fix(oci): fix identity clients (#10520)

Co-authored-by: Ronan Chota <ronan.chota@saic.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>

Author: 3 people

prowler/CHANGELOG.md

@@ -43,6 +43,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Oracle Cloud patch for filestorage, blockstorage, kms, and compute services in OCI to allow for region scanning outside home [(#10455)](https://github.com/prowler-cloud/prowler/pull/10472)
 - Oracle cloud provider now supports multi-region filtering [(#10435)](https://github.com/prowler-cloud/prowler/pull/10473)
 - `prowler image --registry` failing with `ImageNoImagesProvidedError` due to registry arguments not being forwarded to `ImageProvider` in `init_global_provider` [(#10457)](https://github.com/prowler-cloud/prowler/issues/10457)
+- Oracle Cloud multi-region support for identity client configuration in blockstorage, identity, and filestorage services [(#10519)](https://github.com/prowler-cloud/prowler/pull/10520)
 
 ---
 

prowler/providers/oraclecloud/services/blockstorage/blockstorage_service.py

@@ -111,7 +111,8 @@ def __list_boot_volumes__(self, regional_client):
                 try:
                     # Get availability domains for this compartment
                     identity_client = self._create_oci_client(
-                        oci.identity.IdentityClient
+                        oci.identity.IdentityClient,
+                        config_overrides={"region": regional_client.region},
                     )
                     availability_domains = identity_client.list_availability_domains(
                         compartment_id=compartment.id

prowler/providers/oraclecloud/services/filestorage/filestorage_service.py

@@ -39,7 +39,8 @@ def __list_file_systems__(self, regional_client):
                 try:
                     # Get availability domains for this compartment
                     identity_client = self._create_oci_client(
-                        oci.identity.IdentityClient
+                        oci.identity.IdentityClient,
+                        config_overrides={"region": regional_client.region},
                     )
                     availability_domains = identity_client.list_availability_domains(
                         compartment_id=compartment.id

prowler/providers/oraclecloud/services/identity/identity_service.py

@@ -35,7 +35,7 @@ def __init__(self, provider):
         self.__threading_call__(self.__list_dynamic_groups__)
         self.__threading_call__(self.__list_domains__)
         self.__threading_call__(self.__list_domain_password_policies__)
-        self.__get_password_policy__()
+        self.__threading_call__(self.__get_password_policy__)
         self.__threading_call__(self.__search_root_compartment_resources__)
         self.__threading_call__(self.__search_active_non_root_compartments__)
 
@@ -49,10 +49,9 @@ def __get_client__(self, region):
         Returns:
             Identity client instance
         """
-        client_region = self.regional_clients.get(region)
-        if client_region:
-            return self._create_oci_client(oci.identity.IdentityClient)
-        return None
+        return self._create_oci_client(
+            oci.identity.IdentityClient, config_overrides={"region": region}
+        )
 
     def __list_users__(self, regional_client):
         """
@@ -66,7 +65,7 @@ def __list_users__(self, regional_client):
             if regional_client.region not in self.provider.identity.region:
                 return
 
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Listing Users...")
 
@@ -316,7 +315,7 @@ def __list_groups__(self, regional_client):
             if regional_client.region not in self.provider.identity.region:
                 return
 
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Listing Groups...")
 
@@ -359,7 +358,7 @@ def __list_policies__(self, regional_client):
             if regional_client.region not in self.provider.identity.region:
                 return
 
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Listing Policies...")
 
@@ -404,7 +403,7 @@ def __list_dynamic_groups__(self, regional_client):
             if regional_client.region not in self.provider.identity.region:
                 return
 
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Listing Dynamic Groups...")
 
@@ -452,7 +451,7 @@ def __list_domains__(self, regional_client):
             if regional_client.region not in self.provider.identity.region:
                 return
 
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Listing Identity Domains...")
 
@@ -549,10 +548,13 @@ def __list_domain_password_policies__(self, regional_client):
                 f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )
 
-    def __get_password_policy__(self):
+    def __get_password_policy__(self, regional_client):
         """Get the password policy for the tenancy."""
         try:
-            identity_client = self._create_oci_client(oci.identity.IdentityClient)
+            if regional_client.region not in self.provider.identity.region:
+                return
+
+            identity_client = self.__get_client__(regional_client.region)
 
             logger.info("Identity - Getting Password Policy...")
 
@@ -584,7 +586,8 @@ def __search_root_compartment_resources__(self, regional_client):
 
             # Create search client using the helper method for proper authentication
             search_client = self._create_oci_client(
-                oci.resource_search.ResourceSearchClient
+                oci.resource_search.ResourceSearchClient,
+                config_overrides={"region": regional_client.region},
             )
 
             # Query to search for resources in root compartment
@@ -631,7 +634,8 @@ def __search_active_non_root_compartments__(self, regional_client):
 
             # Create search client using the helper method for proper authentication
             search_client = self._create_oci_client(
-                oci.resource_search.ResourceSearchClient
+                oci.resource_search.ResourceSearchClient,
+                config_overrides={"region": regional_client.region},
             )
 
             # Query to search for active compartments in the tenancy (excluding root)