playbooks

home / skills / prowler-cloud / prowler / prowler-provider

prowler-provider skill

/skills/prowler-provider

This skill helps you extend Prowler by adding new providers or services, following the provider architecture pattern and templates.

npx playbooks add skill prowler-cloud/prowler --skill prowler-provider

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
4.1 KB
---
name: prowler-provider
description: >
  Creates new Prowler cloud providers or adds services to existing providers.
  Trigger: When extending Prowler SDK provider architecture (adding a new provider or a new service to an existing provider).
license: Apache-2.0
metadata:
  author: prowler-cloud
  version: "1.0"
  scope: [root, sdk]
  auto_invoke:
    - "Adding new providers"
    - "Adding services to existing providers"
allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
---

## When to Use

Use this skill when:
- Adding a new cloud provider to Prowler
- Adding a new service to an existing provider
- Understanding the provider architecture pattern

## Provider Architecture Pattern

Every provider MUST follow this structure:

```
prowler/providers/{provider}/
├── __init__.py
├── {provider}_provider.py      # Main provider class
├── models.py                   # Provider-specific models
├── config.py                   # Provider configuration
├── exceptions/                 # Provider-specific exceptions
├── lib/
│   ├── service/               # Base service class
│   ├── arguments/             # CLI arguments parser
│   └── mutelist/              # Mutelist functionality
└── services/
    └── {service}/
        ├── {service}_service.py   # Resource fetcher
        ├── {service}_client.py    # Python singleton instance
        └── {check_name}/          # Individual checks
            ├── {check_name}.py
            └── {check_name}.metadata.json
```

## Provider Class Template

```python
from prowler.providers.common.provider import Provider

class {Provider}Provider(Provider):
    """Provider class for {Provider} cloud platform."""

    def __init__(self, arguments):
        super().__init__(arguments)
        self.session = self._setup_session(arguments)
        self.regions = self._get_regions()

    def _setup_session(self, arguments):
        """Provider-specific authentication."""
        # Implement credential handling
        pass

    def _get_regions(self):
        """Get available regions for provider."""
        # Return list of regions
        pass
```

## Service Class Template

```python
from prowler.providers.{provider}.lib.service.service import {Provider}Service

class {Service}({Provider}Service):
    """Service class for {service} resources."""

    def __init__(self, provider):
        super().__init__(provider)
        self.{resources} = []
        self._fetch_{resources}()

    def _fetch_{resources}(self):
        """Fetch {resource} data from API."""
        try:
            response = self.client.list_{resources}()
            for item in response:
                self.{resources}.append(
                    {Resource}(
                        id=item["id"],
                        name=item["name"],
                        region=item.get("region"),
                    )
                )
        except Exception as e:
            logger.error(f"Error fetching {resources}: {e}")
```

## Service Client Template

```python
from prowler.providers.{provider}.services.{service}.{service}_service import {Service}

{service}_client = {Service}
```

## Supported Providers

Current providers:
- AWS (Amazon Web Services)
- Azure (Microsoft Azure)
- GCP (Google Cloud Platform)
- Kubernetes
- GitHub
- M365 (Microsoft 365)
- OracleCloud (Oracle Cloud Infrastructure)
- AlibabaCloud
- MongoDB Atlas
- NHN (NHN Cloud)
- LLM (Language Model providers)
- IaC (Infrastructure as Code)

## Commands

```bash
# Run provider
poetry run python prowler-cli.py {provider}

# List services for provider
poetry run python prowler-cli.py {provider} --list-services

# List checks for provider
poetry run python prowler-cli.py {provider} --list-checks

# Run specific service
poetry run python prowler-cli.py {provider} --services {service}

# Debug mode
poetry run python prowler-cli.py {provider} --log-level DEBUG
```

## Resources

- **Templates**: See [assets/](assets/) for Provider, Service, and Client singleton templates
- **Documentation**: See [references/provider-docs.md](references/provider-docs.md) for official Prowler Developer Guide links

Overview

This skill creates new Prowler cloud providers or adds services to existing providers following the project's provider architecture. It provides templates, class patterns, and command examples so you can extend Prowler reliably and consistently. The goal is to make provider and service integration predictable, testable, and aligned with existing providers.

How this skill works

The skill supplies a canonical provider folder layout and Python class templates for Provider, Service, and Service Client singletons. It enforces a pattern where a Provider handles session/region setup, Services fetch resources via a client, and checks live under service-specific subfolders. CLI commands are included to run, list services, and debug newly-added providers and services.

When to use it

  • When adding a new cloud or platform provider to Prowler
  • When adding a new service (resource type) under an existing provider
  • When implementing provider-specific authentication and region handling
  • When creating resource fetchers and singleton clients for service APIs
  • When validating provider structure and running checks locally

Best practices

  • Follow the prescribed folder and file structure exactly to keep behavior consistent
  • Implement _setup_session and _get_regions in the Provider class for credential and region discovery
  • Keep service fetchers resilient: catch exceptions, log errors, and return partial results when possible
  • Use the provided service and client templates to create singleton instances and resource models
  • Add metadata.json for each check and place checks under the service/{check_name} directory

Example use cases

  • Create a new Provider directory for a bespoke cloud platform and implement credential handling
  • Add a database service to an existing cloud provider with a service client and resource fetcher
  • Build a new check that uses service resources collected by the service class
  • Run provider-specific checks with --list-services and --list-checks to verify integration
  • Debug provider initialization using the --log-level DEBUG command to trace session setup

FAQ

What minimal methods must a Provider implement?

Implement _setup_session for authentication and _get_regions to return available regions; inherit from the common Provider base.

How should services fetch resources?

Create a Service class that initializes a service client singleton, populate resource lists in a _fetch_* method, and handle exceptions with logging.