feat(gcp): add --project-ids flag and scan all projects by default (#2393)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>

tests/lib/cli/parser_test.py

@@ -980,3 +980,14 @@ class Test_Parser:
         parsed = self.parser.parse(command)
         assert parsed.provider == "gcp"
         assert parsed.credentials_file == file
+
+    def test_parser_gcp_project_ids(self):
+        argument = "--project-ids"
+        project_1 = "test_project_1"
+        project_2 = "test_project_2"
+        command = [prowler_command, "gcp", argument, project_1, project_2]
+        parsed = self.parser.parse(command)
+        assert parsed.provider == "gcp"
+        assert len(parsed.project_ids) == 2
+        assert parsed.project_ids[0] == project_1
+        assert parsed.project_ids[1] == project_2

tests/lib/outputs/slack_test.py

@@ -45,7 +45,8 @@ class Test_Slack_Integration:
         )
         gcp_audit_info = GCP_Audit_Info(
             credentials=None,
-            project_id="test-project",
+            default_project_id="test-project1",
+            project_ids=["test-project1", "test-project2"],
             audit_resources=None,
             audit_metadata=None,
         )
@@ -69,7 +70,7 @@ class Test_Slack_Integration:
             aws_logo,
         )
         assert create_message_identity("gcp", gcp_audit_info) == (
-            f"GCP Project *{gcp_audit_info.project_id}*",
+            f"GCP Projects *{', '.join(gcp_audit_info.project_ids)}*",
             gcp_logo,
         )
         assert create_message_identity("azure", azure_audit_info) == (

tests/providers/common/audit_info_test.py

@@ -83,6 +83,10 @@ def mock_set_gcp_credentials(*_):
     return (None, "project")
 
 
+def mock_get_project_ids(*_):
+    return ["project"]
+
+
 class Test_Set_Audit_Info:
     # Mocked Audit Info
     def set_mocked_audit_info(self):
@@ -166,6 +170,7 @@ class Test_Set_Audit_Info:
         assert isinstance(audit_info, Azure_Audit_Info)
 
     @patch.object(GCP_Provider, "__set_credentials__", new=mock_set_gcp_credentials)
+    @patch.object(GCP_Provider, "get_project_ids", new=mock_get_project_ids)
     @patch.object(Audit_Info, "print_gcp_credentials", new=mock_print_audit_credentials)
     def test_set_audit_info_gcp(self):
         provider = "gcp"
@@ -179,6 +184,7 @@ class Test_Set_Audit_Info:
             "subscriptions": None,
             # We need to set exactly one auth method
             "credentials_file": None,
+            "project_ids": ["project"],
         }
 
         audit_info = set_provider_audit_info(provider, arguments)

tests/providers/common/common_outputs_test.py

@@ -45,7 +45,8 @@ class Test_Common_Output_Options:
     def set_mocked_gcp_audit_info(self):
         audit_info = GCP_Audit_Info(
             credentials=None,
-            project_id="test-project",
+            default_project_id="test-project1",
+            project_ids=["test-project1", "test-project2"],
             audit_resources=None,
             audit_metadata=None,
         )
@@ -347,7 +348,7 @@ class Test_Common_Output_Options:
                     </div>
                     <ul class="list-group list-group-flush">
                         <li class="list-group-item">
-                            <b>GCP Project ID:</b> {audit_info.project_id}
+                            <b>GCP Project IDs:</b> {', '.join(audit_info.project_ids)}
                         </li>
                     </ul>
                 </div>

tests/providers/gcp/services/compute/compute_default_service_account_in_use/compute_default_service_account_in_use_test.py

@@ -32,11 +32,12 @@ class Test_compute_default_service_account_in_use:
             metadata={},
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
-            service_accounts=[{"email": "123-compute@developer.gserviceaccount.com"}],
+            service_accounts=[{"email": "custom@developer.gserviceaccount.com"}],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -72,10 +73,11 @@ class Test_compute_default_service_account_in_use:
             service_accounts=[
                 {"email": f"{GCP_PROJECT_ID}-compute@developer.gserviceaccount.com"}
             ],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -111,10 +113,11 @@ class Test_compute_default_service_account_in_use:
             service_accounts=[
                 {"email": f"{GCP_PROJECT_ID}-compute@developer.gserviceaccount.com"}
             ],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(

tests/providers/gcp/services/compute/compute_default_service_account_in_use_with_full_api_access/compute_default_service_account_in_use_with_full_api_access_test.py

@@ -35,10 +35,11 @@ class Test_compute_default_service_account_in_use_with_full_api_access:
             service_accounts=[
                 {"email": "123-compute@developer.gserviceaccount.com", "scopes": []}
             ],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -77,10 +78,11 @@ class Test_compute_default_service_account_in_use_with_full_api_access:
                     "scopes": ["https://www.googleapis.com/auth/cloud-platform"],
                 }
             ],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -119,10 +121,11 @@ class Test_compute_default_service_account_in_use_with_full_api_access:
                     "scopes": ["https://www.googleapis.com/auth/cloud-platform"],
                 }
             ],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(

tests/providers/gcp/services/compute/compute_serial_ports_in_use/compute_serial_ports_in_use_test.py

@@ -34,6 +34,7 @@ class Test_compute_serial_ports_in_use:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
@@ -71,6 +72,7 @@ class Test_compute_serial_ports_in_use:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
@@ -108,6 +110,7 @@ class Test_compute_serial_ports_in_use:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
@@ -145,6 +148,7 @@ class Test_compute_serial_ports_in_use:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
@@ -182,6 +186,7 @@ class Test_compute_serial_ports_in_use:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock

tests/providers/gcp/services/compute/compute_shielded_vm_enabled/compute_shielded_vm_enabled_test.py

@@ -7,7 +7,7 @@ GCP_PROJECT_ID = "123456789012"
 class Test_compute_shielded_vm_enabled:
     def test_compute_no_instances(self):
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = []
 
         with mock.patch(
@@ -34,10 +34,11 @@ class Test_compute_shielded_vm_enabled:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -71,10 +72,11 @@ class Test_compute_shielded_vm_enabled:
             shielded_enabled_vtpm=False,
             shielded_enabled_integrity_monitoring=True,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(
@@ -108,10 +110,11 @@ class Test_compute_shielded_vm_enabled:
             shielded_enabled_vtpm=True,
             shielded_enabled_integrity_monitoring=False,
             service_accounts=[],
+            project_id=GCP_PROJECT_ID,
         )
 
         compute_client = mock.MagicMock
-        compute_client.project_id = GCP_PROJECT_ID
+        compute_client.project_ids = [GCP_PROJECT_ID]
         compute_client.instances = [instance]
 
         with mock.patch(