fix(models): only update resources when tags are created

[vicferpoy]

Context

Compliance and scan tasks were putting excessive write pressure on the database, and UPDATE "resources" was one of the top SQLs even when nothing changed on the resource.

Description

Adjusted Resource.upsert_or_delete_tags to only save the Resource when a tag mapping is actually created. Tag mappings are still upserted as before, but we no longer issue a resource UPDATE (and bump updated_at) when the tag set is unchanged, reducing write load during scans.

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler-api:f2cfa16
Last scan: 2025-12-16 12:08:31 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.43%. Comparing base (d4b90ab) to head (dc832df).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9569      +/-   ##
==========================================
+ Coverage   82.82%   92.43%   +9.61%     
==========================================
  Files          23      159     +136     
  Lines         652    22678   +22026     
==========================================
+ Hits          540    20963   +20423     
- Misses        112     1715    +1603     

Flag	Coverage Δ
api	92.43% <100.00%> (?)
prowler-py3.10-mongodbatlas	?
prowler-py3.11-mongodbatlas	?
prowler-py3.12-mongodbatlas	?
prowler-py3.9-mongodbatlas	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	92.43% <100.00%> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.