lib/__init__.py ADDED Viewed

File without changes

prowler/providers/openstack/lib/arguments/__init__.py ADDED Viewed

File without changes

prowler/providers/openstack/lib/arguments/arguments.py ADDED Viewed

@@ -0,0 +1,113 @@
+from argparse import Namespace
+def init_parser(self):
+    """Initialize the OpenStack provider CLI parser."""
+    openstack_parser = self.subparsers.add_parser(
+        "openstack", parents=[self.common_providers_parser], help="OpenStack Provider"
+    )
+    # clouds.yaml Configuration File Authentication
+    openstack_clouds_yaml_subparser = openstack_parser.add_argument_group(
+        "clouds.yaml Configuration File Authentication"
+    )
+    openstack_clouds_yaml_subparser.add_argument(
+        "--clouds-yaml-file",
+        nargs="?",
+        default=None,
+        help="Path to clouds.yaml configuration file. If not specified, standard locations will be searched (~/.config/openstack/clouds.yaml, /etc/openstack/clouds.yaml, ./clouds.yaml)",
+    )
+    openstack_clouds_yaml_subparser.add_argument(
+        "--clouds-yaml-cloud",
+        nargs="?",
+        default=None,
+        help="Cloud name from clouds.yaml to use for authentication. Required when using --clouds-yaml-file or when searching for clouds.yaml in standard locations",
+    )
+    # Explicit Credential Authentication
+    openstack_explicit_subparser = openstack_parser.add_argument_group(
+        "Explicit Credential Authentication"
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-auth-url",
+        nargs="?",
+        default=None,
+        help="OpenStack authentication URL (Keystone endpoint). Can also be set via OS_AUTH_URL environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-username",
+        nargs="?",
+        default=None,
+        help="OpenStack username for authentication. Can also be set via OS_USERNAME environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-password",
+        nargs="?",
+        default=None,
+        help="OpenStack password for authentication. Can also be set via OS_PASSWORD environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-project-id",
+        nargs="?",
+        default=None,
+        help="OpenStack project ID (tenant ID). Can also be set via OS_PROJECT_ID environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-region-name",
+        nargs="?",
+        default=None,
+        help="OpenStack region name. Can also be set via OS_REGION_NAME environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-user-domain-name",
+        nargs="?",
+        default=None,
+        help="OpenStack user domain name. Can also be set via OS_USER_DOMAIN_NAME environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-project-domain-name",
+        nargs="?",
+        default=None,
+        help="OpenStack project domain name. Can also be set via OS_PROJECT_DOMAIN_NAME environment variable",
+    )
+    openstack_explicit_subparser.add_argument(
+        "--os-identity-api-version",
+        nargs="?",
+        default=None,
+        help="OpenStack Identity API version (2 or 3). Can also be set via OS_IDENTITY_API_VERSION environment variable",
+    )
+def validate_arguments(arguments: Namespace) -> tuple[bool, str]:
+    """
+    Validate that provider arguments are valid and can be used together.
+    Enforces mutual exclusivity between clouds.yaml authentication and explicit credential parameters.
+    Args:
+        arguments (Namespace): The parsed arguments.
+    Returns:
+        tuple[bool, str]: A tuple containing a boolean indicating validity and an error message.
+    """
+    # Check if clouds.yaml options are used with explicit credential parameters
+    clouds_yaml_in_use = arguments.clouds_yaml_file or arguments.clouds_yaml_cloud
+    explicit_params_in_use = any(
+        [
+            arguments.os_auth_url,
+            arguments.os_username,
+            arguments.os_password,
+            arguments.os_project_id,
+            arguments.os_user_domain_name,
+            arguments.os_project_domain_name,
+        ]
+    )
+    if clouds_yaml_in_use and explicit_params_in_use:
+        return (
+            False,
+            "Cannot use clouds.yaml options (--clouds-yaml-file, --clouds-yaml-cloud) together with explicit credential parameters (--os-auth-url, --os-username, --os-password, --os-project-id, --os-user-domain-name, --os-project-domain-name). Please use one authentication method only.",
+        )
+    return (True, "")

prowler/providers/openstack/lib/mutelist/__init__.py ADDED Viewed

File without changes

prowler/providers/openstack/lib/mutelist/mutelist.py ADDED Viewed

@@ -0,0 +1,31 @@
+from prowler.lib.check.models import CheckReportOpenStack
+from prowler.lib.mutelist.mutelist import Mutelist
+from prowler.lib.outputs.utils import unroll_dict, unroll_tags
+class OpenStackMutelist(Mutelist):
+    """Mutelist implementation for the OpenStack provider."""
+    def is_finding_muted(
+        self,
+        finding: CheckReportOpenStack,
+        project_id: str,
+    ) -> bool:
+        """Return True when the finding should be muted for the audited project."""
+        # Try matching with both resource_id and resource_name for better UX
+        # Users can specify either the UUID or the friendly name in the mutelist
+        muted_by_id = self.is_muted(
+            project_id,
+            finding.check_metadata.CheckID,
+            finding.region,
+            finding.resource_id,
+            unroll_dict(unroll_tags(finding.resource_tags)),
+        )
+        muted_by_name = self.is_muted(
+            project_id,
+            finding.check_metadata.CheckID,
+            finding.region,
+            finding.resource_name,
+            unroll_dict(unroll_tags(finding.resource_tags)),
+        )
+        return muted_by_id or muted_by_name

prowler/providers/openstack/lib/service/__init__.py ADDED Viewed

File without changes

prowler/providers/openstack/lib/service/service.py ADDED Viewed

@@ -0,0 +1,21 @@
+from prowler.lib.logger import logger
+from prowler.providers.openstack.openstack_provider import OpenstackProvider
+class OpenStackService:
+    """Base class for all OpenStack services."""
+    def __init__(self, service_name: str, provider: OpenstackProvider) -> None:
+        self.service_name = service_name
+        self.provider = provider
+        self.connection = provider.connection
+        self.session = provider.session
+        self.region = provider.session.region_name
+        self.project_id = provider.session.project_id
+        self.identity = provider.identity
+        self.audit_config = provider.audit_config
+        self.fixer_config = provider.fixer_config
+        logger.debug(
+            f"{self.service_name} service initialized for project {self.project_id} in region {self.region}"
+        )

prowler/providers/openstack/models.py ADDED Viewed

@@ -0,0 +1,100 @@
+import re
+from typing import Optional
+from pydantic.v1 import BaseModel, Field
+from prowler.config.config import output_file_timestamp
+from prowler.providers.common.models import ProviderOutputOptions
+def _is_uuid(value: str) -> bool:
+    """Check if a string is a valid UUID.
+    Accepts both formats:
+    - Standard with dashes: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+    - Compact without dashes: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    """
+    # Standard UUID format with dashes
+    uuid_with_dashes = re.compile(
+        r"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
+        re.IGNORECASE,
+    )
+    # Compact UUID format without dashes (e.g., OVH)
+    uuid_without_dashes = re.compile(
+        r"^[0-9a-f]{32}$",
+        re.IGNORECASE,
+    )
+    return bool(uuid_with_dashes.match(value) or uuid_without_dashes.match(value))
+class OpenStackSession(BaseModel):
+    """Holds the authentication/session data used to talk with OpenStack."""
+    auth_url: str
+    identity_api_version: str = Field(default="3")
+    username: str
+    password: str
+    project_id: str
+    region_name: str
+    user_domain_name: str = Field(default="Default")
+    project_domain_name: str = Field(default="Default")
+    def as_sdk_config(self) -> dict:
+        """Return a dict compatible with openstacksdk.connect().
+        Note: The OpenStack SDK distinguishes between project_id (must be UUID)
+        and project_name (any string identifier). We accept project_id from users
+        but internally pass it as project_name to the SDK if it's not a UUID.
+        This allows compatibility with providers like OVH that use numeric IDs.
+        """
+        config = {
+            "auth_url": self.auth_url,
+            "username": self.username,
+            "password": self.password,
+            "region_name": self.region_name,
+            "project_domain_name": self.project_domain_name,
+            "user_domain_name": self.user_domain_name,
+            "identity_api_version": self.identity_api_version,
+        }
+        # If project_id is a UUID, pass it as project_id to SDK
+        # Otherwise, pass it as project_name (e.g., OVH numeric IDs)
+        if _is_uuid(self.project_id):
+            config["project_id"] = self.project_id
+        else:
+            config["project_name"] = self.project_id
+        return config
+class OpenStackIdentityInfo(BaseModel):
+    """Represents the identity used during the audit run."""
+    user_id: Optional[str] = None
+    username: str
+    project_id: str
+    project_name: Optional[str] = None
+    region_name: str
+    user_domain_name: str
+    project_domain_name: str
+class OpenStackOutputOptions(ProviderOutputOptions):
+    """OpenStack output options."""
+    def __init__(self, arguments, bulk_checks_metadata, identity):
+        # First call ProviderOutputOptions init
+        super().__init__(arguments, bulk_checks_metadata)
+        # Check if custom output filename was input, if not, set the default
+        if (
+            not hasattr(arguments, "output_filename")
+            or arguments.output_filename is None
+        ):
+            # Use project_name if available, otherwise use project_id
+            project_identifier = (
+                identity.project_name if identity.project_name else identity.project_id
+            )
+            self.output_filename = (
+                f"prowler-output-{project_identifier}-{output_file_timestamp}"
+            )
+        else:
+            self.output_filename = arguments.output_filename

prowler 5.17.1__py3-none-any.whl → 5.18.0__py3-none-any.whl

prowler 5.17.1py3-none-any.whl → 5.18.0py3-none-any.whl