- Home
- Skills
- Prowler Cloud
- Prowler
- Prowler Api
prowler-api_skill
- Python
12.8k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill prowler-cloud/prowler --skill prowler-api- SKILL.md17.1 KB
Overview
This skill codifies Prowler API patterns for tenant isolation, RBAC, provider lifecycle, and Celery tasks. It targets api/ models, serializers, viewsets, filters, and tasks where Row-Level Security (RLS) and provider context are required. Use it to enforce safe, consistent multi-tenant behavior across the codebase.
How this skill works
The skill inspects code changes in api/ related to models, serializers, viewsets, filters, and tasks and checks for Prowler-specific patterns and required guards. It validates RLS usage, verifies RBAC calls like get_role(), enforces decorator order for Celery tasks, ensures explicit through models for M2M relations, and flags unsafe DB access outside RLS context. It also enforces database routing and Celery queue/beat patterns.
When to use it
- Implementing or modifying tenant-scoped models, serializers, viewsets, or filters in api/
- Adding or changing provider lifecycle validation, provider UID validators, or provider CRUD logic
- Creating or updating Celery tasks that access tenant data or providers
- Introducing M2M relationships — ensure explicit through models with tenant_id
- Working with multi-database reads/writes or admin bypass operations
Best practices
- Always wrap background work with rls_transaction(tenant_id) when querying outside a ViewSet
- Always call get_role() before permission checks; it returns the first role only
- Always apply @set_tenant before @handle_provider_deletion on Celery tasks
- Never access Provider.objects or use raw SQL/connection.cursor() without RLS context
- Use explicit through models for all M2M fields so tenant_id is enforced
Example use cases
- Create a new RLS-protected model inheriting RowLevelSecurityProtectedModel with RowLevelSecurityConstraint
- Add a provider validation method like validate_aws_uid() and wire it into ProviderChoices
- Implement a long-running provider check that returns 202 Accepted and enqueues a named Celery task
- Build a Celery task using @set_tenant and rls_transaction(tenant_id) to safely update tenant data
- Migrate a default M2M to an explicit through model to satisfy RLS requirements
FAQ
Yes. rls_transaction accepts UUID objects or strings and converts them internally via str(value).
When should I use the admin DB alias?
Use MainRouter.admin_db only for cross-tenant admin operations or auth lookups that must bypass RLS; avoid it for normal tenant-scoped queries.