feat(IAM): add new check `iam_group_administrator_access_policy`

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://prowler.com

Apache License 2.0

10.76k stars 1.53k forks source link

feat(IAM): add new check `iam_group_administrator_access_policy` #4831

Closed puchy22 closed 2 months ago

puchy22 commented 2 months ago

Context

There was no check for ensuring Admin privileges for IAM groups.

Fix #4807

Description

[x] Added new check logic
[x] Added unit testing with admin and not admin user

Checklist

Are there new checks included in this PR? Yes
- If so, do we need to update permissions for the provider? No
[x] Review if the code is being covered by tests.
[x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 89.15%. Comparing base (0c7b960) to head (2d3067c). Report is 7 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #4831 +/- ## ========================================== + Coverage 89.06% 89.15% +0.09% ========================================== Files 926 929 +3 Lines 28365 28448 +83 ========================================== + Hits 25262 25362 +100 + Misses 3103 3086 -17 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.