fix(): password enabled issues in iam_user_mfa_enabled_console_access (#1634)

2026-02-10 14:55:00 +00:00 · 2023-01-02 14:08:45 +01:00
parent 99d1cea537
commit 79c09e613b
2 changed files with 48 additions and 5 deletions
--- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py
+++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py
@@ -6,7 +6,7 @@ from moto import mock_iam

 class Test_iam_user_mfa_enabled_console_access_test:
    @mock_iam
-    def test_user_not_password_console_enabled(self):
+    def test_root_user_not_password_console_enabled(self):
        iam_client = client("iam")
        user = "test-user"
        arn = iam_client.create_user(UserName=user)["User"]["Arn"]
@@ -14,6 +14,7 @@ class Test_iam_user_mfa_enabled_console_access_test:
        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
        from prowler.providers.aws.services.iam.iam_service import IAM

+        current_audit_info.audited_partition = "aws"
        with mock.patch(
            "prowler.providers.aws.services.iam.iam_user_mfa_enabled_console_access.iam_user_mfa_enabled_console_access.iam_client",
            new=IAM(current_audit_info),
@@ -35,6 +36,37 @@ class Test_iam_user_mfa_enabled_console_access_test:
            assert result[0].resource_id == user
            assert result[0].resource_arn == arn

+    @mock_iam
+    def test_user_not_password_console_enabled(self):
+        iam_client = client("iam")
+        user = "test-user"
+        arn = iam_client.create_user(UserName=user)["User"]["Arn"]
+
+        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
+        from prowler.providers.aws.services.iam.iam_service import IAM
+
+        current_audit_info.audited_partition = "aws"
+        with mock.patch(
+            "prowler.providers.aws.services.iam.iam_user_mfa_enabled_console_access.iam_user_mfa_enabled_console_access.iam_client",
+            new=IAM(current_audit_info),
+        ) as service_client:
+            from prowler.providers.aws.services.iam.iam_user_mfa_enabled_console_access.iam_user_mfa_enabled_console_access import (
+                iam_user_mfa_enabled_console_access,
+            )
+
+            service_client.credential_report[0]["password_enabled"] = "false"
+
+            check = iam_user_mfa_enabled_console_access()
+            result = check.execute()
+
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"User {user} has not Console Password enabled."
+            )
+            assert result[0].resource_id == user
+            assert result[0].resource_arn == arn
+
    @mock_iam
    def test_user_password_console_and_mfa_enabled(self):
        iam_client = client("iam")
@@ -44,6 +76,7 @@ class Test_iam_user_mfa_enabled_console_access_test:
        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
        from prowler.providers.aws.services.iam.iam_service import IAM

+        current_audit_info.audited_partition = "aws"
        with mock.patch(
            "prowler.providers.aws.services.iam.iam_user_mfa_enabled_console_access.iam_user_mfa_enabled_console_access.iam_client",
            new=IAM(current_audit_info),
@@ -75,6 +108,7 @@ class Test_iam_user_mfa_enabled_console_access_test:
        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
        from prowler.providers.aws.services.iam.iam_service import IAM

+        current_audit_info.audited_partition = "aws"
        with mock.patch(
            "prowler.providers.aws.services.iam.iam_user_mfa_enabled_console_access.iam_user_mfa_enabled_console_access.iam_client",
            new=IAM(current_audit_info),