fix(iam_inline_policy_no_administrative_privileges): set resource id …

…as the entity name (#2820)
prowler-cloud · Sep 22, 2023 · 70fbf16 · 70fbf16
1 parent 87ddb6b
commit 70fbf16
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/...ine_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges.py b/...ine_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges.py
@@ -10,7 +10,7 @@ def execute(self) -> Check_Report_AWS:
                 report = Check_Report_AWS(self.metadata())
                 report.region = iam_client.region
                 report.resource_arn = policy.arn
-                report.resource_id = policy.name
+                report.resource_id = policy.entity
                 report.resource_tags = policy.tags
                 report.status = "PASS"
                 report.status_extended = f"{policy.type} policy {policy.name} for IAM identity {policy.arn} does not allow '*:*' administrative privileges."

diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py
@@ -398,6 +398,7 @@ def __list_inline_user_policies__(self):
                                 Policy(
                                     name=policy,
                                     arn=user.arn,
+                                    entity=user.name,
                                     type="Inline",
                                     attached=True,
                                     version_id="v1",
@@ -438,6 +439,7 @@ def __list_inline_group_policies__(self):
                                 Policy(
                                     name=policy,
                                     arn=group.arn,
+                                    entity=group.name,
                                     type="Inline",
                                     attached=True,
                                     version_id="v1",
@@ -478,6 +480,7 @@ def __list_inline_role_policies__(self):
                                 Policy(
                                     name=policy,
                                     arn=role.arn,
+                                    entity=role.name,
                                     type="Inline",
                                     attached=True,
                                     version_id="v1",
@@ -536,6 +539,7 @@ def __list_policies__(self, scope):
                             Policy(
                                 name=policy["PolicyName"],
                                 arn=policy["Arn"],
+                                entity=policy["PolicyId"],
                                 version_id=policy["DefaultVersionId"],
                                 type="Custom" if scope == "Local" else "AWS",
                                 attached=True
@@ -714,6 +718,7 @@ class Certificate(BaseModel):
 class Policy(BaseModel):
     name: str
     arn: str
+    entity: str
     version_id: str
     type: str
     attached: bool

diff --git a/...olicy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py b/...olicy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py
@@ -128,7 +128,7 @@ def test_groups_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == group_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == group_name
             assert results[0].resource_tags == []
             assert results[0].status == "FAIL"
             assert (
@@ -172,7 +172,7 @@ def test_groups_no_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == group_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == group_name
             assert results[0].resource_tags == []
             assert results[0].status == "PASS"
             assert (
@@ -316,7 +316,7 @@ def test_roles_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == role_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == role_name
             assert results[0].resource_tags == []
             assert results[0].status == "FAIL"
             assert (
@@ -363,7 +363,7 @@ def test_roles_no_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == role_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == role_name
             assert results[0].resource_tags == []
             assert results[0].status == "PASS"
             assert (
@@ -507,7 +507,7 @@ def test_users_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == user_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == user_name
             assert results[0].resource_tags == []
             assert results[0].status == "FAIL"
             assert (
@@ -553,7 +553,7 @@ def test_users_no_admin_inline_policy(self):
             assert len(results) == 1
             assert results[0].region == AWS_REGION
             assert results[0].resource_arn == user_arn
-            assert results[0].resource_id == policy_name
+            assert results[0].resource_id == user_name
             assert results[0].resource_tags == []
             assert results[0].status == "PASS"
             assert (

diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py
@@ -818,6 +818,7 @@ def test__list_inline_user_policies__(self):
                     type="Inline",
                     attached=True,
                     document=INLINE_POLICY_NOT_ADMIN,
+                    entity=user_name,
                 )
 
     # Test IAM Group Inline Policy
@@ -861,6 +862,7 @@ def test__list_inline_group_policies__(self):
                     type="Inline",
                     attached=True,
                     document=INLINE_POLICY_NOT_ADMIN,
+                    entity=group_name,
                 )
 
     # Test IAM Role Inline Policy
@@ -906,4 +908,5 @@ def test__list_inline_role_policies__(self):
                     type="Inline",
                     attached=True,
                     document=INLINE_POLICY_NOT_ADMIN,
+                    entity=role_name,
                 )