iam-policy-validator 1.11.0__tar.gz → 1.12.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/PKG-INFO +1 -1
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/full-reference-config.yaml +10 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/__version__.py +1 -1
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/action_condition_enforcement.py +62 -1
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/completion.py +114 -67
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_action_condition_enforcement.py +102 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/dependabot.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/ci.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/cleanup-prereleases.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/codeql.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/pre-release.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/release.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/scorecard.yml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.gitignore +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.python-version +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/CONTRIBUTING.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/DOCS.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/LICENSE +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/Makefile +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/SECURITY.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/action.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/_manifest.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/_services.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/a2c.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/a4b.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/access-analyzer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/acm-pca.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/acm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/action-recommendations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/activate.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aiops.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/airflow.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/amplify.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/amplifybackend.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/amplifyuibuilder.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aoss.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/apigateway.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/app-integrations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appconfig.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appfabric.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appflow.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/application-autoscaling.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/application-signals.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/application-transformation.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/applicationinsights.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appmesh-preview.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appmesh.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/apprunner.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appstream.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appstudio.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appsync.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/apptest.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aps.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/arc-region-switch.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/arc-zonal-shift.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/arsenal.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/artifact.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/athena.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/auditmanager.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/autoscaling-plans.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/autoscaling.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aws-marketplace-management.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aws-marketplace.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/aws-portal.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/awsconnector.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/b2bi.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/backup-gateway.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/backup-search.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/backup-storage.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/backup.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/batch.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bcm-dashboards.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bcm-data-exports.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bcm-pricing-calculator.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bcm-recommended-actions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bedrock-agentcore.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bedrock.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/billing.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/billingconductor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/braket.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/budgets.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/bugbust.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cases.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cassandra.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ce.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/chatbot.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/chime.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cleanrooms-ml.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cleanrooms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloud9.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/clouddirectory.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudformation.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudfront-keyvaluestore.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudfront.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudhsm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudsearch.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudshell.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudtrail-data.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudtrail.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cloudwatch.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeartifact.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codebuild.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codecatalyst.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codecommit.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeconnections.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codedeploy-commands-secure.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codedeploy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeguru-profiler.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeguru-reviewer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeguru-security.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codeguru.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codepipeline.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codestar-connections.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codestar-notifications.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codestar.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/codewhisperer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cognito-identity.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cognito-idp.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cognito-sync.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/comprehend.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/comprehendmedical.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/compute-optimizer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/config.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/connect-campaigns.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/connect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/consoleapp.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/consolidatedbilling.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/controlcatalog.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/controltower.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cost-optimization-hub.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/cur.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/customer-verification.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/databrew.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dataexchange.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/datapipeline.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/datasync.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/datazone.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dax.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dbqms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/deadline.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/deepcomposer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/deepracer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/detective.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/devicefarm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/devops-guru.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/directconnect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/discovery.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dlm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/docdb-elastic.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/drs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ds-data.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ds.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dsql.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/dynamodb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ebs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ec2-instance-connect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ec2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ec2messages.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ecr-public.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ecr.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ecs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/eks-auth.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/eks.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elasticache.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elasticbeanstalk.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elasticfilesystem.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elasticloadbalancing.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elasticmapreduce.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elastictranscoder.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elemental-activations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elemental-appliances-software.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elemental-support-cases.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/elemental-support-content.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/emr-containers.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/emr-serverless.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/entityresolution.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/es.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/events.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/evidently.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/evs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/execute-api.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/finspace-api.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/finspace.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/firehose.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/fis.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/fms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/forecast.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/frauddetector.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/freertos.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/freetier.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/fsx.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/gamelift.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/gameliftstreams.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/geo-maps.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/geo-places.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/geo-routes.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/geo.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/glacier.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/globalaccelerator.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/glue.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/grafana.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/greengrass.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/groundstation.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/groundtruthlabeling.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/guardduty.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/health.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/healthlake.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/honeycode.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iam.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/identity-sync.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/identitystore-auth.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/identitystore.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/imagebuilder.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/importexport.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/inspector-scan.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/inspector.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/inspector2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/internetmonitor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/invoicing.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iot-device-tester.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iot.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotanalytics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotdeviceadvisor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotevents.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotfleethub.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotfleetwise.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotjobsdata.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotmanagedintegrations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotsitewise.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iottwinmaker.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iotwireless.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iq-permission.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/iq.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ivs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ivschat.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kafka-cluster.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kafka.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kafkaconnect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kendra-ranking.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kendra.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kinesis.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kinesisanalytics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kinesisvideo.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/kms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lakeformation.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lambda.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/launchwizard.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lex.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/license-manager-linux-subscriptions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/license-manager-user-subscriptions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/license-manager.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lightsail.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/logs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lookoutequipment.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lookoutmetrics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/lookoutvision.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/m2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/machinelearning.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/macie2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/managedblockchain-query.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/managedblockchain.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mapcredits.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/marketplacecommerceanalytics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mechanicalturk.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediaconnect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediaconvert.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediaimport.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/medialive.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediapackage-vod.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediapackage.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediapackagev2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediastore.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mediatailor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/medical-imaging.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/memorydb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mgh.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mgn.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/migrationhub-orchestrator.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/migrationhub-strategy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mobileanalytics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mobiletargeting.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/monitron.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mpa.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/mq.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/neptune-db.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/neptune-graph.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/network-firewall.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/network-security-director.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/networkflowmonitor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/networkmanager-chat.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/networkmanager.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/networkmonitor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/nimble.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/notifications-contacts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/notifications.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/oam.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/observabilityadmin.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/odb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/omics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/one.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/opensearch.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/opsworks-cm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/opsworks.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/organizations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/osis.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/outposts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/panorama.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/partnercentral-account-management.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/partnercentral.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/payment-cryptography.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/payments.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pca-connector-ad.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pca-connector-scep.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pcs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/personalize.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pi.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pipes.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/polly.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/pricing.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/private-networks.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/profile.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/proton.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/purchase-orders.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/q.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/qapps.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/qbusiness.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/qdeveloper.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/qldb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/quicksight.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ram.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rbin.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rds-data.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rds-db.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rds.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/redshift-data.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/redshift-serverless.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/redshift.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/refactor-spaces.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rekognition.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/repostspace.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/resiliencehub.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/resource-explorer-2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/resource-explorer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/resource-groups.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rhelkb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/robomaker.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rolesanywhere.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53-recovery-cluster.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53-recovery-control-config.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53-recovery-readiness.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53domains.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53profiles.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/route53resolver.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rtbfabric.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/rum.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3-object-lambda.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3-outposts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3express.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3tables.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/s3vectors.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sagemaker-data-science-assistant.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sagemaker-geospatial.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sagemaker-mlflow.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sagemaker.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/savingsplans.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/scheduler.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/schemas.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/scn.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sdb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/secretsmanager.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/security-ir.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/securityhub.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/securitylake.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/serverlessrepo.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/servicecatalog.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/servicediscovery.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/serviceextract.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/servicequotas.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ses.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/shield.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/signer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/signin.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/simspaceweaver.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sms-voice.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sms.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/snow-device-management.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/snowball.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sns.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/social-messaging.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sqlworkbench.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sqs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm-contacts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm-guiconnect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm-incidents.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm-quicksetup.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm-sap.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssm.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ssmmessages.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sso-directory.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sso-oauth.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sso.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/states.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/storagegateway.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/support-console.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/support.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/supportapp.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/supportplans.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/sustainability.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/swf.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/synthetics.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/tag.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/tax.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/textract.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/thinclient.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/timestream-influxdb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/timestream.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/tiros.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/tnb.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/transcribe.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/transfer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/transform.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/translate.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/trustedadvisor.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/ts.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/user-subscriptions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/uxc.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/vendor-insights.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/verified-access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/verifiedpermissions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/voiceid.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/vpc-lattice-svcs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/vpc-lattice.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/vpce.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/waf-regional.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/waf.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/wafv2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/wam.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/wellarchitected.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/wickr.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/wisdom.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workdocs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/worklink.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workmail.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workmailmessageflow.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workspaces-instances.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workspaces-web.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/workspaces.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/xray.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/ROADMAP.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/SDK.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/aws-api-configuration.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/aws-services-backup.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/check-reference.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/condition-requirements.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/configuration.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/custom-checks.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/development/PUBLISHING.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/development/pre-release-guide.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/github-actions-examples.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/github-actions-workflows.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/modular-configuration.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/privilege-escalation.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/python-library-usage.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/query-command.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/shell-completion.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/docs/smart-filtering.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/access-analyzer/example1.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/access-analyzer/example2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/github-labels-config.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/minimal-validation-config.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/offline-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/policy-level-condition-enforcement-config.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/configs/strict-security.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/cross_account_external_id_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/domain_restriction_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/encryption_required_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/mfa_required_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/region_restriction_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/tag_enforcement_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/custom_checks/time_based_access_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/access-analyzer-only.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/basic-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/custom-policy-checks.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/multi-region-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/resource-policy-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/sarif-code-scanning.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/sequential-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/two-step-validation.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/github-actions/validate-changed-files.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/terraform-template-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/correct-condition-wrong-key.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/iam-test-policies/wrong_actions_mismatch/typo-condition-field.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/example1_basic_usage.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/example2_config_file.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/example3_programmatic_config.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/example4_custom_condition_requirements.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/example5_query_aws_services.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/policies/my-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/policies/policy1.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/library-usage/policies/policy2.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/query-examples.sh +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/quick-start/lambda-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/quick-start/s3-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/quick-start/user-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/INVALID-wrong-principal-type.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/cross-account-trust-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/github-actions-oidc-trust-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/lambda-service-role-trust-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/examples/trust-policies/saml-federated-trust-policy.json +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/__main__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/action_resource_matching.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/action_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/condition_key_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/full_wildcard.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/mfa_condition_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/policy_size.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/policy_structure.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/policy_type_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/principal_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/resource_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/sensitive_action.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/service_wildcard.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/set_operator_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/sid_uniqueness.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/trust_policy_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/utils/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/utils/policy_level_checks.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/wildcard_action.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/checks/wildcard_resource.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/analyze.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/base.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/cache.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/download_services.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/post_to_pr.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/query.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/validate.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/access_analyzer.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/access_analyzer_report.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_fetcher.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/cache.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/client.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/fetcher.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/parsers.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/patterns.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/storage.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/aws_service/validators.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/check_registry.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/cli.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/condition_validators.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/aws_api.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/aws_global_conditions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/category_suggestions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/condition_requirements.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/config_loader.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/defaults.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/principal_requirements.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/sensitive_actions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/service_principals.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/config/wildcards.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/constants.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/diff_parser.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/base.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/console.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/csv.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/enhanced.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/html.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/json.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/markdown.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/formatters/sarif.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/ignore_patterns.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/label_manager.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/models.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/policy_checks.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/policy_loader.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/pr_commenter.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/core/report.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/integrations/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/integrations/github_integration.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/integrations/ms_teams.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/arn_matching.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/context.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/exceptions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/helpers.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/policy_utils.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/query_utils.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/sdk/shortcuts.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/utils/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/utils/cache.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/utils/regex.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/utils/terminal.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/pyproject.toml +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/scripts/download_aws_services.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/scripts/sync_defaults_from_yaml.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/README.md +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_action_validation_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_aws_global_conditions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_condition_key_validation_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_custom_policy_checks.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_full_wildcard_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_mfa_condition_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_policy_size_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_principal_validation_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_resource_validation_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_sensitive_action_filtering.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_sensitive_action_suggestions.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_sensitive_action_wildcard_expansion.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_service_principal_wildcard.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_service_wildcard_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_sid_uniqueness_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_wildcard_action_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/checks/test_wildcard_resource_check.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/commands/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/commands/test_completion_command.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/commands/test_query_command.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/config/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/config/test_config_loader.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_action_condition_enforcement_policy_level.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_action_resource_matching.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_aws_api_config.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_aws_fetcher_wildcards.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_check_id_in_comments.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_check_id_injection.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_check_registry.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_comment_truncation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_diff_parser.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_ignore_patterns.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_models.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_multipart_comments.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_policy_loader.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_policy_type_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_pr_commenter_diff_filtering.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_regex_utils.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_set_operator_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_trust_policy_detection.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_trust_policy_multiple_statements.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_trust_policy_oidc_aud_required.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/core/test_trust_policy_validation.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/integrations/__init__.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/tests/integrations/test_label_manager.py +0 -0
- {iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.12.0
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
|
|
@@ -38,6 +38,11 @@
|
|
|
38
38
|
# Every check supports ignore_patterns to filter specific findings while keeping
|
|
39
39
|
# the check enabled. This is more flexible than disabling checks entirely.
|
|
40
40
|
#
|
|
41
|
+
# LEVELS OF IGNORE PATTERNS:
|
|
42
|
+
# 1. Check-level: Applied to ALL requirements/findings in the check
|
|
43
|
+
# 2. Requirement-level: Applied to SPECIFIC requirements only
|
|
44
|
+
# (Currently supported in: action_condition_enforcement)
|
|
45
|
+
#
|
|
41
46
|
# Pattern Matching Logic:
|
|
42
47
|
# - Multiple fields in ONE pattern = AND logic (all must match)
|
|
43
48
|
# - Multiple patterns = OR logic (any pattern matches → ignore)
|
|
@@ -861,6 +866,11 @@ action_condition_enforcement:
|
|
|
861
866
|
# "iam:PermissionsBoundary": "arn:aws:iam::123456789012:policy/XCompanyBoundaries"
|
|
862
867
|
# }
|
|
863
868
|
# }
|
|
869
|
+
# # Per-requirement ignore_patterns: Skip this requirement for specific files
|
|
870
|
+
# # This allows fine-grained control - other requirements still apply to these files
|
|
871
|
+
# ignore_patterns:
|
|
872
|
+
# # OpenID roles enforce permission boundary by default, so don't validate it
|
|
873
|
+
# - filepath: ".*modules//?iam-openid.*"
|
|
864
874
|
#
|
|
865
875
|
# # S3 write operations - Require organization ID
|
|
866
876
|
# - actions:
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
This file is the single source of truth for the package version.
|
|
4
4
|
"""
|
|
5
5
|
|
|
6
|
-
__version__ = "1.
|
|
6
|
+
__version__ = "1.12.0"
|
|
7
7
|
# Parse version, handling pre-release suffixes like -rc, -alpha, -beta
|
|
8
8
|
_version_base = __version__.split("-", maxsplit=1)[0] # Remove pre-release suffix if present
|
|
9
9
|
__version_info__ = tuple(int(part) for part in _version_base.split("."))
|
|
@@ -125,6 +125,22 @@ Configuration in iam-validator.yaml:
|
|
|
125
125
|
- "iam:DeleteUser"
|
|
126
126
|
- "s3:DeleteBucket"
|
|
127
127
|
description: "These dangerous actions should never be used"
|
|
128
|
+
|
|
129
|
+
# Per-requirement ignore_patterns: Skip specific requirements for certain files/actions
|
|
130
|
+
- actions:
|
|
131
|
+
- "iam:CreateRole"
|
|
132
|
+
- "iam:PutRolePolicy"
|
|
133
|
+
- "iam:AttachRolePolicy"
|
|
134
|
+
required_conditions:
|
|
135
|
+
- condition_key: "iam:PermissionsBoundary"
|
|
136
|
+
description: "Require permissions boundary for IAM operations"
|
|
137
|
+
ignore_patterns:
|
|
138
|
+
# Ignore this requirement for iam-openid modules (they enforce boundary by default)
|
|
139
|
+
- filepath_regex: ".*modules//?iam-openid.*"
|
|
140
|
+
|
|
141
|
+
Note: ignore_patterns can be specified at TWO levels:
|
|
142
|
+
1. Check-level (applies to ALL requirements): Useful for broad exclusions
|
|
143
|
+
2. Requirement-level (applies to ONE requirement): Useful for fine-grained control
|
|
128
144
|
"""
|
|
129
145
|
|
|
130
146
|
import re
|
|
@@ -132,6 +148,7 @@ from typing import TYPE_CHECKING, Any, ClassVar
|
|
|
132
148
|
|
|
133
149
|
from iam_validator.core.aws_service import AWSServiceFetcher
|
|
134
150
|
from iam_validator.core.check_registry import CheckConfig, PolicyCheck
|
|
151
|
+
from iam_validator.core.ignore_patterns import IgnorePatternMatcher
|
|
135
152
|
from iam_validator.core.models import Statement, ValidationIssue
|
|
136
153
|
from iam_validator.utils.regex import compile_and_cache
|
|
137
154
|
|
|
@@ -181,7 +198,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
181
198
|
Returns:
|
|
182
199
|
List of ValidationIssue objects found by this check
|
|
183
200
|
"""
|
|
184
|
-
del
|
|
201
|
+
del kwargs # Not used in current implementation
|
|
185
202
|
issues = []
|
|
186
203
|
|
|
187
204
|
# Get action condition requirements from config
|
|
@@ -211,16 +228,60 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
211
228
|
if uses_logical_operators:
|
|
212
229
|
# Policy-wide detection (all_of/any_of/none_of)
|
|
213
230
|
policy_issues = await self._check_policy_wide(policy, requirement, fetcher, config)
|
|
231
|
+
# Filter by requirement-level ignore_patterns
|
|
232
|
+
policy_issues = self._filter_requirement_issues(
|
|
233
|
+
policy_issues, requirement.get("ignore_patterns", []), policy_file
|
|
234
|
+
)
|
|
214
235
|
issues.extend(policy_issues)
|
|
215
236
|
else:
|
|
216
237
|
# Per-statement check (simple list)
|
|
217
238
|
statement_issues = await self._check_per_statement(
|
|
218
239
|
policy, requirement, fetcher, config
|
|
219
240
|
)
|
|
241
|
+
# Filter by requirement-level ignore_patterns
|
|
242
|
+
statement_issues = self._filter_requirement_issues(
|
|
243
|
+
statement_issues, requirement.get("ignore_patterns", []), policy_file
|
|
244
|
+
)
|
|
220
245
|
issues.extend(statement_issues)
|
|
221
246
|
|
|
222
247
|
return issues
|
|
223
248
|
|
|
249
|
+
def _filter_requirement_issues(
|
|
250
|
+
self,
|
|
251
|
+
issues: list[ValidationIssue],
|
|
252
|
+
ignore_patterns: list[dict[str, Any]],
|
|
253
|
+
filepath: str,
|
|
254
|
+
) -> list[ValidationIssue]:
|
|
255
|
+
"""
|
|
256
|
+
Filter issues based on requirement-level ignore patterns.
|
|
257
|
+
|
|
258
|
+
This allows each requirement within action_condition_enforcement to have its own
|
|
259
|
+
ignore patterns, enabling fine-grained control over which findings to suppress.
|
|
260
|
+
|
|
261
|
+
Args:
|
|
262
|
+
issues: List of validation issues to filter
|
|
263
|
+
ignore_patterns: List of ignore pattern dictionaries for this requirement
|
|
264
|
+
filepath: Path to the policy file being checked
|
|
265
|
+
|
|
266
|
+
Returns:
|
|
267
|
+
Filtered list of issues (issues matching ignore patterns are removed)
|
|
268
|
+
|
|
269
|
+
Example:
|
|
270
|
+
A requirement can ignore specific files while other requirements check them:
|
|
271
|
+
- actions: ["iam:CreateRole"]
|
|
272
|
+
required_conditions: [...]
|
|
273
|
+
ignore_patterns:
|
|
274
|
+
- filepath_regex: ".*modules/iam-openid.*"
|
|
275
|
+
"""
|
|
276
|
+
if not ignore_patterns:
|
|
277
|
+
return issues
|
|
278
|
+
|
|
279
|
+
return [
|
|
280
|
+
issue
|
|
281
|
+
for issue in issues
|
|
282
|
+
if not IgnorePatternMatcher.should_ignore_issue(issue, filepath, ignore_patterns)
|
|
283
|
+
]
|
|
284
|
+
|
|
224
285
|
async def _check_policy_wide(
|
|
225
286
|
self,
|
|
226
287
|
policy: "IAMPolicy",
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/iam_validator/commands/completion.py
RENAMED
|
@@ -135,7 +135,7 @@ _iam_validator_completion() {{
|
|
|
135
135
|
prev="${{COMP_WORDS[COMP_CWORD-1]}}"
|
|
136
136
|
|
|
137
137
|
# Main commands
|
|
138
|
-
local commands="validate post-to-pr analyze cache
|
|
138
|
+
local commands="validate post-to-pr analyze cache sync-services query completion"
|
|
139
139
|
|
|
140
140
|
# Get the command (first non-option argument)
|
|
141
141
|
local cmd=""
|
|
@@ -215,6 +215,7 @@ _iam_validator_completion() {{
|
|
|
215
215
|
fi
|
|
216
216
|
|
|
217
217
|
# Complete options for query subcommands
|
|
218
|
+
local opts=""
|
|
218
219
|
case "$query_subcmd" in
|
|
219
220
|
action)
|
|
220
221
|
opts="--service --name --access-level --resource-type --condition --output"
|
|
@@ -226,7 +227,23 @@ _iam_validator_completion() {{
|
|
|
226
227
|
opts="--service --name --output"
|
|
227
228
|
;;
|
|
228
229
|
esac
|
|
229
|
-
|
|
230
|
+
|
|
231
|
+
# Filter out already used options
|
|
232
|
+
local used_opts=""
|
|
233
|
+
for ((i=2; i<COMP_CWORD; i++)); do
|
|
234
|
+
if [[ ${{COMP_WORDS[i]}} == --* ]]; then
|
|
235
|
+
used_opts="$used_opts ${{COMP_WORDS[i]}}"
|
|
236
|
+
fi
|
|
237
|
+
done
|
|
238
|
+
|
|
239
|
+
local available_opts=""
|
|
240
|
+
for opt in $opts; do
|
|
241
|
+
if [[ ! " $used_opts " =~ " $opt " ]]; then
|
|
242
|
+
available_opts="$available_opts $opt"
|
|
243
|
+
fi
|
|
244
|
+
done
|
|
245
|
+
|
|
246
|
+
COMPREPLY=( $(compgen -W "$available_opts" -- "$cur") )
|
|
230
247
|
return 0
|
|
231
248
|
;;
|
|
232
249
|
validate)
|
|
@@ -234,18 +251,36 @@ _iam_validator_completion() {{
|
|
|
234
251
|
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
|
|
235
252
|
return 0
|
|
236
253
|
;;
|
|
254
|
+
post-to-pr)
|
|
255
|
+
opts="--report -r --create-review --no-review --add-summary --no-summary --config -c"
|
|
256
|
+
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
|
|
257
|
+
return 0
|
|
258
|
+
;;
|
|
237
259
|
analyze)
|
|
238
|
-
opts="--policy --format --output"
|
|
260
|
+
opts="--path -p --policy-type -t --region --profile --format -f --output -o --no-recursive --fail-on-warnings --github-comment --github-review --github-summary --run-all-checks --check-access-not-granted --check-access-resources --check-no-new-access --check-no-public-access --public-access-resource-type --verbose -v"
|
|
239
261
|
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
|
|
240
262
|
return 0
|
|
241
263
|
;;
|
|
242
264
|
cache)
|
|
243
|
-
|
|
244
|
-
|
|
265
|
+
# Check if we need to complete the cache subcommand
|
|
266
|
+
local cache_subcmd=""
|
|
267
|
+
for ((i=2; i<COMP_CWORD; i++)); do
|
|
268
|
+
if [[ ${{COMP_WORDS[i]}} =~ ^(info|list|clear|refresh|prefetch|location)$ ]]; then
|
|
269
|
+
cache_subcmd=${{COMP_WORDS[i]}}
|
|
270
|
+
break
|
|
271
|
+
fi
|
|
272
|
+
done
|
|
273
|
+
|
|
274
|
+
if [[ -z "$cache_subcmd" ]]; then
|
|
275
|
+
# Complete cache subcommand
|
|
276
|
+
COMPREPLY=( $(compgen -W "info list clear refresh prefetch location" -- "$cur") )
|
|
277
|
+
return 0
|
|
278
|
+
fi
|
|
279
|
+
# Cache subcommands have no additional options
|
|
245
280
|
return 0
|
|
246
281
|
;;
|
|
247
|
-
|
|
248
|
-
opts="--output-dir --
|
|
282
|
+
sync-services)
|
|
283
|
+
opts="--output-dir --max-concurrent"
|
|
249
284
|
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
|
|
250
285
|
return 0
|
|
251
286
|
;;
|
|
@@ -272,72 +307,34 @@ complete -F _iam_validator_completion iam-validator
|
|
|
272
307
|
# Generated by: iam-validator completion zsh
|
|
273
308
|
|
|
274
309
|
_iam_validator() {{
|
|
275
|
-
local
|
|
276
|
-
|
|
277
|
-
'validate:Validate IAM policies'
|
|
278
|
-
'post-to-pr:Post validation results to GitHub PR'
|
|
279
|
-
'analyze:Analyze IAM policies'
|
|
280
|
-
'cache:Manage cache'
|
|
281
|
-
'download-services:Download AWS service definitions'
|
|
282
|
-
'query:Query AWS service definitions'
|
|
283
|
-
'completion:Generate shell completion scripts'
|
|
284
|
-
)
|
|
285
|
-
|
|
286
|
-
local -a query_subcommands
|
|
287
|
-
query_subcommands=(
|
|
288
|
-
'action:Query IAM actions'
|
|
289
|
-
'arn:Query ARN formats'
|
|
290
|
-
'condition:Query condition keys'
|
|
291
|
-
)
|
|
292
|
-
|
|
293
|
-
local -a access_levels
|
|
294
|
-
access_levels=(
|
|
295
|
-
'read:Read-only actions'
|
|
296
|
-
'write:Write actions'
|
|
297
|
-
'list:List actions'
|
|
298
|
-
'tagging:Tagging actions'
|
|
299
|
-
'permissions-management:Permission management actions'
|
|
300
|
-
)
|
|
301
|
-
|
|
302
|
-
local -a formats
|
|
303
|
-
formats=(
|
|
304
|
-
'json:JSON output'
|
|
305
|
-
'yaml:YAML output'
|
|
306
|
-
'text:Plain text output'
|
|
307
|
-
)
|
|
308
|
-
|
|
309
|
-
local -a shells
|
|
310
|
-
shells=(
|
|
311
|
-
'bash:Bash completion'
|
|
312
|
-
'zsh:Zsh completion'
|
|
313
|
-
)
|
|
310
|
+
local curcontext="$curcontext" state line
|
|
311
|
+
typeset -A opt_args
|
|
314
312
|
|
|
315
313
|
# Cached AWS services
|
|
316
314
|
local -a aws_services
|
|
317
315
|
aws_services=({services_list})
|
|
318
316
|
|
|
319
317
|
_arguments -C \\
|
|
320
|
-
'1:
|
|
321
|
-
'*::
|
|
318
|
+
'1: :_iam_validator_commands' \\
|
|
319
|
+
'*::arg:->args'
|
|
322
320
|
|
|
323
321
|
case $state in
|
|
324
|
-
command)
|
|
325
|
-
_describe 'command' commands
|
|
326
|
-
;;
|
|
327
322
|
args)
|
|
328
323
|
case $words[1] in
|
|
329
324
|
query)
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
325
|
+
local query_state
|
|
326
|
+
_arguments -C \\
|
|
327
|
+
'1: :_iam_validator_query_subcommands' \\
|
|
328
|
+
'*::arg:->query_args' && return 0
|
|
329
|
+
|
|
330
|
+
case $state in
|
|
331
|
+
query_args)
|
|
332
|
+
case $words[1] in
|
|
336
333
|
action)
|
|
337
334
|
_arguments \\
|
|
338
335
|
'--service[AWS service name]:service:($aws_services)' \\
|
|
339
336
|
'--name[Action name]:action name:' \\
|
|
340
|
-
'--access-level[Filter by access level]:access level:(
|
|
337
|
+
'--access-level[Filter by access level]:access level:(read write list tagging permissions-management)' \\
|
|
341
338
|
'--resource-type[Filter by resource type]:resource type:' \\
|
|
342
339
|
'--condition[Filter by condition key]:condition key:' \\
|
|
343
340
|
'--output[Output format]:format:(json yaml text)'
|
|
@@ -361,7 +358,8 @@ _iam_validator() {{
|
|
|
361
358
|
;;
|
|
362
359
|
validate)
|
|
363
360
|
_arguments \\
|
|
364
|
-
'
|
|
361
|
+
'*--path[Path to policy file or directory]:file:_files' \\
|
|
362
|
+
'*-p[Path to policy file or directory]:file:_files' \\
|
|
365
363
|
'--stdin[Read policy from stdin]' \\
|
|
366
364
|
'(--format -f)'{{--format,-f}}'[Output format]:format:(console enhanced json markdown html csv sarif)' \\
|
|
367
365
|
'(--output -o)'{{--output,-o}}'[Output file path]:file:_files' \\
|
|
@@ -380,30 +378,79 @@ _iam_validator() {{
|
|
|
380
378
|
'--summary[Show Executive Summary section]' \\
|
|
381
379
|
'--severity-breakdown[Show Issue Severity Breakdown section]'
|
|
382
380
|
;;
|
|
381
|
+
post-to-pr)
|
|
382
|
+
_arguments \\
|
|
383
|
+
'(--report -r)'{{--report,-r}}'[Path to JSON report file]:file:_files' \\
|
|
384
|
+
'--create-review[Create line-specific review comments]' \\
|
|
385
|
+
'--no-review[Do not create line-specific review comments]' \\
|
|
386
|
+
'--add-summary[Add summary comment]' \\
|
|
387
|
+
'--no-summary[Do not add summary comment]' \\
|
|
388
|
+
'(--config -c)'{{--config,-c}}'[Configuration file]:file:_files'
|
|
389
|
+
;;
|
|
383
390
|
analyze)
|
|
384
391
|
_arguments \\
|
|
385
|
-
'
|
|
386
|
-
'
|
|
387
|
-
'--
|
|
392
|
+
'*--path[Path to policy file or directory]:file:_files' \\
|
|
393
|
+
'*-p[Path to policy file or directory]:file:_files' \\
|
|
394
|
+
'(--policy-type -t)'{{--policy-type,-t}}'[Type of IAM policy]:policy type:(IDENTITY_POLICY RESOURCE_POLICY SERVICE_CONTROL_POLICY)' \\
|
|
395
|
+
'--region[AWS region]:region:' \\
|
|
396
|
+
'--profile[AWS profile]:profile:' \\
|
|
397
|
+
'(--format -f)'{{--format,-f}}'[Output format]:format:(console json markdown)' \\
|
|
398
|
+
'(--output -o)'{{--output,-o}}'[Output file path]:file:_files' \\
|
|
399
|
+
'--no-recursive[Do not recursively search directories]' \\
|
|
400
|
+
'--fail-on-warnings[Fail validation if warnings are found]' \\
|
|
401
|
+
'--github-comment[Post validation results as GitHub PR comment]' \\
|
|
402
|
+
'--github-review[Create line-specific review comments on PR]' \\
|
|
403
|
+
'--github-summary[Write validation summary to GitHub Actions job summary]' \\
|
|
404
|
+
'--run-all-checks[Run full validation checks if Access Analyzer passes]' \\
|
|
405
|
+
'*--check-access-not-granted[Actions to check are NOT granted]:action:' \\
|
|
406
|
+
'*--check-access-resources[Resources to check]:resource:' \\
|
|
407
|
+
'--check-no-new-access[Path to existing policy]:file:_files' \\
|
|
408
|
+
'--check-no-public-access[Check that resource policy does not allow public access]' \\
|
|
409
|
+
'*--public-access-resource-type[Resource type for public access check]:resource type:' \\
|
|
410
|
+
'(--verbose -v)'{{--verbose,-v}}'[Enable verbose logging]'
|
|
388
411
|
;;
|
|
389
412
|
cache)
|
|
390
413
|
_arguments \\
|
|
391
|
-
'
|
|
392
|
-
'--info[Show cache info]'
|
|
414
|
+
'1: :(info list clear refresh prefetch location)'
|
|
393
415
|
;;
|
|
394
|
-
|
|
416
|
+
sync-services)
|
|
395
417
|
_arguments \\
|
|
396
418
|
'--output-dir[Output directory]:directory:_directories' \\
|
|
397
|
-
'--
|
|
419
|
+
'--max-concurrent[Maximum concurrent downloads]:number:'
|
|
398
420
|
;;
|
|
399
421
|
completion)
|
|
400
|
-
|
|
422
|
+
_arguments \\
|
|
423
|
+
'1: :(bash zsh)'
|
|
401
424
|
;;
|
|
402
425
|
esac
|
|
403
426
|
;;
|
|
404
427
|
esac
|
|
405
428
|
}}
|
|
406
429
|
|
|
430
|
+
_iam_validator_commands() {{
|
|
431
|
+
local -a commands
|
|
432
|
+
commands=(
|
|
433
|
+
'validate:Validate IAM policies'
|
|
434
|
+
'post-to-pr:Post validation results to GitHub PR'
|
|
435
|
+
'analyze:Analyze IAM policies using AWS IAM Access Analyzer'
|
|
436
|
+
'cache:Manage AWS service definition cache'
|
|
437
|
+
'sync-services:Sync/download all AWS service definitions for offline use'
|
|
438
|
+
'query:Query AWS service definitions (actions, ARNs, condition keys)'
|
|
439
|
+
'completion:Generate shell completion scripts (bash or zsh)'
|
|
440
|
+
)
|
|
441
|
+
_describe 'command' commands
|
|
442
|
+
}}
|
|
443
|
+
|
|
444
|
+
_iam_validator_query_subcommands() {{
|
|
445
|
+
local -a subcommands
|
|
446
|
+
subcommands=(
|
|
447
|
+
'action:Query IAM actions'
|
|
448
|
+
'arn:Query ARN formats'
|
|
449
|
+
'condition:Query condition keys'
|
|
450
|
+
)
|
|
451
|
+
_describe 'query subcommand' subcommands
|
|
452
|
+
}}
|
|
453
|
+
|
|
407
454
|
_iam_validator "$@"
|
|
408
455
|
"""
|
|
409
456
|
|
|
@@ -438,3 +438,105 @@ class TestActionConditionEnforcement:
|
|
|
438
438
|
assert len(issues) == 1
|
|
439
439
|
assert issues[0].issue_type == "forbidden_condition_present"
|
|
440
440
|
assert "0.0.0.0/0" in issues[0].message
|
|
441
|
+
|
|
442
|
+
@pytest.mark.asyncio
|
|
443
|
+
async def test_per_requirement_ignore_patterns(self, check, mock_fetcher):
|
|
444
|
+
"""Test that per-requirement ignore_patterns work correctly."""
|
|
445
|
+
# Config with two requirements, one with ignore_patterns
|
|
446
|
+
config = CheckConfig(
|
|
447
|
+
check_id="action_condition_enforcement",
|
|
448
|
+
enabled=True,
|
|
449
|
+
severity="high",
|
|
450
|
+
config={
|
|
451
|
+
"requirements": [
|
|
452
|
+
# Requirement 1: Permissions boundary (with ignore_patterns)
|
|
453
|
+
{
|
|
454
|
+
"actions": ["iam:CreateRole", "iam:PutRolePolicy"],
|
|
455
|
+
"required_conditions": [
|
|
456
|
+
{"condition_key": "iam:PermissionsBoundary"}
|
|
457
|
+
],
|
|
458
|
+
"ignore_patterns": [
|
|
459
|
+
{"filepath_regex": ".*iam-openid.*"}
|
|
460
|
+
],
|
|
461
|
+
},
|
|
462
|
+
# Requirement 2: PassRole (no ignore_patterns)
|
|
463
|
+
{
|
|
464
|
+
"actions": ["iam:PassRole"],
|
|
465
|
+
"required_conditions": [
|
|
466
|
+
{"condition_key": "iam:PassedToService"}
|
|
467
|
+
],
|
|
468
|
+
},
|
|
469
|
+
]
|
|
470
|
+
},
|
|
471
|
+
)
|
|
472
|
+
|
|
473
|
+
# Statement with both actions, no conditions
|
|
474
|
+
statement = Statement(
|
|
475
|
+
sid="TestStatement",
|
|
476
|
+
effect="Allow",
|
|
477
|
+
action=["iam:CreateRole", "iam:PassRole"],
|
|
478
|
+
resource="*",
|
|
479
|
+
)
|
|
480
|
+
|
|
481
|
+
policy = IAMPolicy(version="2012-10-17", statement=[statement])
|
|
482
|
+
|
|
483
|
+
# Test 1: Regular file - both requirements should trigger
|
|
484
|
+
issues = await check.execute_policy(policy, "policies/regular.json", mock_fetcher, config)
|
|
485
|
+
assert len(issues) == 2
|
|
486
|
+
assert any("iam:PermissionsBoundary" in i.message for i in issues)
|
|
487
|
+
assert any("iam:PassedToService" in i.message for i in issues)
|
|
488
|
+
|
|
489
|
+
# Test 2: iam-openid file - only PassRole requirement should trigger
|
|
490
|
+
issues = await check.execute_policy(
|
|
491
|
+
policy, "modules/iam-openid/main.tf", mock_fetcher, config
|
|
492
|
+
)
|
|
493
|
+
assert len(issues) == 1
|
|
494
|
+
assert "iam:PassedToService" in issues[0].message
|
|
495
|
+
assert "iam:PermissionsBoundary" not in issues[0].message
|
|
496
|
+
|
|
497
|
+
@pytest.mark.asyncio
|
|
498
|
+
async def test_per_requirement_ignore_patterns_policy_wide(self, check, mock_fetcher):
|
|
499
|
+
"""Test that per-requirement ignore_patterns work with policy-wide (any_of) checks."""
|
|
500
|
+
config = CheckConfig(
|
|
501
|
+
check_id="action_condition_enforcement",
|
|
502
|
+
enabled=True,
|
|
503
|
+
severity="high",
|
|
504
|
+
config={
|
|
505
|
+
"requirements": [
|
|
506
|
+
# Requirement with any_of and ignore_patterns
|
|
507
|
+
{
|
|
508
|
+
"actions": {
|
|
509
|
+
"any_of": ["iam:CreateUser", "iam:AttachUserPolicy"]
|
|
510
|
+
},
|
|
511
|
+
"required_conditions": [
|
|
512
|
+
{
|
|
513
|
+
"condition_key": "aws:MultiFactorAuthPresent",
|
|
514
|
+
"expected_value": True,
|
|
515
|
+
}
|
|
516
|
+
],
|
|
517
|
+
"ignore_patterns": [
|
|
518
|
+
{"filepath_regex": ".*test.*"}
|
|
519
|
+
],
|
|
520
|
+
},
|
|
521
|
+
]
|
|
522
|
+
},
|
|
523
|
+
)
|
|
524
|
+
|
|
525
|
+
# Statement with iam:CreateUser, no MFA
|
|
526
|
+
statement = Statement(
|
|
527
|
+
sid="TestStatement",
|
|
528
|
+
effect="Allow",
|
|
529
|
+
action=["iam:CreateUser"],
|
|
530
|
+
resource="*",
|
|
531
|
+
)
|
|
532
|
+
|
|
533
|
+
policy = IAMPolicy(version="2012-10-17", statement=[statement])
|
|
534
|
+
|
|
535
|
+
# Test 1: Regular file - should trigger
|
|
536
|
+
issues = await check.execute_policy(policy, "policies/prod.json", mock_fetcher, config)
|
|
537
|
+
assert len(issues) == 1
|
|
538
|
+
assert "aws:MultiFactorAuthPresent" in issues[0].message
|
|
539
|
+
|
|
540
|
+
# Test 2: Test file - should be ignored
|
|
541
|
+
issues = await check.execute_policy(policy, "policies/test.json", mock_fetcher, config)
|
|
542
|
+
assert len(issues) == 0
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/.github/workflows/pre-release.yml
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/access-analyzer.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/action-recommendations.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/amplifybackend.json
RENAMED
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/amplifyuibuilder.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/app-integrations.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/application-signals.json
RENAMED
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/applicationinsights.json
RENAMED
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/appmesh-preview.json
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/arc-region-switch.json
RENAMED
|
File without changes
|
{iam_policy_validator-1.11.0 → iam_policy_validator-1.12.0}/aws_services/arc-zonal-shift.json
RENAMED
|
File without changes
|
|
File without changes
|