iam-policy-validator 1.0.3__tar.gz → 1.1.0__tar.gz

{iam_policy_validator-1.0.3 → iam_policy_validator-1.1.0}/.github/workflows/release.yml

@@ -158,12 +158,13 @@ jobs:
           MAJOR=$(echo $VERSION | cut -d. -f1)
           MINOR=$(echo $VERSION | cut -d. -f1-2)
 
-          # Update vX tag (e.g., v1)
+          # Update vX tag (e.g., v1) - annotated (unsigned by bot)
           git tag -fa "v$MAJOR" -m "Update v$MAJOR to $VERSION"
           git push origin "v$MAJOR" --force
 
-          # Update vX.Y tag (e.g., v1.2)
+          # Update vX.Y tag (e.g., v1.2) - annotated (unsigned by bot)
           git tag -fa "v$MINOR" -m "Updated v$MINOR to $VERSION"
           git push origin "v$MINOR" --force
 
-          echo "Updated tags: v$MAJOR and v$MINOR to point to $VERSION"
+          echo "✅ Updated tags: v$MAJOR and v$MINOR to point to $VERSION"
+          echo "ℹ️  Note: Automated tags are annotated but not signed by the bot."

iam_policy_validator-1.1.0/.python-version

@@ -0,0 +1 @@
+3.12

{iam_policy_validator-1.0.3 → iam_policy_validator-1.1.0}/CONTRIBUTING.md

@@ -132,7 +132,7 @@ iam-policy-auditor/
 ├── .github/workflows/          # CI/CD workflows
 ├── pyproject.toml              # Project metadata and dependencies
 ├── Makefile                    # Development commands
-└── iam-validator.yaml          # Default configuration
+└── default-config.yaml         # Example configuration file
 ```
 
 ## Development Workflow
@@ -400,49 +400,59 @@ For detailed publishing instructions, see [docs/development/PUBLISHING.md](docs/
 
 ### Creating a New Check
 
-1. **Create Check Class**
+See the comprehensive [Custom Checks Guide](docs/custom-checks.md) for detailed instructions on creating custom validation checks.
+
+**Quick Example:**
+
+1. **Create Check File**
    ```python
-   # iam_validator/checks/my_check.py
+   # my_checks/mfa_check.py
    from typing import List
-   from iam_validator.core.models import PolicyCheck, Statement, ValidationIssue
-
-   class MyCustomCheck(PolicyCheck):
-       @property
-       def check_id(self) -> str:
-           return "my_custom_check"
-
-       @property
-       def description(self) -> str:
-           return "Description of what this check does"
-
-       async def execute(
-           self,
-           statement: Statement,
-           statement_idx: int,
-           fetcher,
-           config
-       ) -> List[ValidationIssue]:
-           # Implement your check logic
-           issues = []
-           # ... check logic ...
-           return issues
+   from iam_validator.core.models import PolicyValidationIssue, PolicyStatement
+
+   def execute(statement: PolicyStatement, policy_document: dict) -> List[PolicyValidationIssue]:
+       """Ensure sensitive actions require MFA."""
+       issues = []
+
+       sensitive_actions = ["iam:CreateUser", "iam:DeleteUser"]
+       actions = statement.action if isinstance(statement.action, list) else [statement.action]
+
+       for action in actions:
+           if action in sensitive_actions:
+               # Check for MFA condition
+               has_mfa = statement.condition and "aws:MultiFactorAuthPresent" in str(statement.condition)
+
+               if not has_mfa:
+                   issues.append(
+                       PolicyValidationIssue(
+                           check_name="mfa_required",
+                           severity="high",
+                           message=f"Action '{action}' requires MFA",
+                           statement_index=statement.index,
+                           action=action,
+                           suggestion='Add: {"Bool": {"aws:MultiFactorAuthPresent": "true"}}'
+                       )
+                   )
+
+       return issues
    ```
 
-2. **Register the Check**
-   - Check is auto-discovered if in `checks/` directory
-   - Or register manually in configuration
+2. **Use the Check**
+   ```bash
+   iam-validator validate --path ./policies/ --custom-checks-dir ./my_checks
+   ```
 
 3. **Add Tests**
    ```python
    # tests/test_my_check.py
-   def test_my_custom_check():
+   def test_mfa_check():
        # Test your check
        pass
    ```
 
 4. **Document the Check**
-   - Add to `docs/reference/CHECKS.md`
-   - Add example to `examples/`
+   - Add to `docs/custom-checks.md`
+   - Add example to `examples/custom_checks/`
 
 ### Adding a New Formatter