fix(gcp): solve errors in GCP services (#5124)

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>

prowler/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured.py

@@ -16,12 +16,12 @@ def execute(self) -> Check_Report_GCP:
             if key.restrictions == {} or any(
                 [
                     target.get("service") == "cloudapis.googleapis.com"
-                    for target in key.restrictions["apiTargets"]
+                    for target in key.restrictions.get("apiTargets", [])
                 ]
             ):
                 report.status = "FAIL"
                 report.status_extended = (
-                    f"API key {key.name} doens't have restrictions configured."
+                    f"API key {key.name} does not have restrictions configured."
                 )
             findings.append(report)
 

prowler/providers/gcp/services/compute/compute_service.py

@@ -283,20 +283,23 @@ def __get_url_maps__(self):
 
     def __describe_backend_service__(self):
         for balancer in self.load_balancers:
-            try:
-                response = (
-                    self.client.backendServices()
-                    .get(
-                        project=balancer.project_id,
-                        backendService=balancer.service.split("/")[-1],
+            if balancer.service:
+                try:
+                    response = (
+                        self.client.backendServices()
+                        .get(
+                            project=balancer.project_id,
+                            backendService=balancer.service.split("/")[-1],
+                        )
+                        .execute()
+                    )
+                    balancer.logging = response.get("logConfig", {}).get(
+                        "enable", False
+                    )
+                except Exception as error:
+                    logger.error(
+                        f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                     )
-                    .execute()
-                )
-                balancer.logging = response.get("logConfig", {}).get("enable", False)
-            except Exception as error:
-                logger.error(
-                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                )
 
 
 class Instance(BaseModel):

prowler/providers/gcp/services/dns/dns_service.py

@@ -25,8 +25,9 @@ def __get_managed_zones__(self):
                             ManagedZone(
                                 name=managed_zone["name"],
                                 id=managed_zone["id"],
-                                dnssec=managed_zone["dnssecConfig"]["state"] == "on",
-                                key_specs=managed_zone["dnssecConfig"][
+                                dnssec=managed_zone.get("dnssecConfig", {})["state"]
+                                == "on",
+                                key_specs=managed_zone.get("dnssecConfig", {})[
                                     "defaultKeySpecs"
                                 ],
                                 project_id=project_id,

prowler/providers/gcp/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.py

@@ -16,9 +16,14 @@ def execute(self) -> Check_Report_GCP:
             now = datetime.datetime.now()
             condition_next_rotation_time = False
             if key.next_rotation_time:
-                next_rotation_time = datetime.datetime.strptime(
-                    key.next_rotation_time, "%Y-%m-%dT%H:%M:%SZ"
-                )
+                try:
+                    next_rotation_time = datetime.datetime.strptime(
+                        key.next_rotation_time, "%Y-%m-%dT%H:%M:%S.%fZ"
+                    )
+                except ValueError:
+                    next_rotation_time = datetime.datetime.strptime(
+                        key.next_rotation_time, "%Y-%m-%dT%H:%M:%SZ"
+                    )
                 condition_next_rotation_time = (
                     abs((next_rotation_time - now).days) <= 90
                 )

tests/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured_test.py

@@ -100,7 +100,7 @@ def test_one_key_without_restrictions(self):
             assert len(result) == 1
             assert result[0].status == "FAIL"
             assert search(
-                f"API key {key.name} doens't have restrictions configured.",
+                f"API key {key.name} does not have restrictions configured.",
                 result[0].status_extended,
             )
             assert result[0].resource_id == key.id
@@ -144,7 +144,7 @@ def test_one_key_with_cloudapis_restriction(self):
             assert len(result) == 1
             assert result[0].status == "FAIL"
             assert search(
-                f"API key {key.name} doens't have restrictions configured.",
+                f"API key {key.name} does not have restrictions configured.",
                 result[0].status_extended,
             )
             assert result[0].resource_id == key.id

tests/providers/gcp/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled_test.py

@@ -549,3 +549,61 @@ def test_kms_key_rotation_period_less_90_days_and_appropriate_next_rotation_time
             assert result[0].resource_name == kms_client.crypto_keys[0].name
             assert result[0].location == kms_client.crypto_keys[0].location
             assert result[0].project_id == kms_client.crypto_keys[0].project_id
+
+    def test_kms_key_rotation_with_fractional_seconds(self):
+        kms_client = mock.MagicMock
+
+        with mock.patch(
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=set_mocked_gcp_provider(),
+        ), mock.patch(
+            "prowler.providers.gcp.services.kms.kms_key_rotation_enabled.kms_key_rotation_enabled.kms_client",
+            new=kms_client,
+        ):
+            from prowler.providers.gcp.services.kms.kms_key_rotation_enabled.kms_key_rotation_enabled import (
+                kms_key_rotation_enabled,
+            )
+            from prowler.providers.gcp.services.kms.kms_service import (
+                CriptoKey,
+                KeyLocation,
+                KeyRing,
+            )
+
+            kms_client.project_ids = [GCP_PROJECT_ID]
+            kms_client.region = GCP_US_CENTER1_LOCATION
+
+            keyring = KeyRing(
+                name="projects/123/locations/us-central1/keyRings/keyring1",
+                project_id=GCP_PROJECT_ID,
+            )
+
+            keylocation = KeyLocation(
+                name=GCP_US_CENTER1_LOCATION,
+                project_id=GCP_PROJECT_ID,
+            )
+
+            kms_client.crypto_keys = [
+                CriptoKey(
+                    name="key1",
+                    id="projects/123/locations/us-central1/keyRings/keyring1/cryptoKeys/key1",
+                    project_id=GCP_PROJECT_ID,
+                    rotation_period="7776000s",
+                    next_rotation_time="2025-07-06T22:00:00.561275Z",
+                    key_ring=keyring.name,
+                    location=keylocation.name,
+                    members=["user:jane@example.com"],
+                )
+            ]
+
+            check = kms_key_rotation_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"Key {kms_client.crypto_keys[0].name} is rotated every 90 days or less but the next rotation time is in more than 90 days."
+            )
+            assert result[0].resource_id == kms_client.crypto_keys[0].id
+            assert result[0].resource_name == kms_client.crypto_keys[0].name
+            assert result[0].location == kms_client.crypto_keys[0].location
+            assert result[0].project_id == kms_client.crypto_keys[0].project_id