iam-policy-validator 1.14.6__py3-none-any.whl → 1.14.7__py3-none-any.whl

{iam_policy_validator-1.14.6.dist-info → iam_policy_validator-1.14.7.dist-info}/METADATA

@@ -1,12 +1,12 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.14.6
+Version: 1.14.7
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
-Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
+Project-URL: Documentation, https://boogy.github.io/iam-policy-validator
 Project-URL: Repository, https://github.com/boogy/iam-policy-validator
 Project-URL: Issues, https://github.com/boogy/iam-policy-validator/issues
-Project-URL: Changelog, https://github.com/boogy/iam-policy-validator/blob/main/docs/CHANGELOG.md
+Project-URL: Changelog, https://github.com/boogy/iam-policy-validator/blob/main/CHANGELOG.md
 Author-email: boogy <0xboogy@gmail.com>
 License: MIT
 License-File: LICENSE
@@ -38,11 +38,17 @@ Requires-Dist: pytest>=7.0.0; extra == 'dev'
 Requires-Dist: ruff>=0.1.0; extra == 'dev'
 Requires-Dist: types-boto3; extra == 'dev'
 Requires-Dist: types-pyyaml; extra == 'dev'
+Provides-Extra: docs
+Requires-Dist: mkdocs-gen-files>=0.5.0; extra == 'docs'
+Requires-Dist: mkdocs-literate-nav>=0.6.0; extra == 'docs'
+Requires-Dist: mkdocs-material>=9.5.0; extra == 'docs'
+Requires-Dist: mkdocs>=1.6.0; extra == 'docs'
+Requires-Dist: mkdocstrings[python]>=0.24.0; extra == 'docs'
 Description-Content-Type: text/markdown
 
 # IAM Policy Validator
 
-**Catch IAM policy errors before they reach AWS** — Validate syntax, security misconfigurations, and dangerous permission combinations in CI/CD pipelines.
+**Stop IAM misconfigurations before they become breaches** — Catch overprivileged permissions, dangerous wildcards, and policy errors before deployment.
 
 [![GitHub Actions](https://img.shields.io/badge/GitHub%20Actions-Ready-blue)](https://github.com/marketplace/actions/iam-policy-validator)
 [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
@@ -120,7 +126,7 @@ iam-validator validate --path examples/quick-start/ --format enhanced
 ```
 ╭──────────────────────────────────────────────────────────────────────────────────────────────────╮
 │                                                                                                  │
-│                              IAM Policy Validation Report (v1.10.3)                              │
+│                              IAM Policy Validation Report (v1.14.1)                              │
 │                                                                                                  │
 ╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
 ───────────────────────────────────────── Detailed Results ─────────────────────────────────────────
@@ -294,7 +300,7 @@ sensitive_action:
       message: "CloudFormation + PassRole enables infrastructure privilege escalation"
 ```
 
-See [docs/privilege-escalation.md](docs/privilege-escalation.md) for all built-in patterns and custom configuration.
+See [Security Checks Documentation](docs/user-guide/checks/security-checks.md) for all built-in patterns and custom configuration.
 
 **Comparison:**
 
@@ -635,7 +641,7 @@ sensitive_action:
 
 For more details, see:
 
-- [docs/condition-requirements.md](docs/condition-requirements.md) - How to configure condition requirements
+- [Configuration Guide](docs/user-guide/configuration.md) - How to configure condition requirements
 - [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml) - Complete configuration reference
 
 ---
@@ -710,12 +716,12 @@ iam-validator analyze --path new-policy.json \
 
 **Guides:**
 
-- [Check Reference](docs/check-reference.md) - All 19 checks with examples
-- [Configuration Guide](docs/configuration.md) - Customize checks and behavior
-- [GitHub Actions Guide](docs/github-actions-workflows.md) - CI/CD integration
-- [Python Library Guide](docs/python-library-usage.md) - Use as Python package
-- [Trust Policy Guide](examples/trust-policies/README.md) - Trust policy validation
-- [Query Command](docs/query-command.md) - Query AWS service definitions
+- [Check Reference](docs/user-guide/checks/) - All checks with examples
+- [Configuration Guide](docs/user-guide/configuration.md) - Customize checks and behavior
+- [GitHub Actions Guide](docs/integrations/github-actions.md) - CI/CD integration
+- [Python Library Guide](docs/developer-guide/sdk/) - Use as Python package
+- [Trust Policy Examples](examples/trust-policies/) - Trust policy validation examples
+- [Changelog](CHANGELOG.md) - Version history and migration guides
 
 **Examples:**
 

{iam_policy_validator-1.14.6.dist-info → iam_policy_validator-1.14.7.dist-info}/RECORD

@@ -1,6 +1,6 @@
 iam_validator/__init__.py,sha256=xHdUASOxFHwEXfT_GSr_KrkLlnxZ-pAAr1wW1PwAGko,693
 iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
-iam_validator/__version__.py,sha256=WpHTF6NviSa8VivWMnhlxgCYH_CGf0PJr8rvIQ0xQuQ,374
+iam_validator/__version__.py,sha256=gzNFhw4Ir0RuOpe7hw6D6K-mQnE1zvBtL7jSlcAUnrE,374
 iam_validator/checks/__init__.py,sha256=OTkPnmlelu4YjMO8krjhu2wXiTV72RzopA5u1SfPQA0,1990
 iam_validator/checks/action_condition_enforcement.py,sha256=2-XUMbof9tQ7SHZNmAHMkR1DgbOIzY2eFWlp9S9dwLk,60625
 iam_validator/checks/action_resource_matching.py,sha256=qND0hfDgNoxFEdLWwrxOPVDfdj3k50nzedT2qF7nK7o,19428
@@ -87,9 +87,9 @@ iam_validator/core/formatters/sarif.py,sha256=03MHSyuZm9FlzaPeWg7wH-UTzzCDhSy6vM
 iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
 iam_validator/integrations/github_integration.py,sha256=0aeQ_RPTZf5ij7dsBjmtIDz4oHl0BXLno9GperFzTbc,69004
 iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
-iam_validator/sdk/__init__.py,sha256=AZLnfdn3A9AWb0pMhsbu3GAOAzt6rV7Fi3E3d9_3ZdI,6388
+iam_validator/sdk/__init__.py,sha256=1voMXldzhLJ0mZ4AxwYPXwJd_kKFjQ-zp_tN8eWvkP4,6209
 iam_validator/sdk/arn_matching.py,sha256=HSDpLltOYISq-SoPebAlM89mKOaUaghq_04urchEFDA,12778
-iam_validator/sdk/context.py,sha256=FvAEyUa_s7tHWoSdgjSkzHf1CLlYpAEmLZANxs2IJ4A,6826
+iam_validator/sdk/context.py,sha256=b2XXlvsnqxl42d1wsdoynTqsZOy8nRjV73RgxIdKdPQ,6940
 iam_validator/sdk/exceptions.py,sha256=tm91TxIwU157U_UHN7w5qICf_OhU11agj6pV5W_YP-4,1023
 iam_validator/sdk/helpers.py,sha256=sjfK0na_Fo7O8GhEVhl44rVHqOdw6nAKkBL4FVL-QdU,5697
 iam_validator/sdk/policy_utils.py,sha256=bGdJ1X1aC72dVXXpAnAwyBpAiiX-qXvblpetY5BsjKU,13658
@@ -99,8 +99,8 @@ iam_validator/utils/__init__.py,sha256=NveA2F3G1E6-ANZzFr7J6Q6u5mogvMp862iFokmYu
 iam_validator/utils/cache.py,sha256=wOQKOBeoG6QqC5f0oXcHz63Cjtu_-SsSS-0pTSwyAiM,3254
 iam_validator/utils/regex.py,sha256=xHoMECttb7qaMhts-c9b0GIxdhHNZTt-UBr7wNhWfzg,6219
 iam_validator/utils/terminal.py,sha256=FsRaRMH_JAyDgXWBCOgOEhbS89cs17HCmKYoughq5io,724
-iam_policy_validator-1.14.6.dist-info/METADATA,sha256=pAPaTarqbLi7q_cdHu3bkCVeu9BHed34jIQHgMXlj5I,34456
-iam_policy_validator-1.14.6.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-iam_policy_validator-1.14.6.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
-iam_policy_validator-1.14.6.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
-iam_policy_validator-1.14.6.dist-info/RECORD,,
+iam_policy_validator-1.14.7.dist-info/METADATA,sha256=l4PstdoYzO1kqFBTI2M7UDbvoQMAcVC9sHamKl43x9Y,34741
+iam_policy_validator-1.14.7.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+iam_policy_validator-1.14.7.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
+iam_policy_validator-1.14.7.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
+iam_policy_validator-1.14.7.dist-info/RECORD,,

iam_validator/__version__.py

@@ -3,7 +3,7 @@
 This file is the single source of truth for the package version.
 """
 
-__version__ = "1.14.6"
+__version__ = "1.14.7"
 # Parse version, handling pre-release suffixes like -rc, -alpha, -beta
 _version_base = __version__.split("-", maxsplit=1)[0]  # Remove pre-release suffix if present
 __version_info__ = tuple(int(part) for part in _version_base.split("."))

iam_validator/sdk/__init__.py

@@ -1,66 +1,71 @@
-"""
-IAM Policy Validator SDK - Public API for library usage.
+"""IAM Policy Validator SDK - Public API for library usage.
 
 This module provides the complete public API for using IAM Policy Validator
 as a Python library. It exposes both high-level convenience functions and
 low-level components for custom integrations.
 
-Quick Start:
-    Basic validation:
-    >>> from iam_validator.sdk import validate_file
-    >>> result = await validate_file("policy.json")
-    >>> print(f"Valid: {result.is_valid}")
-
-    With context manager:
-    >>> from iam_validator.sdk import validator
-    >>> async with validator() as v:
-    ...     result = await v.validate_file("policy.json")
-    ...     v.generate_report([result])
-
-    Policy manipulation:
-    >>> from iam_validator.sdk import parse_policy, get_policy_summary
-    >>> policy = parse_policy(policy_json)
-    >>> summary = get_policy_summary(policy)
-    >>> print(f"Actions: {summary['action_count']}")
-
-    Query AWS service definitions:
-    >>> from iam_validator.sdk import AWSServiceFetcher, query_actions, query_arn_formats
-    >>> async with AWSServiceFetcher() as fetcher:
-    ...     # Query all S3 write actions
-    ...     write_actions = await query_actions(fetcher, "s3", access_level="write")
-    ...     # Get ARN formats for S3
-    ...     arns = await query_arn_formats(fetcher, "s3")
-
-    Custom check development:
-    >>> from iam_validator.sdk import PolicyCheck, CheckHelper
-    >>> class MyCheck(PolicyCheck):
-    ...     @property
-    ...     def check_id(self) -> str:
-    ...         return "my_check"
-    ...     async def execute(self, statement, idx, fetcher, config):
-    ...         helper = CheckHelper(fetcher)
-    ...         # Use helper.arn_matches(), helper.create_issue(), etc.
-    ...         return []
-"""
+Example:
+    Basic validation::
 
-# === High-level validation functions (shortcuts) ===
-# === AWS utilities ===
-from iam_validator.core.aws_service import AWSServiceFetcher
+        from iam_validator.sdk import validate_file
 
-# === Core validation components (for advanced usage) ===
-from iam_validator.core.check_registry import CheckRegistry, PolicyCheck
+        result = await validate_file("policy.json")
+        print(f"Valid: {result.is_valid}")
+
+    With context manager::
+
+        from iam_validator.sdk import validator
+
+        async with validator() as v:
+            result = await v.validate_file("policy.json")
+            v.generate_report([result])
+
+    Policy manipulation::
+
+        from iam_validator.sdk import parse_policy, get_policy_summary
+
+        policy = parse_policy(policy_json)
+        summary = get_policy_summary(policy)
+        print(f"Actions: {summary['action_count']}")
+
+    Query AWS service definitions::
+
+        from iam_validator.sdk import AWSServiceFetcher, query_actions
+
+        async with AWSServiceFetcher() as fetcher:
+            # Query all S3 write actions
+            write_actions = await query_actions(fetcher, "s3", access_level="write")
+
+    Custom check development::
+
+        from iam_validator.sdk import PolicyCheck, CheckHelper
 
-# === ValidatorConfiguration ===
-from iam_validator.core.config.config_loader import ValidatorConfig, load_validator_config
+        class MyCheck(PolicyCheck):
+            check_id = "my_check"
+            description = "My custom check"
+            default_severity = "medium"
 
-# === Reporting ===
+            async def execute(self, statement, idx, fetcher, config):
+                helper = CheckHelper(fetcher)
+                # Use helper.arn_matches(), helper.create_issue(), etc.
+                return []
+"""
+
+# ruff: noqa: E402
+# Imports are organized by category with comments, which triggers E402.
+# This is intentional for readability in this public API module.
+
+from iam_validator.core.aws_service import AWSServiceFetcher
+from iam_validator.core.check_registry import CheckRegistry, PolicyCheck
+from iam_validator.core.config.config_loader import (
+    ValidatorConfig,
+    load_validator_config,
+)
 from iam_validator.core.formatters.csv import CSVFormatter
 from iam_validator.core.formatters.html import HTMLFormatter
 from iam_validator.core.formatters.json import JSONFormatter
 from iam_validator.core.formatters.markdown import MarkdownFormatter
 from iam_validator.core.formatters.sarif import SARIFFormatter
-
-# === Models (for type hints and inspection) ===
 from iam_validator.core.models import (
     IAMPolicy,
     PolicyValidationResult,
@@ -70,23 +75,17 @@ from iam_validator.core.models import (
 from iam_validator.core.policy_checks import validate_policies
 from iam_validator.core.policy_loader import PolicyLoader
 from iam_validator.core.report import ReportGenerator
-
-# === ARN matching utilities ===
 from iam_validator.sdk.arn_matching import (
     arn_matches,
     arn_strictly_valid,
     convert_aws_pattern_to_wildcard,
     is_glob_match,
 )
-
-# === Context managers ===
 from iam_validator.sdk.context import (
     ValidationContext,
     validator,
     validator_from_config,
 )
-
-# === Public exceptions ===
 from iam_validator.sdk.exceptions import (
     AWSServiceError,
     ConfigurationError,
@@ -96,11 +95,7 @@ from iam_validator.sdk.exceptions import (
     PolicyValidationError,
     UnsupportedPolicyTypeError,
 )
-
-# === Custom check development ===
 from iam_validator.sdk.helpers import CheckHelper, expand_actions
-
-# === Policy manipulation utilities ===
 from iam_validator.sdk.policy_utils import (
     extract_actions,
     extract_condition_keys,
@@ -116,8 +111,6 @@ from iam_validator.sdk.policy_utils import (
     policy_to_dict,
     policy_to_json,
 )
-
-# === Query utilities (AWS service definition queries) ===
 from iam_validator.sdk.query_utils import (
     get_actions_by_access_level,
     get_actions_supporting_condition,
@@ -139,6 +132,9 @@ from iam_validator.sdk.shortcuts import (
     validate_json,
 )
 
+# Alias for convenience (matches documentation)
+Config = ValidatorConfig
+
 __all__ = [
     # === High-level shortcuts ===
     "validate_file",
@@ -203,6 +199,7 @@ __all__ = [
     "Statement",
     # === ValidatorConfiguration ===
     "ValidatorConfig",
+    "Config",  # Alias for ValidatorConfig
     "load_validator_config",
     # === AWS utilities ===
     "AWSServiceFetcher",
@@ -214,7 +211,9 @@ __all__ = [
     "AWSServiceError",
     "InvalidPolicyFormatError",
     "UnsupportedPolicyTypeError",
+    # Version
+    "__version__",
 ]
 
-# SDK version
-__version__ = "0.1.0"
+# SDK version (same as main package)
+from iam_validator.__version__ import __version__

iam_validator/sdk/context.py

@@ -5,6 +5,7 @@ This module provides context managers that handle resource lifecycle
 and make the validation API more convenient to use.
 """
 
+from collections.abc import AsyncIterator
 from contextlib import asynccontextmanager
 from pathlib import Path
 
@@ -169,7 +170,7 @@ class ValidationContext:
 @asynccontextmanager
 async def validator(
     config_path: str | None = None,
-):
+) -> AsyncIterator[ValidationContext]:
     """
     Context manager that handles AWS fetcher lifecycle.
 
@@ -201,7 +202,7 @@ async def validator(
 
 
 @asynccontextmanager
-async def validator_from_config(config_path: str):
+async def validator_from_config(config_path: str) -> AsyncIterator[ValidationContext]:
     """
     Context manager that loads configuration and creates a validator.