iam-policy-validator 1.10.1__tar.gz → 1.10.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/ci.yml +4 -4
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/cleanup-prereleases.yml +1 -1
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/codeql.yml +4 -4
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/pre-release.yml +1 -1
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/release.yml +2 -2
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/scorecard.yml +2 -2
- iam_policy_validator-1.10.3/.python-version +1 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/PKG-INFO +1 -1
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/action.yaml +27 -5
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/check-reference.md +53 -15
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/full-reference-config.yaml +51 -2
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/__version__.py +2 -2
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/wildcard_resource.py +29 -7
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/fetcher.py +24 -7
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/validators.py +3 -5
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/defaults.py +28 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/policy_utils.py +3 -3
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/pyproject.toml +1 -1
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_wildcard_resource_check.py +135 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/uv.lock +108 -108
- iam_policy_validator-1.10.1/.python-version +0 -1
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/dependabot.yml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.gitignore +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/CONTRIBUTING.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/DOCS.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/LICENSE +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/Makefile +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/SECURITY.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/_manifest.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/_services.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/a2c.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/a4b.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/access-analyzer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/acm-pca.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/acm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/action-recommendations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/activate.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aiops.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/airflow.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/amplify.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/amplifybackend.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/amplifyuibuilder.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aoss.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/apigateway.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/app-integrations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appconfig.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appfabric.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appflow.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/application-autoscaling.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/application-signals.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/application-transformation.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/applicationinsights.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appmesh-preview.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appmesh.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/apprunner.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appstream.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appstudio.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/appsync.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/apptest.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aps.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/arc-region-switch.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/arc-zonal-shift.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/arsenal.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/artifact.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/athena.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/auditmanager.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/autoscaling-plans.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/autoscaling.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aws-marketplace-management.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aws-marketplace.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/aws-portal.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/awsconnector.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/b2bi.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/backup-gateway.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/backup-search.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/backup-storage.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/backup.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/batch.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bcm-dashboards.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bcm-data-exports.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bcm-pricing-calculator.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bcm-recommended-actions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bedrock-agentcore.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bedrock.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/billing.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/billingconductor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/braket.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/budgets.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/bugbust.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cases.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cassandra.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ce.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/chatbot.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/chime.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cleanrooms-ml.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cleanrooms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloud9.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/clouddirectory.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudformation.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudfront-keyvaluestore.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudfront.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudhsm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudsearch.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudshell.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudtrail-data.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudtrail.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cloudwatch.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeartifact.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codebuild.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codecatalyst.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codecommit.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeconnections.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codedeploy-commands-secure.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codedeploy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeguru-profiler.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeguru-reviewer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeguru-security.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codeguru.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codepipeline.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codestar-connections.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codestar-notifications.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codestar.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/codewhisperer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cognito-identity.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cognito-idp.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cognito-sync.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/comprehend.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/comprehendmedical.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/compute-optimizer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/config.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/connect-campaigns.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/connect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/consoleapp.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/consolidatedbilling.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/controlcatalog.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/controltower.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cost-optimization-hub.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/cur.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/customer-verification.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/databrew.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dataexchange.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/datapipeline.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/datasync.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/datazone.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dax.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dbqms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/deadline.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/deepcomposer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/deepracer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/detective.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/devicefarm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/devops-guru.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/directconnect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/discovery.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dlm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/docdb-elastic.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/drs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ds-data.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ds.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dsql.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/dynamodb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ebs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ec2-instance-connect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ec2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ec2messages.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ecr-public.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ecr.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ecs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/eks-auth.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/eks.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elasticache.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elasticbeanstalk.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elasticfilesystem.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elasticloadbalancing.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elasticmapreduce.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elastictranscoder.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elemental-activations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elemental-appliances-software.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elemental-support-cases.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/elemental-support-content.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/emr-containers.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/emr-serverless.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/entityresolution.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/es.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/events.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/evidently.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/evs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/execute-api.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/finspace-api.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/finspace.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/firehose.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/fis.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/fms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/forecast.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/frauddetector.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/freertos.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/freetier.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/fsx.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/gamelift.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/gameliftstreams.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/geo-maps.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/geo-places.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/geo-routes.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/geo.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/glacier.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/globalaccelerator.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/glue.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/grafana.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/greengrass.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/groundstation.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/groundtruthlabeling.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/guardduty.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/health.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/healthlake.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/honeycode.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iam.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/identity-sync.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/identitystore-auth.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/identitystore.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/imagebuilder.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/importexport.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/inspector-scan.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/inspector.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/inspector2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/internetmonitor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/invoicing.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iot-device-tester.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iot.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotanalytics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotdeviceadvisor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotevents.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotfleethub.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotfleetwise.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotjobsdata.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotmanagedintegrations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotsitewise.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iottwinmaker.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iotwireless.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iq-permission.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/iq.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ivs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ivschat.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kafka-cluster.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kafka.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kafkaconnect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kendra-ranking.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kendra.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kinesis.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kinesisanalytics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kinesisvideo.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/kms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lakeformation.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lambda.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/launchwizard.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lex.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/license-manager-linux-subscriptions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/license-manager-user-subscriptions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/license-manager.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lightsail.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/logs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lookoutequipment.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lookoutmetrics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/lookoutvision.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/m2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/machinelearning.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/macie2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/managedblockchain-query.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/managedblockchain.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mapcredits.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/marketplacecommerceanalytics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mechanicalturk.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediaconnect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediaconvert.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediaimport.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/medialive.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediapackage-vod.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediapackage.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediapackagev2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediastore.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mediatailor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/medical-imaging.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/memorydb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mgh.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mgn.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/migrationhub-orchestrator.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/migrationhub-strategy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mobileanalytics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mobiletargeting.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/monitron.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mpa.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/mq.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/neptune-db.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/neptune-graph.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/network-firewall.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/network-security-director.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/networkflowmonitor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/networkmanager-chat.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/networkmanager.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/networkmonitor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/nimble.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/notifications-contacts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/notifications.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/oam.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/observabilityadmin.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/odb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/omics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/one.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/opensearch.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/opsworks-cm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/opsworks.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/organizations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/osis.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/outposts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/panorama.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/partnercentral-account-management.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/partnercentral.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/payment-cryptography.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/payments.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pca-connector-ad.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pca-connector-scep.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pcs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/personalize.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pi.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pipes.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/polly.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/pricing.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/private-networks.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/profile.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/proton.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/purchase-orders.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/q.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/qapps.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/qbusiness.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/qdeveloper.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/qldb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/quicksight.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ram.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rbin.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rds-data.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rds-db.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rds.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/redshift-data.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/redshift-serverless.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/redshift.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/refactor-spaces.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rekognition.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/repostspace.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/resiliencehub.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/resource-explorer-2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/resource-explorer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/resource-groups.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rhelkb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/robomaker.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rolesanywhere.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53-recovery-cluster.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53-recovery-control-config.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53-recovery-readiness.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53domains.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53profiles.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/route53resolver.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rtbfabric.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/rum.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3-object-lambda.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3-outposts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3express.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3tables.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/s3vectors.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sagemaker-data-science-assistant.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sagemaker-geospatial.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sagemaker-mlflow.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sagemaker.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/savingsplans.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/scheduler.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/schemas.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/scn.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sdb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/secretsmanager.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/security-ir.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/securityhub.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/securitylake.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/serverlessrepo.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/servicecatalog.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/servicediscovery.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/serviceextract.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/servicequotas.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ses.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/shield.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/signer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/signin.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/simspaceweaver.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sms-voice.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sms.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/snow-device-management.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/snowball.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sns.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/social-messaging.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sqlworkbench.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sqs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm-contacts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm-guiconnect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm-incidents.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm-quicksetup.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm-sap.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssm.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ssmmessages.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sso-directory.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sso-oauth.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sso.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/states.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/storagegateway.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/support-console.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/support.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/supportapp.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/supportplans.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/sustainability.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/swf.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/synthetics.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/tag.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/tax.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/textract.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/thinclient.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/timestream-influxdb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/timestream.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/tiros.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/tnb.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/transcribe.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/transfer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/transform.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/translate.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/trustedadvisor.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/ts.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/user-subscriptions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/uxc.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/vendor-insights.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/verified-access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/verifiedpermissions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/voiceid.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/vpc-lattice-svcs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/vpc-lattice.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/vpce.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/waf-regional.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/waf.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/wafv2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/wam.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/wellarchitected.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/wickr.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/wisdom.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workdocs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/worklink.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workmail.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workmailmessageflow.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workspaces-instances.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workspaces-web.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/workspaces.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/aws_services/xray.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/ROADMAP.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/SDK.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/aws-api-configuration.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/aws-services-backup.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/condition-requirements.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/configuration.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/custom-checks.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/development/PUBLISHING.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/development/pre-release-guide.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/github-actions-examples.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/github-actions-workflows.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/modular-configuration.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/privilege-escalation.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/python-library-usage.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/docs/smart-filtering.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/access-analyzer/example1.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/access-analyzer/example2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/basic-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/ci-cd-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/development-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/github-labels-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/ignore-patterns-list-example.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/minimal-validation-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/offline-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/policy-level-condition-enforcement-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/principal-condition-enforcement.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/principal-validation-public-with-conditions.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/principal-validation-relaxed.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/principal-validation-strict.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/privilege-escalation-focus-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/resource-policy-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/security-audit-config.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/configs/strict-security.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/cross_account_external_id_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/domain_restriction_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/encryption_required_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/mfa_required_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/region_restriction_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/tag_enforcement_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/custom_checks/time_based_access_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/access-analyzer-only.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/basic-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/custom-policy-checks.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/multi-region-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/resource-policy-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/sarif-code-scanning.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/sequential-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/two-step-validation.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/github-actions/validate-changed-files.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/terraform-template-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/correct-condition-wrong-key.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/iam-test-policies/wrong_actions_mismatch/typo-condition-field.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example1_basic_usage.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example1_basic_usage_new.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example2_config_file.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example2_context_manager.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example3_policy_manipulation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example3_programmatic_config.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/example4_custom_condition_requirements.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/policies/my-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/policies/policy1.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/policies/policy2.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/library-usage/quick_reference.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/INVALID-wrong-principal-type.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/cross-account-trust-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/github-actions-oidc-trust-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/lambda-service-role-trust-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/examples/trust-policies/saml-federated-trust-policy.json +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/__main__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/action_condition_enforcement.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/action_resource_matching.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/action_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/condition_key_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/full_wildcard.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/mfa_condition_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/policy_size.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/policy_structure.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/policy_type_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/principal_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/resource_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/sensitive_action.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/service_wildcard.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/set_operator_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/sid_uniqueness.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/trust_policy_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/utils/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/utils/policy_level_checks.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/checks/wildcard_action.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/analyze.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/base.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/cache.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/download_services.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/post_to_pr.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/commands/validate.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/access_analyzer.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/access_analyzer_report.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_fetcher.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/cache.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/client.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/parsers.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/patterns.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/aws_service/storage.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/check_registry.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/cli.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/condition_validators.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/aws_api.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/aws_global_conditions.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/category_suggestions.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/condition_requirements.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/config_loader.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/principal_requirements.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/sensitive_actions.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/service_principals.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/wildcards.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/constants.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/base.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/console.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/csv.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/enhanced.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/html.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/json.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/markdown.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/formatters/sarif.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/ignore_patterns.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/label_manager.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/models.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/policy_checks.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/policy_loader.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/pr_commenter.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/report.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/integrations/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/integrations/github_integration.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/integrations/ms_teams.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/arn_matching.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/context.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/exceptions.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/helpers.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/shortcuts.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/utils/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/utils/cache.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/utils/regex.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/utils/terminal.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/scripts/download_aws_services.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/scripts/sync_defaults_from_yaml.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/README.md +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/__init__.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_action_condition_enforcement.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_action_condition_enforcement_policy_level.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_action_resource_matching.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_action_validation_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_aws_api_config.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_aws_fetcher_wildcards.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_aws_global_conditions.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_check_id_in_comments.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_check_id_injection.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_check_registry.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_comment_truncation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_condition_key_validation_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_config_loader.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_custom_policy_checks.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_full_wildcard_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_ignore_patterns.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_label_manager.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_mfa_condition_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_models.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_multipart_comments.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_policy_loader.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_policy_size_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_policy_type_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_principal_validation_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_regex_utils.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_resource_validation_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_sensitive_action_wildcard_expansion.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_service_principal_wildcard.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_service_wildcard_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_set_operator_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_sid_uniqueness_check.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_trust_policy_detection.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_trust_policy_detection.py.bak4 +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_trust_policy_multiple_statements.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_trust_policy_oidc_aud_required.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_trust_policy_validation.py +0 -0
- {iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/tests/test_wildcard_action_check.py +0 -0
|
@@ -18,7 +18,7 @@ jobs:
|
|
|
18
18
|
runs-on: ubuntu-latest
|
|
19
19
|
steps:
|
|
20
20
|
- name: Checkout code
|
|
21
|
-
uses: actions/checkout@
|
|
21
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
22
22
|
|
|
23
23
|
- name: Set up Python
|
|
24
24
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
|
|
@@ -48,7 +48,7 @@ jobs:
|
|
|
48
48
|
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
|
|
49
49
|
steps:
|
|
50
50
|
- name: Checkout code
|
|
51
|
-
uses: actions/checkout@
|
|
51
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
52
52
|
|
|
53
53
|
- name: Set up Python ${{ matrix.python-version }}
|
|
54
54
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
|
|
@@ -72,7 +72,7 @@ jobs:
|
|
|
72
72
|
needs: [lint, test]
|
|
73
73
|
steps:
|
|
74
74
|
- name: Checkout code
|
|
75
|
-
uses: actions/checkout@
|
|
75
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
76
76
|
|
|
77
77
|
- name: Set up Python
|
|
78
78
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
|
|
@@ -96,7 +96,7 @@ jobs:
|
|
|
96
96
|
needs: [lint, test]
|
|
97
97
|
steps:
|
|
98
98
|
- name: Checkout code
|
|
99
|
-
uses: actions/checkout@
|
|
99
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
100
100
|
|
|
101
101
|
- name: Set up Python
|
|
102
102
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
|
|
@@ -26,18 +26,18 @@ jobs:
|
|
|
26
26
|
|
|
27
27
|
steps:
|
|
28
28
|
- name: Checkout repository
|
|
29
|
-
uses: actions/checkout@
|
|
29
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
30
30
|
|
|
31
31
|
- name: Initialize CodeQL
|
|
32
|
-
uses: github/codeql-action/init@
|
|
32
|
+
uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4
|
|
33
33
|
with:
|
|
34
34
|
languages: ${{ matrix.language }}
|
|
35
35
|
queries: security-extended,security-and-quality
|
|
36
36
|
|
|
37
37
|
- name: Autobuild
|
|
38
|
-
uses: github/codeql-action/autobuild@
|
|
38
|
+
uses: github/codeql-action/autobuild@014f16e7ab1402f30e7c3329d33797e7948572db # v4
|
|
39
39
|
|
|
40
40
|
- name: Perform CodeQL Analysis
|
|
41
|
-
uses: github/codeql-action/analyze@
|
|
41
|
+
uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4
|
|
42
42
|
with:
|
|
43
43
|
category: "/language:${{matrix.language}}"
|
{iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/.github/workflows/pre-release.yml
RENAMED
|
@@ -69,7 +69,7 @@ jobs:
|
|
|
69
69
|
echo "✅ PR #${{ inputs.pr_number }}: $TITLE (branch: $BRANCH)"
|
|
70
70
|
|
|
71
71
|
- name: Checkout PR branch
|
|
72
|
-
uses: actions/checkout@
|
|
72
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
73
73
|
with:
|
|
74
74
|
ref: ${{ steps.pr_info.outputs.branch }}
|
|
75
75
|
fetch-depth: 0
|
|
@@ -21,7 +21,7 @@ jobs:
|
|
|
21
21
|
|
|
22
22
|
steps:
|
|
23
23
|
- name: Checkout code
|
|
24
|
-
uses: actions/checkout@
|
|
24
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
25
25
|
with:
|
|
26
26
|
fetch-depth: 0 # Full history for changelog generation
|
|
27
27
|
|
|
@@ -147,7 +147,7 @@ jobs:
|
|
|
147
147
|
|
|
148
148
|
# steps:
|
|
149
149
|
# - name: Checkout code
|
|
150
|
-
# uses: actions/checkout@
|
|
150
|
+
# uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
|
|
151
151
|
|
|
152
152
|
# - name: Configure Git
|
|
153
153
|
# run: |
|
|
@@ -34,7 +34,7 @@ jobs:
|
|
|
34
34
|
|
|
35
35
|
steps:
|
|
36
36
|
- name: "Checkout code"
|
|
37
|
-
uses: actions/checkout@
|
|
37
|
+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
38
38
|
with:
|
|
39
39
|
persist-credentials: false
|
|
40
40
|
|
|
@@ -57,6 +57,6 @@ jobs:
|
|
|
57
57
|
# Upload the results to GitHub's code scanning dashboard (optional).
|
|
58
58
|
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
|
|
59
59
|
- name: "Upload to code-scanning"
|
|
60
|
-
uses: github/codeql-action/upload-sarif@
|
|
60
|
+
uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|
|
61
61
|
with:
|
|
62
62
|
sarif_file: results.sarif
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
3.13
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.10.
|
|
3
|
+
Version: 1.10.3
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
|
|
@@ -140,7 +140,7 @@ runs:
|
|
|
140
140
|
- name: Set up Python
|
|
141
141
|
uses: actions/setup-python@cfd55ca82492758d853442341ad4d8010466803a # v6.0.0
|
|
142
142
|
with:
|
|
143
|
-
python-version: "
|
|
143
|
+
python-version-file: "${{ github.action_path }}/.python-version"
|
|
144
144
|
|
|
145
145
|
- name: Install uv
|
|
146
146
|
uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.0.0
|
|
@@ -179,12 +179,31 @@ runs:
|
|
|
179
179
|
restore-keys: |
|
|
180
180
|
aws-services-${{ runner.os }}-
|
|
181
181
|
|
|
182
|
-
|
|
182
|
+
# Github actions cache is immutable - once saved with a key, it cannot be updated
|
|
183
|
+
# Attempting to save with an existing key will silently do nothing
|
|
184
|
+
# This is why we need to update the file modification times to prevent unnecessary re-downloads for long running PRs
|
|
185
|
+
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#about-the-cache
|
|
186
|
+
- name: Check cache status and update timestamps
|
|
183
187
|
run: |
|
|
184
188
|
if [ -d ~/.cache/iam-validator/aws_services ]; then
|
|
185
189
|
echo "✅ Cache directory exists"
|
|
186
|
-
|
|
187
|
-
|
|
190
|
+
FILE_COUNT=$(ls -1 ~/.cache/iam-validator/aws_services 2>/dev/null | wc -l)
|
|
191
|
+
echo "📁 Cache files: $FILE_COUNT"
|
|
192
|
+
|
|
193
|
+
if [ "$FILE_COUNT" -gt 0 ]; then
|
|
194
|
+
echo "📋 Sample of cached files:"
|
|
195
|
+
ls -lh ~/.cache/iam-validator/aws_services | head -5
|
|
196
|
+
|
|
197
|
+
# Update file modification times to prevent re-download due to TTL expiration
|
|
198
|
+
# GitHub Actions cache preserves original timestamps, which can cause files
|
|
199
|
+
# to appear expired even though they were just restored from cache
|
|
200
|
+
if [ "${{ steps.cache-aws-services.outputs.cache-hit }}" == "true" ]; then
|
|
201
|
+
echo ""
|
|
202
|
+
echo "🔄 Updating file modification times to prevent unnecessary re-downloads"
|
|
203
|
+
find ~/.cache/iam-validator/aws_services -type f -name "*.json" -exec touch {} +
|
|
204
|
+
echo "✅ Updated timestamps for cache hit"
|
|
205
|
+
fi
|
|
206
|
+
fi
|
|
188
207
|
else
|
|
189
208
|
echo "❌ Cache directory does not exist - will fetch from API"
|
|
190
209
|
fi
|
|
@@ -450,7 +469,10 @@ runs:
|
|
|
450
469
|
shell: bash
|
|
451
470
|
|
|
452
471
|
- name: Save AWS service definitions cache
|
|
453
|
-
if
|
|
472
|
+
# Only save cache if it was not restored (cache miss)
|
|
473
|
+
# GitHub Actions cache is immutable - once saved with a key, it cannot be updated
|
|
474
|
+
# Attempting to save with an existing key will silently do nothing
|
|
475
|
+
if: steps.cache-aws-services.outputs.cache-hit != 'true'
|
|
454
476
|
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
455
477
|
with:
|
|
456
478
|
path: ~/.cache/iam-validator/aws_services
|
|
@@ -1136,6 +1136,30 @@ wildcard_action:
|
|
|
1136
1136
|
|
|
1137
1137
|
**Exception:** Allowed if ALL actions are in the allowed_wildcards list (read-only operations).
|
|
1138
1138
|
|
|
1139
|
+
#### Dual Matching Strategy
|
|
1140
|
+
|
|
1141
|
+
The check uses **two complementary matching strategies** for maximum flexibility:
|
|
1142
|
+
|
|
1143
|
+
**1. Literal Match (Fast Path - no AWS API calls)**
|
|
1144
|
+
- Policy actions match config patterns exactly as strings
|
|
1145
|
+
- Example: Policy `"iam:Get*"` matches config `"iam:Get*"` → ✅ PASS
|
|
1146
|
+
- Performance benefit: No AWS API expansion needed
|
|
1147
|
+
|
|
1148
|
+
**2. Expanded Match (Comprehensive Path - uses AWS API)**
|
|
1149
|
+
- Both policy actions and config patterns expand to actual AWS actions
|
|
1150
|
+
- Example: Policy `"iam:GetUser"` matches config `"iam:Get*"` (expanded) → ✅ PASS
|
|
1151
|
+
- Ensures semantic correctness
|
|
1152
|
+
|
|
1153
|
+
**Supported Scenarios:**
|
|
1154
|
+
|
|
1155
|
+
| Policy Action | Config Pattern | Match Type | Result |
|
|
1156
|
+
| ----------------------- | --------------------- | ---------- | ------ |
|
|
1157
|
+
| `iam:Get*` | `iam:Get*` | Literal | ✅ Pass |
|
|
1158
|
+
| `iam:GetUser` | `iam:Get*` | Expanded | ✅ Pass |
|
|
1159
|
+
| `iam:Get*, iam:List*` | `iam:Get*, iam:List*` | Literal | ✅ Pass |
|
|
1160
|
+
| `iam:Get*, iam:GetUser` | `iam:Get*` | Literal | ✅ Pass |
|
|
1161
|
+
| `iam:Delete*` | `iam:Get*` | None | ❌ Fail |
|
|
1162
|
+
|
|
1139
1163
|
#### Configuration
|
|
1140
1164
|
|
|
1141
1165
|
```yaml
|
|
@@ -1143,10 +1167,17 @@ wildcard_resource:
|
|
|
1143
1167
|
enabled: true
|
|
1144
1168
|
severity: medium
|
|
1145
1169
|
# Actions allowed with Resource: "*" (default from Python module)
|
|
1170
|
+
# Supports BOTH literal matching and pattern expansion
|
|
1146
1171
|
allowed_wildcards:
|
|
1147
|
-
-
|
|
1148
|
-
- "
|
|
1149
|
-
- "
|
|
1172
|
+
# Wildcard patterns - match both literally and expanded
|
|
1173
|
+
- "ec2:Describe*" # Matches: ec2:Describe* OR ec2:DescribeInstances
|
|
1174
|
+
- "s3:List*" # Matches: s3:List* OR s3:ListBucket
|
|
1175
|
+
- "iam:Get*" # Matches: iam:Get* OR iam:GetUser
|
|
1176
|
+
|
|
1177
|
+
# Specific actions - match only via expansion
|
|
1178
|
+
- "iam:GetUser" # Matches: iam:GetUser only
|
|
1179
|
+
- "s3:ListBucket" # Matches: s3:ListBucket only
|
|
1180
|
+
|
|
1150
1181
|
# ... 25 patterns by default
|
|
1151
1182
|
```
|
|
1152
1183
|
|
|
@@ -1165,16 +1196,31 @@ wildcard_resource:
|
|
|
1165
1196
|
**Issue:** `Statement applies to all resources (*)`
|
|
1166
1197
|
**Severity:** `medium`
|
|
1167
1198
|
|
|
1168
|
-
✅ **PASS: Wildcard with
|
|
1199
|
+
✅ **PASS: Wildcard actions with literal match (fast path)**
|
|
1200
|
+
```json
|
|
1201
|
+
{
|
|
1202
|
+
"Statement": [{
|
|
1203
|
+
"Effect": "Allow",
|
|
1204
|
+
"Action": ["iam:Get*", "iam:List*"], // Wildcard actions
|
|
1205
|
+
"Resource": "*" // OK - matches config literally
|
|
1206
|
+
}]
|
|
1207
|
+
}
|
|
1208
|
+
```
|
|
1209
|
+
**Config:** `allowed_wildcards: ["iam:Get*", "iam:List*"]`
|
|
1210
|
+
**Match:** Literal string match (no AWS API call needed)
|
|
1211
|
+
|
|
1212
|
+
✅ **PASS: Specific actions with expanded match**
|
|
1169
1213
|
```json
|
|
1170
1214
|
{
|
|
1171
1215
|
"Statement": [{
|
|
1172
1216
|
"Effect": "Allow",
|
|
1173
|
-
"Action": ["ec2:DescribeInstances", "ec2:DescribeVolumes"], //
|
|
1174
|
-
"Resource": "*" // OK
|
|
1217
|
+
"Action": ["ec2:DescribeInstances", "ec2:DescribeVolumes"], // Specific actions
|
|
1218
|
+
"Resource": "*" // OK - all match when config expands
|
|
1175
1219
|
}]
|
|
1176
1220
|
}
|
|
1177
1221
|
```
|
|
1222
|
+
**Config:** `allowed_wildcards: ["ec2:Describe*"]`
|
|
1223
|
+
**Match:** Config expands to include these specific actions
|
|
1178
1224
|
|
|
1179
1225
|
✅ **PASS: Specific resource**
|
|
1180
1226
|
```json
|
|
@@ -1187,15 +1233,7 @@ wildcard_resource:
|
|
|
1187
1233
|
}
|
|
1188
1234
|
```
|
|
1189
1235
|
|
|
1190
|
-
**
|
|
1191
|
-
```yaml
|
|
1192
|
-
wildcard_resource:
|
|
1193
|
-
allowed_wildcards:
|
|
1194
|
-
- "cloudwatch:Describe*"
|
|
1195
|
-
- "cloudwatch:Get*"
|
|
1196
|
-
- "cloudwatch:List*"
|
|
1197
|
-
# Only these patterns allowed with Resource: "*"
|
|
1198
|
-
```
|
|
1236
|
+
**Performance Tip:** Use exact patterns in both policy and config for fastest validation (literal match path).
|
|
1199
1237
|
|
|
1200
1238
|
---
|
|
1201
1239
|
|
|
@@ -567,19 +567,68 @@ wildcard_action:
|
|
|
567
567
|
# Check for wildcard resources (Resource: "*")
|
|
568
568
|
# Flags statements that apply to all resources
|
|
569
569
|
# Exception: Allowed if ALL actions are in allowed_wildcards list
|
|
570
|
+
#
|
|
571
|
+
# ⚡ DUAL MATCHING STRATEGY:
|
|
572
|
+
# The check uses two complementary matching strategies to maximize flexibility:
|
|
573
|
+
#
|
|
574
|
+
# 1. LITERAL MATCH (Fast Path - no AWS API calls):
|
|
575
|
+
# - Policy actions match config patterns exactly as strings
|
|
576
|
+
# - Example:
|
|
577
|
+
# Config: allowed_wildcards: ["iam:Get*", "iam:List*"]
|
|
578
|
+
# Policy: Action: ["iam:Get*", "iam:List*"], Resource: "*"
|
|
579
|
+
# Result: ✅ PASS (literal string match: "iam:Get*" == "iam:Get*")
|
|
580
|
+
#
|
|
581
|
+
# 2. EXPANDED MATCH (Comprehensive Path - uses AWS API):
|
|
582
|
+
# - Both policy actions and config patterns expand to actual AWS actions
|
|
583
|
+
# - Example:
|
|
584
|
+
# Config: allowed_wildcards: ["iam:Get*"]
|
|
585
|
+
# → expands to ["iam:GetUser", "iam:GetRole", "iam:GetPolicy", ...]
|
|
586
|
+
# Policy: Action: ["iam:GetUser"], Resource: "*"
|
|
587
|
+
# Result: ✅ PASS (iam:GetUser is in expanded list)
|
|
588
|
+
#
|
|
589
|
+
# SUPPORTED SCENARIOS:
|
|
590
|
+
# ┌─────────────────────────┬────────────────────────┬────────────┬────────────┐
|
|
591
|
+
# │ Policy Action │ Config Pattern │ Match Type │ Result │
|
|
592
|
+
# ├─────────────────────────┼────────────────────────┼────────────┼────────────┤
|
|
593
|
+
# │ iam:Get* │ iam:Get* │ Literal │ ✅ Pass │
|
|
594
|
+
# │ iam:GetUser │ iam:Get* │ Expanded │ ✅ Pass │
|
|
595
|
+
# │ iam:Get*, iam:List* │ iam:Get*, iam:List* │ Literal │ ✅ Pass │
|
|
596
|
+
# │ iam:Get*, iam:GetUser │ iam:Get* │ Literal │ ✅ Pass │
|
|
597
|
+
# │ iam:Delete* │ iam:Get* │ None │ ❌ Fail │
|
|
598
|
+
# └─────────────────────────┴────────────────────────┴────────────┴────────────┘
|
|
599
|
+
#
|
|
600
|
+
# PERFORMANCE TIP:
|
|
601
|
+
# - Literal matching is faster (no AWS API expansion)
|
|
602
|
+
# - Use exact patterns in both policy and config for best performance
|
|
603
|
+
#
|
|
570
604
|
wildcard_resource:
|
|
571
605
|
enabled: true
|
|
572
606
|
severity: medium # Security issue: medium severity
|
|
573
607
|
description: "Checks for wildcard resources (*)"
|
|
574
608
|
|
|
575
609
|
# Allowed wildcard patterns for actions that can be used with Resource: "*"
|
|
610
|
+
# Supports BOTH literal matching and pattern expansion via AWS API
|
|
611
|
+
#
|
|
576
612
|
# Defaults are loaded from Python (iam_validator/core/config/wildcards.py)
|
|
577
613
|
# Override here to customize. Default includes describe/get/list patterns for:
|
|
578
614
|
# - autoscaling, cloudwatch, dynamodb, ec2, elb, iam, kms, lambda
|
|
579
615
|
# - logs, rds, route53, s3 (safe operations only), sqs, apigateway
|
|
616
|
+
#
|
|
617
|
+
# Examples:
|
|
580
618
|
# allowed_wildcards:
|
|
581
|
-
#
|
|
582
|
-
# - "
|
|
619
|
+
# # Option 1: Specific wildcard patterns (will match both literally and expanded)
|
|
620
|
+
# - "ec2:Describe*" # Matches: ec2:Describe* (literal) OR ec2:DescribeInstances (expanded)
|
|
621
|
+
# - "s3:List*" # Matches: s3:List* (literal) OR s3:ListBucket (expanded)
|
|
622
|
+
# - "iam:Get*" # Matches: iam:Get* (literal) OR iam:GetUser (expanded)
|
|
623
|
+
#
|
|
624
|
+
# # Option 2: Specific actions (will only match via expansion)
|
|
625
|
+
# - "iam:GetUser" # Only matches: iam:GetUser
|
|
626
|
+
# - "s3:ListBucket" # Only matches: s3:ListBucket
|
|
627
|
+
#
|
|
628
|
+
# # Option 3: Mix both approaches
|
|
629
|
+
# - "ec2:Describe*" # Wildcard pattern
|
|
630
|
+
# - "iam:GetUser" # Specific action
|
|
631
|
+
# - "s3:List*" # Wildcard pattern
|
|
583
632
|
|
|
584
633
|
# Customize validation messages (optional)
|
|
585
634
|
message: "Statement applies to all resources (*)"
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
This file is the single source of truth for the package version.
|
|
4
4
|
"""
|
|
5
5
|
|
|
6
|
-
__version__ = "1.10.
|
|
6
|
+
__version__ = "1.10.3"
|
|
7
7
|
# Parse version, handling pre-release suffixes like -rc, -alpha, -beta
|
|
8
|
-
_version_base = __version__.split("-")[0] # Remove pre-release suffix if present
|
|
8
|
+
_version_base = __version__.split("-", maxsplit=1)[0] # Remove pre-release suffix if present
|
|
9
9
|
__version_info__ = tuple(int(part) for part in _version_base.split("."))
|
|
@@ -39,22 +39,44 @@ class WildcardResourceCheck(PolicyCheck):
|
|
|
39
39
|
# to all matching AWS actions using the AWS API, then checking if the policy's
|
|
40
40
|
# actions are in that expanded list. This ensures only validated AWS actions
|
|
41
41
|
# are allowed with Resource: "*".
|
|
42
|
+
allowed_wildcards_config = config.config.get("allowed_wildcards", [])
|
|
42
43
|
allowed_wildcards_expanded = await self._get_expanded_allowed_wildcards(config, fetcher)
|
|
43
44
|
|
|
44
45
|
# Check if ALL actions (excluding full wildcard "*") are in the expanded list
|
|
45
46
|
non_wildcard_actions = [a for a in actions if a != "*"]
|
|
46
47
|
|
|
47
|
-
if allowed_wildcards_expanded and non_wildcard_actions:
|
|
48
|
-
#
|
|
49
|
-
|
|
50
|
-
|
|
48
|
+
if (allowed_wildcards_config or allowed_wildcards_expanded) and non_wildcard_actions:
|
|
49
|
+
# Strategy 1: Check literal pattern match (fast path)
|
|
50
|
+
# If policy action matches config pattern literally, allow it
|
|
51
|
+
# Example: Policy has "iam:Get*", config has "iam:Get*" -> match
|
|
52
|
+
all_actions_allowed_literal = all(
|
|
53
|
+
action in allowed_wildcards_config for action in non_wildcard_actions
|
|
51
54
|
)
|
|
52
55
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
# All actions are safe, Resource: "*" is acceptable
|
|
56
|
+
if all_actions_allowed_literal:
|
|
57
|
+
# All actions match literally, Resource: "*" is acceptable
|
|
56
58
|
return issues
|
|
57
59
|
|
|
60
|
+
# Strategy 2: Check expanded pattern match (comprehensive path)
|
|
61
|
+
# Expand both policy actions and config patterns, then compare
|
|
62
|
+
# Example: Policy has "iam:Get*" -> ["iam:GetUser", ...],
|
|
63
|
+
# config has "iam:Get*" -> ["iam:GetUser", ...] -> all match
|
|
64
|
+
if allowed_wildcards_expanded:
|
|
65
|
+
expanded_statement_actions = await expand_wildcard_actions(
|
|
66
|
+
non_wildcard_actions, fetcher
|
|
67
|
+
)
|
|
68
|
+
|
|
69
|
+
# Check if all expanded actions are in the expanded allowed list (exact match)
|
|
70
|
+
all_actions_allowed_expanded = all(
|
|
71
|
+
action in allowed_wildcards_expanded
|
|
72
|
+
for action in expanded_statement_actions
|
|
73
|
+
)
|
|
74
|
+
|
|
75
|
+
# If all actions are in the expanded list, skip the wildcard resource warning
|
|
76
|
+
if all_actions_allowed_expanded:
|
|
77
|
+
# All actions are safe, Resource: "*" is acceptable
|
|
78
|
+
return issues
|
|
79
|
+
|
|
58
80
|
# Flag the issue if actions are not all allowed or no allowed_wildcards configured
|
|
59
81
|
message = config.config.get(
|
|
60
82
|
"message", 'Statement applies to all resources `"*"` (wildcard resource).'
|
|
@@ -233,8 +233,16 @@ class AWSServiceFetcher:
|
|
|
233
233
|
await self._cache.set(services_cache_key, loaded_services)
|
|
234
234
|
return loaded_services
|
|
235
235
|
|
|
236
|
-
# Not in parsed cache,
|
|
237
|
-
data = await self.
|
|
236
|
+
# Not in parsed cache, check disk cache then fetch from API
|
|
237
|
+
data = await self._cache.get(
|
|
238
|
+
f"raw:{self.BASE_URL}", url=self.BASE_URL, base_url=self.BASE_URL
|
|
239
|
+
)
|
|
240
|
+
if data is None:
|
|
241
|
+
data = await self._client.fetch(self.BASE_URL)
|
|
242
|
+
# Cache the raw data
|
|
243
|
+
await self._cache.set(
|
|
244
|
+
f"raw:{self.BASE_URL}", data, url=self.BASE_URL, base_url=self.BASE_URL
|
|
245
|
+
)
|
|
238
246
|
|
|
239
247
|
if not isinstance(data, list):
|
|
240
248
|
raise ValueError("Expected list of services from root endpoint")
|
|
@@ -247,7 +255,7 @@ class AWSServiceFetcher:
|
|
|
247
255
|
if service and url:
|
|
248
256
|
services.append(ServiceInfo(service=str(service), url=str(url)))
|
|
249
257
|
|
|
250
|
-
# Cache the parsed services list (memory only
|
|
258
|
+
# Cache the parsed services list (memory only)
|
|
251
259
|
await self._cache.set(services_cache_key, services)
|
|
252
260
|
|
|
253
261
|
# Log only on first fetch (when parsed cache was empty)
|
|
@@ -312,13 +320,22 @@ class AWSServiceFetcher:
|
|
|
312
320
|
|
|
313
321
|
for service in services:
|
|
314
322
|
if service.service.lower() == service_name_lower:
|
|
315
|
-
#
|
|
316
|
-
data = await self.
|
|
323
|
+
# Check disk cache first, then fetch from API
|
|
324
|
+
data = await self._cache.get(
|
|
325
|
+
f"raw:{service.url}", url=service.url, base_url=self.BASE_URL
|
|
326
|
+
)
|
|
327
|
+
if data is None:
|
|
328
|
+
# Fetch service detail from API
|
|
329
|
+
data = await self._client.fetch(service.url)
|
|
330
|
+
# Cache the raw data
|
|
331
|
+
await self._cache.set(
|
|
332
|
+
f"raw:{service.url}", data, url=service.url, base_url=self.BASE_URL
|
|
333
|
+
)
|
|
317
334
|
|
|
318
335
|
# Validate and parse
|
|
319
336
|
service_detail = ServiceDetail.model_validate(data)
|
|
320
337
|
|
|
321
|
-
# Cache with service name as key (memory only
|
|
338
|
+
# Cache with service name as key (memory only)
|
|
322
339
|
await self._cache.set(cache_key, service_detail)
|
|
323
340
|
|
|
324
341
|
return service_detail
|
|
@@ -550,7 +567,7 @@ class AWSServiceFetcher:
|
|
|
550
567
|
if action_pattern in ("*", "*:*"):
|
|
551
568
|
return ["*"]
|
|
552
569
|
|
|
553
|
-
service_prefix,
|
|
570
|
+
service_prefix, _ = self._parser.parse_action(action_pattern)
|
|
554
571
|
service_detail = await self.fetch_service_by_name(service_prefix)
|
|
555
572
|
available = list(service_detail.actions.keys())
|
|
556
573
|
return self._parser.expand_wildcard_to_actions(action_pattern, available, service_prefix)
|
|
@@ -94,9 +94,7 @@ class ServiceValidator:
|
|
|
94
94
|
if not allow_wildcards:
|
|
95
95
|
return False, "Wildcard actions are not allowed", True
|
|
96
96
|
|
|
97
|
-
has_matches,
|
|
98
|
-
action_name, available_actions
|
|
99
|
-
)
|
|
97
|
+
has_matches, _ = self._parser.match_wildcard_action(action_name, available_actions)
|
|
100
98
|
|
|
101
99
|
if has_matches:
|
|
102
100
|
# Wildcard is valid and matches at least one action
|
|
@@ -161,7 +159,7 @@ class ServiceValidator:
|
|
|
161
159
|
get_global_conditions,
|
|
162
160
|
)
|
|
163
161
|
|
|
164
|
-
|
|
162
|
+
_, action_name = self._parser.parse_action(action)
|
|
165
163
|
|
|
166
164
|
# Check if it's a global condition key
|
|
167
165
|
is_global_key = False
|
|
@@ -323,7 +321,7 @@ class ServiceValidator:
|
|
|
323
321
|
>>> resources = validator.get_resources_for_action("s3:GetObject", service)
|
|
324
322
|
"""
|
|
325
323
|
try:
|
|
326
|
-
_, action_name = self._parser.parse_action(action)
|
|
324
|
+
_, action_name = self._parser.parse_action(action) # pylint: disable=unused-variable
|
|
327
325
|
|
|
328
326
|
# Find the action (case-insensitive)
|
|
329
327
|
action_detail = service_detail.actions.get(action_name)
|
{iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/core/config/defaults.py
RENAMED
|
@@ -344,13 +344,41 @@ DEFAULT_CONFIG = {
|
|
|
344
344
|
# Check for wildcard resources (Resource: "*")
|
|
345
345
|
# Flags statements that apply to all resources
|
|
346
346
|
# Exception: Allowed if ALL actions are in allowed_wildcards list
|
|
347
|
+
#
|
|
348
|
+
# DUAL MATCHING STRATEGY:
|
|
349
|
+
# The check uses two complementary matching strategies for maximum flexibility:
|
|
350
|
+
#
|
|
351
|
+
# 1. LITERAL MATCH (Fast Path - no AWS API calls):
|
|
352
|
+
# Policy actions match config patterns exactly as strings
|
|
353
|
+
# Example: Policy "iam:Get*" matches config "iam:Get*" → PASS
|
|
354
|
+
#
|
|
355
|
+
# 2. EXPANDED MATCH (Comprehensive Path - uses AWS API):
|
|
356
|
+
# Both policy actions and config patterns expand to actual AWS actions
|
|
357
|
+
# Example: Policy "iam:GetUser" matches config "iam:Get*" (expanded) → PASS
|
|
358
|
+
#
|
|
359
|
+
# SUPPORTED SCENARIOS:
|
|
360
|
+
# Policy Action Config Pattern Match Type Result
|
|
361
|
+
# iam:Get* iam:Get* Literal ✅ Pass
|
|
362
|
+
# iam:GetUser iam:Get* Expanded ✅ Pass
|
|
363
|
+
# iam:Get*, iam:List* iam:Get*, iam:List* Literal ✅ Pass
|
|
364
|
+
# iam:Get*, iam:GetUser iam:Get* Literal ✅ Pass
|
|
365
|
+
# iam:Delete* iam:Get* None ❌ Fail
|
|
366
|
+
#
|
|
367
|
+
# PERFORMANCE TIP: Literal matching is faster (no AWS API expansion)
|
|
347
368
|
"wildcard_resource": {
|
|
348
369
|
"enabled": True,
|
|
349
370
|
"severity": "medium", # Security issue
|
|
350
371
|
"description": "Checks for wildcard resources (*)",
|
|
351
372
|
# Allowed wildcard patterns for actions that can be used with Resource: "*"
|
|
373
|
+
# Supports BOTH literal matching and pattern expansion via AWS API
|
|
374
|
+
#
|
|
352
375
|
# Default: 25 read-only patterns (Describe*, List*, Get*)
|
|
353
376
|
# See: iam_validator/core/config/wildcards.py
|
|
377
|
+
#
|
|
378
|
+
# Examples:
|
|
379
|
+
# ["ec2:Describe*"] # Matches: ec2:Describe* (literal) OR ec2:DescribeInstances (expanded)
|
|
380
|
+
# ["iam:GetUser"] # Matches: iam:GetUser only
|
|
381
|
+
# ["s3:List*"] # Matches: s3:List* (literal) OR s3:ListBucket (expanded)
|
|
354
382
|
"allowed_wildcards": list(DEFAULT_ALLOWED_WILDCARDS),
|
|
355
383
|
"message": "Statement applies to all resources (*)",
|
|
356
384
|
"suggestion": "Replace wildcard with specific resource ARNs",
|
{iam_policy_validator-1.10.1 → iam_policy_validator-1.10.3}/iam_validator/sdk/policy_utils.py
RENAMED
|
@@ -199,7 +199,7 @@ def extract_condition_keys(policy: IAMPolicy) -> list[str]:
|
|
|
199
199
|
for stmt in policy.statement:
|
|
200
200
|
if stmt.condition:
|
|
201
201
|
# Condition format: {"StringEquals": {"aws:username": "johndoe"}}
|
|
202
|
-
for
|
|
202
|
+
for _, key_values in stmt.condition.items():
|
|
203
203
|
if isinstance(key_values, dict):
|
|
204
204
|
condition_keys.update(key_values.keys())
|
|
205
205
|
|
|
@@ -225,7 +225,7 @@ def find_statements_with_action(policy: IAMPolicy, action: str) -> list[Statemen
|
|
|
225
225
|
>>> for stmt in stmts:
|
|
226
226
|
... print(f"Statement {stmt.sid} allows s3:GetObject")
|
|
227
227
|
"""
|
|
228
|
-
import fnmatch
|
|
228
|
+
import fnmatch # pylint: disable=import-outside-toplevel
|
|
229
229
|
|
|
230
230
|
matching_statements = []
|
|
231
231
|
|
|
@@ -262,7 +262,7 @@ def find_statements_with_resource(policy: IAMPolicy, resource: str) -> list[Stat
|
|
|
262
262
|
>>> stmts = find_statements_with_resource(policy, "arn:aws:s3:::my-bucket/*")
|
|
263
263
|
>>> print(f"Found {len(stmts)} statements with this resource")
|
|
264
264
|
"""
|
|
265
|
-
import fnmatch
|
|
265
|
+
import fnmatch # pylint: disable=import-outside-toplevel
|
|
266
266
|
|
|
267
267
|
matching_statements = []
|
|
268
268
|
|