revert: RLS transactions handling and DB custom backend (#7995)

Co-authored-by: Víctor Fernández Poyatos <[email protected]>

Author: prowler-bot

.github/workflows/api-pull-request.yml

@@ -159,7 +159,7 @@ jobs:
         working-directory: ./api
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
         run: |
-          poetry run safety check --ignore 70612,66963,74429
+          poetry run safety check --ignore 70612,66963,74429,77119
 
       - name: Vulture
         working-directory: ./api

api/.pre-commit-config.yaml

@@ -80,7 +80,7 @@ repos:
       - id: safety
         name: safety
         description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429'
+        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429,77119'
         language: system
 
       - id: vulture

api/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to the **Prowler API** are documented in this file.
 
+## [v1.8.4] (Prowler v5.7.4)
+
+### Removed
+- Reverted RLS transaction handling and DB custom backend [(#7994)](https://github.com/prowler-cloud/prowler/pull/7994).
+
+---
+
 ## [v1.8.3] (Prowler v5.7.3)
 
 ### Added
@@ -15,7 +22,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932).
 - Fixed the connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)
 
-
 ---
 
 ## [v1.8.2] (Prowler v5.7.2)
@@ -98,7 +104,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - Fixed a race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172).
 - Handled exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283).
 
-
 ### Added
 
 - Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).

api/pyproject.toml

@@ -35,7 +35,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.8.3"
+version = "1.8.4"
 
 [project.scripts]
 celery = "src.backend.config.settings.celery"

api/src/backend/api/base_views.py

@@ -47,9 +47,11 @@ def get_queryset(self):
 
 
 class BaseRLSViewSet(BaseViewSet):
-    def initial(self, request, *args, **kwargs):
-        super().initial(request, *args, **kwargs)
+    def dispatch(self, request, *args, **kwargs):
+        with transaction.atomic():
+            return super().dispatch(request, *args, **kwargs)
 
+    def initial(self, request, *args, **kwargs):
         # Ideally, this logic would be in the `.setup()` method but DRF view sets don't call it
         # https://docs.djangoproject.com/en/5.1/ref/class-based-views/base/#django.views.generic.base.View.setup
         if request.auth is None:
@@ -59,19 +61,9 @@ def initial(self, request, *args, **kwargs):
         if tenant_id is None:
             raise NotAuthenticated("Tenant ID is not present in token")
 
-        self.request.tenant_id = tenant_id
-
-        self._rls_cm = rls_transaction(tenant_id)
-        self._rls_cm.__enter__()
-
-    def finalize_response(self, request, response, *args, **kwargs):
-        response = super().finalize_response(request, response, *args, **kwargs)
-
-        if hasattr(self, "_rls_cm"):
-            self._rls_cm.__exit__(None, None, None)
-            del self._rls_cm
-
-        return response
+        with rls_transaction(tenant_id):
+            self.request.tenant_id = tenant_id
+            return super().initial(request, *args, **kwargs)
 
     def get_serializer_context(self):
         context = super().get_serializer_context()
@@ -117,8 +109,6 @@ def _handle_creation_error(self, error, tenant):
                 pass  # Tenant might not exist, handle gracefully
 
     def initial(self, request, *args, **kwargs):
-        super().initial(request, *args, **kwargs)
-
         if request.auth is None:
             raise NotAuthenticated
 
@@ -127,44 +117,26 @@ def initial(self, request, *args, **kwargs):
             raise NotAuthenticated("Tenant ID is not present in token")
 
         user_id = str(request.user.id)
-
-        self._rls_cm = rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR)
-        self._rls_cm.__enter__()
-
-    def finalize_response(self, request, response, *args, **kwargs):
-        response = super().finalize_response(request, response, *args, **kwargs)
-
-        if hasattr(self, "_rls_cm"):
-            self._rls_cm.__exit__(None, None, None)
-            del self._rls_cm
-
-        return response
+        with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
+            return super().initial(request, *args, **kwargs)
 
 
 class BaseUserViewset(BaseViewSet):
-    def initial(self, request, *args, **kwargs):
-        super().initial(request, *args, **kwargs)
+    def dispatch(self, request, *args, **kwargs):
+        with transaction.atomic():
+            return super().dispatch(request, *args, **kwargs)
 
+    def initial(self, request, *args, **kwargs):
         # TODO refactor after improving RLS on users
         if request.stream is not None and request.stream.method == "POST":
-            return
+            return super().initial(request, *args, **kwargs)
         if request.auth is None:
             raise NotAuthenticated
 
         tenant_id = request.auth.get("tenant_id")
         if tenant_id is None:
             raise NotAuthenticated("Tenant ID is not present in token")
 
-        self.request.tenant_id = tenant_id
-
-        self._rls_cm = rls_transaction(tenant_id)
-        self._rls_cm.__enter__()
-
-    def finalize_response(self, request, response, *args, **kwargs):
-        response = super().finalize_response(request, response, *args, **kwargs)
-
-        if hasattr(self, "_rls_cm"):
-            self._rls_cm.__exit__(None, None, None)
-            del self._rls_cm
-
-        return response
+        with rls_transaction(tenant_id):
+            self.request.tenant_id = tenant_id
+            return super().initial(request, *args, **kwargs)

api/src/backend/api/specs/v1.yaml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: Prowler API
-  version: 1.8.3
+  version: 1.8.4
   description: |-
     Prowler API specification.
 

api/src/backend/api/v1/views.py

@@ -260,7 +260,7 @@ class SchemaView(SpectacularAPIView):
 
     def get(self, request, *args, **kwargs):
         spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.8.3"
+        spectacular_settings.VERSION = "1.8.4"
         spectacular_settings.DESCRIPTION = (
             "Prowler API specification.\n\nThis file is auto-generated."
         )

api/src/backend/config/django/base.py

@@ -127,7 +127,6 @@
 }
 
 DATABASE_ROUTERS = ["api.db_router.MainRouter"]
-POSTGRES_EXTRA_DB_BACKEND_BASE = "database_backend"
 
 
 # Password validation