iam_policy_no_administrative_privileges has different behavior in v3

[mhamill2]

We are upgrading to Prowler version 3 and the iam_policy_no_administrative_privileges check is now failing for us when it wasn't in version 2.

In version 2, this check was checking to see if Action was equal to * and Resource was equal to *: https://github.com/prowler-cloud/prowler/blob/2.12.1/checks/check122#L35

In version 3, it is checking to see if * is contained in the Action and Resource: https://github.com/prowler-cloud/prowler/blob/3.1.2/prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py#L21-L26

This is causing the check to fail with policies such as:

{
  "Effect": "Allow",
  "Action": "kms:*",
  "Resource": "*"
}

I don't think this should fail the check, as I believe only policies with full administrative privileges should fail, while this is limited to kms actions.

Is this intended behavior? The user guide in the aws doc states:

"This control checks whether the default version of IAM policies (also known as customer managed policies) has administrator access by including a statement with "Effect": "Allow" with "Action": "*" over "Resource": "*"."

To me this sounds like it should only fail when policies have Action: * and Resource: * exactly.

[mhamill2]

This was resolved in #1802