fix(gcp): Updated iam_audit_logs_enabled to check for default configuration

[tom-intruder]

Context

The current check iam_audit_logs_enabled will pass if any audit log is enabled.
The recommended configuration is to enable audit logging for every service in GCP.
The proposed changes ensure that all audit logging is enabled for every service.

Description

• Updated cloudresourcemanager_service to store the audit log configuration instead of a boolean
• Changed iam_audit_logs_enabled to fail by default
• Added logic to check for all 3 audit log types under allServices

Steps to review

To test this change, we need to create a fresh GCP project and modify the audit log settings under IAM - Audit Logs.

Original

First, to test if the check passes when all audit logging is enabled

• Set the default configuration to enable all audit logs and run the check
• Notice the check passes - Expected

To test if the check fails when partial audit logging is disabled

• Set the default configuration to disable audit logs for data write
• Run the existing check and notice the check passes - Unexpected

To test if the check fails when all audit logging is disabled

• Set the default configuration to disable all audit logs and re-run the check
• Notice the check fails - Expected

To test if the check fails when only a service's audit logging is enabled

• Now enable audit logs for a single service
• Run the existing check and notice the check passes - Unexpected

Proposed Changes

Now we will test the proposed changes
First, to test if the check passes when all audit logging is enabled

• Set the default configuration to enable all audit logs and run the check
• Notice the check passes - Expected

To test if the check fails when partial audit logging is disabled

• Set the default configuration to disable audit logs for data write
• Run the check and notice it fails - Expected

To test if the check fails when all audit logging is disabled
Make sure to disable the single service audit logs

• Set the default configuration to disable all audit logs and run the check
• Notice the check fails - Expected

To test if the check fails when only a service's audit logging is enabled

• Now enable audit logs for a single service
• Run the check and notice it fails - Expected

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.66%. Comparing base (06ded98) to head (914b66d).
⚠️ Report is 7 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8633      +/-   ##
==========================================
+ Coverage   75.47%   81.66%   +6.18%     
==========================================
  Files          72      185     +113     
  Lines        4782     7492    +2710     
==========================================
+ Hits         3609     6118    +2509     
- Misses       1173     1374     +201     

Flag	Coverage Δ
prowler	81.66% <100.00%> (+6.18%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	81.66% <100.00%> (+6.18%)	⬆️
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.