feat(banner): azure credential banner (#2179)

prowler/lib/outputs/summary_table.py

@@ -20,7 +20,10 @@ def display_summary_table(
             entity_type = "Account"
             audited_entities = audit_info.audited_account
         elif provider == "azure":
-            if audit_info.identity.domain:
+            if (
+                audit_info.identity.domain
+                != "Unknown tenant domain (missing AAD permissions)"
+            ):
                 entity_type = "Tenant Domain"
                 audited_entities = audit_info.identity.domain
             else:

prowler/providers/azure/azure_provider.py

@@ -115,7 +115,7 @@ class Azure_Provider:
             # Same here, if user can access AAD, some fields are retrieved if not, default value, for az cli
             # should work but it doesn't, pending issue
             else:
-                identity.identity_id = "Unknown user id (NO AAD permissions)"
+                identity.identity_id = "Unknown user id (Missing AAD permissions)"
                 identity.identity_type = "User"
                 try:
                     logger.info(
@@ -147,7 +147,6 @@ class Azure_Provider:
             if not subscription_ids:
                 logger.info("Scanning all the Azure subscriptions...")
                 for subscription in subscriptions_client.subscriptions.list():
-
                     identity.subscriptions.update(
                         {subscription.display_name: subscription.subscription_id}
                     )

prowler/providers/azure/lib/audit_info/models.py

@@ -9,7 +9,7 @@ class Azure_Identity_Info(BaseModel):
     identity_id: str = ""
     identity_type: str = ""
     tenant_ids: list[str] = []
-    domain: str = ""
+    domain: str = "Unknown tenant domain (missing AAD permissions)"
     subscriptions: dict = {}
 
 

prowler/providers/azure/services/defender/defender_service.py

@@ -38,8 +38,8 @@ class Defender:
     def __get_pricings__(self):
         logger.info("Defender - Getting pricings...")
         pricings = {}
-        try:
-            for subscription, client in self.clients.items():
+        for subscription, client in self.clients.items():
+            try:
                 pricings_list = client.pricings.list()
                 pricings.update({subscription: {}})
                 for pricing in pricings_list.value:
@@ -52,12 +52,12 @@ class Defender:
                             )
                         }
                     )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-        else:
-            return pricings
+            except Exception as error:
+                logger.error(f"Subscription name: {subscription}")
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+        return pricings
 
 
 class Defender_Pricing(BaseModel):

prowler/providers/azure/services/iam/iam_service.py

@@ -39,8 +39,8 @@ class IAM:
     def __get_roles__(self):
         logger.info("IAM - Getting roles...")
         roles = {}
-        try:
-            for subscription, client in self.clients.items():
+        for subscription, client in self.clients.items():
+            try:
                 roles.update({subscription: []})
                 for role in client.role_definitions.list(
                     scope=f"/subscriptions/{self.subscriptions[subscription]}",
@@ -55,12 +55,12 @@ class IAM:
                             permissions=role.permissions,
                         )
                     )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-        else:
-            return roles
+            except Exception as error:
+                logger.error(f"Subscription name: {subscription}")
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+        return roles
 
 
 @dataclass

prowler/providers/azure/services/storage/storage_service.py

@@ -39,8 +39,8 @@ class Storage:
     def __get_storage_accounts__(self):
         logger.info("Storage - Getting storage accounts...")
         storage_accounts = {}
-        try:
-            for subscription, client in self.clients.items():
+        for subscription, client in self.clients.items():
+            try:
                 storage_accounts.update({subscription: []})
                 storage_accounts_list = client.storage_accounts.list()
                 for storage_account in storage_accounts_list:
@@ -56,12 +56,12 @@ class Storage:
                             minimum_tls_version=storage_account.minimum_tls_version,
                         )
                     )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-        else:
-            return storage_accounts
+            except Exception as error:
+                logger.error(f"Subscription name: {subscription}")
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+        return storage_accounts
 
 
 @dataclass

prowler/providers/common/audit_info.py

@@ -83,6 +83,20 @@ Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESE
 This report is being generated using credentials below:
 
 GCP Account: {Fore.YELLOW}[{profile}]{Style.RESET_ALL}  GCP Project ID: {Fore.YELLOW}[{audit_info.project_id}]{Style.RESET_ALL}
+"""
+        print(report)
+
+    def print_azure_credentials(self, audit_info: Azure_Audit_Info):
+        printed_subscriptions = []
+        for key, value in audit_info.identity.subscriptions.items():
+            intermediate = key + " : " + value
+            printed_subscriptions.append(intermediate)
+        report = f"""
+This report is being generated using the identity below:
+
+Azure Tenant IDs: {Fore.YELLOW}[{" ".join(audit_info.identity.tenant_ids)}]{Style.RESET_ALL} Azure Tenant Domain: {Fore.YELLOW}[{audit_info.identity.domain}]{Style.RESET_ALL}
+Azure Subscriptions: {Fore.YELLOW}{printed_subscriptions}{Style.RESET_ALL}
+Azure Identity type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RESET_ALL} Azure Identity ID: {Fore.YELLOW}[{audit_info.identity.identity_id}]{Style.RESET_ALL}
 """
         print(report)
 
@@ -340,6 +354,9 @@ GCP Account: {Fore.YELLOW}[{profile}]{Style.RESET_ALL}  GCP Project ID: {Fore.YE
         azure_audit_info.credentials = azure_provider.get_credentials()
         azure_audit_info.identity = azure_provider.get_identity()
 
+        if not arguments.get("only_logs"):
+            self.print_azure_credentials(azure_audit_info)
+
         return azure_audit_info
 
     def set_gcp_audit_info(self, arguments) -> GCP_Audit_Info:

prowler/providers/common/outputs.py

@@ -65,7 +65,10 @@ class Azure_Output_Options(Provider_Output_Options):
             not hasattr(arguments, "output_filename")
             or arguments.output_filename is None
         ):
-            if audit_info.identity.domain:
+            if (
+                audit_info.identity.domain
+                != "Unknown tenant domain (missing AAD permissions)"
+            ):
                 self.output_filename = f"prowler-output-{audit_info.identity.domain}-{output_file_timestamp}"
             else:
                 self.output_filename = f"prowler-output-{'-'.join(audit_info.identity.tenant_ids)}-{output_file_timestamp}"