iam-policy-validator 1.13.1__tar.gz → 1.14.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/codeql.yml +3 -3
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/pre-release.yml +1 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/release.yml +1 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/scorecard.yml +1 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/PKG-INFO +1 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/action.yaml +33 -12
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/__version__.py +1 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/action_condition_enforcement.py +6 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/action_resource_matching.py +12 -12
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/action_validation.py +1 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/condition_key_validation.py +2 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/condition_type_mismatch.py +3 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/full_wildcard.py +1 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/mfa_condition_check.py +2 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/policy_structure.py +9 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/policy_type_validation.py +11 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/principal_validation.py +5 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/resource_validation.py +4 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/sensitive_action.py +1 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/service_wildcard.py +6 -3
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/set_operator_validation.py +3 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/sid_uniqueness.py +2 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/trust_policy_validation.py +3 -0
- iam_policy_validator-1.14.0/iam_validator/checks/utils/__init__.py +17 -0
- iam_policy_validator-1.14.0/iam_validator/checks/utils/action_parser.py +149 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/wildcard_action.py +1 -0
- iam_policy_validator-1.14.0/iam_validator/checks/wildcard_resource.py +374 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/analyze.py +19 -1
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/completion.py +6 -2
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/validate.py +231 -12
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/fetcher.py +21 -9
- iam_policy_validator-1.14.0/iam_validator/core/codeowners.py +245 -0
- iam_policy_validator-1.14.0/iam_validator/core/config/check_documentation.py +390 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/config_loader.py +199 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/defaults.py +25 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/constants.py +1 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/diff_parser.py +8 -4
- iam_policy_validator-1.14.0/iam_validator/core/finding_fingerprint.py +131 -0
- iam_policy_validator-1.14.0/iam_validator/core/ignore_processor.py +309 -0
- iam_policy_validator-1.14.0/iam_validator/core/ignored_findings.py +400 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/models.py +54 -4
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/policy_loader.py +313 -4
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/pr_commenter.py +223 -22
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/report.py +22 -6
- iam_policy_validator-1.14.0/iam_validator/integrations/github_integration.py +1821 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_wildcard_resource_check.py +275 -0
- iam_policy_validator-1.14.0/tests/core/test_codeowners.py +251 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_diff_parser.py +2 -1
- iam_policy_validator-1.14.0/tests/core/test_finding_fingerprint.py +308 -0
- iam_policy_validator-1.14.0/tests/core/test_ignored_findings.py +386 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_pr_commenter_diff_filtering.py +23 -1
- iam_policy_validator-1.14.0/tests/integrations/test_comment_deduplication.py +343 -0
- iam_policy_validator-1.14.0/tests/integrations/test_github_pagination.py +344 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/uv.lock +261 -197
- iam_policy_validator-1.13.1/iam_validator/checks/utils/__init__.py +0 -1
- iam_policy_validator-1.13.1/iam_validator/checks/wildcard_resource.py +0 -147
- iam_policy_validator-1.13.1/iam_validator/integrations/github_integration.py +0 -1063
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/dependabot.yml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/ci.yml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/cleanup-prereleases.yml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.gitignore +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.python-version +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/CONTRIBUTING.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/DOCS.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/LICENSE +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/Makefile +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/SECURITY.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/_manifest.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/_services.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/a2c.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/a4b.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/access-analyzer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/acm-pca.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/acm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/action-recommendations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/activate.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aiops.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/airflow.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/amplify.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/amplifybackend.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/amplifyuibuilder.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aoss.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/apigateway.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/app-integrations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appconfig.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appfabric.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appflow.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/application-autoscaling.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/application-signals.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/application-transformation.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/applicationinsights.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appmesh-preview.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appmesh.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/apprunner.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appstream.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appstudio.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/appsync.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/apptest.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aps.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/arc-region-switch.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/arc-zonal-shift.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/arsenal.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/artifact.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/athena.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/auditmanager.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/autoscaling-plans.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/autoscaling.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aws-marketplace-management.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aws-marketplace.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/aws-portal.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/awsconnector.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/b2bi.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/backup-gateway.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/backup-search.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/backup-storage.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/backup.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/batch.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bcm-dashboards.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bcm-data-exports.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bcm-pricing-calculator.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bcm-recommended-actions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bedrock-agentcore.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bedrock.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/billing.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/billingconductor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/braket.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/budgets.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/bugbust.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cases.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cassandra.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ce.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/chatbot.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/chime.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cleanrooms-ml.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cleanrooms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloud9.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/clouddirectory.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudformation.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudfront-keyvaluestore.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudfront.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudhsm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudsearch.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudshell.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudtrail-data.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudtrail.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cloudwatch.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeartifact.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codebuild.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codecatalyst.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codecommit.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeconnections.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codedeploy-commands-secure.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codedeploy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeguru-profiler.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeguru-reviewer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeguru-security.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codeguru.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codepipeline.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codestar-connections.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codestar-notifications.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codestar.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/codewhisperer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cognito-identity.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cognito-idp.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cognito-sync.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/comprehend.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/comprehendmedical.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/compute-optimizer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/config.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/connect-campaigns.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/connect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/consoleapp.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/consolidatedbilling.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/controlcatalog.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/controltower.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cost-optimization-hub.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/cur.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/customer-verification.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/databrew.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dataexchange.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/datapipeline.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/datasync.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/datazone.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dax.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dbqms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/deadline.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/deepcomposer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/deepracer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/detective.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/devicefarm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/devops-guru.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/directconnect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/discovery.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dlm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/docdb-elastic.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/drs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ds-data.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ds.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dsql.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/dynamodb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ebs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ec2-instance-connect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ec2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ec2messages.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ecr-public.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ecr.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ecs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/eks-auth.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/eks.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elasticache.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elasticbeanstalk.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elasticfilesystem.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elasticloadbalancing.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elasticmapreduce.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elastictranscoder.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elemental-activations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elemental-appliances-software.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elemental-support-cases.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/elemental-support-content.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/emr-containers.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/emr-serverless.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/entityresolution.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/es.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/events.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/evidently.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/evs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/execute-api.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/finspace-api.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/finspace.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/firehose.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/fis.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/fms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/forecast.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/frauddetector.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/freertos.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/freetier.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/fsx.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/gamelift.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/gameliftstreams.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/geo-maps.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/geo-places.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/geo-routes.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/geo.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/glacier.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/globalaccelerator.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/glue.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/grafana.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/greengrass.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/groundstation.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/groundtruthlabeling.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/guardduty.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/health.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/healthlake.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/honeycode.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iam.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/identity-sync.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/identitystore-auth.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/identitystore.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/imagebuilder.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/importexport.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/inspector-scan.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/inspector.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/inspector2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/internetmonitor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/invoicing.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iot-device-tester.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iot.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotanalytics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotdeviceadvisor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotevents.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotfleethub.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotfleetwise.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotjobsdata.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotmanagedintegrations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotsitewise.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iottwinmaker.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iotwireless.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iq-permission.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/iq.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ivs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ivschat.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kafka-cluster.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kafka.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kafkaconnect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kendra-ranking.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kendra.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kinesis.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kinesisanalytics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kinesisvideo.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/kms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lakeformation.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lambda.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/launchwizard.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lex.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/license-manager-linux-subscriptions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/license-manager-user-subscriptions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/license-manager.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lightsail.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/logs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lookoutequipment.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lookoutmetrics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/lookoutvision.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/m2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/machinelearning.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/macie2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/managedblockchain-query.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/managedblockchain.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mapcredits.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/marketplacecommerceanalytics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mechanicalturk.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediaconnect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediaconvert.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediaimport.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/medialive.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediapackage-vod.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediapackage.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediapackagev2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediastore.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mediatailor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/medical-imaging.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/memorydb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mgh.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mgn.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/migrationhub-orchestrator.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/migrationhub-strategy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mobileanalytics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mobiletargeting.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/monitron.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mpa.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/mq.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/neptune-db.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/neptune-graph.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/network-firewall.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/network-security-director.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/networkflowmonitor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/networkmanager-chat.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/networkmanager.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/networkmonitor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/nimble.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/notifications-contacts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/notifications.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/oam.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/observabilityadmin.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/odb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/omics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/one.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/opensearch.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/opsworks-cm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/opsworks.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/organizations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/osis.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/outposts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/panorama.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/partnercentral-account-management.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/partnercentral.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/payment-cryptography.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/payments.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pca-connector-ad.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pca-connector-scep.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pcs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/personalize.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pi.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pipes.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/polly.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/pricing.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/private-networks.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/profile.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/proton.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/purchase-orders.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/q.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/qapps.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/qbusiness.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/qdeveloper.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/qldb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/quicksight.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ram.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rbin.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rds-data.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rds-db.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rds.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/redshift-data.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/redshift-serverless.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/redshift.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/refactor-spaces.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rekognition.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/repostspace.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/resiliencehub.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/resource-explorer-2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/resource-explorer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/resource-groups.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rhelkb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/robomaker.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rolesanywhere.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53-recovery-cluster.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53-recovery-control-config.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53-recovery-readiness.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53domains.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53profiles.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/route53resolver.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rtbfabric.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/rum.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3-object-lambda.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3-outposts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3express.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3tables.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/s3vectors.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sagemaker-data-science-assistant.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sagemaker-geospatial.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sagemaker-mlflow.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sagemaker.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/savingsplans.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/scheduler.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/schemas.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/scn.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sdb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/secretsmanager.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/security-ir.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/securityhub.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/securitylake.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/serverlessrepo.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/servicecatalog.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/servicediscovery.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/serviceextract.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/servicequotas.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ses.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/shield.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/signer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/signin.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/simspaceweaver.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sms-voice.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sms.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/snow-device-management.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/snowball.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sns.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/social-messaging.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sqlworkbench.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sqs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm-contacts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm-guiconnect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm-incidents.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm-quicksetup.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm-sap.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssm.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ssmmessages.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sso-directory.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sso-oauth.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sso.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/states.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/storagegateway.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/support-console.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/support.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/supportapp.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/supportplans.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/sustainability.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/swf.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/synthetics.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/tag.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/tax.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/textract.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/thinclient.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/timestream-influxdb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/timestream.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/tiros.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/tnb.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/transcribe.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/transfer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/transform.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/translate.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/trustedadvisor.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/ts.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/user-subscriptions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/uxc.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/vendor-insights.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/verified-access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/verifiedpermissions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/voiceid.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/vpc-lattice-svcs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/vpc-lattice.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/vpce.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/waf-regional.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/waf.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/wafv2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/wam.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/wellarchitected.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/wickr.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/wisdom.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workdocs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/worklink.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workmail.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workmailmessageflow.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workspaces-instances.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workspaces-web.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/workspaces.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/aws_services/xray.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/ROADMAP.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/SDK.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/aws-api-configuration.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/aws-services-backup.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/check-reference.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/condition-requirements.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/configuration.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/custom-checks.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/development/PUBLISHING.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/development/pre-release-guide.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/github-actions-examples.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/github-actions-workflows.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/modular-configuration.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/privilege-escalation.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/python-library-usage.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/query-command.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/shell-completion.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/docs/smart-filtering.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/access-analyzer/example1.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/access-analyzer/example2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/full-reference-config.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/github-labels-config.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/minimal-validation-config.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/offline-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/policy-level-condition-enforcement-config.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/configs/strict-security.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/cross_account_external_id_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/domain_restriction_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/encryption_required_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/mfa_required_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/region_restriction_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/tag_enforcement_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/custom_checks/time_based_access_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/access-analyzer-only.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/basic-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/custom-policy-checks.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/multi-region-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/resource-policy-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/sarif-code-scanning.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/sequential-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/two-step-validation.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/github-actions/validate-changed-files.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/terraform-template-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/correct-condition-wrong-key.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/iam-test-policies/wrong_actions_mismatch/typo-condition-field.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/example1_basic_usage.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/example2_config_file.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/example3_programmatic_config.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/example4_custom_condition_requirements.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/example5_query_aws_services.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/policies/my-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/policies/policy1.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/library-usage/policies/policy2.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/query-examples.sh +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/quick-start/lambda-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/quick-start/s3-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/quick-start/user-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/INVALID-wrong-principal-type.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/cross-account-trust-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/github-actions-oidc-trust-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/lambda-service-role-trust-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/examples/trust-policies/saml-federated-trust-policy.json +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/__main__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/policy_size.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/utils/policy_level_checks.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/base.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/cache.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/download_services.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/post_to_pr.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/commands/query.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/access_analyzer.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/access_analyzer_report.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_fetcher.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/cache.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/client.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/parsers.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/patterns.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/storage.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/aws_service/validators.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/check_registry.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/cli.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/condition_validators.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/aws_api.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/aws_global_conditions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/category_suggestions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/condition_requirements.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/principal_requirements.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/sensitive_actions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/service_principals.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/config/wildcards.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/base.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/console.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/csv.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/enhanced.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/html.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/json.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/markdown.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/formatters/sarif.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/ignore_patterns.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/label_manager.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/core/policy_checks.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/integrations/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/integrations/ms_teams.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/arn_matching.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/context.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/exceptions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/helpers.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/policy_utils.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/query_utils.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/sdk/shortcuts.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/utils/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/utils/cache.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/utils/regex.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/utils/terminal.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/pyproject.toml +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/scripts/download_aws_services.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/scripts/sync_defaults_from_yaml.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/README.md +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_action_validation_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_aws_global_conditions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_condition_key_validation_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_custom_policy_checks.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_full_wildcard_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_mfa_condition_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_policy_size_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_principal_validation_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_resource_validation_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_sensitive_action_filtering.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_sensitive_action_suggestions.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_sensitive_action_wildcard_expansion.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_service_principal_wildcard.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_service_wildcard_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_sid_uniqueness_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/checks/test_wildcard_action_check.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/commands/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/commands/test_completion_command.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/commands/test_query_command.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/config/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/config/test_config_loader.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_action_condition_enforcement.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_action_condition_enforcement_policy_level.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_action_resource_matching.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_aws_api_config.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_aws_fetcher_wildcards.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_check_id_in_comments.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_check_id_injection.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_check_registry.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_comment_truncation.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_ignore_patterns.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_models.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_multipart_comments.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_policy_loader.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_policy_type_validation.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_regex_utils.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_set_operator_validation.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_trust_policy_detection.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_trust_policy_multiple_statements.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_trust_policy_oidc_aud_required.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/core/test_trust_policy_validation.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/integrations/__init__.py +0 -0
- {iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/tests/integrations/test_label_manager.py +0 -0
|
@@ -29,15 +29,15 @@ jobs:
|
|
|
29
29
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v5
|
|
30
30
|
|
|
31
31
|
- name: Initialize CodeQL
|
|
32
|
-
uses: github/codeql-action/init@
|
|
32
|
+
uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4
|
|
33
33
|
with:
|
|
34
34
|
languages: ${{ matrix.language }}
|
|
35
35
|
queries: security-extended,security-and-quality
|
|
36
36
|
|
|
37
37
|
- name: Autobuild
|
|
38
|
-
uses: github/codeql-action/autobuild@
|
|
38
|
+
uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v4
|
|
39
39
|
|
|
40
40
|
- name: Perform CodeQL Analysis
|
|
41
|
-
uses: github/codeql-action/analyze@
|
|
41
|
+
uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4
|
|
42
42
|
with:
|
|
43
43
|
category: "/language:${{matrix.language}}"
|
{iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/.github/workflows/pre-release.yml
RENAMED
|
@@ -178,7 +178,7 @@ jobs:
|
|
|
178
178
|
run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
|
|
179
179
|
|
|
180
180
|
- name: Create GitHub Pre-Release
|
|
181
|
-
uses: softprops/action-gh-release@
|
|
181
|
+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
|
|
182
182
|
with:
|
|
183
183
|
name: "${{ steps.version.outputs.tag }}"
|
|
184
184
|
tag_name: ${{ steps.version.outputs.tag }}
|
|
@@ -70,7 +70,7 @@ jobs:
|
|
|
70
70
|
echo "Generated changelog with $COMMIT_COUNT commits"
|
|
71
71
|
|
|
72
72
|
- name: Create GitHub Release
|
|
73
|
-
uses: softprops/action-gh-release@
|
|
73
|
+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
|
|
74
74
|
with:
|
|
75
75
|
name: ${{ steps.get_version.outputs.tag }}
|
|
76
76
|
body_path: CHANGELOG.txt
|
|
@@ -57,6 +57,6 @@ jobs:
|
|
|
57
57
|
# Upload the results to GitHub's code scanning dashboard (optional).
|
|
58
58
|
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
|
|
59
59
|
- name: "Upload to code-scanning"
|
|
60
|
-
uses: github/codeql-action/upload-sarif@
|
|
60
|
+
uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
|
|
61
61
|
with:
|
|
62
62
|
sarif_file: results.sarif
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.14.0
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
|
|
@@ -31,11 +31,21 @@ inputs:
|
|
|
31
31
|
required: false
|
|
32
32
|
default: "true"
|
|
33
33
|
|
|
34
|
+
allow-owner-ignore:
|
|
35
|
+
description: "Allow CODEOWNERS to ignore findings by replying 'ignore' to review comments"
|
|
36
|
+
required: false
|
|
37
|
+
default: "true"
|
|
38
|
+
|
|
34
39
|
github-summary:
|
|
35
40
|
description: "Write summary to GitHub Actions job summary (visible in Actions tab)"
|
|
36
41
|
required: false
|
|
37
42
|
default: "false"
|
|
38
43
|
|
|
44
|
+
show-console-output:
|
|
45
|
+
description: "Show enhanced validation results in job logs (CI mode). Set to 'false' to suppress console output"
|
|
46
|
+
required: false
|
|
47
|
+
default: "true"
|
|
48
|
+
|
|
39
49
|
format:
|
|
40
50
|
description: "Output format (console, enhanced, json, markdown, sarif, csv, html)"
|
|
41
51
|
required: false
|
|
@@ -442,17 +452,26 @@ runs:
|
|
|
442
452
|
ARGS="$ARGS --aws-services-dir ${{ github.workspace }}/${{ inputs.aws-services-dir }}"
|
|
443
453
|
fi
|
|
444
454
|
|
|
445
|
-
|
|
455
|
+
# Add owner-ignore flag (default is enabled, so only add flag when disabled)
|
|
456
|
+
if [ "${{ inputs.allow-owner-ignore }}" = "false" ]; then
|
|
457
|
+
ARGS="$ARGS --no-owner-ignore"
|
|
458
|
+
fi
|
|
446
459
|
|
|
447
460
|
# Create temp file for JSON metrics extraction
|
|
448
461
|
METRICS_FILE=$(mktemp)
|
|
449
462
|
|
|
450
|
-
#
|
|
451
|
-
|
|
452
|
-
|
|
463
|
+
# Build the final command based on show-console-output setting
|
|
464
|
+
if [ "${{ inputs.show-console-output }}" = "true" ]; then
|
|
465
|
+
# CI mode: show enhanced output in console, write JSON to temp file for metrics
|
|
466
|
+
# Remove --format from ARGS and add --ci flags
|
|
467
|
+
FINAL_ARGS="${ARGS//--format ${{ inputs.format }}/--ci --ci-output $METRICS_FILE}"
|
|
468
|
+
else
|
|
469
|
+
# Quiet mode: only JSON output for metrics, no console output
|
|
470
|
+
FINAL_ARGS="${ARGS//--format ${{ inputs.format }}/--format json --output $METRICS_FILE}"
|
|
471
|
+
fi
|
|
453
472
|
|
|
454
|
-
|
|
455
|
-
uv run iam-validator $
|
|
473
|
+
echo "Running: uv run iam-validator $FINAL_ARGS"
|
|
474
|
+
uv run iam-validator $FINAL_ARGS 2>&1 || EXIT_CODE=$?
|
|
456
475
|
|
|
457
476
|
# Extract metrics from JSON output
|
|
458
477
|
if [ -f "$METRICS_FILE" ] && [ -s "$METRICS_FILE" ]; then
|
|
@@ -466,12 +485,14 @@ runs:
|
|
|
466
485
|
echo "invalid-policies=$INVALID_POLICIES" >> $GITHUB_OUTPUT
|
|
467
486
|
echo "total-issues=$TOTAL_ISSUES" >> $GITHUB_OUTPUT
|
|
468
487
|
|
|
469
|
-
#
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
488
|
+
# Only show metrics summary if console output is disabled (to avoid duplication)
|
|
489
|
+
if [ "${{ inputs.show-console-output }}" != "true" ]; then
|
|
490
|
+
echo "📊 Validation Metrics:"
|
|
491
|
+
echo " Total policies: $TOTAL_POLICIES"
|
|
492
|
+
echo " Valid: $VALID_POLICIES"
|
|
493
|
+
echo " Invalid: $INVALID_POLICIES"
|
|
494
|
+
echo " Total issues: $TOTAL_ISSUES"
|
|
495
|
+
fi
|
|
475
496
|
|
|
476
497
|
rm -f "$METRICS_FILE"
|
|
477
498
|
else
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
This file is the single source of truth for the package version.
|
|
4
4
|
"""
|
|
5
5
|
|
|
6
|
-
__version__ = "1.
|
|
6
|
+
__version__ = "1.14.0"
|
|
7
7
|
# Parse version, handling pre-release suffixes like -rc, -alpha, -beta
|
|
8
8
|
_version_base = __version__.split("-", maxsplit=1)[0] # Remove pre-release suffix if present
|
|
9
9
|
__version_info__ = tuple(int(part) for part in _version_base.split("."))
|
|
@@ -645,6 +645,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
645
645
|
action=", ".join(actions),
|
|
646
646
|
suggestion=f"Remove these forbidden actions. Found in: {', '.join(statement_refs)}. {description}",
|
|
647
647
|
line_number=stmt.line_number,
|
|
648
|
+
field_name="action",
|
|
648
649
|
)
|
|
649
650
|
)
|
|
650
651
|
|
|
@@ -683,6 +684,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
683
684
|
action=", ".join(sorted(set(found_actions))),
|
|
684
685
|
suggestion=f"Review these statements: {', '.join(statement_refs)}. {description}",
|
|
685
686
|
line_number=first_stmt.line_number,
|
|
687
|
+
field_name="action",
|
|
686
688
|
)
|
|
687
689
|
)
|
|
688
690
|
return issues
|
|
@@ -772,6 +774,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
772
774
|
action=", ".join(sorted(all_actions)),
|
|
773
775
|
suggestion=f"Review these statements: {', '.join(statement_refs)}. {description}",
|
|
774
776
|
line_number=first_stmt.line_number,
|
|
777
|
+
field_name="action",
|
|
775
778
|
)
|
|
776
779
|
)
|
|
777
780
|
return issues
|
|
@@ -1129,6 +1132,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
1129
1132
|
suggestion=suggestion,
|
|
1130
1133
|
example=example if example else None,
|
|
1131
1134
|
line_number=statement.line_number,
|
|
1135
|
+
field_name="condition",
|
|
1132
1136
|
)
|
|
1133
1137
|
)
|
|
1134
1138
|
|
|
@@ -1273,6 +1277,7 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
1273
1277
|
suggestion=suggestion_text,
|
|
1274
1278
|
example=example_code,
|
|
1275
1279
|
line_number=statement.line_number,
|
|
1280
|
+
field_name="condition",
|
|
1276
1281
|
)
|
|
1277
1282
|
|
|
1278
1283
|
def _build_suggestion(
|
|
@@ -1433,4 +1438,5 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
1433
1438
|
condition_key=condition_key,
|
|
1434
1439
|
suggestion=suggestion,
|
|
1435
1440
|
line_number=statement.line_number,
|
|
1441
|
+
field_name="condition",
|
|
1436
1442
|
)
|
|
@@ -24,6 +24,7 @@ Example:
|
|
|
24
24
|
import re
|
|
25
25
|
from typing import ClassVar
|
|
26
26
|
|
|
27
|
+
from iam_validator.checks.utils.action_parser import get_action_case_insensitive, parse_action
|
|
27
28
|
from iam_validator.core.aws_service import AWSServiceFetcher
|
|
28
29
|
from iam_validator.core.check_registry import CheckConfig, PolicyCheck
|
|
29
30
|
from iam_validator.core.models import Statement, ValidationIssue
|
|
@@ -91,27 +92,25 @@ class ActionResourceMatchingCheck(PolicyCheck):
|
|
|
91
92
|
|
|
92
93
|
# Check each action
|
|
93
94
|
for action in actions:
|
|
94
|
-
#
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
# Parse service and action name
|
|
99
|
-
try:
|
|
100
|
-
service, action_name = action.split(":", 1)
|
|
101
|
-
except ValueError:
|
|
102
|
-
continue # Invalid action format, handled by action_validation
|
|
95
|
+
# Parse and validate action
|
|
96
|
+
parsed = parse_action(action)
|
|
97
|
+
if not parsed:
|
|
98
|
+
continue # Invalid action format (or "*"), handled by action_validation
|
|
103
99
|
|
|
104
100
|
# Skip wildcard actions
|
|
105
|
-
if
|
|
101
|
+
if parsed.has_wildcard:
|
|
106
102
|
continue
|
|
107
103
|
|
|
104
|
+
service = parsed.service
|
|
105
|
+
action_name = parsed.action_name
|
|
106
|
+
|
|
108
107
|
# Get service definition
|
|
109
108
|
service_detail = await fetcher.fetch_service_by_name(service)
|
|
110
109
|
if not service_detail:
|
|
111
110
|
continue # Unknown service, handled by action_validation
|
|
112
111
|
|
|
113
|
-
# Get action definition
|
|
114
|
-
action_detail = service_detail.actions
|
|
112
|
+
# Get action definition (case-insensitive since AWS actions are case-insensitive)
|
|
113
|
+
action_detail = get_action_case_insensitive(service_detail.actions, action_name)
|
|
115
114
|
if not action_detail:
|
|
116
115
|
continue # Unknown action, handled by action_validation
|
|
117
116
|
|
|
@@ -262,6 +261,7 @@ class ActionResourceMatchingCheck(PolicyCheck):
|
|
|
262
261
|
),
|
|
263
262
|
suggestion=suggestion,
|
|
264
263
|
line_number=line_number,
|
|
264
|
+
field_name="resource",
|
|
265
265
|
)
|
|
266
266
|
|
|
267
267
|
def _get_suggestion(
|
|
@@ -61,6 +61,7 @@ class ConditionKeyValidationCheck(PolicyCheck):
|
|
|
61
61
|
condition_key=condition_key,
|
|
62
62
|
line_number=line_number,
|
|
63
63
|
suggestion=result.suggestion,
|
|
64
|
+
field_name="condition",
|
|
64
65
|
)
|
|
65
66
|
)
|
|
66
67
|
# Only report once per condition key (not per action)
|
|
@@ -78,6 +79,7 @@ class ConditionKeyValidationCheck(PolicyCheck):
|
|
|
78
79
|
action=action,
|
|
79
80
|
condition_key=condition_key,
|
|
80
81
|
line_number=line_number,
|
|
82
|
+
field_name="condition",
|
|
81
83
|
)
|
|
82
84
|
)
|
|
83
85
|
# Only report once per condition key (not per action)
|
|
@@ -108,6 +108,7 @@ class ConditionTypeMismatchCheck(PolicyCheck):
|
|
|
108
108
|
statement_index=statement_idx,
|
|
109
109
|
issue_type="type_mismatch_usable",
|
|
110
110
|
line_number=line_number,
|
|
111
|
+
field_name="condition",
|
|
111
112
|
)
|
|
112
113
|
)
|
|
113
114
|
# Check if operator type matches key type
|
|
@@ -124,6 +125,7 @@ class ConditionTypeMismatchCheck(PolicyCheck):
|
|
|
124
125
|
issue_type="type_mismatch",
|
|
125
126
|
condition_key=condition_key,
|
|
126
127
|
line_number=line_number,
|
|
128
|
+
field_name="condition",
|
|
127
129
|
)
|
|
128
130
|
)
|
|
129
131
|
|
|
@@ -141,6 +143,7 @@ class ConditionTypeMismatchCheck(PolicyCheck):
|
|
|
141
143
|
issue_type="invalid_value_format",
|
|
142
144
|
condition_key=condition_key,
|
|
143
145
|
line_number=line_number,
|
|
146
|
+
field_name="condition",
|
|
144
147
|
)
|
|
145
148
|
)
|
|
146
149
|
|
|
@@ -71,6 +71,7 @@ class MFAConditionCheck(PolicyCheck):
|
|
|
71
71
|
statement_index=statement_idx,
|
|
72
72
|
issue_type="mfa_antipattern_bool_false",
|
|
73
73
|
line_number=line_number,
|
|
74
|
+
field_name="condition",
|
|
74
75
|
)
|
|
75
76
|
)
|
|
76
77
|
|
|
@@ -97,6 +98,7 @@ class MFAConditionCheck(PolicyCheck):
|
|
|
97
98
|
statement_index=statement_idx,
|
|
98
99
|
issue_type="mfa_antipattern_null_false",
|
|
99
100
|
line_number=line_number,
|
|
101
|
+
field_name="condition",
|
|
100
102
|
)
|
|
101
103
|
)
|
|
102
104
|
|
{iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/policy_structure.py
RENAMED
|
@@ -352,6 +352,7 @@ def validate_statement_structure(
|
|
|
352
352
|
message="`Statement` is missing the required `Effect` field",
|
|
353
353
|
suggestion="Add an `Effect` field with value `Allow` or `Deny`",
|
|
354
354
|
example='"Effect": "Allow"',
|
|
355
|
+
field_name="effect",
|
|
355
356
|
)
|
|
356
357
|
)
|
|
357
358
|
elif statement_dict["Effect"] not in VALID_EFFECTS:
|
|
@@ -364,6 +365,7 @@ def validate_statement_structure(
|
|
|
364
365
|
message=f"Invalid `Effect` value: `{statement_dict['Effect']}`. Must be `Allow` or `Deny`",
|
|
365
366
|
suggestion="Change `Effect` to either `Allow` or `Deny`",
|
|
366
367
|
example='"Effect": "Allow"',
|
|
368
|
+
field_name="effect",
|
|
367
369
|
)
|
|
368
370
|
)
|
|
369
371
|
|
|
@@ -379,6 +381,7 @@ def validate_statement_structure(
|
|
|
379
381
|
message=f"`Sid` must be a `string`, not `{type(sid).__name__}`",
|
|
380
382
|
suggestion='Wrap the `Sid` value in quotes to make it a string: `"Sid": "AllowS3Access"`',
|
|
381
383
|
example='"Sid": "AllowS3Access"',
|
|
384
|
+
field_name="sid",
|
|
382
385
|
)
|
|
383
386
|
)
|
|
384
387
|
elif not SID_PATTERN.match(sid):
|
|
@@ -393,6 +396,7 @@ def validate_statement_structure(
|
|
|
393
396
|
issue_type="invalid_sid_format",
|
|
394
397
|
message=f"`Sid` `{sid}` contains non-alphanumeric characters: `{invalid_chars}`",
|
|
395
398
|
suggestion="According to AWS IAM policy grammar, `Sid` should contain only alphanumeric characters `(A-Z, a-z, 0-9)`.",
|
|
399
|
+
field_name="sid",
|
|
396
400
|
)
|
|
397
401
|
)
|
|
398
402
|
|
|
@@ -406,6 +410,7 @@ def validate_statement_structure(
|
|
|
406
410
|
issue_type="principal_conflict",
|
|
407
411
|
message="`Statement` contains both `Principal` and `NotPrincipal` fields",
|
|
408
412
|
suggestion="Use either `Principal` or `NotPrincipal`, not both",
|
|
413
|
+
field_name="principal",
|
|
409
414
|
)
|
|
410
415
|
)
|
|
411
416
|
|
|
@@ -422,6 +427,7 @@ def validate_statement_structure(
|
|
|
422
427
|
issue_type="action_conflict",
|
|
423
428
|
message="`Statement` contains both `Action` and `NotAction` fields",
|
|
424
429
|
suggestion="Use either `Action` or `NotAction`, not both",
|
|
430
|
+
field_name="action",
|
|
425
431
|
)
|
|
426
432
|
)
|
|
427
433
|
elif not has_action and not has_not_action:
|
|
@@ -434,6 +440,7 @@ def validate_statement_structure(
|
|
|
434
440
|
message="`Statement` is missing both `Action` and `NotAction` fields",
|
|
435
441
|
suggestion="Add either an `Action` or `NotAction` field to specify which AWS actions this statement applies to",
|
|
436
442
|
example=('"Action": [\n "s3:GetObject",\n "s3:PutObject"\n]'),
|
|
443
|
+
field_name="action",
|
|
437
444
|
)
|
|
438
445
|
)
|
|
439
446
|
|
|
@@ -450,6 +457,7 @@ def validate_statement_structure(
|
|
|
450
457
|
issue_type="resource_conflict",
|
|
451
458
|
message="`Statement` contains both `Resource` and `NotResource` fields",
|
|
452
459
|
suggestion="Use either `Resource` or `NotResource`, not both",
|
|
460
|
+
field_name="resource",
|
|
453
461
|
)
|
|
454
462
|
)
|
|
455
463
|
elif not has_resource and not has_not_resource:
|
|
@@ -469,6 +477,7 @@ def validate_statement_structure(
|
|
|
469
477
|
message="`Statement` is missing both `Resource` and `NotResource` fields",
|
|
470
478
|
suggestion="Most policies require a `Resource` field. Add a `Resource` or `NotResource` field to specify which AWS resources this statement applies to.",
|
|
471
479
|
example=('"Resource": "*" OR "Resource": "arn:aws:s3:::my-bucket/*"'),
|
|
480
|
+
field_name="resource",
|
|
472
481
|
)
|
|
473
482
|
)
|
|
474
483
|
|
|
@@ -98,6 +98,7 @@ async def execute_policy(
|
|
|
98
98
|
' "Resource": "arn:aws:s3:::bucket/*"\n'
|
|
99
99
|
"}\n"
|
|
100
100
|
"```",
|
|
101
|
+
field_name="principal",
|
|
101
102
|
)
|
|
102
103
|
)
|
|
103
104
|
|
|
@@ -127,6 +128,7 @@ async def execute_policy(
|
|
|
127
128
|
' "Resource": "arn:aws:s3:::bucket/*"\n'
|
|
128
129
|
"}\n"
|
|
129
130
|
"```",
|
|
131
|
+
field_name="principal",
|
|
130
132
|
)
|
|
131
133
|
)
|
|
132
134
|
|
|
@@ -160,6 +162,7 @@ async def execute_policy(
|
|
|
160
162
|
" }\n"
|
|
161
163
|
"}\n"
|
|
162
164
|
"```",
|
|
165
|
+
field_name="principal",
|
|
163
166
|
)
|
|
164
167
|
)
|
|
165
168
|
|
|
@@ -182,6 +185,7 @@ async def execute_policy(
|
|
|
182
185
|
statement_sid=statement.sid,
|
|
183
186
|
line_number=statement.line_number,
|
|
184
187
|
suggestion="Change the `Effect` to `Deny` for this RCP statement.",
|
|
188
|
+
field_name="effect",
|
|
185
189
|
)
|
|
186
190
|
)
|
|
187
191
|
|
|
@@ -201,6 +205,7 @@ async def execute_policy(
|
|
|
201
205
|
statement_sid=statement.sid,
|
|
202
206
|
line_number=statement.line_number,
|
|
203
207
|
suggestion='Remove `NotPrincipal` and use `Principal: "*"` with `Condition` elements to restrict access.',
|
|
208
|
+
field_name="principal",
|
|
204
209
|
)
|
|
205
210
|
)
|
|
206
211
|
elif not has_principal:
|
|
@@ -215,6 +220,7 @@ async def execute_policy(
|
|
|
215
220
|
statement_sid=statement.sid,
|
|
216
221
|
line_number=statement.line_number,
|
|
217
222
|
suggestion='Add `Principal: "*"` to this RCP statement.',
|
|
223
|
+
field_name="principal",
|
|
218
224
|
)
|
|
219
225
|
)
|
|
220
226
|
elif statement.principal != "*":
|
|
@@ -232,6 +238,7 @@ async def execute_policy(
|
|
|
232
238
|
statement_sid=statement.sid,
|
|
233
239
|
line_number=statement.line_number,
|
|
234
240
|
suggestion='Change `Principal` to `"*"` and use `Condition` elements to restrict access.',
|
|
241
|
+
field_name="principal",
|
|
235
242
|
)
|
|
236
243
|
)
|
|
237
244
|
|
|
@@ -258,6 +265,7 @@ async def execute_policy(
|
|
|
258
265
|
line_number=statement.line_number,
|
|
259
266
|
suggestion="Replace `*` with service-specific actions from supported "
|
|
260
267
|
f"services: {', '.join(f'`{a}`' for a in sorted(rcp_supported_services))}",
|
|
268
|
+
field_name="action",
|
|
261
269
|
)
|
|
262
270
|
)
|
|
263
271
|
else:
|
|
@@ -282,6 +290,7 @@ async def execute_policy(
|
|
|
282
290
|
line_number=statement.line_number,
|
|
283
291
|
suggestion=f"Use only actions from supported RCP services: "
|
|
284
292
|
f"{', '.join(f'`{a}`' for a in sorted(rcp_supported_services))}",
|
|
293
|
+
field_name="action",
|
|
285
294
|
)
|
|
286
295
|
)
|
|
287
296
|
|
|
@@ -297,6 +306,7 @@ async def execute_policy(
|
|
|
297
306
|
statement_sid=statement.sid,
|
|
298
307
|
line_number=statement.line_number,
|
|
299
308
|
suggestion="Replace `NotAction` with `Action` element listing the specific actions to deny.",
|
|
309
|
+
field_name="action",
|
|
300
310
|
)
|
|
301
311
|
)
|
|
302
312
|
|
|
@@ -314,6 +324,7 @@ async def execute_policy(
|
|
|
314
324
|
statement_sid=statement.sid,
|
|
315
325
|
line_number=statement.line_number,
|
|
316
326
|
suggestion='Add `Resource: "*"` or specify specific resource ARNs.',
|
|
327
|
+
field_name="resource",
|
|
317
328
|
)
|
|
318
329
|
)
|
|
319
330
|
|
|
@@ -103,6 +103,7 @@ class PrincipalValidationCheck(PolicyCheck):
|
|
|
103
103
|
line_number=statement.line_number,
|
|
104
104
|
suggestion=f"Remove the `Principal` `{principal}` or add appropriate `Condition`s to restrict access. "
|
|
105
105
|
"Consider using more specific `Principal`s instead of `*` (wildcard).",
|
|
106
|
+
field_name="principal",
|
|
106
107
|
)
|
|
107
108
|
)
|
|
108
109
|
continue
|
|
@@ -122,6 +123,7 @@ class PrincipalValidationCheck(PolicyCheck):
|
|
|
122
123
|
line_number=statement.line_number,
|
|
123
124
|
suggestion=f"Add `{principal}` to the `allowed_principals` list in your config, "
|
|
124
125
|
"or use a `Principal` that matches an allowed pattern.",
|
|
126
|
+
field_name="principal",
|
|
125
127
|
)
|
|
126
128
|
)
|
|
127
129
|
continue
|
|
@@ -407,6 +409,7 @@ class PrincipalValidationCheck(PolicyCheck):
|
|
|
407
409
|
),
|
|
408
410
|
suggestion=self._build_any_of_suggestion(any_of),
|
|
409
411
|
line_number=statement.line_number,
|
|
412
|
+
field_name="principal",
|
|
410
413
|
)
|
|
411
414
|
)
|
|
412
415
|
|
|
@@ -568,6 +571,7 @@ class PrincipalValidationCheck(PolicyCheck):
|
|
|
568
571
|
suggestion=suggestion_text,
|
|
569
572
|
example=example_code,
|
|
570
573
|
line_number=statement.line_number,
|
|
574
|
+
field_name="principal",
|
|
571
575
|
)
|
|
572
576
|
|
|
573
577
|
def _build_condition_suggestion(
|
|
@@ -700,4 +704,5 @@ class PrincipalValidationCheck(PolicyCheck):
|
|
|
700
704
|
message=message,
|
|
701
705
|
suggestion=suggestion,
|
|
702
706
|
line_number=statement.line_number,
|
|
707
|
+
field_name="principal",
|
|
703
708
|
)
|
|
@@ -70,6 +70,7 @@ class ResourceValidationCheck(PolicyCheck):
|
|
|
70
70
|
resource=resource[:100] + "...",
|
|
71
71
|
suggestion="`ARN` is too long and may be invalid",
|
|
72
72
|
line_number=line_number,
|
|
73
|
+
field_name="resource",
|
|
73
74
|
)
|
|
74
75
|
)
|
|
75
76
|
continue
|
|
@@ -98,6 +99,7 @@ class ResourceValidationCheck(PolicyCheck):
|
|
|
98
99
|
resource=resource,
|
|
99
100
|
suggestion="`ARN` should follow format: `arn:partition:service:region:account-id:resource` (template variables like `${aws_account_id}` are supported)",
|
|
100
101
|
line_number=line_number,
|
|
102
|
+
field_name="resource",
|
|
101
103
|
)
|
|
102
104
|
)
|
|
103
105
|
else:
|
|
@@ -111,6 +113,7 @@ class ResourceValidationCheck(PolicyCheck):
|
|
|
111
113
|
resource=resource,
|
|
112
114
|
suggestion="`ARN` should follow format: `arn:partition:service:region:account-id:resource`",
|
|
113
115
|
line_number=line_number,
|
|
116
|
+
field_name="resource",
|
|
114
117
|
)
|
|
115
118
|
)
|
|
116
119
|
except Exception: # pylint: disable=broad-exception-caught
|
|
@@ -125,6 +128,7 @@ class ResourceValidationCheck(PolicyCheck):
|
|
|
125
128
|
resource=resource,
|
|
126
129
|
suggestion="`ARN` validation failed - may contain unexpected characters",
|
|
127
130
|
line_number=line_number,
|
|
131
|
+
field_name="resource",
|
|
128
132
|
)
|
|
129
133
|
)
|
|
130
134
|
|
{iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/service_wildcard.py
RENAMED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
from typing import ClassVar
|
|
4
4
|
|
|
5
|
+
from iam_validator.checks.utils.action_parser import parse_action
|
|
5
6
|
from iam_validator.core.aws_service import AWSServiceFetcher
|
|
6
7
|
from iam_validator.core.check_registry import CheckConfig, PolicyCheck
|
|
7
8
|
from iam_validator.core.models import Statement, ValidationIssue
|
|
@@ -36,9 +37,10 @@ class ServiceWildcardCheck(PolicyCheck):
|
|
|
36
37
|
if action == "*":
|
|
37
38
|
continue
|
|
38
39
|
|
|
39
|
-
#
|
|
40
|
-
|
|
41
|
-
|
|
40
|
+
# Parse action and check if it's a service-level wildcard (e.g., "iam:*", "s3:*")
|
|
41
|
+
parsed = parse_action(action)
|
|
42
|
+
if parsed and parsed.action_name == "*":
|
|
43
|
+
service = parsed.service
|
|
42
44
|
|
|
43
45
|
# Check if this service is in the allowed list
|
|
44
46
|
if service not in allowed_services:
|
|
@@ -72,6 +74,7 @@ class ServiceWildcardCheck(PolicyCheck):
|
|
|
72
74
|
suggestion=suggestion,
|
|
73
75
|
example=example if example else None,
|
|
74
76
|
line_number=statement.line_number,
|
|
77
|
+
field_name="action",
|
|
75
78
|
)
|
|
76
79
|
)
|
|
77
80
|
|
|
@@ -103,6 +103,7 @@ class SetOperatorValidationCheck(PolicyCheck):
|
|
|
103
103
|
issue_type="set_operator_on_single_valued_key",
|
|
104
104
|
condition_key=condition_key,
|
|
105
105
|
line_number=line_number,
|
|
106
|
+
field_name="condition",
|
|
106
107
|
)
|
|
107
108
|
)
|
|
108
109
|
|
|
@@ -123,6 +124,7 @@ class SetOperatorValidationCheck(PolicyCheck):
|
|
|
123
124
|
issue_type="forallvalues_allow_without_null_check",
|
|
124
125
|
condition_key=condition_key,
|
|
125
126
|
line_number=line_number,
|
|
127
|
+
field_name="condition",
|
|
126
128
|
)
|
|
127
129
|
)
|
|
128
130
|
|
|
@@ -142,6 +144,7 @@ class SetOperatorValidationCheck(PolicyCheck):
|
|
|
142
144
|
statement_sid=statement_sid,
|
|
143
145
|
statement_index=statement_idx,
|
|
144
146
|
issue_type="foranyvalue_deny_without_null_check",
|
|
147
|
+
field_name="condition",
|
|
145
148
|
condition_key=condition_key,
|
|
146
149
|
line_number=line_number,
|
|
147
150
|
)
|
{iam_policy_validator-1.13.1 → iam_policy_validator-1.14.0}/iam_validator/checks/sid_uniqueness.py
RENAMED
|
@@ -70,6 +70,7 @@ def _check_sid_uniqueness_impl(policy: IAMPolicy, severity: str) -> list[Validat
|
|
|
70
70
|
message=issue_msg,
|
|
71
71
|
suggestion=suggestion,
|
|
72
72
|
line_number=statement.line_number,
|
|
73
|
+
field_name="sid",
|
|
73
74
|
)
|
|
74
75
|
)
|
|
75
76
|
|
|
@@ -99,6 +100,7 @@ def _check_sid_uniqueness_impl(policy: IAMPolicy, severity: str) -> list[Validat
|
|
|
99
100
|
message=f"Statement ID `{duplicate_sid}` is used **{count} times** in this policy (found in statements `{statement_numbers}`)",
|
|
100
101
|
suggestion="Change this SID to a unique value. Statement IDs help identify and reference specific statements, so duplicates can cause confusion.",
|
|
101
102
|
line_number=statement.line_number,
|
|
103
|
+
field_name="sid",
|
|
102
104
|
)
|
|
103
105
|
)
|
|
104
106
|
|
|
@@ -262,6 +262,7 @@ class TrustPolicyValidationCheck(PolicyCheck):
|
|
|
262
262
|
example=self._get_example_for_action(
|
|
263
263
|
action, allowed_types[0] if allowed_types else "AWS"
|
|
264
264
|
),
|
|
265
|
+
field_name="principal",
|
|
265
266
|
)
|
|
266
267
|
)
|
|
267
268
|
|
|
@@ -312,6 +313,7 @@ class TrustPolicyValidationCheck(PolicyCheck):
|
|
|
312
313
|
f"Expected pattern: `{provider_pattern}`\n"
|
|
313
314
|
f"Found: `{principal}`",
|
|
314
315
|
example=self._get_provider_example(provider_type),
|
|
316
|
+
field_name="principal",
|
|
315
317
|
)
|
|
316
318
|
)
|
|
317
319
|
|
|
@@ -378,6 +380,7 @@ class TrustPolicyValidationCheck(PolicyCheck):
|
|
|
378
380
|
f"Missing: `{missing_list}`\n\n"
|
|
379
381
|
f"{rule.get('description', '')}",
|
|
380
382
|
example=self._get_condition_example(action, required_conditions[0]),
|
|
383
|
+
field_name="condition",
|
|
381
384
|
)
|
|
382
385
|
)
|
|
383
386
|
|