fix: hws console user two-factor authentication rule (#96)

Co-authored-by: Lyc-heng <[email protected]>

Author: Lyc-heng

rules/HUAWEI_CLOUD/HUAWEI_CLOUD_IAM User_202511060951_877031/input.json

@@ -0,0 +1 @@
+{"CredentialsDetail":[{"last_use_time":"ob6lkVULJqS2Aflt6eGNu19Oijv","access":"8DM44qIu6MCtkv1ytefO","create_time":"4vUbQ1P0CpAzWItRS7N4QpFYZvR","user_id":"rzCg5YULCLYpRKRigi8fYxLSodhjoaLa","description":"5lm4h7rf3RYlrJHo","status":"4OBnOh"},{"last_use_time":"bXX5k0NFc9tv10A18qljs4m8Rco","access":"gMT6Jdf0RD0TFcnCeY8U","create_time":"XGhAeUJZ7Fh0I4B51cs6am21tZd","user_id":"5w3wL6XKLtgvqzx4yvDJR23PZaIw43pp","description":"s5advgGc7XF0l62S","status":"CmY8Ql"}],"User":{"domain_id":"tnPFBTUPDBKjqvrNhoe1yEclZxqDLLbk","pwd_status":false,"name":"QLzj7U4vbond3Op3s","links":{"next":"","previous":"","self":"mSo4NHKxgfj91P9El2I9UVMX9EBBxoWcPiXWl7IUwoyrHK62s3frBGCbb0SJo6OYpd6irq3BBt4a6peWU"},"password_expires_at":"","id":"xzmYe08vYH68aPTljptq7Q3rTuiRvtCA","enabled":true},"LoginProtects":null,"UserAttribute":{"pwd_strength":"tB2c","create_time":"o0dmHCLxSdr5h8Y2AE5FW","last_login_time":"7R3Lru4uvbpOruCGQIo","description":"","access_mode":"Ib7znGK","areacode":"","enabled":true,"domain_id":"zhCme2KA8anfJWSrczczJrXF2ZPdAUV6","pwd_status":false,"xuser_id":"","update_time":"hzd8muxfAHmTFN80rK3V2","phone":"w","is_domain_owner":false,"name":"4ZVEvh36kfuWQbhP9","links":{"next":"","previous":"","self":"puui3sv9LQqOkoK2U6O9XhrGMrifTscqqlOSoebT7XjastVHV8WQWH3aTfuTIoBIIK5AhsbNozLbRfBHBN8WvRChN8q"},"id":"4qSCghh2GeXMORBbVMVYzQDIN27VYpkR","xuser_type":"","email":""},"DomainPasswordPolicy":{"password_not_username_or_invert":true,"password_char_combination":3,"password_validity_period":90,"minimum_password_age":0,"maximum_password_length":32,"password_requirements":"YLLvBEJ6h4SRvCY22Li2Jo9gyFVj1jTJI7QmauOKmeYhV9YQRluvREqv96lWVSCTWsUfLNdAQuV7fJB3c7lIzrK9K6HYKTHQsgUu6D6XNxkvoAV4XMrKz6DUeWVe","maximum_consecutive_identical_chars":0,"minimum_password_length":12,"number_of_recent_passwords_disallowed":4},"Credentials":[{"access":"IGFMPX7bIq2ClRDPd7wJ","create_time":"SkttDNS0weCBn4ngj5ytlkySnQt","user_id":"RvA8MSqBezx3TaoVHfKzrz4hNMwhMvga","description":"KOs4l6MruUYqjl7T","status":"NplZzi"},{"access":"1bZ9i4Gf7sVIVkPCNNmK","create_time":"yd7DvzFBgiiHRrk8vgZ1C4J3iaQ","user_id":"9EQ4XISDt2gj6z0fJ706PGvg8MjprtkK","description":"Zzq79ES98LUSRoou","status":"FlcLkG"}],"UserGroups":null}

rules/HUAWEI_CLOUD/HUAWEI_CLOUD_IAM User_202511060951_877031/metadata.json

@@ -0,0 +1 @@
+{"advice":null,"categoryList":["安全防护","网络访问"],"code":"HUAWEI_CLOUD_IAM User_202511060951_877031","context":null,"description":"IAM 控制台用户未启用 MFA 二次认证","level":"Medium","link":null,"linkedDataList":null,"name":"华为云-IAM-IAM 控制台用户未启用 MFA 二次认证","platform":"HUAWEI_CLOUD","resourceType":"IAM User"}

rules/HUAWEI_CLOUD/HUAWEI_CLOUD_IAM User_202511060951_877031/policy.rego

@@ -0,0 +1,17 @@
+package hws_console_account_disable_mfa_39
+import rego.v1
+
+default risk := false
+default login_without_mfa_rule := false
+
+risk if {
+	login_without_mfa_rule
+}
+
+user_name := input.UserAttribute.name
+user_id := input.UserAttribute.domain_id
+
+login_without_mfa_rule if {
+    input.UserAttribute.access_mode == "console"
+    input.LoginProtects == null
+}

rules/HUAWEI_CLOUD/HUAWEI_CLOUD_IAM User_202511060951_877031/relation.json

@@ -0,0 +1 @@
+[]