feat(e2e): provider for e2e cloud by deepak7093 · Pull Request #11654 · prowler-cloud/prowler

deepak7093 · 2026-06-19T17:06:37Z

Context

Please include relevant motivation and context for this PR.

If fixes an issue please add it with Fix #XXXX

Description

Please include a summary of the change and which issue is fixed. List any dependencies that are required for this change.

Steps to review

Please add a detailed description of how to review this PR.

Checklist

Community Checklist

This feature/issue is listed in here or roadmap.prowler.com
Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

Review if the code is being covered by tests.
Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
Review if backport is needed.
Review if is needed to change the Readme.md
Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

Are there new checks included in this PR? Yes / No
- If so, do we need to update permissions for the provider? Please review this carefully.

UI

All issue/task requirements work as expected on the UI
If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
Ensure new entries are added to CHANGELOG.md, if applicable.

API

All issue/task requirements work as expected on the API
Endpoint response output (if applicable)
EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
Performance test results (if applicable)
Any other relevant evidence of the implementation (if applicable)
Verify if API specs need to be regenerated.
Check if version updates are required (e.g., specs, uv, etc.).
Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Summary by CodeRabbit

Release Notes

New Features
- Added E2E Cloud provider support, including CLI initialization, authentication, and environment/flag validation for API key + bearer token.
- Added initial E2E checks across networks, compute nodes, load balancers, databases, security groups, and storage (including new “mutelist” support for suppressing findings).
- Added E2E assessment summary rendering in HTML outputs.
Documentation
- Added an E2E Cloud provider developer guide and an E2E resource graph/schema.
Bug Fixes / Improvements
- Extended output formatting (CSV headers, stdout details, and summary tables) to include E2E project/location context.

coderabbitai · 2026-06-19T17:07:00Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new e2e provider to Prowler integrating with the E2E Cloud (MyAccount) REST API. Includes a provider class, paginating API client, six service domains (node, loadbalancer, securitygroup, storage, database, network) containing ~25 security checks with metadata, output system wiring, CLI argument registration, a Cartography-style resource graph schema, developer guide, and comprehensive test coverage.

Changes

E2E Cloud Provider

Layer / File(s)	Summary
Core models, exceptions, and config registration `prowler/providers/e2e/models.py`, `prowler/providers/e2e/exceptions/exceptions.py`, `prowler/lib/check/models.py`, `prowler/config/config.py`, `prowler/config/config.yaml`	`E2eSession`, `E2eIdentityInfo`, `E2eOutputOptions`, and `CheckReportE2e` data shapes are defined; three custom exceptions (`E2eCredentialsError`, `E2eSessionError`, `E2eAPIError`) are introduced; `Provider.E2E` enum entry and `e2e.require_bitninja_on_load_balancers` config key are added.
E2eProvider class, CLI arguments, and provider factory wiring `prowler/providers/e2e/e2e_provider.py`, `prowler/providers/e2e/lib/arguments/arguments.py`, `prowler/lib/cli/parser.py`, `prowler/providers/common/provider.py`, `prowler/__main__.py`	`E2eProvider` is implemented with credential/location resolution, `setup_session`, `print_credentials`, and `test_connection`. CLI subcommand `e2e` is registered with auth/scope arguments and `validate_arguments`; the parser epilog and `Provider.init_global_provider` dispatch are updated; `E2eOutputOptions` is wired in `__main__.py`.
E2eAPIClient, E2eService base, and E2eMutelist `prowler/providers/e2e/lib/api/client.py`, `prowler/providers/e2e/lib/service/service.py`, `prowler/providers/e2e/lib/mutelist/mutelist.py`	`E2eAPIClient` provides `get`, `get_data`, and `paginate` methods with auth-param injection and `E2eAPIError` wrapping. `E2eService` stores the provider, wires `E2eAPIClient`, and copies audit/fixer config. `E2eMutelist` delegates to `Mutelist.is_muted` with E2E finding identifiers.
Node service, model, client, and checks `prowler/providers/e2e/services/node/nodes_service.py`, `prowler/providers/e2e/services/node/nodes_client.py`, `prowler/providers/e2e/services/node/node_*/...`	`Nodes` service fetches and enriches per-node details into the `Node` model with boolean flags. `nodes_client` wires to the global provider. Six checks (accidental protection, compliance, encryption, public IP, rescue mode, VPC attachment) are added with metadata JSON and PASS/FAIL execute logic.
LoadBalancer service, model, client, and checks `prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py`, `prowler/providers/e2e/services/loadbalancer/loadbalancer_client.py`, `prowler/providers/e2e/services/loadbalancer/loadbalancer_*/...`	`LoadBalancers` service paginates `/appliances/`, extracts SSL context and backends into the `LoadBalancer` model with `is_alb`, `is_alb_https`, `has_backend_health_check` properties. Three checks (ALB HTTPS SSL cert, backend health check, BitNinja) are added with metadata JSON.
SecurityGroup service, models, client, and checks `prowler/providers/e2e/services/securitygroup/securitygroup_service.py`, `prowler/providers/e2e/services/securitygroup/securitygroup_client.py`, `prowler/providers/e2e/services/securitygroup/securitygroup_*/...`	`SecurityGroups` service fetches per-location groups and node-attached groups into `SecurityGroupResource`/`NodeSecurityGroup` models with `SecurityGroupRule` sub-models. Four checks (no all-traffic rule, no inbound all-ports from any, restrictive default) include helper functions for open-network and permissive-inbound detection.
Storage service, models, client, and checks `prowler/providers/e2e/services/storage/storage_service.py`, `prowler/providers/e2e/services/storage/storage_client.py`, `prowler/providers/e2e/services/storage/storage_*/...`	`Storage` service populates `BlockVolume`, `StorageBucket`, `EfsVolume`, and `EpfsVolume` models via paginated and manual page-loop fetches per location. Eight checks cover block volume orphaning, bucket encryption/public access/versioning/lifecycle/lock, EFS backup, and EFS VPC access restriction.
Database service, models, client, and checks `prowler/providers/e2e/services/database/database_service.py`, `prowler/providers/e2e/services/database/database_client.py`, `prowler/providers/e2e/services/database/database_*/...`	`Database` service merges cluster list and detail responses into `DatabaseCluster` and `DatabaseInstance` models with master/replica distinction. Seven checks cover cluster backup, default admin username, IP whitelist, public IP assignment, running status, SSL, and replica public IP.
Network service, models, client, and checks `prowler/providers/e2e/services/network/network_service.py`, `prowler/providers/e2e/services/network/network_client.py`, `prowler/providers/e2e/services/network/network_*/...`	`Network` service fetches VPCs, reserved IPs, and VPC tunnels into `Vpc`, `ReservedIp`, and `VpcTunnel` models. Five checks cover floating IP attachment, orphaned public IPs, VPC attached node count, VPC active state, and VPC peering external peer.
Output system integration `prowler/lib/outputs/finding.py`, `prowler/lib/outputs/html/html.py`, `prowler/lib/outputs/outputs.py`, `prowler/lib/outputs/summary_table.py`, `prowler/lib/outputs/compliance/universal/universal_output.py`	`Finding.generate_output` populates auth method and account fields for the `e2e` provider type; `HTML.get_e2e_assessment_summary` renders the credentials card; `stdout_report` and `display_summary_table` are extended with `e2e` branches; `PROVIDER_HEADER_MAP` adds the `e2e` CSV header mapping.
Developer documentation, schema, and tests `docs/developer-guide/e2e-details.mdx`, `prowler/providers/e2e/docs/schema.md`, `tests/providers/e2e/...`, `tests/lib/cli/parser_test.py`, `prowler/CHANGELOG.md`	Developer guide, Cartography-style resource graph schema (13 node types with Cypher relationships), provider fixture helper `set_mocked_e2e_provider`, provider init/connection tests, argument validation tests, node/database/network/storage service and check tests, CLI parser usage-string update, and CHANGELOG entry are added.

Sequence Diagram(s)

sequenceDiagram
  participant CLI as prowler CLI
  participant Parser as ProwlerArgumentParser
  participant E2eProvider
  participant E2eAPIClient
  participant API as E2E MyAccount API
  participant Check as E2eService Check

  CLI->>Parser: --provider e2e --e2e-api-key ... --e2e-project-id ...
  Parser->>Parser: validate_arguments (env fallback + int check)
  Parser->>E2eProvider: __init__(api_key, auth_token, project_id, locations)
  E2eProvider->>E2eProvider: setup_session → requests.Session + Bearer token
  E2eProvider->>E2eProvider: E2eIdentityInfo(project_id, locations)
  E2eProvider->>CLI: set_global_provider(self)

  CLI->>Check: execute()
  Check->>E2eAPIClient: paginate(path, location)
  loop per page
    E2eAPIClient->>API: GET /path?apikey&project_id&location&page_no
    API-->>E2eAPIClient: JSON items
  end
  E2eAPIClient-->>Check: aggregated resource list
  Check->>Check: build CheckReportE2e (PASS/FAIL per resource)
  Check-->>CLI: findings list

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Suggested reviewers

lydiavilchez
HugoPBrito

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is entirely blank—all sections remain unfilled with only the template structure present, making it impossible to assess the change's context and implementation details.	Complete the PR description by filling in Context, Description, Steps to Review, and marking applicable checklist items to explain the E2E provider implementation, affected services, and verification approach.
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.24% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The PR title clearly and specifically identifies the main change as adding a new E2E Cloud provider to Prowler, which is the primary focus of the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-06-19T17:07:06Z

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

codecov · 2026-06-19T17:09:15Z

Codecov Report

❌ Patch coverage is 90.19608% with 120 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.97%. Comparing base (99285d4) to head (671a743).
⚠️ Report is 31 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (99285d4) and HEAD (671a743). Click for more details.

HEAD has 1 upload less than BASE

Flag BASE (99285d4) HEAD (671a743)

api 1 0

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #11654       +/-   ##
===========================================
- Coverage   94.10%   80.97%   -13.13%     
===========================================
  Files         247      163       -84     
  Lines       36421    10019    -26402     
===========================================
- Hits        34274     8113    -26161     
+ Misses       2147     1906      -241

Flag	Coverage Δ
api	`?`
prowler-py3.10-config	`80.97% <90.19%> (?)`
prowler-py3.10-e2e	`90.09% <90.59%> (?)`
prowler-py3.10-external	`30.42% <89.21%> (?)`
prowler-py3.10-lib	`80.71% <90.19%> (?)`
prowler-py3.11-config	`80.97% <90.19%> (?)`
prowler-py3.11-e2e	`90.09% <90.59%> (?)`
prowler-py3.11-external	`30.42% <89.21%> (?)`
prowler-py3.11-lib	`80.71% <90.19%> (?)`
prowler-py3.12-config	`80.97% <90.19%> (?)`
prowler-py3.12-e2e	`90.09% <90.59%> (?)`
prowler-py3.12-external	`30.42% <89.21%> (?)`
prowler-py3.12-lib	`80.71% <90.19%> (?)`
prowler-py3.13-config	`80.97% <90.19%> (?)`
prowler-py3.13-e2e	`90.09% <90.59%> (?)`
prowler-py3.13-external	`30.42% <89.21%> (?)`
prowler-py3.13-lib	`80.71% <90.19%> (?)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	`80.98% <90.19%> (∅)`
api	`∅ <ø> (∅)`

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

coderabbitai

Actionable comments posted: 48

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/providers/e2e/lib/arguments/arguments_test.py (1)

18-28: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add Coverage for Non-Integer Project IDs

This file covers missing project ID but not invalid non-integer values, even though validate_arguments has a dedicated failure path for that branch. Add a case such as e2e_project_id="abc" to protect the integer-validation contract.

💡 Suggested test addition

 class TestE2eArguments:
@@
     def test_validate_arguments_missing_project_id(self):
         arguments = MagicMock()
         arguments.e2e_api_key = "key"
         arguments.e2e_auth_token = "token"
         arguments.e2e_project_id = None
 
         valid, message = validate_arguments(arguments)
 
         assert valid is False
         assert "project ID" in message
+
+    def test_validate_arguments_non_integer_project_id(self):
+        arguments = MagicMock()
+        arguments.e2e_api_key = "key"
+        arguments.e2e_auth_token = "token"
+        arguments.e2e_project_id = "abc"
+
+        valid, message = validate_arguments(arguments)
+
+        assert valid is False
+        assert "must be an integer" in message

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/providers/e2e/lib/arguments/arguments_test.py` around lines 18 - 28,
The test file currently only covers the case where e2e_project_id is missing
(None) but does not test the case where e2e_project_id is provided but contains
an invalid non-integer value. Add a new test method similar to
test_validate_arguments_missing_project_id that tests the validate_arguments
function with e2e_project_id set to a non-integer string value like "abc" to
verify that the function properly rejects non-integer project IDs and returns
False with an appropriate error message.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/developer-guide/e2e-details.mdx`:
- Around line 9-40: The documentation is missing VersionBadge components for the
newly introduced E2E provider functionality sections. Add a VersionBadge
component immediately after each of the three section headers: "##
Authentication", "## Usage", and "## Services and Checks". Each VersionBadge
should be placed on the line directly after its corresponding header and before
the section content, with the format `<VersionBadge version="X.Y.Z" />` where
X.Y.Z should be replaced with the appropriate version number for when the E2E
provider was introduced.

In `@prowler/lib/check/models.py`:
- Around line 1266-1272: The CheckReportE2e.__init__ method is missing a
Google-style docstring. Add a docstring immediately after the method definition
that documents the Args section, describing the metadata parameter as a Dict and
the resource parameter as Any, following the Google docstring format used by
other report classes in the file to maintain consistency.

In `@prowler/providers/e2e/e2e_provider.py`:
- Around line 87-97: Add Google-style docstrings to the methods
_resolve_locations, setup_session, print_credentials, and test_connection in the
E2EProvider class. Each docstring should include Args section describing input
parameters, Returns section describing what the method returns, and Raises
section for any exceptions that can be thrown. Follow Google-style format
conventions for consistency with the project's coding guidelines.
- Around line 67-73: The truthy check on `mutelist_content` at line 67
incorrectly treats an empty dictionary as falsy and falls back to loading the
default mutelist from disk instead of honoring the explicitly provided empty
mutelist. Replace the condition `if mutelist_content:` with an explicit None
check `if mutelist_content is not None:` so that empty dictionaries are properly
honored while still allowing None to trigger the file path fallback in the
E2eMutelist initialization.

In `@prowler/providers/e2e/lib/api/client.py`:
- Around line 68-90: The paginate() method is declared to return type list but
contains a code path that returns a raw dict when data is a dictionary, which
violates the return type contract and will break code expecting a list. Fix this
by ensuring the method consistently returns a list in all code paths. Either
modify the return type annotation to reflect that both list and dict can be
returned, or update the logic in the isinstance(data, dict) branch to extract
the appropriate items and extend all_items with them instead of returning the
raw dict directly, maintaining consistency with the list return type.

In `@prowler/providers/e2e/lib/mutelist/mutelist.py`:
- Around line 6-7: Add docstrings to the E2eMutelist class and the
is_finding_muted method to comply with the coding guidelines that require
docstrings for all classes and methods in the prowler package. For the
E2eMutelist class, add a module-level docstring describing the purpose of the
class, and for the is_finding_muted method, add a docstring that describes what
the method does, its parameters (finding parameter of type CheckReportE2e), and
its return type (bool).

In `@prowler/providers/e2e/lib/service/service.py`:
- Line 7: The `__init__` method in the E2eService class is missing a type hint
for the `provider` parameter and lacks a method docstring. Add an appropriate
type hint to the `provider` parameter to specify its expected type, and add a
comprehensive docstring to the `__init__` method that describes the
constructor's purpose, parameters, and any relevant behavior. This ensures
compliance with the coding guidelines requiring type hints for all public
functions and docstrings for all class methods.

In `@prowler/providers/e2e/models.py`:
- Line 1: The import statement on line 1 imports `Optional` from `typing`, but
this import is not used anywhere in the file, causing a flake8 F401 (imported
but unused) failure. Remove `Optional` from the import statement while keeping
the `Any` import that is actively used in the file.
- Line 33: The E2eOutputOptions.__init__ constructor is missing complete type
hints and a docstring. Add type hints to all parameters (arguments and
bulk_checks_metadata currently lack types) and add a return type hint (-> None).
Additionally, add a comprehensive docstring to the __init__ method that
documents the constructor's purpose and describes what each parameter
represents, following the project's documentation standards as required by the
coding guidelines for all public methods and classes.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.metadata.json`:
- Around line 13-25: The metadata file for
loadbalancer_alb_https_uses_ssl_certificate is missing required non-empty fields
that break the check-metadata contract. Populate the empty Risk field with
appropriate risk description, fill the Remediation.Code.CLI field with the
appropriate AWS CLI command for remediating the issue, and add a compliance
version field to the metadata (which is currently missing entirely). Ensure all
three fields contain meaningful, non-empty values that align with the check's
purpose of validating HTTPS load balancers use valid SSL certificates.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py`:
- Around line 7-8: The class loadbalancer_alb_https_uses_ssl_certificate and its
execute method are missing required documentation and type annotations. Add a
docstring to the class loadbalancer_alb_https_uses_ssl_certificate that
describes what the check does, and add a return type annotation to the execute
method indicating what it returns. Follow the coding guidelines by ensuring
public classes and methods have proper docstrings and type hints.
- Around line 11-12: The condition checking `lb.is_alb_https` on line 11
includes HTTP mode in its evaluation, which causes the check to incorrectly
evaluate HTTP-only load balancers for SSL certificate requirements. Replace the
`is_alb_https` predicate with a condition that specifically checks for actual
HTTPS capability or HTTPS listeners only, ensuring that the SSL certificate
validation only applies to load balancers that support or have HTTPS, not
HTTP-only ones.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.metadata.json`:
- Around line 13-25: The metadata file
loadbalancer_backend_health_check_enabled.metadata.json contains empty mandatory
fields that violate the metadata contract requirements. Populate the "Risk"
field with an appropriate risk assessment describing the security implications
of disabled health checks, fill the "Remediation.Code.CLI" field with the AWS
CLI command needed to enable health checks on ALB backends, and add a non-empty
Compliance Version field (if not already present) to the metadata. Ensure all
three fields contain meaningful values rather than empty strings to satisfy the
required metadata schema.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py`:
- Around line 7-8: The loadbalancer_backend_health_check_enabled class and its
execute method are missing required documentation and type annotations. Add a
docstring to the loadbalancer_backend_health_check_enabled class to describe its
purpose as a check. Add a docstring to the execute method and include a return
type annotation to specify what type the execute method returns (typically bool
or similar). Follow the existing code style and documentation patterns used in
other check classes in the codebase.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.metadata.json`:
- Around line 13-25: The metadata JSON file has incomplete required fields that
do not meet the check metadata contract. You need to populate three fields: fill
the empty Risk field with a description of the security risk related to BitNinja
protection on load balancers, add actual CLI command examples to the empty
Remediation.Code.CLI field showing how to enable BitNinja via CLI, and ensure a
Compliance Version field exists in the metadata with a non-empty value. These
fields are mandatory according to the coding guidelines and must contain
meaningful content rather than empty strings.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py`:
- Around line 7-8: The class loadbalancer_bitninja_enabled and its execute
method are missing required documentation and type hints. Add a Google-style
docstring to the loadbalancer_bitninja_enabled class that describes its purpose
as a security check, then add a return type hint (likely CheckResult based on
the Prowler framework) to the execute method signature, and include a
Google-style docstring for the execute method that describes what it does and
what it returns.

In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py`:
- Around line 39-42: The exception logging in the except Exception as error
block does not follow the repository-standard format for caught-exception logs.
Update the logger.error call to use the standard Prowler SDK exception log
format by replacing the current error message with a format that includes the
exception class name and traceback line number using error.__class__.__name__
and error.__traceback__.tb_lineno, while preserving the loadbalancer context and
location information in the message.
- Line 12: The LoadBalancer service class in loadbalancer_service.py defines the
attribute as self.loadbalancers on line 12, but the check modules expect to
access self.load_balancers, causing an AttributeError. Rename the attribute from
self.loadbalancers to self.load_balancers in the LoadBalancer class to match the
expected contract used by the check modules that read
loadbalancer_client.load_balancers.

In
`@prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.metadata.json`:
- Around line 1-34: The metadata file for node_accidental_protection_enabled
check has two empty required fields that must be populated according to coding
guidelines. Fill in the Risk field with a meaningful description of the security
risk that occurs when E2E Cloud nodes do not have accidental protection enabled.
Additionally, populate the Remediation.Code.CLI field under the Remediation
object with the CLI commands needed to enable accidental protection on nodes, or
set it to N/A if CLI remediation is not applicable for this check.

In
`@prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.py`:
- Line 12: The condition on line 12 uses the comparison operator `!= True` which
violates flake8 E712. Replace the boolean comparison in the if statement that
checks `getattr(node, "is_accidental_protection") != True` with a direct boolean
check using the `not` operator instead, so the condition becomes `if not
getattr(node, "is_accidental_protection"):` to follow proper Python style
conventions and pass linting checks.

In
`@prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.metadata.json`:
- Around line 1-34: The metadata file for the node_compliance_enabled check
contains two empty required fields that need to be populated. Update the Risk
field with a meaningful description explaining the risks and security
implications of not having compliance mode enabled on E2E Cloud nodes.
Additionally, populate the Remediation.Code.CLI field with appropriate CLI
command examples that demonstrate how to enable compliance mode on E2E Cloud
nodes. Both fields must contain substantive, non-empty content that provides
clear value to users reviewing this check.

In
`@prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.py`:
- Line 12: The conditional check on line 12 uses a non-idiomatic comparison with
`!= True` which violates flake8 E712 rule. Replace the comparison `if
getattr(node, "is_node_compliance") != True:` with an idiomatic direct boolean
condition using the `not` operator, changing it to `if not getattr(node,
"is_node_compliance"):` to check if the attribute is falsy in a Pythonic way.

In
`@prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.metadata.json`:
- Around line 1-34: The metadata file for the node_encryption_enabled check
contains two empty required fields that must be populated. Fill the Risk field
with a description of the security impact of having nodes without encryption
enabled. Fill the Remediation.Code.CLI field under the Remediation object with
the CLI command or commands that users can execute to enable encryption on E2E
Cloud nodes. Both fields currently contain empty strings and must have
meaningful, non-empty values according to the coding guidelines.

In
`@prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.py`:
- Line 12: The flake8 E712 violation occurs because the code explicitly compares
getattr(node, "is_encryption_enabled") to True using the != operator, which is
discouraged for boolean checks. Replace the explicit comparison to True with a
direct truthiness check by using the not operator to negate the result of the
getattr call, which will make the boolean evaluation implicit rather than
explicit.

In
`@prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json`:
- Around line 1-34: The node_public_ip_not_assigned metadata.json file is
missing required fields per the metadata contract. Fill in the empty Risk field
with a clear description of the security risk, populate the Remediation.Code.CLI
field with the appropriate CLI command for remediating the issue, and add a
Compliance field with version information to the root of the metadata object.
All three of these fields are required and must contain non-empty values
according to the Prowler metadata guidelines.

In
`@prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.py`:
- Line 12: The comparison using != False on line 12 violates flake8 E712 style
checks. Replace the explicit comparison `if getattr(node, "has_public_ip") !=
False:` with a direct boolean check `if getattr(node, "has_public_ip"):` to make
the condition more Pythonic and pass the code-quality check. This treats the
attribute value directly as a boolean instead of explicitly comparing it to
False.

In
`@prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.metadata.json`:
- Around line 1-34: The metadata file for the node_rescue_mode_disabled check
has two required empty fields that need to be populated with meaningful content.
Locate the Risk field at the top level of the JSON and populate it with a
description of the security risks associated with having rescue mode enabled on
E2E Cloud nodes. Then locate the Remediation.Code.CLI field under the
Remediation.Code object and provide the actual CLI command or commands that
users should execute to disable rescue mode on their nodes, referencing the E2E
Cloud documentation as needed.

In
`@prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.metadata.json`:
- Around line 1-34: The metadata file for the node_vpc_attached check has two
required empty fields that must be populated. Fill in the Risk field with a
meaningful description of the security implications of nodes not being attached
to a VPC, and populate the Remediation.Code.CLI field with a concrete CLI
command or instructions that users can follow to remediate the issue. Both
fields are currently empty strings and must contain substantive content
according to the coding guidelines.

In `@prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py`:
- Line 12: The comparison `getattr(node, "is_vpc_attached") != True` violates
flake8 E712 by explicitly comparing to a boolean value. Replace this explicit
comparison with a direct boolean check by changing the condition to use `not
getattr(node, "is_vpc_attached")` instead, which is more Pythonic and eliminates
the style violation.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.metadata.json`:
- Around line 1-34: The metadata file for the securitygroup_no_all_traffic_rule
check is incomplete according to the metadata contract requirements. Fill in the
empty Risk field with a descriptive risk statement explaining the business
impact of the security concern, populate the Remediation.Code.CLI field with
appropriate CLI commands showing how to remediate the issue, and add the
required Compliance Version entries that specify which compliance frameworks or
versions this check addresses. Reference the check's purpose around restricting
security group rules to help populate these fields with contextually appropriate
content.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.py`:
- Around line 7-8: The execute() method in the securitygroup_no_all_traffic_rule
class is missing a return type hint and a docstring, which violates Python
coding guidelines. Add a return type annotation to the execute() method
signature indicating what it returns (typically CheckResult based on the Check
base class), and add a Google-style docstring that briefly describes the
method's purpose and functionality. The docstring should include a concise
one-line summary of what the check does.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.metadata.json`:
- Around line 1-34: The securitygroup_no_inbound_any_all_ports metadata file is
missing required contract fields. Add a non-empty value to the Risk field
describing the security risk of allowing inbound all-protocol traffic from any
source, populate the Remediation.Code.CLI field with appropriate CLI remediation
steps, and add a new ComplianceFramework field or appropriate version field that
captures the compliance version information as required by the metadata
contract. Reference similar checks in the codebase for the proper format and
structure of these fields.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py`:
- Around line 7-12: The _is_permissive_inbound function only checks if the
network equals "any", but it misses permissive CIDR blocks like "0.0.0.0/0" and
"::/0" which should also be flagged as permissive. Update the network condition
in the _is_permissive_inbound function to check not only for "any" but also for
these two CIDR notations using an OR operator, so that all forms of open inbound
rules are properly detected instead of only the "any" variant.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json`:
- Around line 1-34: The metadata file for the securitygroup_restrictive_default
check contains incomplete required fields. Fill in the empty Risk field with a
clear description of the security risk associated with using permissive default
security groups, populate the Remediation.Code.CLI field with actual CLI
commands that can be used to remediate the issue, and ensure the Categories
array is populated with relevant compliance or categorization tags. These fields
are mandatory per the metadata contract and must contain non-empty values.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py`:
- Around line 7-15: The _has_permissive_inbound() function only checks for
network equal to "any" but misses world-open CIDR blocks like 0.0.0.0/0 and ::/0
which are also permissive. Update the condition that checks rule.network.lower()
== "any" to also return True if the network matches 0.0.0.0/0 or ::/0, either by
modifying the condition to use an OR statement or by checking if the network
string contains these specific CIDR values in addition to the "any" check.

In `@prowler/providers/e2e/services/securitygroup/securitygroup_service.py`:
- Around line 49-52: The exception logging in the except blocks does not follow
Prowler's standard logging format for caught exceptions. Update the logger.error
calls in both the except Exception block (around lines 49-52) and the second
location mentioned (around lines 95-98) to use the established Prowler idiom:
include the error class name using error.__class__.__name__, the traceback line
number using error.__traceback__.tb_lineno, and the error message itself in the
format f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
to maintain consistency with the rest of the codebase.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json`:
- Around line 31-33: The AdditionalURLs array in the
storage_block_volume_not_orphaned metadata file contains a URL pointing to
compute nodes documentation, which is inconsistent with a block volume orphaning
check. Replace the URL in the AdditionalURLs field with the appropriate E2E
Networks documentation link that covers block volumes or storage management to
ensure users are directed to relevant remediation guidance.
- Around line 13-25: The metadata file for the storage_block_volume_not_orphaned
check is missing required non-empty values in three places: the Risk field at
the top level, the CLI field inside Remediation.Code, and a Compliance Version
entry. Populate the Risk field with a clear description of the security risk,
add a meaningful CLI remediation command to the Remediation.Code.CLI field, and
add a Compliance Version object (or array entry if one exists) with appropriate
compliance framework information. Ensure all three fields have substantive
content rather than empty strings.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py`:
- Around line 5-20: The storage_block_volume_not_orphaned class and its
execute() method are missing type hints and Google-style docstrings as required
by coding guidelines. Add a Google-style docstring to the
storage_block_volume_not_orphaned class describing its purpose, add a
Google-style docstring to the execute() method with a Returns section
documenting the return type, and add the return type hint list[CheckReportE2e]
to the execute() method signature to ensure the method properly documents its
behavior and return value.

In
`@prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py`:
- Around line 5-20: Add type hints and Google-style docstrings to the
storage_bucket_encryption_enabled class and its execute() method. The execute()
method is missing a return type annotation of list[CheckReportE2e]. Add a
Google-style docstring to the storage_bucket_encryption_enabled class that
documents its purpose as a check class. Add a Google-style docstring to the
execute() method that describes what it does, its return value, and any other
relevant details about its operation.

In
`@prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.metadata.json`:
- Around line 31-33: The AdditionalURLs array in the metadata file contains a
URL pointing to compute nodes documentation rather than object storage bucket
documentation. Replace the current URL in the AdditionalURLs array with a
reference to the appropriate object storage bucket documentation from E2E
Networks to align the remediation guidance with the actual check context.
- Around line 13-25: The storage_bucket_public_access_disabled.metadata.json
file has incomplete required metadata fields that violate the coding guidelines.
The Risk field, Remediation.Code.CLI field, and Compliance Version entry are all
empty and must be populated with non-empty values. Fill in the Risk field with
an appropriate risk description for public access on storage buckets, populate
the Remediation.Code.CLI field with the CLI command needed to disable public
access, and ensure a compliance version entry is present with a valid value.
These fields are mandatory for the metadata contract to be valid.

In
`@prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py`:
- Around line 5-20: Add a Google-style docstring to the
storage_bucket_public_access_disabled class that describes the check's purpose,
and add both a return type hint and Google-style docstring to the execute()
method. The execute() method should have a return type annotation of
list[CheckReportE2e] and a docstring that explains what the method does and
describes the return value using the Returns section in Google-style format.

In
`@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.metadata.json`:
- Around line 31-33: The AdditionalURLs array in the
storage_bucket_versioning_enabled metadata file contains a URL that points to
compute nodes documentation instead of storage bucket versioning documentation.
Replace the incorrect URL in the AdditionalURLs field with the appropriate
documentation URL that actually references storage bucket versioning or object
versioning control features for the E2E Networks storage service.
- Around line 13-25: The storage_bucket_versioning_enabled.metadata.json file is
missing required metadata fields. Add descriptive content to the empty Risk
field at the top level, populate the empty Remediation.Code.CLI field with
appropriate CLI remediation commands or instructions for enabling bucket
versioning, and add at least one non-empty entry in the Compliance section with
a valid compliance framework and version. Ensure all three fields contain
meaningful, non-empty values that align with the check's purpose of validating
bucket versioning is enabled.

In
`@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py`:
- Around line 5-20: The storage_bucket_versioning_enabled class and its
execute() method are missing required type hints and Google-style docstrings.
Add a Google-style docstring to the storage_bucket_versioning_enabled class that
explains its purpose as a check for bucket versioning. Add a Google-style
docstring to the execute() method that explains what it does and returns. Add
the return type hint list[CheckReportE2e] to the execute() method signature to
properly document that it returns a list of CheckReportE2e objects.

In `@prowler/providers/e2e/services/storage/storage_service.py`:
- Around line 36-39: The exception handlers in this storage service are not
following the established logging format for caught exceptions. Update both the
exception handler in the block volumes fetching section (lines 36-39) and the
second exception handler (lines 65-68) to use the standardized format that
includes the exception class name and traceback line number. Replace the simple
error logging format with the pattern that includes error.__class__.__name__ and
error.__traceback__.tb_lineno, formatted as
"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" to
maintain consistency with other provider services in the codebase.

In `@tests/providers/e2e/services/node/nodes_service_test.py`:
- Around line 50-69: The test_node_public_ip_detection method only asserts
values that are already explicitly set to the Node objects, which cannot catch
regressions in the actual _has_public_ip normalization logic that handles edge
cases like None, "[]", or "null" strings. Replace or augment this test with a
parameterized test that directly exercises the _has_public_ip function (or
drives it through _fetch_nodes inputs) using various edge case inputs to ensure
the normalization logic correctly handles unexpected value formats and returns
the expected boolean results.

---

Outside diff comments:
In `@tests/providers/e2e/lib/arguments/arguments_test.py`:
- Around line 18-28: The test file currently only covers the case where
e2e_project_id is missing (None) but does not test the case where e2e_project_id
is provided but contains an invalid non-integer value. Add a new test method
similar to test_validate_arguments_missing_project_id that tests the
validate_arguments function with e2e_project_id set to a non-integer string
value like "abc" to verify that the function properly rejects non-integer
project IDs and returns False with an appropriate error message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 41df9ec2-0823-4104-a43d-bc779e33a6bf

📥 Commits

Reviewing files that changed from the base of the PR and between a7917f7 and 00fb71b.

📒 Files selected for processing (92)

docs/developer-guide/e2e-details.mdx
prowler/__main__.py
prowler/config/config.py
prowler/config/config.yaml
prowler/lib/check/models.py
prowler/lib/cli/parser.py
prowler/lib/outputs/compliance/universal/universal_output.py
prowler/lib/outputs/finding.py
prowler/lib/outputs/html/html.py
prowler/lib/outputs/outputs.py
prowler/lib/outputs/summary_table.py
prowler/providers/common/provider.py
prowler/providers/e2e/__init__.py
prowler/providers/e2e/e2e_provider.py
prowler/providers/e2e/exceptions/__init__.py
prowler/providers/e2e/exceptions/exceptions.py
prowler/providers/e2e/lib/__init__.py
prowler/providers/e2e/lib/api/__init__.py
prowler/providers/e2e/lib/api/client.py
prowler/providers/e2e/lib/arguments/__init__.py
prowler/providers/e2e/lib/arguments/arguments.py
prowler/providers/e2e/lib/mutelist/__init__.py
prowler/providers/e2e/lib/mutelist/mutelist.py
prowler/providers/e2e/lib/service/__init__.py
prowler/providers/e2e/lib/service/service.py
prowler/providers/e2e/models.py
prowler/providers/e2e/services/__init__.py
prowler/providers/e2e/services/loadbalancer/__init__.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/__init__.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/__init__.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/__init__.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_client.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py
prowler/providers/e2e/services/node/__init__.py
prowler/providers/e2e/services/node/node_accidental_protection_enabled/__init__.py
prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.metadata.json
prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.py
prowler/providers/e2e/services/node/node_compliance_enabled/__init__.py
prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.metadata.json
prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.py
prowler/providers/e2e/services/node/node_encryption_enabled/__init__.py
prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.metadata.json
prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.py
prowler/providers/e2e/services/node/node_public_ip_not_assigned/__init__.py
prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.py
prowler/providers/e2e/services/node/node_rescue_mode_disabled/__init__.py
prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.metadata.json
prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.py
prowler/providers/e2e/services/node/node_vpc_attached/__init__.py
prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.metadata.json
prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py
prowler/providers/e2e/services/node/nodes_client.py
prowler/providers/e2e/services/node/nodes_service.py
prowler/providers/e2e/services/securitygroup/__init__.py
prowler/providers/e2e/services/securitygroup/securitygroup_client.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/__init__.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/__init__.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/__init__.py
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py
prowler/providers/e2e/services/securitygroup/securitygroup_service.py
prowler/providers/e2e/services/storage/__init__.py
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/__init__.py
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/__init__.py
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/__init__.py
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/__init__.py
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py
prowler/providers/e2e/services/storage/storage_client.py
prowler/providers/e2e/services/storage/storage_service.py
tests/providers/e2e/e2e_fixtures.py
tests/providers/e2e/e2e_provider_test.py
tests/providers/e2e/lib/arguments/arguments_test.py
tests/providers/e2e/services/node/node_public_ip_not_assigned_test.py
tests/providers/e2e/services/node/nodes_service_test.py

coderabbitai · 2026-06-19T17:20:53Z

+## Authentication
+
+Set the following environment variables before running scans:
+
+```bash
+export E2E_API_KEY=<api-key>
+export E2E_AUTH_TOKEN=<auth-token>
+export E2E_PROJECT_ID=<project-id>
+export E2E_LOCATION=Delhi
+```
+
+Optional CLI flags (`--e2e-api-key`, `--e2e-auth-token`, `--e2e-project-id`, `--e2e-location`) are available for backward compatibility, but environment variables are preferred.
+
+## Usage
+
+```bash
+uv run python prowler-cli.py e2e --list-checks
+uv run python prowler-cli.py e2e --service node --log-level DEBUG
+```
+
+## Services and Checks
+
+The initial release includes four services:
+
+- `node` — compute node posture (public IP, encryption, compliance, VPC attachment)
+- `securitygroup` — security group rules and node attachments
+- `loadbalancer` — appliance HTTPS, health checks, BitNinja protection
+- `storage` — object storage buckets and block volumes
+
+Provider code lives under [`prowler/providers/e2e/`](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers/e2e).
+
+## Architecture Notes


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add Version Badge for New E2E Provider Sections

These sections document newly introduced provider functionality (authentication/flags, usage, and services/checks), but no VersionBadge is present immediately after the headers.

📝 Suggested placement

## Authentication +<VersionBadge version="X.Y.Z" /> Set the following environment variables before running scans: @@ ## Usage +<VersionBadge version="X.Y.Z" /> ```bash @@ ## Services and Checks +<VersionBadge version="X.Y.Z" /> The initial release includes four services:

As per coding guidelines, "Use the Version Badge component to indicate when a feature or functionality was introduced in Prowler" and place it immediately after the section header.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/developer-guide/e2e-details.mdx` around lines 9 - 40, The documentation is missing VersionBadge components for the newly introduced E2E provider functionality sections. Add a VersionBadge component immediately after each of the three section headers: "## Authentication", "## Usage", and "## Services and Checks". Each VersionBadge should be placed on the line directly after its corresponding header and before the section content, with the format `<VersionBadge version="X.Y.Z" />` where X.Y.Z should be replaced with the appropriate version number for when the E2E provider was introduced.

Source: Coding guidelines

coderabbitai · 2026-06-19T17:20:53Z

+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "Attach a valid SSL certificate to HTTPS load balancers.",
+      "Url": "https://hub.prowler.com/check/loadbalancer_alb_https_uses_ssl_certificate"
+    }


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Populate Required Metadata Fields

Line 13 (Risk) and Line 17 (Remediation.Code.CLI) are empty, and this file is also missing a non-empty compliance version field. This breaks the required check-metadata contract.

As per coding guidelines, Risk, Remediation.Code.CLI, and Compliance Version in check metadata must be required and non-empty.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.metadata.json` around lines 13 - 25, The metadata file for loadbalancer_alb_https_uses_ssl_certificate is missing required non-empty fields that break the check-metadata contract. Populate the empty Risk field with appropriate risk description, fill the Remediation.Code.CLI field with the appropriate AWS CLI command for remediating the issue, and add a compliance version field to the metadata (which is currently missing entirely). Ensure all three fields contain meaningful, non-empty values that align with the check's purpose of validating HTTPS load balancers use valid SSL certificates.

Source: Coding guidelines

coderabbitai · 2026-06-19T17:20:53Z

+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "Configure HTTP health checks for ALB backends.",
+      "Url": "https://hub.prowler.com/check/loadbalancer_backend_health_check_enabled"
+    }


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fill Mandatory Check Metadata Fields

Line 13 (Risk) and Line 17 (Remediation.Code.CLI) are empty, and there is no non-empty compliance version field. This violates the required metadata contract for checks.

As per coding guidelines, metadata must include non-empty Risk, Remediation.Code.CLI, and Compliance Version values.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.metadata.json` around lines 13 - 25, The metadata file loadbalancer_backend_health_check_enabled.metadata.json contains empty mandatory fields that violate the metadata contract requirements. Populate the "Risk" field with an appropriate risk assessment describing the security implications of disabled health checks, fill the "Remediation.Code.CLI" field with the AWS CLI command needed to enable health checks on ALB backends, and add a non-empty Compliance Version field (if not already present) to the metadata. Ensure all three fields contain meaningful values rather than empty strings to satisfy the required metadata schema.

Source: Coding guidelines

coderabbitai · 2026-06-19T17:20:55Z

+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "Enable versioning on object storage buckets.",
+      "Url": "https://hub.prowler.com/check/storage_bucket_versioning_enabled"
+    }


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add the missing required metadata content.

Risk and Remediation.Code.CLI are empty, and there is no non-empty compliance version entry. These are required metadata elements for SDK checks.

As per coding guidelines, Risk, Remediation.Code.CLI, and Compliance Version must be present and non-empty in check metadata.

Also applies to: 1-34

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.metadata.json` around lines 13 - 25, The storage_bucket_versioning_enabled.metadata.json file is missing required metadata fields. Add descriptive content to the empty Risk field at the top level, populate the empty Remediation.Code.CLI field with appropriate CLI remediation commands or instructions for enabling bucket versioning, and add at least one non-empty entry in the Compliance section with a valid compliance framework and version. Ensure all three fields contain meaningful, non-empty values that align with the check's purpose of validating bucket versioning is enabled.

Source: Coding guidelines

coderabbitai · 2026-06-19T17:20:55Z

+class storage_bucket_versioning_enabled(Check):
+    def execute(self):
+        findings = []
+        for bucket in storage_client.buckets:
+            report = CheckReportE2e(metadata=self.metadata(), resource=bucket)
+            report.status = "PASS"
+            report.status_extended = (
+                f"Object storage bucket {bucket.name} has versioning enabled."
+            )
+            if bucket.versioning_status != "Enabled":
+                report.status = "FAIL"
+                report.status_extended = (
+                    f"Object storage bucket {bucket.name} does not have versioning enabled."
+                )
+            findings.append(report)
+        return findings


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add type hints and Google-style docstrings to check class and execute() method.

Check classes inherit from Check, which is a public API class. Per coding guidelines, type hints are required for all public functions and docstrings are required for all classes and methods. The execute() method must return list[CheckReportE2e].

📝 Proposed fix

+ class storage_bucket_versioning_enabled(Check): + """Storage check to ensure object storage buckets have versioning enabled. + + Versioning protects buckets against accidental deletion or modification of + data by retaining previous versions. This check verifies that all buckets + have versioning enabled and reports FAIL for any bucket without it. + """ + - def execute(self): + def execute(self) -> list[CheckReportE2e]: + """Execute the check on all object storage buckets in the provider. + + Returns: + list[CheckReportE2e]: Check reports for each object storage bucket. + """ findings = []

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py` around lines 5 - 20, The storage_bucket_versioning_enabled class and its execute() method are missing required type hints and Google-style docstrings. Add a Google-style docstring to the storage_bucket_versioning_enabled class that explains its purpose as a check for bucket versioning. Add a Google-style docstring to the execute() method that explains what it does and returns. Add the return type hint list[CheckReportE2e] to the execute() method signature to properly document that it returns a list of CheckReportE2e objects.

Source: Coding guidelines

coderabbitai

Review continued from previous batch...

coderabbitai

Actionable comments posted: 32

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

prowler/providers/e2e/services/storage/storage_service.py (1)
177-209: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add required Google-style docstrings for newly added model classes and methods.

Line 177 and Line 195 introduce public classes without docstrings, and their public property methods also miss docstrings. Please document these to satisfy the SDK contract for prowler/**/*.py.

As per coding guidelines, docstrings are required for all classes and methods in Python code under prowler/**/*.py.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/storage/storage_service.py` around lines 177 -
209, The EfsVolume class and EpfsVolume class, along with their public property
methods (resource_id and resource_name), are missing Google-style docstrings
required by the SDK contract for prowler code. Add comprehensive Google-style
docstrings to both the EfsVolume and EpfsVolume classes describing their purpose
and attributes, and add docstrings to each of the resource_id and resource_name
property methods in both classes explaining what they return. Ensure all
docstrings follow the Google Python style guide format with proper sections for
description and return values.
Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.metadata.json`:
- Around line 1-34: The metadata file for the database_cluster_backup_enabled
check has two required fields that are currently empty strings: the Risk field
and the Remediation.Code.CLI field. Populate the Risk field with a clear
description of the potential impact or consequences of having database clusters
without backups enabled. Then fill in the Remediation.Code.CLI field with the
actual CLI command(s) that users can execute to enable backups for E2E Cloud
database clusters, referencing the E2E Networks API documentation mentioned in
the AdditionalURLs to determine the correct command syntax.

In
`@prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.metadata.json`:
- Around line 1-34: The metadata file has two required fields that are currently
empty: the Risk field and the Remediation.Code.CLI field within the
Remediation.Code object. Fill both fields with appropriate non-empty values. For
the Risk field, provide a description of the potential security risks of using
default admin usernames for database clusters. For the Remediation.Code.CLI
field, provide the actual CLI command or steps that users would execute to
remediate this issue (e.g., how to change the admin username through E2E Cloud
CLI or API).

In
`@prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.metadata.json`:
- Around line 1-34: The metadata file
database_cluster_ip_whitelist_configured.metadata.json has two required fields
that are currently empty: the Risk field and the Remediation.Code.CLI field.
Both of these fields must contain non-empty string values according to the
coding guidelines. Populate the Risk field with a description of the potential
security risks from not having IP whitelisting configured on public database
clusters, and populate the Remediation.Code.CLI field with the appropriate CLI
commands or instructions for configuring IP whitelisting on E2E Cloud database
clusters.

In
`@prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.metadata.json`:
- Around line 1-34: The metadata.json file is missing or has empty required
fields that must be populated per coding guidelines. Add meaningful content to
the "Risk" field by describing the security implications of exposing public IPs
on database cluster master nodes. Populate the "Remediation.Code.CLI" field with
an appropriate CLI command or instructions for checking this issue in E2E Cloud.
Additionally, add a new "Compliance" object at the root level of the JSON (after
"Categories") with a non-empty "Compliance Version" field containing relevant
compliance version information. Ensure all three fields contain substantive and
helpful content.

In
`@prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.py`:
- Around line 5-6: Add a Google-style docstring to the
database_cluster_public_ip_not_assigned class that describes its purpose, and
add a return type hint of -> list to the execute() method along with a
Google-style docstring that describes what the method does and what it returns.
Ensure both documentation blocks follow the project's coding guidelines for
documentation style.

In
`@prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.metadata.json`:
- Around line 1-34: The metadata.json file for the database_cluster_running
check violates required field guidelines. The Risk field must be populated with
a meaningful non-empty description of the risk associated with database clusters
not running. The Remediation.Code.CLI field must contain non-empty instructions
for CLI remediation steps. Additionally, add the missing Compliance field to the
root level of the JSON with a non-empty compliance version. Ensure all three
fields contain substantive content that provides clear guidance for users.

In
`@prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.py`:
- Around line 5-6: Add a Google-style docstring to the database_cluster_running
class describing its purpose for checking if database clusters are running. Add
a return type hint of `-> list` to the execute() method and include a
Google-style docstring for the execute() method describing what it does and what
it returns. Ensure the docstrings follow Google documentation style with proper
sections like Args, Returns, and any relevant details about the check
implementation.

In
`@prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.metadata.json`:
- Around line 1-34: The metadata.json file has three required fields that are
either empty or missing. Fill the Risk field with meaningful content describing
the security risk, populate the Remediation.Code.CLI field with actual CLI
commands or instructions for remediation, and add a complete Compliance object
with a non-empty Version field. Reference the existing Remediation structure and
other similar metadata files in the codebase to ensure consistency in format and
content style.

In
`@prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.py`:
- Around line 5-6: The class database_cluster_ssl_enabled and its execute()
method are missing required documentation and type hints per coding guidelines.
Add a Google-style docstring to the database_cluster_ssl_enabled class that
describes its purpose. Add a return type hint of -> list to the execute() method
and include a Google-style docstring that documents what the method does and
what it returns.

In
`@prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.metadata.json`:
- Around line 1-34: The metadata.json file has incomplete required fields that
must be populated before merge. Fill the empty `Risk` field with a meaningful
description of the security risk associated with having public IP assigned to
database replicas. Populate the `Remediation.Code.CLI` field under the
Remediation.Code object with appropriate CLI commands or steps for remediating
this issue. Additionally, add the missing `Compliance` field to the metadata
object with a non-empty compliance version value to meet the coding guidelines
for metadata structure.

In
`@prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.py`:
- Around line 5-6: Add the missing documentation and type annotations to the
database_replica_public_ip_not_assigned class and its execute method. First, add
a Google-style docstring to the class that describes its purpose. Then, add a
return type hint of -> list to the execute() method signature and add a
Google-style docstring to the execute() method that explains what it does and
what it returns.

In
`@prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.metadata.json`:
- Around line 13-25: The metadata JSON file has three required fields that need
to be populated: the Risk field is empty and should contain a description of the
security risk related to unattached floating IPs, the Remediation.Code.CLI field
under the Remediation.Code object is empty and should contain an example CLI
command for remediation, and the Compliance Version field is missing entirely
and must be added to the JSON structure with an appropriate version value.
Populate all three fields with relevant content according to Prowler
check-metadata contract requirements.

In
`@prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.py`:
- Around line 5-6: The class network_reserveip_floating_ip_unattached is missing
a Google-style docstring and the execute() method lacks a return type
annotation. Add a comprehensive Google-style docstring to the class describing
its purpose, and add the return type hint -> list[CheckReportE2e] to the
execute() method signature to comply with typing requirements and coding
guidelines.

In
`@prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.metadata.json`:
- Line 13: The metadata.json file has two required fields that are empty and
must be populated according to coding guidelines. For the Risk field on line 13,
provide a meaningful description explaining the security and operational impact
of having orphaned public IPs (such as potential security exposure or wasted
resources). For the Remediation.Code.CLI field on line 17, provide either a
specific AWS CLI command that demonstrates how to remediate or release the
orphaned public IP addresses, or set it to "N/A" if no CLI remediation is
applicable. Both fields must contain non-empty values to comply with the
metadata requirements.

In
`@prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.py`:
- Around line 5-18: The network_reserveip_orphaned_public_ip class and its
execute() method are missing required type hints and docstrings. Add a
Google-style docstring to the class describing its purpose for identifying
orphaned public IPs, then add a Google-style docstring to the execute() method
explaining what it does, and add a return type annotation `->
list[CheckReportE2e]` to the execute() method signature. Follow Google
documentation style for all docstrings.

In `@prowler/providers/e2e/services/network/network_service.py`:
- Around line 38-41: Update the exception logging format in all three exception
handlers in the network_service.py file to match the project standard. In the
exception blocks at lines 38-41, 63-66, and 94-97, modify the logger.error calls
to use the standard Prowler format that includes the error class name and
traceback line number. Replace the current error message format with one that
uses error.__class__.__name__ and error.__traceback__.tb_lineno to provide
consistent debugging information across all exception handlers.
- Around line 19-20: Add Google-style docstrings to all methods and model
classes that are missing them. Specifically, add docstrings to the methods
_fetch_vpcs, _fetch_reserved_ips, and _fetch_vpc_tunnels, as well as to the
model classes and properties in the range of lines 100-153. Each docstring
should follow Google style format including a brief description of what the
method/class does, Args section (if applicable), and Returns section (if
applicable) for methods.
- Around line 22-24: The paginate() method call on line 22 can return either a
dictionary or a list, but the code assumes it always returns a list. When a
dictionary is returned, iterating with `for item in vpcs` will iterate over
dictionary keys instead of values, causing item.get() to fail. Before the loop
starting at line 23, check if vpcs is a dictionary (not a list) and if so,
convert it to a list containing that single dictionary as an element. This
ensures consistent iteration behavior regardless of what paginate() returns.

In
`@prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.metadata.json`:
- Line 13: The metadata.json file for network_vpc_has_attached_nodes has two
required fields that are empty strings in violation of coding guidelines. Fill
in the "Risk" field (line 13) with a meaningful description explaining why VPCs
without attached nodes may be wasteful or misconfigured, and populate the
"Remediation.Code.CLI" field (line 17) with either a specific CLI remediation
command that addresses the issue or the value "N/A" if no direct CLI remediation
applies. Both fields must contain non-empty values per the coding guidelines for
metadata files.

In
`@prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py`:
- Around line 5-16: The network_vpc_has_attached_nodes class and its execute()
method are missing required type hints and docstrings. Add a Google-style
docstring to the class describing the check's purpose, then add a Google-style
docstring to the execute() method describing what it does and its return value,
and finally add the return type annotation `-> list[CheckReportE2e]` to the
execute() method signature to specify that it returns a list of CheckReportE2e
objects.

In
`@prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.metadata.json`:
- Line 13: Populate the empty Risk and Remediation.Code.CLI fields in the
metadata JSON file to comply with coding guidelines. In the Risk field, provide
a meaningful description explaining the operational or security concerns
associated with inactive VPCs (e.g., unused resources consuming costs, potential
compliance risks, or security exposure). In the Remediation.Code.CLI field, add
an applicable AWS CLI command that demonstrates how to remediate the issue (such
as a command to delete or activate the VPC), or set it to "N/A" if no CLI
remediation command is available for this check.

In
`@prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py`:
- Around line 5-16: Add missing type hints and docstrings to the
network_vpc_is_active class and its execute method. First, add a Google-style
docstring to the network_vpc_is_active class describing the check's purpose.
Then add a return type hint of -> list[CheckReportE2e] to the execute method
signature, followed by a Google-style docstring to the execute method that
documents its purpose, what it does, and what it returns. Follow Google-style
documentation format for consistency with the codebase guidelines.

In
`@prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.metadata.json`:
- Around line 13-25: The metadata file is missing required fields that are
mandatory for Prowler check validation. In the
network_vpc_peering_external_peer_disabled.metadata.json file, populate the
empty `Risk` field with a description of the security risk associated with
external VPC peering, fill in the `Remediation.Code.CLI` field with appropriate
CLI commands for remediation, and add the missing `Compliance Version` field to
the metadata object at the appropriate level. Ensure all three fields contain
substantive, non-empty values that comply with Prowler's metadata requirements.

In
`@prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py`:
- Around line 5-6: The class network_vpc_peering_external_peer_disabled and its
execute method are missing proper documentation and type annotations. Add a
Google-style docstring to the class describing its purpose, then add a
Google-style docstring to the execute method explaining what it does.
Additionally, add the return type annotation `-> list[CheckReportE2e]` to the
execute method signature to specify that it returns a list of CheckReportE2e
objects.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.metadata.json`:
- Around line 13-17: In the storage_bucket_lifecycle_configured.metadata.json
file, populate the required metadata fields that are currently empty: add a
descriptive Risk assessment value to the Risk field, provide CLI command or
instructions for the Remediation.Code.CLI field, and ensure a Compliance Version
field exists with a non-empty value. These three fields are mandatory and must
contain meaningful content to maintain the check metadata contract and ensure
downstream compliance and reporting mapping functions correctly.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py`:
- Around line 5-6: Add a Google-style docstring to the
storage_bucket_lifecycle_configured class describing its purpose and
responsibility. Additionally, add a Google-style docstring to the execute method
and annotate its return type as list[CheckReportE2e] to match the provider check
contract. These docstrings should follow the standard documentation format
required for all classes and methods in the prowler codebase.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.metadata.json`:
- Around line 13-17: The metadata file storage_bucket_lock_enabled.metadata.json
contains mandatory fields that are currently empty and must be filled. Populate
the "Risk" field with a description of the security risk associated with bucket
lock not being enabled, fill the "Remediation.Code.CLI" field under
Remediation.Code with the appropriate CLI commands needed to enable bucket lock,
and ensure the Compliance Version field is populated with a non-empty value.
These fields are required per coding guidelines and must contain meaningful
content before the pull request can be merged.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py`:
- Around line 5-6: Add a Google-style docstring to the
storage_bucket_lock_enabled class documenting its purpose. Add a Google-style
docstring to the execute method and add the return type annotation `->
list[CheckReportE2e]` to the execute method signature. Ensure both docstrings
follow Google style conventions with proper sections (Summary, Args, Returns,
etc. as applicable).

In
`@prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.metadata.json`:
- Around line 13-17: The metadata file for the storage_efs_backup_enabled check
has incomplete required fields that must be populated. Fill in the Risk field
with appropriate risk information describing the impact of EFS backup not being
enabled, populate the Remediation.Code.CLI field under the Remediation object
with the AWS CLI command needed to enable EFS backups, and ensure a non-empty
Compliance Version is defined for the check. Refer to similar metadata files in
the codebase for proper formatting and content patterns when filling in these
required fields.

In
`@prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.py`:
- Around line 5-6: Add a Google-style docstring to the
storage_efs_backup_enabled class describing its purpose as a compliance check,
and add a Google-style docstring to the execute method that explains what it
checks and what it returns. Additionally, add an explicit return type annotation
to the execute method signature to specify that it returns list[CheckReportE2e].
This ensures the code follows the project's documentation and type-hinting
standards for public classes and methods.

In
`@prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.metadata.json`:
- Around line 13-17: The metadata file is missing required non-empty values for
compliance validation. In the storage_efs_vpc_access_restricted.metadata.json
file, populate the empty "Risk" field with a description of the security risk,
provide a non-empty CLI remediation command in the "Remediation.Code.CLI" field,
and ensure a Compliance Version field exists with a valid version value. These
three fields are mandatory per coding guidelines and must contain non-empty
values throughout the entire metadata document to ensure compliance outputs are
valid.

In
`@prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.py`:
- Around line 5-7: The storage_efs_vpc_access_restricted class and its execute()
method are missing required documentation and type annotations per prowler
standards. Add a Google-style docstring to the storage_efs_vpc_access_restricted
class describing its purpose as a check, then add a Google-style docstring to
the execute() method describing what it does, and add an explicit return type
annotation (list) to the execute() method signature to indicate it returns a
list of findings.

---

Outside diff comments:
In `@prowler/providers/e2e/services/storage/storage_service.py`:
- Around line 177-209: The EfsVolume class and EpfsVolume class, along with
their public property methods (resource_id and resource_name), are missing
Google-style docstrings required by the SDK contract for prowler code. Add
comprehensive Google-style docstrings to both the EfsVolume and EpfsVolume
classes describing their purpose and attributes, and add docstrings to each of
the resource_id and resource_name property methods in both classes explaining
what they return. Ensure all docstrings follow the Google Python style guide
format with proper sections for description and return values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 7995ce9a-5491-40a9-9985-2260d73ad6ab

📥 Commits

Reviewing files that changed from the base of the PR and between 00fb71b and e4834f0.

📒 Files selected for processing (55)

prowler/providers/e2e/services/database/__init__.py
prowler/providers/e2e/services/database/database_client.py
prowler/providers/e2e/services/database/database_cluster_backup_enabled/__init__.py
prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.metadata.json
prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.py
prowler/providers/e2e/services/database/database_cluster_default_admin_username/__init__.py
prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.metadata.json
prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.py
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/__init__.py
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.metadata.json
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.py
prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/__init__.py
prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.py
prowler/providers/e2e/services/database/database_cluster_running/__init__.py
prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.metadata.json
prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.py
prowler/providers/e2e/services/database/database_cluster_ssl_enabled/__init__.py
prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.metadata.json
prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.py
prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/__init__.py
prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.py
prowler/providers/e2e/services/database/database_service.py
prowler/providers/e2e/services/network/__init__.py
prowler/providers/e2e/services/network/network_client.py
prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/__init__.py
prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.metadata.json
prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.py
prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/__init__.py
prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.metadata.json
prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.py
prowler/providers/e2e/services/network/network_service.py
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/__init__.py
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.metadata.json
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py
prowler/providers/e2e/services/network/network_vpc_is_active/__init__.py
prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.metadata.json
prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/__init__.py
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.metadata.json
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py
prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/__init__.py
prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/__init__.py
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py
prowler/providers/e2e/services/storage/storage_efs_backup_enabled/__init__.py
prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.py
prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/__init__.py
prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.metadata.json
prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.py
prowler/providers/e2e/services/storage/storage_service.py

coderabbitai · 2026-06-20T17:03:06Z

+{
+  "Provider": "e2e",
+  "CheckID": "database_cluster_public_ip_not_assigned",
+  "CheckTitle": "Check if E2E Cloud database clusters do not expose a public IP on the master node",
+  "CheckType": [],
+  "ServiceName": "database",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "",
+  "Severity": "high",
+  "ResourceType": "Other",
+  "ResourceGroup": "database",
+  "Description": "Check if E2E Cloud database clusters do not expose a public IP on the master node",
+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "Check if E2E Cloud database clusters do not expose a public IP on the master node",
+      "Url": "https://hub.prowler.com/check/database_cluster_public_ip_not_assigned"
+    }
+  },
+  "Categories": [],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "AdditionalURLs": [
+    "https://docs.e2enetworks.com/api/myaccount/openapi.yaml"
+  ]
+}


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Metadata violates required field guidelines.

The metadata.json is missing required non-empty fields per coding guidelines:

Risk (line 13) is an empty string but must be non-empty

Remediation.Code.CLI (line 17) is an empty string but must be non-empty

The Compliance field is entirely absent but "Compliance Version must be non-empty"

Populate these fields with meaningful content before merge.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.metadata.json` around lines 1 - 34, The metadata.json file is missing or has empty required fields that must be populated per coding guidelines. Add meaningful content to the "Risk" field by describing the security implications of exposing public IPs on database cluster master nodes. Populate the "Remediation.Code.CLI" field with an appropriate CLI command or instructions for checking this issue in E2E Cloud. Additionally, add a new "Compliance" object at the root level of the JSON (after "Categories") with a non-empty "Compliance Version" field containing relevant compliance version information. Ensure all three fields contain substantive and helpful content.

Source: Coding guidelines

coderabbitai · 2026-06-20T17:03:07Z

+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Metadata is incomplete for required compliance fields.

Line 13 (Risk) and Line 17 (Remediation.Code.CLI) are blank, and no non-empty Compliance Version is defined. Please complete these required fields.

As per coding guidelines, Risk, Remediation.Code.CLI, and Compliance Version must be present and non-empty.

Also applies to: 1-34

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.metadata.json` around lines 13 - 17, The metadata file for the storage_efs_backup_enabled check has incomplete required fields that must be populated. Fill in the Risk field with appropriate risk information describing the impact of EFS backup not being enabled, populate the Remediation.Code.CLI field under the Remediation object with the AWS CLI command needed to enable EFS backups, and ensure a non-empty Compliance Version is defined for the check. Refer to similar metadata files in the codebase for proper formatting and content patterns when filling in these required fields.

Source: Coding guidelines

coderabbitai · 2026-06-20T17:03:07Z

+  "Risk": "",
+  "RelatedUrl": "",
+  "Remediation": {
+    "Code": {
+      "CLI": "",


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Complete required metadata fields (Risk, CLI remediation, Compliance Version).

Line 13 and Line 17 are empty, and there is no non-empty Compliance Version. This should be fixed to keep metadata valid for compliance outputs.

As per coding guidelines, Risk, Remediation.Code.CLI, and Compliance Version are required and must be non-empty.

Also applies to: 1-34

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.metadata.json` around lines 13 - 17, The metadata file is missing required non-empty values for compliance validation. In the storage_efs_vpc_access_restricted.metadata.json file, populate the empty "Risk" field with a description of the security risk, provide a non-empty CLI remediation command in the "Remediation.Code.CLI" field, and ensure a Compliance Version field exists with a valid version value. These three fields are mandatory per coding guidelines and must contain non-empty values throughout the entire metadata document to ensure compliance outputs are valid.

Source: Coding guidelines

coderabbitai · 2026-06-20T17:03:07Z

+class storage_efs_vpc_access_restricted(Check):
+    def execute(self):
+        findings = []


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add required docstrings and return type annotations for this public check API.

storage_efs_vpc_access_restricted and execute() are public and currently missing Google-style docstrings, and execute() is missing an explicit return type. This breaks the prowler/**/*.py standards.

Suggested patch

class storage_efs_vpc_access_restricted(Check): - def execute(self): - findings = [] + """Check that EFS volumes are not accessible from all VPC resources.""" + + def execute(self) -> list[CheckReportE2e]: + """Run the EFS VPC access restriction check. + + Returns: + list[CheckReportE2e]: One PASS/FAIL report per EFS volume. + """ + findings: list[CheckReportE2e] = []

As per coding guidelines: "prowler/**/*.py: Type hints are required for all public functions in Python code" and "Docstrings are required for all classes and methods in Python code, following Google style documentation".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.py` around lines 5 - 7, The storage_efs_vpc_access_restricted class and its execute() method are missing required documentation and type annotations per prowler standards. Add a Google-style docstring to the storage_efs_vpc_access_restricted class describing its purpose as a check, then add a Google-style docstring to the execute() method describing what it does, and add an explicit return type annotation (list) to the execute() method signature to indicate it returns a list of findings.

Source: Coding guidelines

coderabbitai

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (10)

tests/providers/e2e/services/database/database_cluster_ssl_enabled_test.py (1)

7-44: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add explicit no-resources coverage for this check.

Line 7 onward currently validates PASS/FAIL paths only; the required empty-input behavior is not tested. Please add a test_no_resources asserting execute() returns [] when database_client.clusters = [].

As per coding guidelines, “Every check needs test_no_resources (len==0), pass (PASS) and fail (FAIL).”

Suggested test addition

 class TestDatabaseClusterSslEnabledCheck:
+    def test_no_resources(self):
+        database_client = mock.MagicMock()
+        database_client.clusters = []
+
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=set_mocked_e2e_provider(),
+            ),
+            mock.patch(
+                "prowler.providers.e2e.services.database.database_cluster_ssl_enabled.database_cluster_ssl_enabled.database_client",
+                new=database_client,
+            ),
+        ):
+            from prowler.providers.e2e.services.database.database_cluster_ssl_enabled.database_cluster_ssl_enabled import (
+                database_cluster_ssl_enabled,
+            )
+
+            findings = database_cluster_ssl_enabled().execute()
+            assert len(findings) == 0
+
     def test_pass_and_fail(self):

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/providers/e2e/services/database/database_cluster_ssl_enabled_test.py`
around lines 7 - 44, Add a new test method called test_no_resources to the
TestDatabaseClusterSslEnabledCheck class that tests the no-resources scenario.
This method should follow the same structure as the existing test_pass_and_fail
method but set database_client.clusters to an empty list and assert that the
findings returned by database_cluster_ssl_enabled().execute() is an empty list
with len(findings) == 0. This ensures coverage of the required empty-input
behavior as per coding guidelines.

Source: Coding guidelines

prowler/providers/e2e/services/storage/storage_service.py (3)

7-19: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add docstring to Storage class and type hints to __init__ parameters.

Line 7: The class has a brief docstring ("Service class for E2E Cloud storage resources."), which is good. However, the __init__ method at line 10 is missing a Google-style docstring and the provider parameter lacks a type hint.

As per coding guidelines, docstrings are required for all classes and methods, and type hints are required for all public functions in prowler/**/*.py.
Suggested fix
     def __init__(self, provider):
+        """Initialize Storage service with provider and fetch all resource types.
+        
+        Args:
+            provider: E2E provider instance with session and locations.
+        """
         super().__init__("storage", provider)
As per coding guidelines, "Docstrings are required for all classes and methods in Python code, following Google style documentation."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/storage/storage_service.py` around lines 7 -
19, The `__init__` method in the Storage class is missing a Google-style
docstring and the `provider` parameter lacks a type hint. Add a Google-style
docstring to the `__init__` method that documents the method's purpose and
describes the `provider` parameter. Additionally, add an appropriate type hint
to the `provider` parameter in the method signature to comply with the coding
guidelines requiring type hints for all public functions.
Source: Coding guidelines

99-102: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Apply standardized exception logging format to EFS error handler (line 99–102).

The block volumes (lines 40–44) and buckets (lines 73–77) error handlers now use the standardized format f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}". However, the EFS error handler at line 99–102 still uses the older format.

Update this handler to match the pattern for consistency across the service.
Suggested fix
             except Exception as error:
                 logger.error(
-                    f"storage - Error fetching EFS volumes in {location}: {error}"
+                    f"storage - Error fetching EFS volumes in {location} -- "
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                 )
Based on learnings, the established pattern in this codebase is f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" for caught exceptions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/storage/storage_service.py` around lines 99 -
102, The EFS error handler in the exception block does not match the
standardized exception logging format used in the block volumes and buckets
error handlers. Update the logger.error call in the EFS exception handler (the
except block around line 99-102) to use the standardized format
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" instead
of the current format, while keeping the descriptive prefix about the location
context if needed. This ensures consistent error logging across all three error
handlers in the service.
Source: Learnings

136-139: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Apply standardized exception logging format to EPFS error handler (line 136–139).

Similar to the EFS handler above, the EPFS error handler at line 136–139 still uses the older format. Update it to match the standardized pattern used in block volumes and buckets handlers.
Suggested fix
             except Exception as error:
                 logger.error(
-                    f"storage - Error fetching EPFS volumes in {location}: {error}"
+                    f"storage - Error fetching EPFS volumes in {location} -- "
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                 )
Based on learnings, the established pattern in this codebase is f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" for caught exceptions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/storage/storage_service.py` around lines 136 -
139, The EPFS error handler exception logging at lines 136–139 is not using the
standardized exception logging format used elsewhere in the file. Update the
logger.error call in the except Exception as error block to use the standardized
pattern: f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
for the error formatting, making it consistent with the EFS handler and other
service handlers like block volumes and buckets.
Source: Learnings

prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json (1)

1-34: ⚠️ Potential issue | 🔴 Critical

Add missing required Compliance field to metadata.

The Compliance field is missing from this metadata file. Per coding guidelines, Compliance.Version is a required non-empty field in all metadata files. Add the Compliance object with an appropriate version (e.g., "Version": "1.0") before merge.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json`
around lines 1 - 34, The metadata JSON file for the
storage_block_volume_not_orphaned check is missing the required Compliance
object. Add a Compliance object containing a Version field (set to "1.0" or an
appropriate version number) to the root level of the JSON structure before the
closing brace. This Compliance field is mandatory per the coding guidelines and
must not be empty.
Source: Coding guidelines

prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json (1)

1-34: ⚠️ Potential issue | 🟠 Major

Add required Compliance field to metadata file.

The metadata file is missing the Compliance field, which is mandatory according to Prowler's metadata contract. Add a Compliance object with version and applicable framework information (e.g., CIS, PCI-DSS, or custom compliance tags).

Example structure to add:

"Compliance": [
  {
    "Framework": "CIS",
    "Version": "1.4.0",
    "ResourceIdTemplate": ""
  }
]

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json`
around lines 1 - 34, The metadata file for the node_public_ip_not_assigned check
is missing the required Compliance field which is mandatory according to
Prowler's metadata contract. Add a Compliance array property to the JSON root
object containing at least one compliance framework entry with Framework,
Version, and ResourceIdTemplate properties. Insert this Compliance field after
the CheckType field or in an appropriate location within the metadata structure
to define which compliance frameworks this check applies to, such as CIS or
PCI-DSS.

Source: Coding guidelines

prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json (1)

1-37: ⚠️ Potential issue | 🔴 Critical

Add required Compliance field to metadata.

The metadata file is missing the required Compliance object with non-empty version information. Per coding guidelines, metadata.json must include a non-empty Compliance Version field.

Add a Compliance object to the root level of the JSON before line 37, for example:
"Compliance": [
  {
    "Name": "...",
    "Version": "..."
  }
]
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json`
around lines 1 - 37, The metadata file for the securitygroup_restrictive_default
check is missing the required Compliance field at the root level of the JSON
object. Add a Compliance array at the root level (as a peer to other root fields
like CheckID, ServiceName, Severity, and ResourceType) that contains at least
one object with non-empty Name and Version fields populated with appropriate
values. This Compliance field must be added before the closing brace of the JSON
object to comply with the required metadata structure.
Source: Coding guidelines

prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py (1)

5-7: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add required type hint and Google-style docstrings to the check class and execute().

Line 5 and Line 6 currently miss required documentation, and execute() lacks its return annotation.

As per coding guidelines, prowler/**/*.py requires type hints for public functions and Google-style docstrings for classes and methods.

Proposed fix

 class node_vpc_attached(Check):
-    def execute(self):
+    """Check whether each node is attached to a VPC."""
+
+    def execute(self) -> list[CheckReportE2e]:
+        """Run the check for all discovered nodes.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL report per node.
+        """
         findings = []

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py`
around lines 5 - 7, The class node_vpc_attached and the execute() method are
missing required documentation and type annotations according to Prowler's
coding guidelines. Add a Google-style docstring to the node_vpc_attached class
that describes its purpose as a check. Add a Google-style docstring to the
execute() method that describes what it does and its parameters. Add a return
type annotation to the execute() method to indicate it returns a list (based on
the findings initialization).

Source: Coding guidelines

prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py (2)

61-96: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add Google-style docstrings to LoadBalancer and its public properties.

LoadBalancer (Line 61) and its public property methods (Lines 73-96) are missing method/class docstrings required by the repository rules.

As per coding guidelines, “Docstrings are required for all classes and methods in Python code, following Google style documentation.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py` around
lines 61 - 96, Add Google-style docstrings to the LoadBalancer class and all its
public properties to comply with repository coding guidelines. The LoadBalancer
class definition needs a docstring describing its purpose and attributes. Each
public property method (resource_id, resource_name, is_alb, is_alb_https, and
has_backend_health_check) needs a docstring following Google style format that
describes what the property returns and its purpose.

Source: Coding guidelines

15-43: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Scope the try block per appliance to avoid dropping an entire location on one bad record.

Line 17 currently wraps both pagination and the full per-location iteration. If one LoadBalancer(...) construction fails for a single item, the loop exits and all remaining appliances in that location are skipped.

Suggested fix

     def _fetch_loadbalancers(self):
         for location in self.provider.session.locations:
             try:
                 appliances = self.client.paginate(
                     "/appliances/",
                     location=location,
                 )
-                for item in appliances:
-                    context = self._extract_context(item)
-                    node_detail = item.get("node_detail", {}) or {}
-                    self.load_balancers.append(
-                        LoadBalancer(
-                            id=str(item.get("id", "")),
-                            name=item.get("name", ""),
-                            location=location,
-                            status=item.get("status", ""),
-                            lb_mode=context.get("lb_mode", ""),
-                            lb_port=str(context.get("lb_port", "")),
-                            enable_bitninja=bool(context.get("enable_bitninja", False)),
-                            ssl_certificate_id=self._get_ssl_certificate_id(context),
-                            backends=context.get("backends", []) or [],
-                            public_ip=node_detail.get("public_ip", ""),
-                        )
-                    )
+                for item in appliances:
+                    try:
+                        context = self._extract_context(item)
+                        node_detail = item.get("node_detail", {}) or {}
+                        self.load_balancers.append(
+                            LoadBalancer(
+                                id=str(item.get("id", "")),
+                                name=item.get("name", ""),
+                                location=location,
+                                status=item.get("status", ""),
+                                lb_mode=context.get("lb_mode", ""),
+                                lb_port=str(context.get("lb_port", "")),
+                                enable_bitninja=bool(context.get("enable_bitninja", False)),
+                                ssl_certificate_id=self._get_ssl_certificate_id(context),
+                                backends=context.get("backends", []) or [],
+                                public_ip=node_detail.get("public_ip", ""),
+                            )
+                        )
+                    except Exception as error:
+                        logger.error(
+                            f"loadbalancer - Error parsing appliance in {location} -- "
+                            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
             except Exception as error:
                 logger.error(
                     f"loadbalancer - Error fetching appliances in {location} -- "
                     f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                 )

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py` around
lines 15 - 43, The try-except block in the _fetch_loadbalancers method wraps too
broadly, covering the entire pagination loop. If one LoadBalancer object
construction fails for a single item, the exception causes the entire location
to be abandoned, skipping all remaining appliances. Move the try-except block to
wrap only the LoadBalancer object construction for each individual item,
allowing the loop to continue processing remaining items in that location when a
single record fails. Keep the pagination and outer loop outside the try-except
so location processing continues even if individual records encounter errors.

♻️ Duplicate comments (8)

prowler/providers/e2e/lib/api/client.py (1)
90-90: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve resource-item shape in paginate() dict branch.

all_items.extend(data.values()) flattens a resource dict into scalar values, which can break downstream consumers that iterate paginate() results and call .get(...) on each item.
Suggested fix
-            elif isinstance(data, dict):
-                all_items.extend(data.values())
+            elif isinstance(data, dict):
+                all_items.append(data)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/lib/api/client.py` at line 90, In the paginate() method
where all_items.extend(data.values()) is called, the current approach flattens
the resource dictionary into scalar values, breaking downstream consumers that
expect each item to be a dictionary-like object with callable .get() methods.
Instead of extending with data.values(), extend all_items with the actual
resource items or dict entries that preserve the original dictionary structure
so that downstream code iterating through the paginate() results can
successfully call .get(...) on each item.
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py (1)
8-8: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add a Google-style docstring to the execute() method.

Per coding guidelines, docstrings are required for all methods in Python code, following Google style documentation. The class has a docstring, but the execute() method is missing one.
📝 Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Execute the bucket versioning check on all object storage buckets.
+
+        Iterates through all object storage buckets in the provider session and
+        evaluates whether versioning is enabled. Reports PASS if versioning
+        status is "Enabled", FAIL otherwise.
+
+        Returns:
+            list[CheckReportE2e]: Check reports for each object storage bucket,
+                each with status PASS or FAIL and descriptive status_extended.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py`
at line 8, The execute() method is missing a Google-style docstring as required
by the coding guidelines. Add a Google-style docstring to the execute() method
that describes its purpose, parameters (if any), return type, and any relevant
behavior. The docstring should follow the standard Google Python style format
with sections for Args, Returns, and any other relevant documentation.
Source: Coding guidelines
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py (1)
8-8: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Document execute() with a Google-style docstring.

Line 8 includes the return type, but the method-level docstring is still missing.

As per coding guidelines, prowler/**/*.py requires docstrings for all classes and methods in Google style.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate bucket encryption settings.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL report per storage bucket.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py`
at line 8, Add a Google-style docstring to the execute() method on line 8. The
docstring should document the method's purpose, its return type
(list[CheckReportE2e]), and follow Google style formatting conventions. Place
the docstring immediately after the method definition line and before any code,
using triple quotes. Include a brief description of what the method does and a
Returns section that describes the list of CheckReportE2e objects being
returned.
Source: Coding guidelines
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py (1)
8-8: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a Google-style docstring to execute() to complete method documentation.

Line 8 has the return type annotation, but the method docstring is still missing.

As per coding guidelines, prowler/**/*.py requires docstrings for all classes and methods in Google style.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate bucket public access configuration.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL report per storage bucket.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py`
at line 8, The execute() method in the storage_bucket_public_access_disabled
class is missing a Google-style docstring. Add a docstring immediately after the
method definition that documents what the method does, its purpose in the E2E
test, and clearly describes the return type as a list of CheckReportE2e objects.
Follow the Google docstring style format with a summary line, followed by an
optional longer description, and a Returns section documenting the return value.
Source: Coding guidelines
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py (1)
8-8: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a Google-style docstring to execute() to satisfy the method-level doc requirement.

Line 8 is typed correctly, but the method still lacks the required docstring.

As per coding guidelines, prowler/**/*.py requires docstrings for all classes and methods in Google style.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate block volumes and flag orphaned available volumes.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL report per block volume.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py`
at line 8, The execute() method is missing a Google-style docstring as required
by coding guidelines. Add a docstring immediately after the method signature for
execute() that describes what the method does, following Google style format
which should include a brief summary of the method's purpose and documentation
of the return type (list[CheckReportE2e]). Ensure the docstring is properly
indented and formatted according to Google's Python style guidelines.
Source: Coding guidelines
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py (1)
10-10: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Provide a Google-style docstring for execute().

Line 10 is a public method without required method documentation.

As per coding guidelines, “Docstrings are required for all classes and methods in Python code, following Google style documentation.”
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py`
at line 10, The execute() method is missing required Google-style documentation.
Add a docstring to the execute() method that follows Google style format,
including a summary of what the method does and documentation of its return type
(list[CheckReportE2e]). Place this docstring immediately after the method
definition line and before the method body.
Source: Coding guidelines
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py (1)
10-10: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add a Google-style docstring to execute().

Line 10 exposes a public method without method-level documentation.

As per coding guidelines, “Docstrings are required for all classes and methods in Python code, following Google style documentation.”
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py`
at line 10, The execute() method in the file is missing a Google-style docstring
as required by coding guidelines. Add a docstring immediately after the method
signature that documents the method's purpose and return type using Google style
format (with sections like Args, Returns, etc. as applicable). The docstring
should clearly describe what the execute() method does and what it returns,
which appears to be a list of CheckReportE2e objects based on the return type
annotation.
Source: Coding guidelines
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py (1)
10-10: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Document execute() with a Google-style docstring.

Line 10 still defines a public method without a docstring.

As per coding guidelines, “Docstrings are required for all classes and methods in Python code, following Google style documentation.”
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py`
at line 10, The execute() method is missing a required Google-style docstring.
Add a docstring immediately after the method definition that documents the
method's purpose, return type, and any relevant details about what the method
does. The docstring should follow Google style format with sections for
Description, Returns, and any other relevant information based on what the
method accomplishes.
Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py`:
- Around line 7-15: The functions _is_open_network and _is_permissive_inbound do
not handle null values that may be returned from the API, causing AttributeError
crashes when calling .lower() and .strip() on None values. Add null/None checks
at the beginning of _is_open_network to return False if the value parameter is
None, and in _is_permissive_inbound add None checks for rule.rule_type,
rule.protocol_name, rule.network, and rule.network_cidr before calling methods
on them to ensure the check produces PASS/FAIL results instead of crashing when
the API returns null values.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py`:
- Around line 7-23: The `_has_permissive_inbound()` function parameter `rules`
is missing a type hint while the adjacent `_is_open_network()` helper function
correctly specifies `value: str`. Add a type annotation to the `rules` parameter
in the `_has_permissive_inbound()` function signature to match the coding
guidelines and maintain consistency with the helper function above it. Use an
appropriate type annotation such as a list type that represents the collection
of security group rules being validated.

In `@tests/providers/e2e/services/network/network_vpc_is_active_test.py`:
- Around line 7-45: Add a new test method called test_no_resources to the
TestNetworkVpcIsActiveCheck class that validates the behavior when there are no
VPCs. This method should follow the same mocking pattern as the existing
test_pass_and_fail method, but set network_client.vpcs to an empty list instead
of the two Vpc objects. After executing network_vpc_is_active().execute(),
assert that the returned findings list has length 0 to verify the check
correctly handles the case where no resources exist.

In `@tests/providers/e2e/services/storage/storage_efs_backup_enabled_test.py`:
- Around line 7-43: Add a new test method called test_no_resources to the
TestStorageEfsBackupEnabledCheck class. This test should follow the same mocking
pattern as test_pass_and_fail but set storage_client.efs_volumes to an empty
list instead of having EFS volume objects. Import and call
storage_efs_backup_enabled().execute() within the mock context, then assert that
the returned findings list has a length of zero to verify the check properly
handles the no-resources scenario.

---

Outside diff comments:
In `@prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py`:
- Around line 61-96: Add Google-style docstrings to the LoadBalancer class and
all its public properties to comply with repository coding guidelines. The
LoadBalancer class definition needs a docstring describing its purpose and
attributes. Each public property method (resource_id, resource_name, is_alb,
is_alb_https, and has_backend_health_check) needs a docstring following Google
style format that describes what the property returns and its purpose.
- Around line 15-43: The try-except block in the _fetch_loadbalancers method
wraps too broadly, covering the entire pagination loop. If one LoadBalancer
object construction fails for a single item, the exception causes the entire
location to be abandoned, skipping all remaining appliances. Move the try-except
block to wrap only the LoadBalancer object construction for each individual
item, allowing the loop to continue processing remaining items in that location
when a single record fails. Keep the pagination and outer loop outside the
try-except so location processing continues even if individual records encounter
errors.

In
`@prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json`:
- Around line 1-34: The metadata file for the node_public_ip_not_assigned check
is missing the required Compliance field which is mandatory according to
Prowler's metadata contract. Add a Compliance array property to the JSON root
object containing at least one compliance framework entry with Framework,
Version, and ResourceIdTemplate properties. Insert this Compliance field after
the CheckType field or in an appropriate location within the metadata structure
to define which compliance frameworks this check applies to, such as CIS or
PCI-DSS.

In `@prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py`:
- Around line 5-7: The class node_vpc_attached and the execute() method are
missing required documentation and type annotations according to Prowler's
coding guidelines. Add a Google-style docstring to the node_vpc_attached class
that describes its purpose as a check. Add a Google-style docstring to the
execute() method that describes what it does and its parameters. Add a return
type annotation to the execute() method to indicate it returns a list (based on
the findings initialization).

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json`:
- Around line 1-37: The metadata file for the securitygroup_restrictive_default
check is missing the required Compliance field at the root level of the JSON
object. Add a Compliance array at the root level (as a peer to other root fields
like CheckID, ServiceName, Severity, and ResourceType) that contains at least
one object with non-empty Name and Version fields populated with appropriate
values. This Compliance field must be added before the closing brace of the JSON
object to comply with the required metadata structure.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json`:
- Around line 1-34: The metadata JSON file for the
storage_block_volume_not_orphaned check is missing the required Compliance
object. Add a Compliance object containing a Version field (set to "1.0" or an
appropriate version number) to the root level of the JSON structure before the
closing brace. This Compliance field is mandatory per the coding guidelines and
must not be empty.

In `@prowler/providers/e2e/services/storage/storage_service.py`:
- Around line 7-19: The `__init__` method in the Storage class is missing a
Google-style docstring and the `provider` parameter lacks a type hint. Add a
Google-style docstring to the `__init__` method that documents the method's
purpose and describes the `provider` parameter. Additionally, add an appropriate
type hint to the `provider` parameter in the method signature to comply with the
coding guidelines requiring type hints for all public functions.
- Around line 99-102: The EFS error handler in the exception block does not
match the standardized exception logging format used in the block volumes and
buckets error handlers. Update the logger.error call in the EFS exception
handler (the except block around line 99-102) to use the standardized format
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" instead
of the current format, while keeping the descriptive prefix about the location
context if needed. This ensures consistent error logging across all three error
handlers in the service.
- Around line 136-139: The EPFS error handler exception logging at lines 136–139
is not using the standardized exception logging format used elsewhere in the
file. Update the logger.error call in the except Exception as error block to use
the standardized pattern:
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" for the
error formatting, making it consistent with the EFS handler and other service
handlers like block volumes and buckets.

In `@tests/providers/e2e/services/database/database_cluster_ssl_enabled_test.py`:
- Around line 7-44: Add a new test method called test_no_resources to the
TestDatabaseClusterSslEnabledCheck class that tests the no-resources scenario.
This method should follow the same structure as the existing test_pass_and_fail
method but set database_client.clusters to an empty list and assert that the
findings returned by database_cluster_ssl_enabled().execute() is an empty list
with len(findings) == 0. This ensures coverage of the required empty-input
behavior as per coding guidelines.

---

Duplicate comments:
In `@prowler/providers/e2e/lib/api/client.py`:
- Line 90: In the paginate() method where all_items.extend(data.values()) is
called, the current approach flattens the resource dictionary into scalar
values, breaking downstream consumers that expect each item to be a
dictionary-like object with callable .get() methods. Instead of extending with
data.values(), extend all_items with the actual resource items or dict entries
that preserve the original dictionary structure so that downstream code
iterating through the paginate() results can successfully call .get(...) on each
item.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py`:
- Line 10: The execute() method is missing a required Google-style docstring.
Add a docstring immediately after the method definition that documents the
method's purpose, return type, and any relevant details about what the method
does. The docstring should follow Google style format with sections for
Description, Returns, and any other relevant information based on what the
method accomplishes.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py`:
- Line 10: The execute() method in the file is missing a Google-style docstring
as required by coding guidelines. Add a docstring immediately after the method
signature that documents the method's purpose and return type using Google style
format (with sections like Args, Returns, etc. as applicable). The docstring
should clearly describe what the execute() method does and what it returns,
which appears to be a list of CheckReportE2e objects based on the return type
annotation.

In
`@prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py`:
- Line 10: The execute() method is missing required Google-style documentation.
Add a docstring to the execute() method that follows Google style format,
including a summary of what the method does and documentation of its return type
(list[CheckReportE2e]). Place this docstring immediately after the method
definition line and before the method body.

In
`@prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py`:
- Line 8: The execute() method is missing a Google-style docstring as required
by coding guidelines. Add a docstring immediately after the method signature for
execute() that describes what the method does, following Google style format
which should include a brief summary of the method's purpose and documentation
of the return type (list[CheckReportE2e]). Ensure the docstring is properly
indented and formatted according to Google's Python style guidelines.

In
`@prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py`:
- Line 8: Add a Google-style docstring to the execute() method on line 8. The
docstring should document the method's purpose, its return type
(list[CheckReportE2e]), and follow Google style formatting conventions. Place
the docstring immediately after the method definition line and before any code,
using triple quotes. Include a brief description of what the method does and a
Returns section that describes the list of CheckReportE2e objects being
returned.

In
`@prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py`:
- Line 8: The execute() method in the storage_bucket_public_access_disabled
class is missing a Google-style docstring. Add a docstring immediately after the
method definition that documents what the method does, its purpose in the E2E
test, and clearly describes the return type as a list of CheckReportE2e objects.
Follow the Google docstring style format with a summary line, followed by an
optional longer description, and a Returns section documenting the return value.

In
`@prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py`:
- Line 8: The execute() method is missing a Google-style docstring as required
by the coding guidelines. Add a Google-style docstring to the execute() method
that describes its purpose, parameters (if any), return type, and any relevant
behavior. The docstring should follow the standard Google Python style format
with sections for Args, Returns, and any other relevant documentation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f6e16578-f934-4b75-8482-a3a294e49fcf

📥 Commits

Reviewing files that changed from the base of the PR and between e4834f0 and 4ea7ed4.

📒 Files selected for processing (51)

prowler/lib/check/models.py
prowler/providers/e2e/docs/schema.md
prowler/providers/e2e/e2e_provider.py
prowler/providers/e2e/lib/api/client.py
prowler/providers/e2e/lib/mutelist/mutelist.py
prowler/providers/e2e/lib/service/service.py
prowler/providers/e2e/models.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_alb_https_uses_ssl_certificate/loadbalancer_alb_https_uses_ssl_certificate.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_backend_health_check_enabled/loadbalancer_backend_health_check_enabled.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.metadata.json
prowler/providers/e2e/services/loadbalancer/loadbalancer_bitninja_enabled/loadbalancer_bitninja_enabled.py
prowler/providers/e2e/services/loadbalancer/loadbalancer_service.py
prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.metadata.json
prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.py
prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.metadata.json
prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.py
prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.metadata.json
prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.py
prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.py
prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.metadata.json
prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.metadata.json
prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_no_all_traffic_rule/securitygroup_no_all_traffic_rule.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.metadata.json
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py
prowler/providers/e2e/services/securitygroup/securitygroup_service.py
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.metadata.json
prowler/providers/e2e/services/storage/storage_block_volume_not_orphaned/storage_block_volume_not_orphaned.py
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.py
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_public_access_disabled/storage_bucket_public_access_disabled.py
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_versioning_enabled/storage_bucket_versioning_enabled.py
prowler/providers/e2e/services/storage/storage_service.py
tests/providers/e2e/lib/arguments/arguments_test.py
tests/providers/e2e/services/database/__init__.py
tests/providers/e2e/services/database/database_cluster_ssl_enabled_test.py
tests/providers/e2e/services/database/database_service_test.py
tests/providers/e2e/services/network/__init__.py
tests/providers/e2e/services/network/network_service_test.py
tests/providers/e2e/services/network/network_vpc_is_active_test.py
tests/providers/e2e/services/node/nodes_service_test.py
tests/providers/e2e/services/storage/__init__.py
tests/providers/e2e/services/storage/storage_efs_backup_enabled_test.py
tests/providers/e2e/services/storage/storage_service_test.py

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@prowler/CHANGELOG.md`:
- Line 36: In the DORA compliance changelog entry for the GCP provider, fix the
typo where "checs" should be changed to "checks". Locate the line mentioning
"DORA (Digital Operational Resilience Act, Regulation (EU) 2022/2554) compliance
coverage for the GCP provider" and correct the misspelled word in the phrase
"mapping existing GCP checs" to read "mapping existing GCP checks" instead.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 760ac9cb-0019-47ac-b55f-daf93642bf22

📥 Commits

Reviewing files that changed from the base of the PR and between 4ea7ed4 and a9958ca.

📒 Files selected for processing (6)

prowler/CHANGELOG.md
tests/lib/cli/parser_test.py
tests/providers/e2e/lib/arguments/e2e_arguments_test.py
tests/providers/e2e/services/database/e2e_database_service_test.py
tests/providers/e2e/services/network/e2e_network_service_test.py
tests/providers/e2e/services/storage/e2e_storage_service_test.py

💤 Files with no reviewable changes (4)

tests/providers/e2e/services/database/e2e_database_service_test.py
tests/providers/e2e/services/network/e2e_network_service_test.py
tests/providers/e2e/lib/arguments/e2e_arguments_test.py
tests/providers/e2e/services/storage/e2e_storage_service_test.py

- Populate check metadata with Risk and CLI remediation - Add docstrings and return types to check classes - Harden security group null handling and standardize logging

coderabbitai

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

prowler/providers/e2e/lib/mutelist/mutelist.py (1)
21-25: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mutelist argument mapping is misaligned with the base contract

On Line 22, is_muted() receives finding.resource_id where the first parameter is the audited account/project scope. On Line 25, the resource slot gets finding.resource_name instead of a stable resource identifier. This will cause valid mutelist entries (account-scoped and resource-id scoped) to miss matches.

Based on learnings from provided context: Mutelist.is_muted expects (audited_account, check, finding_region, finding_resource, finding_tags).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/lib/mutelist/mutelist.py` around lines 21 - 25, The
is_muted() method call in the return statement is passing arguments in an
incorrect order that does not match the expected signature of (audited_account,
check, finding_region, finding_resource, finding_tags). Replace the first
argument from finding.resource_id with the appropriate audited account or
project scope value, and replace finding.resource_name with a stable resource
identifier instead of the resource name. Reorder the arguments if necessary to
align with the base contract signature so that account-scoped and
resource-id-scoped mutelist entries match correctly.
prowler/providers/e2e/services/storage/storage_service.py (1)
21-141: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add method docstrings to the _fetch_* helpers.

Lines 21, 46, 79, and 105 define class methods without docstrings; please add brief Google-style docstrings so these fetch paths are self-documented.

As per coding guidelines, docstrings are required for all classes and methods in prowler/**/*.py.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/storage/storage_service.py` around lines 21 -
141, The four fetch helper methods _fetch_block_volumes, _fetch_buckets,
_fetch_efs_volumes, and _fetch_epfs_volumes are missing docstrings, which
violates the coding guidelines for prowler. Add a brief Google-style docstring
to each method that describes what data it fetches and what it does with the
fetched data. Each docstring should be placed immediately after the method
definition line and explain the method's purpose clearly.
Source: Coding guidelines
prowler/providers/e2e/services/database/database_service.py (1)
54-55: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Normalize usernames to strings before storing in models.

At Line 54, database_info.get("username", "") can still be None when the key exists with a null value. That propagates into cluster data and can crash downstream checks that call .lower().
Suggested fix
-                        master_username=database_info.get("username", ""),
+                        master_username=(database_info.get("username") or ""),
...
-                                username=slave_db.get("username", ""),
+                                username=(slave_db.get("username") or ""),
Also applies to: 95-95
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@prowler/providers/e2e/services/database/database_service.py` around lines 54
- 55, The `database_info.get("username", "")` call at the master_username
assignment (around line 54) can still return None if the key exists with a null
value, since the default only applies when the key is missing. Normalize the
username value by chaining an `or` operator to ensure None values become empty
strings before storing in the model. Apply the same normalization fix to the
similar username retrieval at line 95 to prevent crashes when downstream checks
call `.lower()` on None values.
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.py (1)
1-24: ⚠️ Potential issue | 🟠 Major

Add docstrings to execute() methods in all E2E database check files.

The imports are correctly ordered (no standard library or third-party dependencies needed, only local imports). However, all four database check files—database_cluster_ip_whitelist_configured, database_cluster_public_ip_not_assigned, database_cluster_running, and database_cluster_ssl_enabled—are missing docstrings on their execute() methods. Per the coding guidelines, docstrings are required for all classes and methods in Python code following Google style documentation. Add a concise docstring describing what the method does (e.g., "Runs the check and returns a list of findings for each cluster.").
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.py`
around lines 1 - 24, The execute() method in the
database_cluster_ip_whitelist_configured class is missing a docstring. Add a
Google-style docstring to the execute() method that describes what it does, such
as explaining that it runs the check and returns a list of findings for each
database cluster. The docstring should be placed immediately after the method
definition line and follow the same pattern for all four database check files:
database_cluster_ip_whitelist_configured,
database_cluster_public_ip_not_assigned, database_cluster_running, and
database_cluster_ssl_enabled.
Source: Coding guidelines

♻️ Duplicate comments (5)

prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py (1)
8-8: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document execute() with a Google-style method docstring.

Line 8 is typed correctly, but the method is still missing a docstring.

As per coding guidelines, docstrings are required for all classes and methods in prowler/**/*.py.
Suggested patch
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate lifecycle configuration status for all object storage buckets.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL finding per bucket.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py`
at line 8, The execute() method in the storage_bucket_lifecycle_configured.py
file is missing a required Google-style docstring. Add a docstring immediately
after the method signature that documents the purpose of the method and includes
a Returns section describing the list[CheckReportE2e] return type. This
docstring should follow the Google style guide format used in other prowler
code.
Source: Coding guidelines
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py (1)
8-8: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a method docstring to execute() to complete the check contract docs.

Line 8 has the correct return type but no method docstring.

As per coding guidelines, docstrings are required for all classes and methods in prowler/**/*.py.
Suggested patch
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate object-lock status for all object storage buckets.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL finding per bucket.
+        """
         findings = []
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py`
at line 8, The execute() method in the storage_bucket_lock_enabled check is
missing a docstring, which violates the coding guidelines requiring all methods
in prowler/**/*.py to have documentation. Add a method docstring to the
execute() function that describes its purpose and the return type of
list[CheckReportE2e]. The docstring should follow the project's documentation
standards and be placed immediately after the method signature and before the
method implementation.
Source: Coding guidelines
prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py (1)
8-9: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Document execute() with a Google-style docstring (Line 8).

The method is typed but still lacks the required method docstring.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate whether each VPC is active.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL finding per VPC.
+        """
         findings = []
As per coding guidelines, "Docstrings are required for all classes and methods in Python code, following Google style documentation."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py`
around lines 8 - 9, The execute() method in the CheckReportE2e class lacks a
required Google-style docstring. Add a Google-style docstring immediately after
the method signature that documents the method's purpose, parameters (if any),
and return value. The docstring should explain that the method performs E2E
checks and returns a list of CheckReportE2e findings, following Google
documentation style conventions.
Source: Coding guidelines
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py (1)
8-9: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a Google-style docstring to execute() (Line 8).

execute() is public and currently undocumented, which violates the prowler/**/*.py docstring rule.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate whether each VPC has attached nodes.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL finding per VPC.
+        """
         findings = []
As per coding guidelines, "Docstrings are required for all classes and methods in Python code, following Google style documentation."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py`
around lines 8 - 9, Add a Google-style docstring to the execute() method to
document its purpose and return type. The docstring should follow Google format
with a brief description of what the method does, followed by a Returns section
that documents the return type of list[CheckReportE2e]. Place the docstring
immediately after the method definition line and before the findings = []
statement.
Source: Coding guidelines
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py (1)
8-9: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add the missing Google-style docstring for execute() (Line 8).

This still violates the prowler/**/*.py method-docstring requirement.
Proposed fix
     def execute(self) -> list[CheckReportE2e]:
+        """Evaluate whether each VPC peering tunnel avoids external peers.
+
+        Returns:
+            list[CheckReportE2e]: One PASS/FAIL finding per tunnel.
+        """
         findings = []
As per coding guidelines, "Docstrings are required for all classes and methods in Python code, following Google style documentation."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py`
around lines 8 - 9, The execute() method is missing a required Google-style
docstring. Add a docstring to the execute method that follows Google
documentation conventions, including a brief description of what the method does
and documentation of its return type (list of CheckReportE2e objects). The
docstring should be placed immediately after the method signature and before the
method body where findings is initialized.
Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@prowler/providers/e2e/lib/mutelist/mutelist.py`:
- Line 11: The method `is_finding_muted` has `**kwargs` parameter without a type
annotation, which violates the public function typing requirements. Add a type
annotation to the `**kwargs` parameter in the method signature by using
`**kwargs: Any` (or a more specific type mapping if the acceptable keyword
arguments are known). Ensure the import for `Any` from the `typing` module is
included if it is not already present in the file.

In
`@prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.py`:
- Line 8: The execute() method is missing a Google-style docstring. Add a
docstring to the execute() method that describes what the method does, its
return type, and any relevant details. The docstring should follow Google style
formatting with sections like Description, Returns, and any other relevant
sections that document the method's behavior and purpose. Ensure the docstring
is placed immediately after the method signature definition.

In
`@prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.py`:
- Line 8: The public method `execute()` is missing a required Google-style
docstring. Add a Google-style docstring to the `execute()` method that includes
a brief description of its purpose, documents the return type as
list[CheckReportE2e], and follows proper Google style documentation format with
correct indentation. Ensure the docstring is placed immediately after the method
signature and before any method implementation.

In
`@prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.py`:
- Line 8: The execute() method is missing a Google-style docstring as required
by the repository guidelines. Add a docstring immediately after the method
definition that describes what the method does, including a brief summary of its
purpose and the return value. The docstring should follow Google's Python style
guide format with a description section and a Returns section documenting the
list[CheckReportE2e] return type.

In
`@prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.py`:
- Line 8: The execute() method in the node_compliance_enabled.py file is missing
a required Google-style docstring. Add a docstring immediately after the method
definition that documents what the execute method does, describes its parameters
(if any), specifies the return type as list[CheckReportE2e], and provides a
brief description of what the method returns. Follow Google-style docstring
format with appropriate sections like Args, Returns, and a summary description.

In
`@prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.py`:
- Line 8: The execute() method is missing a required Google-style docstring. Add
a docstring to the execute() method that describes what it does and documents
the return type (list of CheckReportE2e objects). The docstring should follow
Google style format with a description and Returns section.

In
`@prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.py`:
- Line 8: The execute() method is missing a Google-style docstring which is
required by repository guidelines for all methods. Add a docstring immediately
after the method definition line that includes a summary description of what the
method does, an Args section (if applicable), and a Returns section describing
the return type list[CheckReportE2e] following Google's Python docstring
conventions.

In
`@prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.py`:
- Line 8: The execute() method is missing a required docstring. Add a
Google-style docstring to the execute() method that describes what it does, its
return type, and any relevant details about the CheckReportE2e list it returns.
The docstring should be placed immediately after the method signature and before
the method body, following Google Python style guide conventions.

In `@prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py`:
- Line 8: The execute() method is missing a docstring as required by the
repository's coding guidelines. Add a Google-style docstring to the execute()
method that documents what the method does, its return type, and any other
relevant details. The docstring should be placed immediately after the method
definition line and follow the Google docstring format conventions used
throughout the codebase.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py`:
- Line 25: The execute() method is missing a Google-style docstring as required
by coding guidelines. Add a Google-style docstring immediately after the method
definition that describes what the method does and documents the return type.
The docstring should be a triple-quoted string placed right after the method
signature and before the method body, following Google's Python docstring format
with a brief description and a Returns section documenting the
list[CheckReportE2e] return value.

In
`@prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py`:
- Line 31: The execute() method is missing a required docstring. Add a
Google-style docstring to the execute() method that describes its behavior and
documents the return value of type list[CheckReportE2e]. The docstring should
include a description of what the method does and a Returns section explaining
the return type and its contents.

---

Outside diff comments:
In `@prowler/providers/e2e/lib/mutelist/mutelist.py`:
- Around line 21-25: The is_muted() method call in the return statement is
passing arguments in an incorrect order that does not match the expected
signature of (audited_account, check, finding_region, finding_resource,
finding_tags). Replace the first argument from finding.resource_id with the
appropriate audited account or project scope value, and replace
finding.resource_name with a stable resource identifier instead of the resource
name. Reorder the arguments if necessary to align with the base contract
signature so that account-scoped and resource-id-scoped mutelist entries match
correctly.

In
`@prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.py`:
- Around line 1-24: The execute() method in the
database_cluster_ip_whitelist_configured class is missing a docstring. Add a
Google-style docstring to the execute() method that describes what it does, such
as explaining that it runs the check and returns a list of findings for each
database cluster. The docstring should be placed immediately after the method
definition line and follow the same pattern for all four database check files:
database_cluster_ip_whitelist_configured,
database_cluster_public_ip_not_assigned, database_cluster_running, and
database_cluster_ssl_enabled.

In `@prowler/providers/e2e/services/database/database_service.py`:
- Around line 54-55: The `database_info.get("username", "")` call at the
master_username assignment (around line 54) can still return None if the key
exists with a null value, since the default only applies when the key is
missing. Normalize the username value by chaining an `or` operator to ensure
None values become empty strings before storing in the model. Apply the same
normalization fix to the similar username retrieval at line 95 to prevent
crashes when downstream checks call `.lower()` on None values.

In `@prowler/providers/e2e/services/storage/storage_service.py`:
- Around line 21-141: The four fetch helper methods _fetch_block_volumes,
_fetch_buckets, _fetch_efs_volumes, and _fetch_epfs_volumes are missing
docstrings, which violates the coding guidelines for prowler. Add a brief
Google-style docstring to each method that describes what data it fetches and
what it does with the fetched data. Each docstring should be placed immediately
after the method definition line and explain the method's purpose clearly.

---

Duplicate comments:
In
`@prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py`:
- Around line 8-9: Add a Google-style docstring to the execute() method to
document its purpose and return type. The docstring should follow Google format
with a brief description of what the method does, followed by a Returns section
that documents the return type of list[CheckReportE2e]. Place the docstring
immediately after the method definition line and before the findings = []
statement.

In
`@prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py`:
- Around line 8-9: The execute() method in the CheckReportE2e class lacks a
required Google-style docstring. Add a Google-style docstring immediately after
the method signature that documents the method's purpose, parameters (if any),
and return value. The docstring should explain that the method performs E2E
checks and returns a list of CheckReportE2e findings, following Google
documentation style conventions.

In
`@prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py`:
- Around line 8-9: The execute() method is missing a required Google-style
docstring. Add a docstring to the execute method that follows Google
documentation conventions, including a brief description of what the method does
and documentation of its return type (list of CheckReportE2e objects). The
docstring should be placed immediately after the method signature and before the
method body where findings is initialized.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py`:
- Line 8: The execute() method in the storage_bucket_lifecycle_configured.py
file is missing a required Google-style docstring. Add a docstring immediately
after the method signature that documents the purpose of the method and includes
a Returns section describing the list[CheckReportE2e] return type. This
docstring should follow the Google style guide format used in other prowler
code.

In
`@prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py`:
- Line 8: The execute() method in the storage_bucket_lock_enabled check is
missing a docstring, which violates the coding guidelines requiring all methods
in prowler/**/*.py to have documentation. Add a method docstring to the
execute() function that describes its purpose and the return type of
list[CheckReportE2e]. The docstring should follow the project's documentation
standards and be placed immediately after the method signature and before the
method implementation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 300dcea5-ae9c-40fc-8a63-04368dcbf59c

📥 Commits

Reviewing files that changed from the base of the PR and between a9958ca and d99c821.

📒 Files selected for processing (49)

prowler/CHANGELOG.md
prowler/providers/e2e/lib/mutelist/mutelist.py
prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.metadata.json
prowler/providers/e2e/services/database/database_cluster_backup_enabled/database_cluster_backup_enabled.py
prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.metadata.json
prowler/providers/e2e/services/database/database_cluster_default_admin_username/database_cluster_default_admin_username.py
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.metadata.json
prowler/providers/e2e/services/database/database_cluster_ip_whitelist_configured/database_cluster_ip_whitelist_configured.py
prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/database/database_cluster_public_ip_not_assigned/database_cluster_public_ip_not_assigned.py
prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.metadata.json
prowler/providers/e2e/services/database/database_cluster_running/database_cluster_running.py
prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.metadata.json
prowler/providers/e2e/services/database/database_cluster_ssl_enabled/database_cluster_ssl_enabled.py
prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.metadata.json
prowler/providers/e2e/services/database/database_replica_public_ip_not_assigned/database_replica_public_ip_not_assigned.py
prowler/providers/e2e/services/database/database_service.py
prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.metadata.json
prowler/providers/e2e/services/network/network_reserveip_floating_ip_unattached/network_reserveip_floating_ip_unattached.py
prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.metadata.json
prowler/providers/e2e/services/network/network_reserveip_orphaned_public_ip/network_reserveip_orphaned_public_ip.py
prowler/providers/e2e/services/network/network_service.py
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.metadata.json
prowler/providers/e2e/services/network/network_vpc_has_attached_nodes/network_vpc_has_attached_nodes.py
prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.metadata.json
prowler/providers/e2e/services/network/network_vpc_is_active/network_vpc_is_active.py
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.metadata.json
prowler/providers/e2e/services/network/network_vpc_peering_external_peer_disabled/network_vpc_peering_external_peer_disabled.py
prowler/providers/e2e/services/node/node_accidental_protection_enabled/node_accidental_protection_enabled.py
prowler/providers/e2e/services/node/node_compliance_enabled/node_compliance_enabled.py
prowler/providers/e2e/services/node/node_encryption_enabled/node_encryption_enabled.py
prowler/providers/e2e/services/node/node_public_ip_not_assigned/node_public_ip_not_assigned.py
prowler/providers/e2e/services/node/node_rescue_mode_disabled/node_rescue_mode_disabled.py
prowler/providers/e2e/services/node/node_vpc_attached/node_vpc_attached.py
prowler/providers/e2e/services/node/nodes_service.py
prowler/providers/e2e/services/securitygroup/securitygroup_no_inbound_any_all_ports/securitygroup_no_inbound_any_all_ports.py
prowler/providers/e2e/services/securitygroup/securitygroup_restrictive_default/securitygroup_restrictive_default.py
prowler/providers/e2e/services/storage/storage_bucket_encryption_enabled/storage_bucket_encryption_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_lifecycle_configured/storage_bucket_lifecycle_configured.py
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_bucket_lock_enabled/storage_bucket_lock_enabled.py
prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.metadata.json
prowler/providers/e2e/services/storage/storage_efs_backup_enabled/storage_efs_backup_enabled.py
prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.metadata.json
prowler/providers/e2e/services/storage/storage_efs_vpc_access_restricted/storage_efs_vpc_access_restricted.py
prowler/providers/e2e/services/storage/storage_service.py
tests/providers/e2e/services/network/network_vpc_is_active_test.py
tests/providers/e2e/services/storage/storage_efs_backup_enabled_test.py

danibarranqueroo · 2026-06-22T09:50:31Z

Hello @deepak7093! Thanks for this 🙌
We'll review this as soon as we can. In the meantime, a couple of things that would help:

Could you update the PR body with some context? for example, where this provider comes from, how many checks it has, and anything else you think is relevant?
If possible, share a few screenshots of the provider working. This really speeds up our review! 🚀

Thanks again for contributing a new provider! ❤️

e2e provider

00fb71b

deepak7093 requested a review from a team as a code owner June 19, 2026 17:06

github-actions Bot added documentation output/html Issues/PRs related with the HTML output format compliance Issues/PRs related with the Compliance Frameworks metadata-review labels Jun 19, 2026

github-actions Bot added the community Opened by the Community label Jun 19, 2026

github-advanced-security AI found potential problems Jun 19, 2026

View reviewed changes

Comment thread prowler/providers/e2e/lib/mutelist/mutelist.py Fixed

Comment thread prowler/providers/e2e/models.py Fixed

coderabbitai Bot requested changes Jun 19, 2026

View reviewed changes

deepak7093 added 2 commits June 20, 2026 22:23

e2e addon checks

e4834f0

e2e addon test cases

6d27d2c

coderabbitai Bot requested changes Jun 20, 2026

View reviewed changes

deepak7093 added 2 commits June 20, 2026 22:35

e2e fix code issues

4ea7ed4

e2e fix code test cases

a9958ca

github-advanced-security AI found potential problems Jun 20, 2026

View reviewed changes

Comment thread prowler/providers/e2e/lib/mutelist/mutelist.py Fixed

coderabbitai Bot requested changes Jun 20, 2026

View reviewed changes

Comment thread prowler/CHANGELOG.md Outdated

fix(sdk): address E2E provider PR review feedback

d99c821

- Populate check metadata with Risk and CLI remediation - Add docstrings and return types to check classes - Harden security group null handling and standardize logging

coderabbitai Bot requested changes Jun 20, 2026

View reviewed changes

fix: foramt and lint

f346d2a

deepak7093 changed the title ~~e2e provider~~ feat(e2e): provider for e2e cloud Jun 20, 2026

fix: codecov issues

671a743

deepak7093 requested a review from a team as a code owner June 20, 2026 18:02

github-actions Bot added the github_actions Pull requests that update GitHub Actions code label Jun 20, 2026

danibarranqueroo added the status/awaiting-reponse Waiting response from owner label Jun 23, 2026

Uh oh!

Uh oh!

Conversation

deepak7093 commented Jun 19, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Context

Description

Steps to review

Checklist

SDK/CLI

UI

API

License

Summary by CodeRabbit

Release Notes

Uh oh!

coderabbitai Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Suggested reviewers

❌ Failed checks (2 warnings)

Uh oh!

github-actions Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

codecov Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot Jun 20, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

deepak7093 commented Jun 19, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Jun 19, 2026 •

edited

Loading

github-actions Bot commented Jun 19, 2026 •

edited

Loading

codecov Bot commented Jun 19, 2026 •

edited

Loading