From 9663ee6062367c2b1c901aa4499cd929dfbdaab4 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Mon, 26 Feb 2024 10:37:40 +0100 Subject: [PATCH] chore(docs): Prettify notes and add dates (#3434) --- docs/developer-guide/checks.md | 7 +- docs/developer-guide/unit-testing.md | 12 ++- docs/getting-started/requirements.md | 12 +-- docs/index.md | 17 +++- docs/tutorials/allowlist.md | 6 +- docs/tutorials/aws/authentication.md | 5 +- docs/tutorials/aws/organizations.md | 8 +- docs/tutorials/aws/regions-and-partitions.md | 13 ++- docs/tutorials/aws/role-assumption.md | 13 +-- docs/tutorials/aws/s3.md | 5 +- docs/tutorials/aws/securityhub.md | 18 ++-- docs/tutorials/check-aliases.md | 24 ++--- docs/tutorials/configuration_file.md | 4 +- docs/tutorials/gcp/authentication.md | 3 +- docs/tutorials/ignore-unused-services.md | 3 +- docs/tutorials/integrations.md | 4 +- docs/tutorials/logging.md | 6 +- docs/tutorials/misc.md | 17 ++-- docs/tutorials/parallel-execution.md | 3 +- docs/tutorials/quick-inventory.md | 8 +- docs/tutorials/reporting.md | 30 +++--- mkdocs.yml | 12 ++- poetry.lock | 99 ++++++++++++++++---- pyproject.toml | 5 +- 24 files changed, 226 insertions(+), 108 deletions(-) diff --git a/docs/developer-guide/checks.md b/docs/developer-guide/checks.md index 58790642..7a4347e2 100644 --- a/docs/developer-guide/checks.md +++ b/docs/developer-guide/checks.md @@ -196,14 +196,17 @@ aws: As you can see in the above code, within the service client, in this case the `ec2_client`, there is an object called `audit_config` which is a Python dictionary containing the values read from the configuration file. In order to use it, you have to check first if the value is present in the configuration file. If the value is not present, you can create it in the `config.yaml` file and then, read it from the check. -> It is mandatory to always use the `dictionary.get(value, default)` syntax to set a default value in the case the configuration value is not present. + +???+ note + It is mandatory to always use the `dictionary.get(value, default)` syntax to set a default value in the case the configuration value is not present. ## Check Metadata Each Prowler check has metadata associated which is stored at the same level of the check's folder in a file called A `check_name.metadata.json` containing the check's metadata. -> We are going to include comments in this example metadata JSON but they cannot be included because the JSON format does not allow comments. +???+ note + We are going to include comments in this example metadata JSON but they cannot be included because the JSON format does not allow comments. ```json { diff --git a/docs/developer-guide/unit-testing.md b/docs/developer-guide/unit-testing.md index 754bf0a4..0ea85b9c 100644 --- a/docs/developer-guide/unit-testing.md +++ b/docs/developer-guide/unit-testing.md @@ -40,13 +40,15 @@ Other commands to run tests: - Run tests for a provider service: `pytest -n auto -vvv -s -x tests/providers//services/` - Run tests for a provider check: `pytest -n auto -vvv -s -x tests/providers//services//` -> Refer to the [pytest documentation](https://docs.pytest.org/en/7.1.x/getting-started.html) documentation for more information. +???+ note + Refer to the [pytest documentation](https://docs.pytest.org/en/7.1.x/getting-started.html) documentation for more information. ## AWS For the AWS provider we have ways to test a Prowler check based on the following criteria: -> Note: We use and contribute to the [Moto](https://github.com/getmoto/moto) library which allows us to easily mock out tests based on AWS infrastructure. **It's awesome!** +???+ note + We use and contribute to the [Moto](https://github.com/getmoto/moto) library which allows us to easily mock out tests based on AWS infrastructure. **It's awesome!** - AWS API calls covered by [Moto](https://github.com/getmoto/moto): - Service tests with `@mock_` @@ -195,7 +197,8 @@ class Test_iam_password_policy_uppercase: If the IAM service for the check's we want to test is not covered by Moto, we have to inject the objects in the service client using [MagicMock](https://docs.python.org/3/library/unittest.mock.html#unittest.mock.MagicMock). As we have pointed above, we cannot instantiate the service since it will make real calls to the AWS APIs. -> The following example uses the IAM GetAccountPasswordPolicy which is covered by Moto but this is only for demonstration purposes. +???+ note + The following example uses the IAM GetAccountPasswordPolicy which is covered by Moto but this is only for demonstration purposes. The following code shows how to use MagicMock to create the service objects. @@ -325,7 +328,8 @@ class Test_iam_password_policy_uppercase: Note that this does not use Moto, to keep it simple, but if you use any `moto`-decorators in addition to the patch, the call to `orig(self, operation_name, kwarg)` will be intercepted by Moto. -> The above code comes from here https://docs.getmoto.org/en/latest/docs/services/patching_other_services.html +???+ note + The above code comes from here https://docs.getmoto.org/en/latest/docs/services/patching_other_services.html #### Mocking more than one service diff --git a/docs/getting-started/requirements.md b/docs/getting-started/requirements.md index 7f29c716..9c07e8ee 100644 --- a/docs/getting-started/requirements.md +++ b/docs/getting-started/requirements.md @@ -5,7 +5,7 @@ Prowler has been written in Python using the [AWS SDK (Boto3)](https://boto3.ama Since Prowler uses AWS Credentials under the hood, you can follow any authentication method as described [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence). -### AWS Authentication +### Authentication Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role): @@ -26,9 +26,8 @@ Those credentials must be associated to a user or role with proper permissions t - `arn:aws:iam::aws:policy/SecurityAudit` - `arn:aws:iam::aws:policy/job-function/ViewOnlyAccess` - > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. - - > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). +???+ note + Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). ### Multi-Factor Authentication @@ -115,7 +114,7 @@ To assign this roles, follow the instructions: ## Google Cloud -### GCP Authentication +### Authentication Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order): @@ -125,4 +124,5 @@ Prowler will follow the same credentials search as [Google authentication librar Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials. -> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned. +???+ note + By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned. diff --git a/docs/index.md b/docs/index.md index 752d54d3..9ee78d10 100644 --- a/docs/index.md +++ b/docs/index.md @@ -124,7 +124,8 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/), prowler -v ``` - > To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv` + ???+ note + To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv` === "Azure CloudShell" @@ -159,14 +160,18 @@ You can run Prowler from your workstation, an EC2 instance, Fargate or any other ![Architecture](img/architecture.png) ## Basic Usage -To run Prowler, you will need to specify the provider (e.g aws, gcp or azure): -> If no provider specified, AWS will be used for backward compatibility with most of v2 options. +To run Prowler, you will need to specify the provider (e.g `aws`, `gcp` or `azure`): + +???+ note + If no provider specified, AWS will be used for backward compatibility with most of v2 options. ```console prowler ``` ![Prowler Execution](img/short-display.png) -> Running the `prowler` command without options will use your environment variable credentials, see [Requirements](./getting-started/requirements.md) section to review the credentials settings. + +???+ note + Running the `prowler` command without options will use your environment variable credentials, see [Requirements](./getting-started/requirements.md) section to review the credentials settings. If you miss the former output you can use `--verbose` but Prowler v3 is smoking fast, so you won't see much ;) @@ -217,7 +222,9 @@ Use a custom AWS profile with `-p`/`--profile` and/or AWS regions which you want ```console prowler aws --profile custom-profile -f us-east-1 eu-south-2 ``` -> By default, `prowler` will scan all AWS regions. + +???+ note + By default, `prowler` will scan all AWS regions. See more details about AWS Authentication in [Requirements](getting-started/requirements.md) diff --git a/docs/tutorials/allowlist.md b/docs/tutorials/allowlist.md index 394894cc..3b0087ab 100644 --- a/docs/tutorials/allowlist.md +++ b/docs/tutorials/allowlist.md @@ -113,7 +113,8 @@ You will need to pass the S3 URI where your Allowlist YAML file was uploaded to ``` prowler aws -w s3:////allowlist.yaml ``` -> Make sure that the used AWS credentials have s3:GetObject permissions in the S3 path where the allowlist file is located. +???+ note + Make sure that the used AWS credentials have s3:GetObject permissions in the S3 path where the allowlist file is located. ### AWS DynamoDB Table ARN @@ -138,7 +139,8 @@ The following example will allowlist all resources in all accounts for the EC2 c -> Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table. +???+ note + Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table. ### AWS Lambda ARN diff --git a/docs/tutorials/aws/authentication.md b/docs/tutorials/aws/authentication.md index 7a01e259..c3ec8fda 100644 --- a/docs/tutorials/aws/authentication.md +++ b/docs/tutorials/aws/authentication.md @@ -19,9 +19,8 @@ Those credentials must be associated to a user or role with proper permissions t - `arn:aws:iam::aws:policy/SecurityAudit` - `arn:aws:iam::aws:policy/job-function/ViewOnlyAccess` - > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. - - > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). +???+ note + Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). ## Profiles diff --git a/docs/tutorials/aws/organizations.md b/docs/tutorials/aws/organizations.md index 820749c2..29e2a79d 100644 --- a/docs/tutorials/aws/organizations.md +++ b/docs/tutorials/aws/organizations.md @@ -11,7 +11,9 @@ In order to do that you can use the option `-O`/`--organizations-role :role/ ``` -> Make sure the role in your AWS Organizations management account has the permissions `organizations:ListAccounts*` and `organizations:ListTagsForResource`. + +???+ note + Make sure the role in your AWS Organizations management account has the permissions `organizations:ListAccounts*` and `organizations:ListTagsForResource`. In that command Prowler will scan the account and getting the account details from the AWS Organizations management account assuming a role and creating two reports with those details in JSON and CSV. @@ -55,4 +57,6 @@ If you want to run Prowler across all accounts of AWS Organizations you can do t done ``` -> Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'` +???+ note + Using the same for loop it can be scanned a list of accounts with a variable like: +
`ACCOUNTS_LIST='11111111111 2222222222 333333333'` diff --git a/docs/tutorials/aws/regions-and-partitions.md b/docs/tutorials/aws/regions-and-partitions.md index 0644f2dd..74ea0238 100644 --- a/docs/tutorials/aws/regions-and-partitions.md +++ b/docs/tutorials/aws/regions-and-partitions.md @@ -6,10 +6,13 @@ By default Prowler is able to scan the following AWS partitions: - China: `aws-cn` - GovCloud (US): `aws-us-gov` -> To check the available regions for each partition and service please refer to the following document [aws_regions_by_service.json](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/aws_regions_by_service.json) +???+ note + To check the available regions for each partition and service please refer to the following document [aws_regions_by_service.json](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/aws_regions_by_service.json) It is important to take into consideration that to scan the China (`aws-cn`) or GovCloud (`aws-us-gov`) partitions it is either required to have a valid region for that partition in your AWS credentials or to specify the regions you want to audit for that partition using the `-f/--region` flag. -> Please, refer to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials for more information about the AWS credentials configuration. + +???+ note + Please, refer to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials for more information about the AWS credentials configuration. Prowler can scan specific region(s) with: ```console @@ -34,7 +37,8 @@ aws_access_key_id = XXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXXXX region = cn-north-1 ``` -> With this option all the partition regions will be scanned without the need of use the `-f/--region` flag +???+ note + With this option all the partition regions will be scanned without the need of use the `-f/--region` flag ## AWS GovCloud (US) @@ -52,7 +56,8 @@ aws_access_key_id = XXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXXXX region = us-gov-east-1 ``` -> With this option all the partition regions will be scanned without the need of use the `-f/--region` flag +???+ note + With this option all the partition regions will be scanned without the need of use the `-f/--region` flag ## AWS ISO (US & Europe) diff --git a/docs/tutorials/aws/role-assumption.md b/docs/tutorials/aws/role-assumption.md index df52f349..8fa83fc3 100644 --- a/docs/tutorials/aws/role-assumption.md +++ b/docs/tutorials/aws/role-assumption.md @@ -30,15 +30,15 @@ Prowler can use your custom Role Session name with: prowler aws --role-session-name ``` -> It defaults to `ProwlerAssessmentSession` +???+ note + It defaults to `ProwlerAssessmentSession`. ## STS Endpoint Region If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`. -> Since v3.11.0, Prowler uses a regional token in STS sessions so it can scan all AWS regions without needing the `--sts-endpoint-region` argument. - -> Make sure that you have enabled the AWS Region you want to scan in BOTH AWS Accounts (assumed role account and account from which you assume the role). +???+ note + Since v3.11.0, Prowler uses a regional token in STS sessions so it can scan all AWS regions without needing the `--sts-endpoint-region` argument. Make sure that you have enabled the AWS Region you want to scan in **BOTH** AWS Accounts (assumed role account and account from which you assume the role). ## Role MFA @@ -51,6 +51,7 @@ If your IAM Role has MFA configured you can use `--mfa` along with `-R`/`--role To create a role to be assumed in one or multiple accounts you can use either as CloudFormation Stack or StackSet the following [template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it. -> _NOTE 1 about Session Duration_: Depending on the amount of checks you run and the size of your infrastructure, Prowler may require more than 1 hour to finish. Use option `-T ` to allow up to 12h (43200 seconds). To allow more than 1h you need to modify _"Maximum CLI/API session duration"_ for that particular role, read more [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session). +???+ note "About Session Duration" + Depending on the amount of checks you run and the size of your infrastructure, Prowler may require more than 1 hour to finish. Use option `-T ` to allow up to 12h (43200 seconds). To allow more than 1h you need to modify _"Maximum CLI/API session duration"_ for that particular role, read more [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session). -> _NOTE 2 about Session Duration_: Bear in mind that if you are using roles assumed by role chaining there is a hard limit of 1 hour so consider not using role chaining if possible, read more about that, in foot note 1 below the table [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html). + Bear in mind that if you are using roles assumed by role chaining there is a hard limit of 1 hour so consider not using role chaining if possible, read more about that, in foot note 1 below the table [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html). diff --git a/docs/tutorials/aws/s3.md b/docs/tutorials/aws/s3.md index b7846dea..d781ac90 100644 --- a/docs/tutorials/aws/s3.md +++ b/docs/tutorials/aws/s3.md @@ -21,6 +21,5 @@ By default Prowler sends HTML, JSON and CSV output formats, if you want to send prowler -M csv -B my-bucket ``` -> In the case you do not want to use the assumed role credentials but the initial credentials to put the reports into the S3 bucket, use `-D`/`--output-bucket-no-assume` instead of `-B`/`--output-bucket`. - -> Make sure that the used credentials have `s3:PutObject` permissions in the S3 path where the reports are going to be uploaded. +???+ note + In the case you do not want to use the assumed role credentials but the initial credentials to put the reports into the S3 bucket, use `-D`/`--output-bucket-no-assume` instead of `-B`/`--output-bucket`. Make sure that the used credentials have `s3:PutObject` permissions in the S3 path where the reports are going to be uploaded. diff --git a/docs/tutorials/aws/securityhub.md b/docs/tutorials/aws/securityhub.md index 2fff2634..7a127157 100644 --- a/docs/tutorials/aws/securityhub.md +++ b/docs/tutorials/aws/securityhub.md @@ -11,7 +11,8 @@ To enable the integration you have to perform the following steps, in _at least_ Since **AWS Security Hub** is a region based service, you will need to enable it in the region or regions you require. You can configure it using the AWS Management Console or the AWS CLI. -> Take into account that enabling this integration will incur in costs in AWS Security Hub, please refer to its pricing [here](https://aws.amazon.com/security-hub/pricing/) for more information. +???+ note + Take into account that enabling this integration will incur in costs in AWS Security Hub, please refer to its pricing [here](https://aws.amazon.com/security-hub/pricing/) for more information. ### Using the AWS Management Console @@ -58,16 +59,16 @@ To enable **AWS Security Hub** and the **Prowler** integration you have to run t ```shell aws securityhub enable-security-hub --region ``` -> For this command to work you will need the `securityhub:EnableSecurityHub` permission. -> You will need to set the AWS region where you want to enable AWS Security Hub. +???+ note + For this command to work you will need the `securityhub:EnableSecurityHub` permission. You will need to set the AWS region where you want to enable AWS Security Hub. Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your AWS Security Hub. You have to run the following commands using the AWS CLI: ```shell aws securityhub enable-import-findings-for-product --region eu-west-1 --product-arn arn:aws:securityhub:::product/prowler/prowler ``` -> You will need to set the AWS region where you want to enable the integration and also the AWS region also within the ARN. -> For this command to work you will need the `securityhub:securityhub:EnableImportFindingsForProduct` permission. +???+ note + You will need to set the AWS region where you want to enable the integration and also the AWS region also within the ARN. For this command to work you will need the `securityhub:securityhub:EnableImportFindingsForProduct` permission. ## Send Findings @@ -83,11 +84,12 @@ or for only one filtered region like eu-west-1: prowler --security-hub --region eu-west-1 ``` -> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q/--quiet` to the command. You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub. +???+ note + It is recommended to send only fails to Security Hub and that is possible adding `-q/--quiet` to the command. You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub. -> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region ` and run Prowler with the option `-f/--region ` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located. + Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region ` and run Prowler with the option `-f/--region ` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located. -> **Note 3**: To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours. + To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours. ### See you Prowler findings in AWS Security Hub diff --git a/docs/tutorials/check-aliases.md b/docs/tutorials/check-aliases.md index d94781d8..9d274d29 100644 --- a/docs/tutorials/check-aliases.md +++ b/docs/tutorials/check-aliases.md @@ -1,19 +1,19 @@ # Check Aliases Prowler allows you to use aliases for the checks. You only have to add the `CheckAliases` key to the check's metadata with a list of the aliases: - - "Provider": "", - "CheckID": "", - "CheckTitle": "", - "CheckAliases": [ - "" - "", - ... - ], - ... - +```json title="check.metadata.json" +"Provider": "", +"CheckID": "", +"CheckTitle": "", +"CheckAliases": [ + "" + "", + ... +], +... +``` Then, you can execute the check either with its check ID or with one of the previous aliases: -```console +```shell prowler -c/--checks Using alias for check ... diff --git a/docs/tutorials/configuration_file.md b/docs/tutorials/configuration_file.md index bc9f149b..51c70664 100644 --- a/docs/tutorials/configuration_file.md +++ b/docs/tutorials/configuration_file.md @@ -43,7 +43,9 @@ The following list includes all the AWS checks with configurable variables that ### Configurable Checks ## Config YAML File Structure -> This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider. + +???+ note + This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider. ```yaml title="config.yaml" # AWS Configuration diff --git a/docs/tutorials/gcp/authentication.md b/docs/tutorials/gcp/authentication.md index 35977dab..5796dc6b 100644 --- a/docs/tutorials/gcp/authentication.md +++ b/docs/tutorials/gcp/authentication.md @@ -13,7 +13,8 @@ Otherwise, you can generate and download Service Account keys in JSON format (re prowler gcp --credentials-file path ``` -> `prowler` will scan the GCP project associated with the credentials. +???+ note + `prowler` will scan the GCP project associated with the credentials. Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order): diff --git a/docs/tutorials/ignore-unused-services.md b/docs/tutorials/ignore-unused-services.md index 37668575..30fa3b67 100644 --- a/docs/tutorials/ignore-unused-services.md +++ b/docs/tutorials/ignore-unused-services.md @@ -1,6 +1,7 @@ # Ignore Unused Services -> Currently only available on the AWS provider. +???+ note + Currently only available on the AWS provider. Prowler allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports. diff --git a/docs/tutorials/integrations.md b/docs/tutorials/integrations.md index d6004251..b30d8bd1 100644 --- a/docs/tutorials/integrations.md +++ b/docs/tutorials/integrations.md @@ -10,7 +10,9 @@ prowler --slack ![Prowler Slack Message](img/slack-prowler-message.png) -> Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables. +???+ note + Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables. + ### Configuration To configure the Slack Integration, follow the next steps: diff --git a/docs/tutorials/logging.md b/docs/tutorials/logging.md index 0d74a901..fc50f586 100644 --- a/docs/tutorials/logging.md +++ b/docs/tutorials/logging.md @@ -18,7 +18,8 @@ You can establish the log level of Prowler with `--log-level` option: prowler --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL} ``` -> By default, Prowler will run with the `CRITICAL` log level, since critical errors will abort the execution. +???+ note + By default, Prowler will run with the `CRITICAL` log level, since critical errors will abort the execution. ## Export Logs to File @@ -45,4 +46,5 @@ An example of a log file will be the following: "message": "eu-west-2 -- ClientError[124]: An error occurred (UnauthorizedOperation) when calling the DescribeNetworkAcls operation: You are not authorized to perform this operation." } -> NOTE: Each finding is represented as a `json` object. +???+ note + Each finding is represented as a `json` object. diff --git a/docs/tutorials/misc.md b/docs/tutorials/misc.md index 1d42e8b0..8c575793 100644 --- a/docs/tutorials/misc.md +++ b/docs/tutorials/misc.md @@ -61,21 +61,26 @@ Prowler allows you to include your custom checks with the flag: ```console prowler -x/--checks-folder ``` -> S3 URIs are also supported as folders for custom checks, e.g. s3://bucket/prefix/checks_folder/. Make sure that the used credentials have s3:GetObject permissions in the S3 path where the custom checks are located. + +???+ note + S3 URIs are also supported as folders for custom checks, e.g. `s3://bucket/prefix/checks_folder/`. Make sure that the used credentials have `s3:GetObject` permissions in the S3 path where the custom checks are located. The custom checks folder must contain one subfolder per check, each subfolder must be named as the check and must contain: - An empty `__init__.py`: to make Python treat this check folder as a package. - A `check_name.py` containing the check's logic. - A `check_name.metadata.json` containing the check's metadata. ->The check name must start with the service name followed by an underscore (e.g., ec2_instance_public_ip). + +???+ note + The check name must start with the service name followed by an underscore (e.g., ec2_instance_public_ip). To see more information about how to write checks see the [Developer Guide](../developer-guide/checks.md#create-a-new-check-for-a-provider). -> If you want to run ONLY your custom check(s), import it with -x (--checks-folder) and then run it with -c (--checks), e.g.: -```console -prowler aws -x s3://bucket/prowler/providers/aws/services/s3/s3_bucket_policy/ -c s3_bucket_policy -``` +???+ note + If you want to run ONLY your custom check(s), import it with -x (--checks-folder) and then run it with -c (--checks), e.g.: + ```console + prowler aws -x s3://bucket/prowler/providers/aws/services/s3/s3_bucket_policy/ -c s3_bucket_policy + ``` ## Severities Each of Prowler's checks has a severity, which can be: diff --git a/docs/tutorials/parallel-execution.md b/docs/tutorials/parallel-execution.md index cf4e4150..3e4cb2ae 100644 --- a/docs/tutorials/parallel-execution.md +++ b/docs/tutorials/parallel-execution.md @@ -10,7 +10,8 @@ This can help for really large accounts, but please be aware of AWS API rate lim For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.cloud/en/latest/tutorials/aws/boto3-configuration/). -> Note: You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy. +???+ note + You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy. ## Linux diff --git a/docs/tutorials/quick-inventory.md b/docs/tutorials/quick-inventory.md index 67736018..62214469 100644 --- a/docs/tutorials/quick-inventory.md +++ b/docs/tutorials/quick-inventory.md @@ -1,14 +1,18 @@ # Quick Inventory Prowler allows you to execute a quick inventory to extract the number of resources in your provider. -> Currently, it is only available for AWS provider. + +???+ note + Currently, it is only available for AWS provider. - You can use option `-i`/`--quick-inventory` to execute it: ```sh prowler -i ``` -> By default, it extracts resources from all the regions, you could use `-f`/`--filter-region` to specify the regions to execute the analysis. + +???+ note + By default, it extracts resources from all the regions, you could use `-f`/`--filter-region` to specify the regions to execute the analysis. - This feature specify both the number of resources for each service and for each resource type. diff --git a/docs/tutorials/reporting.md b/docs/tutorials/reporting.md index 694222ca..5ce50243 100644 --- a/docs/tutorials/reporting.md +++ b/docs/tutorials/reporting.md @@ -19,11 +19,12 @@ prowler -M csv json json-asff html -F ```console prowler -M csv json json-asff html -o ``` -> Both flags can be used simultaneously to provide a custom directory and filename. -```console -prowler -M csv json json-asff html \ - -F -o -``` +???+ note + Both flags can be used simultaneously to provide a custom directory and filename. + ```console + prowler -M csv json json-asff html \ + -F -o + ``` ## Output timestamp format By default, the timestamp format of the output files is ISO 8601. This can be changed with the flag `--unix-timestamp` generating the timestamp fields in pure unix timestamp format. @@ -41,9 +42,10 @@ Hereunder is the structure for each of the supported report formats by Prowler: ### HTML ![HTML Output](../img/output-html.png) + ### CSV -CSV format has a set of common columns for all the providers, and then provider specific columns. +CSV format has a set of common columns for all the providers, and then provider specific columns. The common columns are the following: - ASSESSMENT_START_TIME @@ -90,7 +92,6 @@ And then by the provider specific columns: - RESOURCE_ID - RESOURCE_ARN - #### AZURE - TENANT_DOMAIN @@ -98,7 +99,6 @@ And then by the provider specific columns: - RESOURCE_ID - RESOURCE_NAME - #### GCP - PROJECT_ID @@ -107,9 +107,9 @@ And then by the provider specific columns: - RESOURCE_NAME +???+ note + Since Prowler v3 the CSV column delimiter is the semicolon (`;`) - -> Since Prowler v3 the CSV column delimiter is the semicolon (`;`) ### JSON The following code is an example output of the JSON format: @@ -206,7 +206,8 @@ The following code is an example output of the JSON format: }] ``` -> NOTE: Each finding is a `json` object within a list. This has changed in v3 since in v2 the format used was [ndjson](http://ndjson.org/). +???+ note + Each finding is a `json` object within a list. This has changed in v3 since in v2 the format used was [ndjson](http://ndjson.org/). ### JSON-OCSF @@ -467,7 +468,9 @@ Based on [Open Cybersecurity Schema Framework Security Finding v1.0.0-rc.3](http }] ``` -> NOTE: Each finding is a `json` object. +???+ note + Each finding is a `json` object. + ### JSON-ASFF The following code is an example output of the [JSON-ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-syntax.html) format: @@ -600,4 +603,5 @@ The following code is an example output of the [JSON-ASFF](https://docs.aws.amaz }] ``` -> NOTE: Each finding is a `json` object within a list. +???+ note + Each finding is a `json` object within a list. diff --git a/mkdocs.yml b/mkdocs.yml index 124fd7cd..c87e9905 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -19,6 +19,11 @@ theme: primary: black accent: green +plugins: + - search + - git-revision-date-localized: + enable_creation_date: true + edit_uri: "https://github.com/prowler-cloud/prowler/tree/master/docs" # Prowler OSS Repository repo_url: https://github.com/prowler-cloud/prowler/ @@ -80,6 +85,7 @@ nav: - Troubleshooting: troubleshooting.md - About: about.md - Prowler SaaS: https://prowler.com + # Customization extra: consent: @@ -103,11 +109,15 @@ extra: link: https://twitter.com/prowlercloud # Copyright -copyright: Copyright © 2024 Toni de la Fuente, Maintained by the Prowler Team at ProwlerPro, Inc. +copyright: > + Copyright © Toni de la Fuente, Maintained by the Prowler Team at ProwlerPro, Inc. +
Change cookie settings markdown_extensions: - abbr - admonition + - pymdownx.details + - pymdownx.superfences - attr_list - def_list - footnotes diff --git a/poetry.lock b/poetry.lock index b4e2c11a..306449f7 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. [[package]] name = "about-time" @@ -1293,6 +1293,37 @@ python-dateutil = ">=2.8.1" [package.extras] dev = ["flake8", "markdown", "twine", "wheel"] +[[package]] +name = "gitdb" +version = "4.0.11" +description = "Git Object Database" +optional = true +python-versions = ">=3.7" +files = [ + {file = "gitdb-4.0.11-py3-none-any.whl", hash = "sha256:81a3407ddd2ee8df444cbacea00e2d038e40150acfa3001696fe0dcf1d3adfa4"}, + {file = "gitdb-4.0.11.tar.gz", hash = "sha256:bf5421126136d6d0af55bc1e7c1af1c397a34f5b7bd79e776cd3e89785c2b04b"}, +] + +[package.dependencies] +smmap = ">=3.0.1,<6" + +[[package]] +name = "gitpython" +version = "3.1.42" +description = "GitPython is a Python library used to interact with Git repositories" +optional = true +python-versions = ">=3.7" +files = [ + {file = "GitPython-3.1.42-py3-none-any.whl", hash = "sha256:1bf9cd7c9e7255f77778ea54359e54ac22a72a5b51288c457c881057b7bb9ecd"}, + {file = "GitPython-3.1.42.tar.gz", hash = "sha256:2d99869e0fef71a73cbd242528105af1d6c1b108c60dfabd994bf292f76c3ceb"}, +] + +[package.dependencies] +gitdb = ">=4.0.1,<5" + +[package.extras] +test = ["black", "coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock", "mypy", "pre-commit", "pytest (>=7.3.1)", "pytest-cov", "pytest-instafail", "pytest-mock", "pytest-sugar"] + [[package]] name = "google-api-core" version = "2.17.0" @@ -2090,6 +2121,23 @@ watchdog = ">=2.0" i18n = ["babel (>=2.9.0)"] min-versions = ["babel (==2.9.0)", "click (==7.0)", "colorama (==0.4)", "ghp-import (==1.0)", "importlib-metadata (==4.3)", "jinja2 (==2.11.1)", "markdown (==3.2.1)", "markupsafe (==2.0.1)", "mergedeep (==1.3.4)", "packaging (==20.5)", "pathspec (==0.11.1)", "platformdirs (==2.2.0)", "pyyaml (==5.1)", "pyyaml-env-tag (==0.1)", "typing-extensions (==3.10)", "watchdog (==2.0)"] +[[package]] +name = "mkdocs-git-revision-date-localized-plugin" +version = "1.2.4" +description = "Mkdocs plugin that enables displaying the localized date of the last git modification of a markdown file." +optional = true +python-versions = ">=3.8" +files = [ + {file = "mkdocs-git-revision-date-localized-plugin-1.2.4.tar.gz", hash = "sha256:08fd0c6f33c8da9e00daf40f7865943113b3879a1c621b2bbf0fa794ffe997d3"}, + {file = "mkdocs_git_revision_date_localized_plugin-1.2.4-py3-none-any.whl", hash = "sha256:1f94eb510862ef94e982a2910404fa17a1657ecf29f45a07b0f438c00767fc85"}, +] + +[package.dependencies] +babel = ">=2.7.0" +GitPython = "*" +mkdocs = ">=1.0" +pytz = "*" + [[package]] name = "mkdocs-material" version = "9.5.10" @@ -3116,6 +3164,17 @@ files = [ [package.dependencies] six = ">=1.5" +[[package]] +name = "pytz" +version = "2024.1" +description = "World timezone definitions, modern and historical" +optional = true +python-versions = "*" +files = [ + {file = "pytz-2024.1-py2.py3-none-any.whl", hash = "sha256:328171f4e3623139da4983451950b28e95ac706e13f3f2630a879749e7a8b319"}, + {file = "pytz-2024.1.tar.gz", hash = "sha256:2a29735ea9c18baf14b448846bde5a48030ed267578472d8955cd0e7443a9812"}, +] + [[package]] name = "pywin32" version = "306" @@ -3151,7 +3210,6 @@ files = [ {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"}, - {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"}, {file = "PyYAML-6.0.1-cp310-cp310-win32.whl", hash = "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924"}, {file = "PyYAML-6.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d"}, {file = "PyYAML-6.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007"}, @@ -3159,16 +3217,8 @@ files = [ {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673"}, - {file = "PyYAML-6.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b"}, {file = "PyYAML-6.0.1-cp311-cp311-win32.whl", hash = "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741"}, {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, - {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, - {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, - {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, - {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, - {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, - {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, - {file = "PyYAML-6.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df"}, {file = "PyYAML-6.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c"}, @@ -3185,7 +3235,6 @@ files = [ {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735"}, - {file = "PyYAML-6.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6"}, {file = "PyYAML-6.0.1-cp38-cp38-win32.whl", hash = "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206"}, {file = "PyYAML-6.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62"}, {file = "PyYAML-6.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8"}, @@ -3193,7 +3242,6 @@ files = [ {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c"}, - {file = "PyYAML-6.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5"}, {file = "PyYAML-6.0.1-cp39-cp39-win32.whl", hash = "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c"}, {file = "PyYAML-6.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486"}, {file = "PyYAML-6.0.1.tar.gz", hash = "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43"}, @@ -3583,24 +3631,24 @@ python-versions = ">=3.6" files = [ {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:b42169467c42b692c19cf539c38d4602069d8c1505e97b86387fcf7afb766e1d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-macosx_13_0_arm64.whl", hash = "sha256:07238db9cbdf8fc1e9de2489a4f68474e70dffcb32232db7c08fa61ca0c7c462"}, + {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:d92f81886165cb14d7b067ef37e142256f1c6a90a65cd156b063a43da1708cfd"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:fff3573c2db359f091e1589c3d7c5fc2f86f5bdb6f24252c2d8e539d4e45f412"}, - {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux_2_24_aarch64.whl", hash = "sha256:aa2267c6a303eb483de8d02db2871afb5c5fc15618d894300b88958f729ad74f"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:840f0c7f194986a63d2c2465ca63af8ccbbc90ab1c6001b1978f05119b5e7334"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:024cfe1fc7c7f4e1aff4a81e718109e13409767e4f871443cbff3dba3578203d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-win32.whl", hash = "sha256:c69212f63169ec1cfc9bb44723bf2917cbbd8f6191a00ef3410f5a7fe300722d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-win_amd64.whl", hash = "sha256:cabddb8d8ead485e255fe80429f833172b4cadf99274db39abc080e068cbcc31"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:bef08cd86169d9eafb3ccb0a39edb11d8e25f3dae2b28f5c52fd997521133069"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:b16420e621d26fdfa949a8b4b47ade8810c56002f5389970db4ddda51dbff248"}, + {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:b5edda50e5e9e15e54a6a8a0070302b00c518a9d32accc2346ad6c984aacd279"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:25c515e350e5b739842fc3228d662413ef28f295791af5e5110b543cf0b57d9b"}, - {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux_2_24_aarch64.whl", hash = "sha256:1707814f0d9791df063f8c19bb51b0d1278b8e9a2353abbb676c2f685dee6afe"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:46d378daaac94f454b3a0e3d8d78cafd78a026b1d71443f4966c696b48a6d899"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:09b055c05697b38ecacb7ac50bdab2240bfca1a0c4872b0fd309bb07dc9aa3a9"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-win32.whl", hash = "sha256:53a300ed9cea38cf5a2a9b069058137c2ca1ce658a874b79baceb8f892f915a7"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-win_amd64.whl", hash = "sha256:c2a72e9109ea74e511e29032f3b670835f8a59bbdc9ce692c5b4ed91ccf1eedb"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:ebc06178e8821efc9692ea7544aa5644217358490145629914d8020042c24aa1"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-macosx_13_0_arm64.whl", hash = "sha256:edaef1c1200c4b4cb914583150dcaa3bc30e592e907c01117c08b13a07255ec2"}, + {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:7048c338b6c86627afb27faecf418768acb6331fc24cfa56c93e8c9780f815fa"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d176b57452ab5b7028ac47e7b3cf644bcfdc8cacfecf7e71759f7f51a59e5c92"}, - {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux_2_24_aarch64.whl", hash = "sha256:1dc67314e7e1086c9fdf2680b7b6c2be1c0d8e3a8279f2e993ca2a7545fecf62"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:3213ece08ea033eb159ac52ae052a4899b56ecc124bb80020d9bbceeb50258e9"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:aab7fd643f71d7946f2ee58cc88c9b7bfc97debd71dcc93e03e2d174628e7e2d"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-win32.whl", hash = "sha256:5c365d91c88390c8d0a8545df0b5857172824b1c604e867161e6b3d59a827eaa"}, @@ -3608,7 +3656,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:a5aa27bad2bb83670b71683aae140a1f52b0857a2deff56ad3f6c13a017a26ed"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c58ecd827313af6864893e7af0a3bb85fd529f862b6adbefe14643947cfe2942"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-macosx_12_0_arm64.whl", hash = "sha256:f481f16baec5290e45aebdc2a5168ebc6d35189ae6fea7a58787613a25f6e875"}, - {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux_2_24_aarch64.whl", hash = "sha256:77159f5d5b5c14f7c34073862a6b7d34944075d9f93e681638f6d753606c6ce6"}, + {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:3fcc54cb0c8b811ff66082de1680b4b14cf8a81dce0d4fbf665c2265a81e07a1"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:7f67a1ee819dc4562d444bbafb135832b0b909f81cc90f7aa00260968c9ca1b3"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:4ecbf9c3e19f9562c7fdd462e8d18dd902a47ca046a2e64dba80699f0b6c09b7"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:87ea5ff66d8064301a154b3933ae406b0863402a799b16e4a1d24d9fbbcbe0d3"}, @@ -3616,7 +3664,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-win_amd64.whl", hash = "sha256:3f215c5daf6a9d7bbed4a0a4f760f3113b10e82ff4c5c44bec20a68c8014f675"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1b617618914cb00bf5c34d4357c37aa15183fa229b24767259657746c9077615"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:a6a9ffd280b71ad062eae53ac1659ad86a17f59a0fdc7699fd9be40525153337"}, - {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux_2_24_aarch64.whl", hash = "sha256:305889baa4043a09e5b76f8e2a51d4ffba44259f6b4c72dec8ca56207d9c6fe1"}, + {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:665f58bfd29b167039f714c6998178d27ccd83984084c286110ef26b230f259f"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:700e4ebb569e59e16a976857c8798aee258dceac7c7d6b50cab63e080058df91"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:e2b4c44b60eadec492926a7270abb100ef9f72798e18743939bdbf037aab8c28"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:e79e5db08739731b0ce4850bed599235d601701d5694c36570a99a0c5ca41a9d"}, @@ -3624,7 +3672,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-win_amd64.whl", hash = "sha256:56f4252222c067b4ce51ae12cbac231bce32aee1d33fbfc9d17e5b8d6966c312"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:03d1162b6d1df1caa3a4bd27aa51ce17c9afc2046c31b0ad60a0a96ec22f8001"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:bba64af9fa9cebe325a62fa398760f5c7206b215201b0ec825005f1b18b9bccf"}, - {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux_2_24_aarch64.whl", hash = "sha256:a1a45e0bb052edf6a1d3a93baef85319733a888363938e1fc9924cb00c8df24c"}, + {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:9eb5dee2772b0f704ca2e45b1713e4e5198c18f515b52743576d196348f374d3"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:da09ad1c359a728e112d60116f626cc9f29730ff3e0e7db72b9a2dbc2e4beed5"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:184565012b60405d93838167f425713180b949e9d8dd0bbc7b49f074407c5a8b"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a75879bacf2c987c003368cf14bed0ffe99e8e85acfa6c0bfffc21a090f16880"}, @@ -3789,6 +3837,17 @@ files = [ [package.extras] optional = ["SQLAlchemy (>=1.4,<3)", "aiodns (>1.0)", "aiohttp (>=3.7.3,<4)", "boto3 (<=2)", "websocket-client (>=1,<2)", "websockets (>=10,<11)", "websockets (>=9.1,<10)"] +[[package]] +name = "smmap" +version = "5.0.1" +description = "A pure Python implementation of a sliding window memory map manager" +optional = true +python-versions = ">=3.7" +files = [ + {file = "smmap-5.0.1-py3-none-any.whl", hash = "sha256:e6d8668fa5f93e706934a62d7b4db19c8d9eb8cf2adbb75ef1b675aa332b69da"}, + {file = "smmap-5.0.1.tar.gz", hash = "sha256:dceeb6c0028fdb6734471eb07c0cd2aae706ccaecab45965ee83f11c8d3b1f62"}, +] + [[package]] name = "sniffio" version = "1.3.0" @@ -4257,9 +4316,9 @@ docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.link testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-ignore-flaky", "pytest-mypy (>=0.9.1)", "pytest-ruff"] [extras] -docs = ["mkdocs", "mkdocs-material"] +docs = ["mkdocs", "mkdocs-git-revision-date-localized-plugin", "mkdocs-material"] [metadata] lock-version = "2.0" python-versions = ">=3.9,<3.13" -content-hash = "a73ada50dafeb373f791cf7b138519863b907c0f9198fa45809d7fb53c934de9" +content-hash = "e7a91eb05e196ef02f7d753043e697ffe24e91f27f21ddebbec5d84640d92eb0" diff --git a/pyproject.toml b/pyproject.toml index 058eb680..ce6a8ccd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,9 +31,9 @@ azure-identity = "1.15.0" azure-mgmt-applicationinsights = "4.0.0" azure-mgmt-authorization = "4.0.0" azure-mgmt-compute = "30.5.0" -azure-mgmt-rdbms = "10.1.0" azure-mgmt-cosmosdb = "9.4.0" azure-mgmt-network = "25.2.0" +azure-mgmt-rdbms = "10.1.0" azure-mgmt-security = "6.0.0" azure-mgmt-sql = "3.0.1" azure-mgmt-storage = "21.1.0" @@ -47,6 +47,7 @@ google-api-python-client = "2.118.0" google-auth-httplib2 = ">=0.1,<0.3" jsonschema = "4.21.1" mkdocs = {version = "1.5.3", optional = true} +mkdocs-git-revision-date-localized-plugin = {version = "1.2.4", optional = true} mkdocs-material = {version = "9.5.10", optional = true} msgraph-sdk = "^1.0.0" msrestazure = "^0.6.4" @@ -58,7 +59,7 @@ slack-sdk = "3.27.0" tabulate = "0.9.0" [tool.poetry.extras] -docs = ["mkdocs", "mkdocs-material"] +docs = ["mkdocs", "mkdocs-material", "mkdocs-git-revision-date-localized-plugin"] [tool.poetry.group.dev.dependencies] bandit = "1.7.7"