Skip to content

Commit

Permalink
fix(gcp): add default project for org level checks (#5132)
Browse files Browse the repository at this point in the history
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
  • Loading branch information
prowler-bot and MrCloudSec authored Sep 20, 2024
1 parent 4db1a77 commit 6d0a659
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 10 deletions.
14 changes: 9 additions & 5 deletions prowler/providers/gcp/gcp_provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def __init__(self, arguments):
self._impersonated_service_account = arguments.impersonate_service_account
list_project_ids = arguments.list_project_id

self._session = self.setup_session(
self._session, self._default_project_id = self.setup_session(
credentials_file, self._impersonated_service_account
)

Expand Down Expand Up @@ -128,6 +128,10 @@ def session(self):
def projects(self):
return self._projects

@property
def default_project_id(self):
return self._default_project_id

@property
def impersonated_service_account(self):
return self._impersonated_service_account
Expand Down Expand Up @@ -198,14 +202,14 @@ def get_output_mapping(self):
# "partition": "identity.partition",
}

def setup_session(self, credentials_file: str, service_account: str) -> Credentials:
def setup_session(self, credentials_file: str, service_account: str) -> tuple:
"""
Setup the GCP session with the provided credentials file or service account to impersonate
Args:
credentials_file: str
service_account: str
Returns:
Credentials object
Credentials object and default project ID
"""
try:
scopes = ["https://www.googleapis.com/auth/cloud-platform"]
Expand All @@ -215,7 +219,7 @@ def setup_session(self, credentials_file: str, service_account: str) -> Credenti
self.__set_gcp_creds_env_var__(credentials_file)

# Get default credentials
credentials, _ = default(scopes=scopes)
credentials, default_project_id = default(scopes=scopes)

# Refresh the credentials to ensure they are valid
credentials.refresh(Request())
Expand All @@ -231,7 +235,7 @@ def setup_session(self, credentials_file: str, service_account: str) -> Credenti
)
logger.info(f"Impersonated credentials: {credentials}")

return credentials
return credentials, default_project_id
except Exception as error:
logger.critical(
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
Expand Down
1 change: 1 addition & 0 deletions prowler/providers/gcp/lib/service/service.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ def __init__(
)
# Only project ids that have their API enabled will be scanned
self.project_ids = self.__is_api_active__(provider.project_ids)
self.default_project_id = provider.default_project_id
self.audit_config = provider.audit_config
self.fixer_config = provider.fixer_config

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ def execute(self) -> Check_Report_GCP:
findings = []
for org in essentialcontacts_client.organizations:
report = Check_Report_GCP(self.metadata())
report.project_id = org.id
report.project_id = essentialcontacts_client.default_project_id
report.resource_id = org.id
report.resource_name = org.name
report.location = essentialcontacts_client.region
Expand Down
3 changes: 2 additions & 1 deletion tests/providers/gcp/gcp_fixtures.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,14 @@


def set_mocked_gcp_provider(
project_ids: list[str] = [], profile: str = ""
project_ids: list[str] = [GCP_PROJECT_ID], profile: str = ""
) -> GcpProvider:
provider = MagicMock()
provider.type = "gcp"
provider.session = MagicMock()
provider.session._service_account_email = "test@test.com"
provider.project_ids = project_ids
provider.default_project_id = GCP_PROJECT_ID
provider.identity = GCPIdentityInfo(
profile=profile,
)
Expand Down
7 changes: 4 additions & 3 deletions tests/providers/gcp/gcp_provider_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def test_gcp_provider(self):
}
with patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.setup_session",
return_value=None,
return_value=(None, "test-project"),
), patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.get_projects",
return_value=projects,
Expand All @@ -47,6 +47,7 @@ def test_gcp_provider(self):
assert gcp_provider.session is None
assert gcp_provider.project_ids == ["test-project"]
assert gcp_provider.projects == projects
assert gcp_provider.default_project_id == "test-project"
assert gcp_provider.identity == GCPIdentityInfo(profile="default")
assert gcp_provider.audit_config == {"shodan_api_key": None}

Expand Down Expand Up @@ -81,7 +82,7 @@ def test_gcp_provider_output_options(self):
}
with patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.setup_session",
return_value=None,
return_value=(None, None),
), patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.get_projects",
return_value=projects,
Expand Down Expand Up @@ -154,7 +155,7 @@ def test_is_project_matching(self):
}
with patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.setup_session",
return_value=None,
return_value=(None, None),
), patch(
"prowler.providers.gcp.gcp_provider.GcpProvider.get_projects",
return_value=projects,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ def test_iam_org_with_contacts(self):
essentialcontacts_client.organizations = [
Organization(id="test_id", name="test", contacts=True)
]
essentialcontacts_client.default_project_id = "test_id"
from prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured import (
iam_organization_essential_contacts_configured,
)
Expand Down Expand Up @@ -73,6 +74,7 @@ def test_iam_org_without_contacts(self):
essentialcontacts_client.organizations = [
Organization(id="test_id", name="test", contacts=False)
]
essentialcontacts_client.default_project_id = "test_id"

from prowler.providers.gcp.services.iam.iam_organization_essential_contacts_configured.iam_organization_essential_contacts_configured import (
iam_organization_essential_contacts_configured,
Expand Down

0 comments on commit 6d0a659

Please sign in to comment.