Creates new Prowler cloud providers or adds services to existing providers. Trigger: When extending Prowler SDK provider architecture (adding a new provider or a new service to an existing provider).
Use this skill when:
Every provider MUST follow this structure:
prowler/providers/{provider}/
├── __init__.py
├── {provider}_provider.py # Main provider class
├── models.py # Provider-specific models
├── config.py # Provider configuration
├── exceptions/ # Provider-specific exceptions
├── lib/
│ ├── service/ # Base service class
│ ├── arguments/ # CLI arguments parser
│ └── mutelist/ # Mutelist functionality
└── services/
└── {service}/
├── {service}_service.py # Resource fetcher
├── {service}_client.py # Python singleton instance
└── {check_name}/ # Individual checks
├── {check_name}.py
└── {check_name}.metadata.json
Flags that accept secrets (tokens, passwords, API keys) MUST follow these rules:
nargs="?" with default=None — the flag accepts an optional value for backward compatibility; the recommended path is environment variables.metavar to the environment variable name users should use (e.g., metavar="GITHUB_PERSONAL_ACCESS_TOKEN").SENSITIVE_ARGUMENTS frozenset at the top of the provider's arguments.py. This set is used to redact values in HTML output and warn users who pass secrets directly.# prowler/providers/{provider}/lib/arguments/arguments.py
SENSITIVE_ARGUMENTS = frozenset({"--my-api-key", "--my-password"})
def init_parser(self):
auth_subparser = parser.add_argument_group("Authentication Modes")
auth_subparser.add_argument(
"--my-api-key",
nargs="?",
default=None,
metavar="MY_API_KEY",
help="API key for authentication. Use MY_API_KEY env var instead of passing directly.",
)
from prowler.providers.common.provider import Provider
class {Provider}Provider(Provider):
"""Provider class for {Provider} cloud platform."""
def __init__(self, arguments):
super().__init__(arguments)
self.session = self._setup_session(arguments)
self.regions = self._get_regions()
def _setup_session(self, arguments):
"""Provider-specific authentication."""
# Implement credential handling
pass
def _get_regions(self):
"""Get available regions for provider."""
# Return list of regions
pass
from prowler.providers.{provider}.lib.service.service import {Provider}Service
class {Service}({Provider}Service):
"""Service class for {service} resources."""
def __init__(self, provider):
super().__init__(provider)
self.{resources} = []
self._fetch_{resources}()
def _fetch_{resources}(self):
"""Fetch {resource} data from API."""
try:
response = self.client.list_{resources}()
for item in response:
self.{resources}.append(
{Resource}(
id=item["id"],
name=item["name"],
region=item.get("region"),
)
)
except Exception as e:
logger.error(f"Error fetching {resources}: {e}")
from prowler.providers.{provider}.services.{service}.{service}_service import {Service}
{service}_client = {Service}
Current providers:
# Run provider
poetry run python prowler-cli.py {provider}
# List services for provider
poetry run python prowler-cli.py {provider} --list-services
# List checks for provider
poetry run python prowler-cli.py {provider} --list-checks
# Run specific service
poetry run python prowler-cli.py {provider} --services {service}
# Debug mode
poetry run python prowler-cli.py {provider} --log-level DEBUG