fix(alibabacloud): implement ram_password_policy_number and fix cs weekly check loading

[danibarranqueroo]

Context

Two Alibaba Cloud checks shipped in the repository with their metadata but never actually loaded or ran:

• ram_password_policy_number had only init.py and .metadata.json — the implementation file (ram_password_policy_number.py) and its tests were never added, so the check could not execute.
• cs_kubernetes_cluster_check_weekly had its implementation and tests but was missing the init.py package marker, so the check loader silently skipped it.

As a result, prowler alibabacloud --list-checks reported 61 loadable checks while 63 metadata files existed on disk — the two dead checks accounted for the gap.

Description

• Implement ram_password_policy_number, verifying that the Alibaba Cloud RAM password policy requires at least one numeric character (require_numbers). Logic mirrors the existing ram_password_policy_symbol / ram_password_policy_uppercase checks.
• Add unit tests for ram_password_policy_number (PASS when numbers are required, FAIL when not).
• Add the missing init.py to cs_kubernetes_cluster_check_weekly so the loader can import it.

After these changes, all metadata-defined Alibaba Cloud checks load: --list-checks now reports 63 (was 61), matching the number of metadata files.

Steps to review

Please add a detailed description of how to review this PR.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, uv, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Summary by CodeRabbit

• New Features
  • Added a new Alibaba Cloud RAM password policy check to confirm whether passwords must include numeric characters.
  • Reporting now reflects whether number requirements are enabled (pass when required, fail when not).
• Bug Fixes
  • Fixed loading so the new RAM password policy check runs correctly, alongside other related weekly check coverage.
• Tests
  • Added tests for both the “numbers required” and “numbers not required” scenarios.
• Documentation
  • Updated the unreleased changelog entry with the fix.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 16fb5d12-ce09-4224-921b-9f40488007c8

📥 Commits

Reviewing files that changed from the base of the PR and between 1a6f3e3 and 3129ec8.

📒 Files selected for processing (1)

• prowler/CHANGELOG.md

---

📝 Walkthrough

Walkthrough

A new Alibaba Cloud RAM check evaluates whether the password policy requires numbers, returns PASS or FAIL accordingly, adds unit tests for both outcomes, and records the change in the changelog.

Changes

RAM Password Policy Number Check

Layer / File(s)	Summary
Check class and execute() implementation prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py	Defines ram_password_policy_number as a Check subclass and implements execute() to build a CheckReportAlibabaCloud result based on password_policy.require_numbers.
Unit tests and changelog entry tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py, prowler/CHANGELOG.md	Adds tests for both FAIL and PASS outcomes using a mocked AlibabaCloud provider and RAM client, and inserts an unreleased changelog note for the Alibaba Cloud checks.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• jfagoagas

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the new Alibaba Cloud RAM password policy check and the loader fix.
Description check	✅ Passed	The description follows the template sections and covers context, summary, review steps, checklist, and license.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch PROWLER-1217-alibaba-ram-password-policy-number-check-missing-implementation-code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py (1)

8-68: 📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Add the required test_no_resources case (len == 0).

This suite has PASS/FAIL tests but is missing the mandatory no-resources test for this check.

Proposed fix

 class TestRamPasswordPolicyNumber:
+    def test_no_resources(self):
+        ram_client = mock.MagicMock()
+        ram_client.audited_account = "1234567890"
+        ram_client.region = "cn-hangzhou"
+        ram_client.password_policy = None
+
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=set_mocked_alibabacloud_provider(),
+            ),
+            mock.patch(
+                "prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number.ram_client",
+                new=ram_client,
+            ),
+        ):
+            from prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number import (
+                ram_password_policy_number,
+            )
+
+            result = ram_password_policy_number().execute()
+            assert len(result) == 0
+
     def test_numbers_not_required_fails(self):

As per path instructions, "Every check needs test_no_resources (len==0), pass (PASS) and fail (FAIL)."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py`
around lines 8 - 68, Add the missing no-resources coverage for
ram_password_policy_number by introducing a test_no_resources case that asserts
execute() returns an empty result list. Update the existing
TestRamPasswordPolicyNumber suite to include this third scenario alongside
test_numbers_not_required_fails and test_numbers_required_passes, using the same
ram_password_policy_number check and mocked provider/client setup.

Source: Path instructions

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py`:
- Line 8: Add a Google-style docstring to the public `execute()` method in
`ram_password_policy_number.py` so it documents what the method does, its return
value, and any relevant behavior; place it directly above `execute()` and keep
the style consistent with the existing Prowler class/method documentation
guidelines.

---

Outside diff comments:
In
`@tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py`:
- Around line 8-68: Add the missing no-resources coverage for
ram_password_policy_number by introducing a test_no_resources case that asserts
execute() returns an empty result list. Update the existing
TestRamPasswordPolicyNumber suite to include this third scenario alongside
test_numbers_not_required_fails and test_numbers_required_passes, using the same
ram_password_policy_number check and mocked provider/client setup.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a5bb292b-0e15-4015-8350-f8333e84fed1

📥 Commits

Reviewing files that changed from the base of the PR and between dc228e8 and 1a6f3e3.

📒 Files selected for processing (4)

• prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/__init__.py
• prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py
• tests/providers/alibabacloud/services/ram/ram_password_policy_number/__init__.py
• tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py

[github-actions]

🔒 Container Security Scan

Image: prowler:64a1f7b
Last scan: 2026-06-24 09:52:32 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[prowler-bot]

💚 All backports created successfully

Status	Branch	Result
✅	v5.31

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details