iam-policy-validator 1.0.4__py3-none-any.whl → 1.1.1__py3-none-any.whl

iam_validator/core/formatters/markdown.py

@@ -43,10 +43,18 @@ class MarkdownFormatter(OutputFormatter):
 
         output = [
             "# IAM Policy Validation Report\n",
+            "## Summary",
             f"**Total Policies:** {report.total_policies}",
-            f"**Valid Policies:** {report.valid_policies}",
-            f"**Invalid Policies:** {report.invalid_policies}",
+            f"**Valid (IAM):** {report.valid_policies} ✅",
+            f"**Invalid (IAM):** {report.invalid_policies} ❌",
+            f"**Security Findings:** {report.policies_with_security_issues} ⚠️",
+            "",
+            "## Issue Breakdown",
             f"**Total Issues:** {report.total_issues}",
+            f"**Validity Issues:** {report.validity_issues} (error/warning/info)",
+            f"**Security Issues:** {report.security_issues} (critical/high/medium/low)",
+            "",
+            "## Legacy Severity Counts",
             f"**Errors:** {errors}",
             f"**Warnings:** {warnings}",
             f"**Info:** {infos}\n",

iam_validator/core/models.py

@@ -251,14 +251,38 @@ class ValidationReport(BaseModel):
 
     total_policies: int
     valid_policies: int
-    invalid_policies: int
+    invalid_policies: int  # Policies with IAM validity issues (error/warning)
+    policies_with_security_issues: int = (
+        0  # Policies with security findings (critical/high/medium/low)
+    )
     total_issues: int
+    validity_issues: int = 0  # Count of IAM validity issues (error/warning/info)
+    security_issues: int = 0  # Count of security issues (critical/high/medium/low)
     results: list[PolicyValidationResult] = Field(default_factory=list)
 
     def get_summary(self) -> str:
         """Generate a human-readable summary."""
-        return (
-            f"Validated {self.total_policies} policies: "
-            f"{self.valid_policies} valid, {self.invalid_policies} invalid, "
-            f"{self.total_issues} total issues found"
-        )
+        parts = []
+        parts.append(f"Validated {self.total_policies} policies:")
+
+        # Always show valid/invalid counts
+        parts.append(f"{self.valid_policies} valid")
+
+        if self.invalid_policies > 0:
+            parts.append(f"{self.invalid_policies} invalid (IAM validity)")
+
+        if self.policies_with_security_issues > 0:
+            parts.append(f"{self.policies_with_security_issues} with security findings")
+
+        parts.append(f"{self.total_issues} total issues")
+
+        # Show breakdown if there are issues
+        if self.total_issues > 0 and (self.validity_issues > 0 or self.security_issues > 0):
+            breakdown_parts = []
+            if self.validity_issues > 0:
+                breakdown_parts.append(f"{self.validity_issues} validity")
+            if self.security_issues > 0:
+                breakdown_parts.append(f"{self.security_issues} security")
+            parts.append(f"({', '.join(breakdown_parts)})")
+
+        return " ".join(parts)

iam_validator/core/policy_checks.py

@@ -474,7 +474,18 @@ async def validate_policies(
     """
     if not use_registry:
         # Legacy path - use old PolicyValidator
-        async with AWSServiceFetcher() as fetcher:
+        # Load config for cache settings even in legacy mode
+        from iam_validator.core.config_loader import ConfigLoader
+
+        config = ConfigLoader.load_config(explicit_path=config_path, allow_missing=True)
+        cache_enabled = config.get_setting("cache_enabled", True)
+        cache_ttl_hours = config.get_setting("cache_ttl_hours", 168)
+        cache_directory = config.get_setting("cache_directory", None)
+        cache_ttl_seconds = cache_ttl_hours * 3600
+
+        async with AWSServiceFetcher(
+            enable_cache=cache_enabled, cache_ttl=cache_ttl_seconds, cache_dir=cache_directory
+        ) as fetcher:
             validator = PolicyValidator(fetcher)
 
             tasks = [validator.validate_policy(policy, file_path) for file_path, policy in policies]
@@ -530,8 +541,16 @@ async def validate_policies(
     # Get fail_on_severity setting from config
     fail_on_severities = config.get_setting("fail_on_severity", ["error"])
 
+    # Get cache settings from config
+    cache_enabled = config.get_setting("cache_enabled", True)
+    cache_ttl_hours = config.get_setting("cache_ttl_hours", 168)  # 7 days default
+    cache_directory = config.get_setting("cache_directory", None)
+    cache_ttl_seconds = cache_ttl_hours * 3600
+
     # Validate policies using registry
-    async with AWSServiceFetcher() as fetcher:
+    async with AWSServiceFetcher(
+        enable_cache=cache_enabled, cache_ttl=cache_ttl_seconds, cache_dir=cache_directory
+    ) as fetcher:
         tasks = [
             _validate_policy_with_registry(policy, file_path, registry, fetcher, fail_on_severities)
             for file_path, policy in policies

iam_validator/core/report.py

@@ -11,9 +11,11 @@ from rich.panel import Panel
 from rich.table import Table
 from rich.text import Text
 
+from iam_validator.__version__ import __version__
 from iam_validator.core.formatters import (
     ConsoleFormatter,
     CSVFormatter,
+    EnhancedFormatter,
     HTMLFormatter,
     JSONFormatter,
     MarkdownFormatter,
@@ -43,6 +45,8 @@ class ReportGenerator:
         # Register all built-in formatters
         if not self.formatter_registry.get_formatter("console"):
             self.formatter_registry.register(ConsoleFormatter())
+        if not self.formatter_registry.get_formatter("enhanced"):
+            self.formatter_registry.register(EnhancedFormatter())
         if not self.formatter_registry.get_formatter("json"):
             self.formatter_registry.register(JSONFormatter())
         if not self.formatter_registry.get_formatter("markdown"):
@@ -80,11 +84,27 @@ class ReportGenerator:
         invalid_count = len(results) - valid_count
         total_issues = sum(len(r.issues) for r in results)
 
+        # Count policies with security issues (separate from validity issues)
+        policies_with_security_issues = sum(
+            1 for r in results if any(issue.is_security_severity() for issue in r.issues)
+        )
+
+        # Count validity vs security issues
+        validity_issues = sum(
+            sum(1 for issue in r.issues if issue.is_validity_severity()) for r in results
+        )
+        security_issues = sum(
+            sum(1 for issue in r.issues if issue.is_security_severity()) for r in results
+        )
+
         return ValidationReport(
             total_policies=len(results),
             valid_policies=valid_count,
             invalid_policies=invalid_count,
+            policies_with_security_issues=policies_with_security_issues,
             total_issues=total_issues,
+            validity_issues=validity_issues,
+            security_issues=security_issues,
             results=results,
         )
 
@@ -98,10 +118,39 @@ class ReportGenerator:
         summary_text = Text()
         summary_text.append(f"Total Policies: {report.total_policies}\n")
         summary_text.append(f"Valid: {report.valid_policies} ", style="green")
-        summary_text.append(f"Invalid: {report.invalid_policies}\n", style="red")
-        summary_text.append(f"Total Issues: {report.total_issues}\n")
 
-        self.console.print(Panel(summary_text, title="Validation Summary", border_style="blue"))
+        # Show invalid policies (IAM validity issues)
+        if report.invalid_policies > 0:
+            summary_text.append(f"Invalid: {report.invalid_policies} ", style="red")
+
+        # Show policies with security findings (separate from validity)
+        if report.policies_with_security_issues > 0:
+            summary_text.append(
+                f"Security Findings: {report.policies_with_security_issues} ", style="yellow"
+            )
+
+        summary_text.append("\n")
+
+        # Breakdown of issue types
+        summary_text.append(f"Total Issues: {report.total_issues}")
+        if report.validity_issues > 0 or report.security_issues > 0:
+            summary_text.append(" (")
+            if report.validity_issues > 0:
+                summary_text.append(f"{report.validity_issues} validity", style="red")
+            if report.validity_issues > 0 and report.security_issues > 0:
+                summary_text.append(", ")
+            if report.security_issues > 0:
+                summary_text.append(f"{report.security_issues} security", style="yellow")
+            summary_text.append(")")
+        summary_text.append("\n")
+
+        self.console.print(
+            Panel(
+                summary_text,
+                title=f"Validation Summary (iam-validator v{__version__})",
+                border_style="blue",
+            )
+        )
 
         # Detailed results
         for result in report.results:
@@ -127,11 +176,11 @@ class ReportGenerator:
             self.console.print("  [dim]No issues found[/dim]")
             return
 
-        # Create issues table
+        # Create issues table with adjusted column widths for better readability
         table = Table(show_header=True, header_style="bold", box=None, padding=(0, 1))
-        table.add_column("Severity", style="cyan", width=10)
-        table.add_column("Type", style="magenta", width=20)
-        table.add_column("Message", style="white")
+        table.add_column("Severity", style="cyan", width=12, no_wrap=False)
+        table.add_column("Type", style="magenta", width=25, no_wrap=False)
+        table.add_column("Message", style="white", no_wrap=False)
 
         for issue in result.issues:
             severity_style = {
@@ -149,6 +198,8 @@ class ReportGenerator:
             location = f"Statement {issue.statement_index}"
             if issue.statement_sid:
                 location += f" ({issue.statement_sid})"
+            if issue.line_number is not None:
+                location += f" @L{issue.line_number}"
 
             message = f"{location}: {issue.message}"
             if issue.suggestion:
@@ -580,22 +631,35 @@ class ReportGenerator:
                     continue
 
                 policy_lines = []
-                policy_lines.append("<details open>")
-                policy_lines.append(
-                    f"<summary><b>{idx}. <code>{result.policy_file}</code></b> - {len(result.issues)} issue(s) found</summary>"
-                )
-                policy_lines.append("")
 
                 # Group issues by severity - support both IAM validity and security severities
                 errors = [i for i in result.issues if i.severity in ("error", "critical", "high")]
                 warnings = [i for i in result.issues if i.severity in ("warning", "medium")]
                 infos = [i for i in result.issues if i.severity in ("info", "low")]
 
+                # Build severity summary for header
+                severity_parts = []
+                if errors:
+                    severity_parts.append(f"🔴 {len(errors)}")
+                if warnings:
+                    severity_parts.append(f"🟡 {len(warnings)}")
+                if infos:
+                    severity_parts.append(f"🔵 {len(infos)}")
+                severity_summary = " · ".join(severity_parts)
+
+                # Only open first 3 policy details by default to avoid wall of text
+                is_open = " open" if policies_shown < 3 else ""
+                policy_lines.append(f"<details{is_open}>")
+                policy_lines.append(
+                    f"<summary><b>{idx}. <code>{result.policy_file}</code></b> - {severity_summary}</summary>"
+                )
+                policy_lines.append("")
+
                 # Add errors (prioritized)
                 if errors:
                     policy_lines.append("### 🔴 Errors")
                     policy_lines.append("")
-                    for issue in errors:
+                    for i, issue in enumerate(errors):
                         issue_content = self._format_issue_markdown(issue)
                         test_length = len("\n".join(details_lines + policy_lines)) + len(
                             issue_content
@@ -605,6 +669,10 @@ class ReportGenerator:
                             break
                         policy_lines.append(issue_content)
                         issues_shown += 1
+                        # Add separator between issues within same severity
+                        if i < len(errors) - 1:
+                            policy_lines.append("---")
+                            policy_lines.append("")
                     policy_lines.append("")
 
                 if truncated:
@@ -614,7 +682,7 @@ class ReportGenerator:
                 if warnings:
                     policy_lines.append("### 🟡 Warnings")
                     policy_lines.append("")
-                    for issue in warnings:
+                    for i, issue in enumerate(warnings):
                         issue_content = self._format_issue_markdown(issue)
                         test_length = len("\n".join(details_lines + policy_lines)) + len(
                             issue_content
@@ -624,6 +692,10 @@ class ReportGenerator:
                             break
                         policy_lines.append(issue_content)
                         issues_shown += 1
+                        # Add separator between issues within same severity
+                        if i < len(warnings) - 1:
+                            policy_lines.append("---")
+                            policy_lines.append("")
                     policy_lines.append("")
 
                 if truncated:
@@ -633,7 +705,7 @@ class ReportGenerator:
                 if infos:
                     policy_lines.append("### 🔵 Info")
                     policy_lines.append("")
-                    for issue in infos:
+                    for i, issue in enumerate(infos):
                         issue_content = self._format_issue_markdown(issue)
                         test_length = len("\n".join(details_lines + policy_lines)) + len(
                             issue_content
@@ -643,6 +715,10 @@ class ReportGenerator:
                             break
                         policy_lines.append(issue_content)
                         issues_shown += 1
+                        # Add separator between issues within same severity
+                        if i < len(infos) - 1:
+                            policy_lines.append("---")
+                            policy_lines.append("")
                     policy_lines.append("")
 
                 if truncated:
@@ -650,6 +726,8 @@ class ReportGenerator:
 
                 policy_lines.append("</details>")
                 policy_lines.append("")
+                policy_lines.append("---")
+                policy_lines.append("")
 
                 # Check if adding this policy would exceed limit
                 test_length = len("\n".join(details_lines + policy_lines))
@@ -712,7 +790,7 @@ class ReportGenerator:
         parts.append(f"> {issue.message}")
         parts.append("")
 
-        # Details section
+        # Details section - inline format
         details = []
         if issue.action:
             details.append(f"**Action:** `{issue.action}`")
@@ -722,19 +800,27 @@ class ReportGenerator:
             details.append(f"**Condition Key:** `{issue.condition_key}`")
 
         if details:
-            parts.append("<table>")
-            parts.append("<tr><td>")
-            parts.append("")
-            parts.extend(details)
-            parts.append("")
-            parts.append("</td></tr>")
-            parts.append("</table>")
+            parts.append(" · ".join(details))
             parts.append("")
 
-        # Suggestion in highlighted box
+        # Suggestion in highlighted box with code examples
         if issue.suggestion:
-            parts.append(f"> 💡 **Suggestion:** {issue.suggestion}")
-            parts.append("")
+            # Check if suggestion contains "Example:" section
+            if "\nExample:\n" in issue.suggestion:
+                text_part, code_part = issue.suggestion.split("\nExample:\n", 1)
+                parts.append(f"> 💡 **Suggestion:** {text_part}")
+                parts.append("")
+                parts.append("<details>")
+                parts.append("<summary>📖 View Example</summary>")
+                parts.append("")
+                parts.append("```json")
+                parts.append(code_part)
+                parts.append("```")
+                parts.append("</details>")
+                parts.append("")
+            else:
+                parts.append(f"> 💡 **Suggestion:** {issue.suggestion}")
+                parts.append("")
 
         return "\n".join(parts)
 

iam_policy_validator-1.0.4.dist-info/RECORD

@@ -1,45 +0,0 @@
-iam_validator/__init__.py,sha256=APnMR3Fu4fHhxfsHBvUM2dJIwazgvLKQbfOsSgFPidg,693
-iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
-iam_validator/__version__.py,sha256=YOIURWR5ocuvaQTQgwFi1XjHm_ifJDzicMOQSJZqmZc,206
-iam_validator/checks/__init__.py,sha256=q-_rIYGZJMjsiHK-R_3CbSUCBVGN5e137LPNDnMRZmw,841
-iam_validator/checks/action_condition_enforcement.py,sha256=3V8Wnz6BYnataKzuFMx8fHukVjzpIZaVfde9-RqZjPc,25357
-iam_validator/checks/action_validation.py,sha256=KbUw1SV-2nN-HtLlj3zrE6sdd0z8iAF0ubqz35Vwb7c,6921
-iam_validator/checks/condition_key_validation.py,sha256=bc4LQ8IRKyt0RquaQvQvVjmeJnuOUAFRL8xdduLPa_U,2661
-iam_validator/checks/policy_size.py,sha256=4cvZiWRJXGuvYo8PRcdD1Py_ZL8Xw0lOJfXTs6EX-_I,5753
-iam_validator/checks/resource_validation.py,sha256=AEIoiR6AKYLuVaA8ne3QE5qy6NCMDe98_2JAiwE9-JU,4261
-iam_validator/checks/security_best_practices.py,sha256=Sr3aiLbki8_M3U9qJv7u0fM__GjJRfZzWmJVgJ3ODSw,28185
-iam_validator/checks/sid_uniqueness.py,sha256=7S8RtVJgYPTKgr7gSEmxgT0oIGkSoXN6iu0ALHbcSfw,5015
-iam_validator/commands/__init__.py,sha256=zuhECuz-1Us5hBNAJtdMae8LaYn1eNeoYPBmQPMwI94,357
-iam_validator/commands/analyze.py,sha256=TWlDaZ8gVOdNv6__KQQfzeLVW36qLiL5IzlhGYfvq_g,16501
-iam_validator/commands/base.py,sha256=5baCCMwxz7pdQ6XMpWfXFNz7i1l5dB8Qv9dKKR04Gzs,1074
-iam_validator/commands/post_to_pr.py,sha256=hl_K-XlELYN-ArjMdgQqysvIE-26yf9XdrMl4ToDwG0,2148
-iam_validator/commands/validate.py,sha256=zdfay29HX1v4uz_LfzUUgC4-VUy8TTg5CGfZlAeEWXc,13779
-iam_validator/core/__init__.py,sha256=1FvJPMrbzJfS9YbRUJCshJLd5gzWwR9Fd_slS0Aq9c8,416
-iam_validator/core/access_analyzer.py,sha256=poeT1i74jXpKr1B3UmvqiTvCTbq82zffWgZHwiFUwoo,24337
-iam_validator/core/access_analyzer_report.py,sha256=iTIFKul6zQZd2qBg8V6zaDNPMKF8D_XDSX6pJwXFVYY,24791
-iam_validator/core/aws_fetcher.py,sha256=fUCIMItIWmrbgsoVCz_9Oe5k3SjuXBlNBVwQ60IWwns,25492
-iam_validator/core/aws_global_conditions.py,sha256=ADVcMEWhgvDZWdBmRUQN3HB7a9OycbTLecXFAy3LPbo,5837
-iam_validator/core/check_registry.py,sha256=wXg4Yw5LJ-rAVLiPUIJOtw8Y49Q1PY00Zbu37LzyjHY,15477
-iam_validator/core/cli.py,sha256=5UHsHS8o7Fkag4d6MNaaqjCFSGu8evCIbtpa81591lE,3831
-iam_validator/core/config_loader.py,sha256=k4D5TT_D6B9N8BbIEg0nE3wUXu0naFLHOVVJsjYZzh4,14880
-iam_validator/core/models.py,sha256=SUEbxDUtkX1uvgMy6-LPzomyGu82PTpXdDXZ9RKqfTY,9655
-iam_validator/core/policy_checks.py,sha256=xK5CntsEKVDgN27uIdQ92jCL97t7eBqOk0SChWU9cgw,23872
-iam_validator/core/policy_loader.py,sha256=TR7SpzlRG3TwH4HBGEFUuhNOmxIR8Cud2SQ-AmHWBpM,14040
-iam_validator/core/pr_commenter.py,sha256=TOhVXKTFcRHQ9EVuShXQcKXn9aNjB1mU6FnR2jvltmw,10581
-iam_validator/core/report.py,sha256=6k2A82EuhI72y-xCXbxRbykYcBvUP0z977pjUk9w1Cc,28977
-iam_validator/core/formatters/__init__.py,sha256=ggIKrI_Uu6tnKBLnUbBaXgaIXeL-JAGwUOrfSql6sow,774
-iam_validator/core/formatters/base.py,sha256=SShDeDiy5mYQnS6BpA8xYg91N-KX1EObkOtlrVHqx1Q,4451
-iam_validator/core/formatters/console.py,sha256=qkKWcxETRWDr62Zmkz0NXG4oS9hj2LwDX8uH4MoSX0s,750
-iam_validator/core/formatters/csv.py,sha256=hyop9gddZc1eOjUvd1YJjxbo8FNlLG7Rvh6UkSCEAhU,5565
-iam_validator/core/formatters/html.py,sha256=kW0BVTTX8PbiEbct8mXIyqTiO6jdsGjyK6Y3NNVeRaI,19317
-iam_validator/core/formatters/json.py,sha256=A7gZ8P32GEdbDvrSn6v56yQ4fOP_kyMaoFVXG2bgnew,939
-iam_validator/core/formatters/markdown.py,sha256=FccevVlD_mC6wtrWsya2Uo-NEphyuWsZyFar9x_ZT2g,1859
-iam_validator/core/formatters/sarif.py,sha256=tqp8g7RmUh0HRk-kKDaucx4sa-5I9ikgkSpy1MM8Vi4,7200
-iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
-iam_validator/integrations/github_integration.py,sha256=bKs94vNT4PmcmUPUeuY2WJFhCYpUY2SWiBP1vj-andA,25673
-iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
-iam_policy_validator-1.0.4.dist-info/METADATA,sha256=QQAQsAQCDiPen37apynaUzYjOUmiTpn8NYgrM6C7l0E,22070
-iam_policy_validator-1.0.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-iam_policy_validator-1.0.4.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
-iam_policy_validator-1.0.4.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
-iam_policy_validator-1.0.4.dist-info/RECORD,,