fix(eks_endpoints_not_publicly_accessible): handle endpoint private access (#2825)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>
2026-02-11 07:15:15 +00:00 · 2023-09-22 11:19:56 +02:00
parent 50bc5309f5
commit 6204f6cdc8
2 changed files with 5 additions and 1 deletions
--- a/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py
@@ -15,7 +15,7 @@ class eks_endpoints_not_publicly_accessible(Check):
            report.status_extended = (
                f"Cluster endpoint access is private for EKS cluster {cluster.name}."
            )
-            if cluster.endpoint_public_access and not cluster.endpoint_private_access:
+            if cluster.endpoint_public_access:
                report.status = "FAIL"
                report.status_extended = (
                    f"Cluster endpoint access is public for EKS cluster {cluster.name}."
--- a/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py
+++ b/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py
@@ -58,6 +58,8 @@ class Test_eks_endpoints_not_publicly_accessible:
            )
            assert result[0].resource_id == cluster_name
            assert result[0].resource_arn == cluster_arn
+            assert result[0].resource_tags == []
+            assert result[0].region == AWS_REGION

    def test_endpoint_not_public_access(self):
        eks_client = mock.MagicMock
@@ -91,3 +93,5 @@ class Test_eks_endpoints_not_publicly_accessible:
            )
            assert result[0].resource_id == cluster_name
            assert result[0].resource_arn == cluster_arn
+            assert result[0].resource_tags == []
+            assert result[0].region == AWS_REGION