From 6204f6cdc8a26b735209c273930a5bab398a3d6c Mon Sep 17 00:00:00 2001
From: Fennerr <41741346+Fennerr@users.noreply.github.com>
Date: Fri, 22 Sep 2023 11:19:56 +0200
Subject: [PATCH] fix(eks_endpoints_not_publicly_accessible): handle endpoint
 private access (#2825)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>
---
 .../eks_endpoints_not_publicly_accessible.py                  | 2 +-
 .../eks_endpoints_not_publicly_accessible_test.py             | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py b/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py
index 22178448..99cd2cb3 100644
--- a/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py
@@ -15,7 +15,7 @@ class eks_endpoints_not_publicly_accessible(Check):
             report.status_extended = (
                 f"Cluster endpoint access is private for EKS cluster {cluster.name}."
             )
-            if cluster.endpoint_public_access and not cluster.endpoint_private_access:
+            if cluster.endpoint_public_access:
                 report.status = "FAIL"
                 report.status_extended = (
                     f"Cluster endpoint access is public for EKS cluster {cluster.name}."
diff --git a/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py b/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py
index 5ad7dba1..58e0bbaa 100644
--- a/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py
+++ b/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py
@@ -58,6 +58,8 @@ class Test_eks_endpoints_not_publicly_accessible:
             )
             assert result[0].resource_id == cluster_name
             assert result[0].resource_arn == cluster_arn
+            assert result[0].resource_tags == []
+            assert result[0].region == AWS_REGION
 
     def test_endpoint_not_public_access(self):
         eks_client = mock.MagicMock
@@ -91,3 +93,5 @@ class Test_eks_endpoints_not_publicly_accessible:
             )
             assert result[0].resource_id == cluster_name
             assert result[0].resource_arn == cluster_arn
+            assert result[0].resource_tags == []
+            assert result[0].region == AWS_REGION