iam-policy-validator 1.14.7__tar.gz → 1.15.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (390) hide show
  1. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/ci.yml +4 -4
  2. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/codeql.yml +3 -3
  3. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/docs.yml +1 -1
  4. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/pre-release.yml +1 -1
  5. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/release.yml +1 -1
  6. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/scorecard.yml +1 -1
  7. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.gitignore +3 -0
  8. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/CHANGELOG.md +133 -12
  9. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/Makefile +19 -1
  10. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/PKG-INFO +16 -11
  11. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/README.md +10 -9
  12. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/SECURITY.md +3 -48
  13. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/action.yaml +3 -3
  14. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/api-reference/sdk.md +77 -37
  15. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/contributing/testing.md +5 -5
  16. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/architecture.md +6 -6
  17. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/custom-checks/examples.md +6 -6
  18. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/sdk/policy-utilities.md +14 -0
  19. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/getting-started/first-validation.md +8 -8
  20. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/getting-started/quickstart.md +5 -5
  21. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/index.md +2 -2
  22. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/integrations/github-actions.md +9 -9
  23. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/integrations/index.md +9 -1
  24. iam_policy_validator-1.15.1/docs/integrations/mcp-server.md +2033 -0
  25. iam_policy_validator-1.15.1/docs/stylesheets/extra.css +283 -0
  26. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/checks/advanced-checks.md +10 -10
  27. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/checks/aws-validation.md +8 -8
  28. iam_policy_validator-1.15.1/docs/user-guide/checks/index.md +110 -0
  29. iam_policy_validator-1.15.1/docs/user-guide/checks/security-checks.md +380 -0
  30. iam_policy_validator-1.15.1/docs/user-guide/cli-reference.md +361 -0
  31. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/configuration.md +32 -4
  32. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/output-formats.md +9 -9
  33. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/full-reference-config.yaml +41 -1
  34. iam_policy_validator-1.15.1/examples/mcp-llm-instructions/README.md +145 -0
  35. iam_policy_validator-1.15.1/examples/mcp-llm-instructions/SYSTEM_PROMPT.md +382 -0
  36. iam_policy_validator-1.15.1/examples/mcp-llm-instructions/example_conversation.md +252 -0
  37. iam_policy_validator-1.15.1/examples/mcp-llm-instructions/organization_config.yaml +165 -0
  38. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/__version__.py +1 -1
  39. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/__init__.py +2 -0
  40. iam_policy_validator-1.15.1/iam_validator/checks/action_validation.py +131 -0
  41. iam_policy_validator-1.15.1/iam_validator/checks/not_action_not_resource.py +163 -0
  42. iam_policy_validator-1.15.1/iam_validator/checks/resource_validation.py +186 -0
  43. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/wildcard_resource.py +136 -6
  44. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/__init__.py +3 -0
  45. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/cache.py +66 -24
  46. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/completion.py +94 -15
  47. iam_policy_validator-1.15.1/iam_validator/commands/mcp.py +210 -0
  48. iam_policy_validator-1.15.1/iam_validator/commands/query.py +909 -0
  49. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/__init__.py +5 -1
  50. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/cache.py +20 -0
  51. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/fetcher.py +180 -11
  52. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/storage.py +14 -6
  53. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/validators.py +68 -51
  54. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/check_registry.py +100 -35
  55. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/aws_global_conditions.py +18 -9
  56. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/check_documentation.py +104 -51
  57. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/config_loader.py +39 -3
  58. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/defaults.py +6 -0
  59. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/constants.py +11 -4
  60. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/models.py +39 -14
  61. iam_policy_validator-1.15.1/iam_validator/mcp/__init__.py +162 -0
  62. iam_policy_validator-1.15.1/iam_validator/mcp/models.py +118 -0
  63. iam_policy_validator-1.15.1/iam_validator/mcp/server.py +2928 -0
  64. iam_policy_validator-1.15.1/iam_validator/mcp/session_config.py +319 -0
  65. iam_policy_validator-1.15.1/iam_validator/mcp/templates/__init__.py +79 -0
  66. iam_policy_validator-1.15.1/iam_validator/mcp/templates/builtin.py +856 -0
  67. iam_policy_validator-1.15.1/iam_validator/mcp/tools/__init__.py +72 -0
  68. iam_policy_validator-1.15.1/iam_validator/mcp/tools/generation.py +888 -0
  69. iam_policy_validator-1.15.1/iam_validator/mcp/tools/org_config_tools.py +263 -0
  70. iam_policy_validator-1.15.1/iam_validator/mcp/tools/query.py +395 -0
  71. iam_policy_validator-1.15.1/iam_validator/mcp/tools/validation.py +376 -0
  72. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/__init__.py +2 -0
  73. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/policy_utils.py +31 -5
  74. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/mkdocs.yml +8 -2
  75. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/pyproject.toml +8 -1
  76. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_action_validation_check.py +103 -6
  77. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_aws_global_conditions.py +32 -24
  78. iam_policy_validator-1.15.1/tests/checks/test_condition_key_validation_check.py +273 -0
  79. iam_policy_validator-1.15.1/tests/checks/test_condition_type_mismatch.py +125 -0
  80. iam_policy_validator-1.15.1/tests/checks/test_full_wildcard_check.py +73 -0
  81. iam_policy_validator-1.15.1/tests/checks/test_mfa_condition_check.py +96 -0
  82. iam_policy_validator-1.15.1/tests/checks/test_not_action_not_resource.py +108 -0
  83. iam_policy_validator-1.15.1/tests/checks/test_policy_size_check.py +98 -0
  84. iam_policy_validator-1.15.1/tests/checks/test_principal_validation_check.py +252 -0
  85. iam_policy_validator-1.15.1/tests/checks/test_resource_validation_check.py +151 -0
  86. iam_policy_validator-1.15.1/tests/checks/test_service_wildcard_check.py +84 -0
  87. iam_policy_validator-1.15.1/tests/checks/test_sid_uniqueness_check.py +80 -0
  88. iam_policy_validator-1.15.1/tests/checks/test_wildcard_action_check.py +62 -0
  89. iam_policy_validator-1.15.1/tests/checks/test_wildcard_resource_check.py +292 -0
  90. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/commands/test_query_command.py +159 -0
  91. iam_policy_validator-1.15.1/tests/core/test_action_resource_matching.py +167 -0
  92. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_check_registry.py +173 -0
  93. iam_policy_validator-1.15.1/tests/core/test_models.py +276 -0
  94. iam_policy_validator-1.15.1/tests/mcp/__init__.py +8 -0
  95. iam_policy_validator-1.15.1/tests/mcp/conftest.py +326 -0
  96. iam_policy_validator-1.15.1/tests/mcp/test_custom_instructions.py +218 -0
  97. iam_policy_validator-1.15.1/tests/mcp/test_generation_tools.py +441 -0
  98. iam_policy_validator-1.15.1/tests/mcp/test_org_config.py +385 -0
  99. iam_policy_validator-1.15.1/tests/mcp/test_query_tools.py +221 -0
  100. iam_policy_validator-1.15.1/tests/mcp/test_server_integration.py +128 -0
  101. iam_policy_validator-1.15.1/tests/mcp/test_templates.py +495 -0
  102. iam_policy_validator-1.15.1/tests/mcp/test_validation_tools.py +331 -0
  103. iam_policy_validator-1.15.1/uv.lock +2762 -0
  104. iam_policy_validator-1.14.7/docs/user-guide/checks/index.md +0 -109
  105. iam_policy_validator-1.14.7/docs/user-guide/checks/security-checks.md +0 -233
  106. iam_policy_validator-1.14.7/docs/user-guide/cli-reference.md +0 -175
  107. iam_policy_validator-1.14.7/iam_validator/checks/action_validation.py +0 -67
  108. iam_policy_validator-1.14.7/iam_validator/checks/resource_validation.py +0 -135
  109. iam_policy_validator-1.14.7/iam_validator/commands/query.py +0 -485
  110. iam_policy_validator-1.14.7/scripts/download_aws_services.py +0 -215
  111. iam_policy_validator-1.14.7/scripts/sync_defaults_from_yaml.py +0 -204
  112. iam_policy_validator-1.14.7/tests/checks/test_condition_key_validation_check.py +0 -646
  113. iam_policy_validator-1.14.7/tests/checks/test_condition_type_mismatch.py +0 -370
  114. iam_policy_validator-1.14.7/tests/checks/test_full_wildcard_check.py +0 -254
  115. iam_policy_validator-1.14.7/tests/checks/test_mfa_condition_check.py +0 -240
  116. iam_policy_validator-1.14.7/tests/checks/test_policy_size_check.py +0 -370
  117. iam_policy_validator-1.14.7/tests/checks/test_principal_validation_check.py +0 -958
  118. iam_policy_validator-1.14.7/tests/checks/test_resource_validation_check.py +0 -322
  119. iam_policy_validator-1.14.7/tests/checks/test_service_wildcard_check.py +0 -332
  120. iam_policy_validator-1.14.7/tests/checks/test_sid_uniqueness_check.py +0 -281
  121. iam_policy_validator-1.14.7/tests/checks/test_wildcard_action_check.py +0 -297
  122. iam_policy_validator-1.14.7/tests/checks/test_wildcard_resource_check.py +0 -759
  123. iam_policy_validator-1.14.7/tests/core/test_action_resource_matching.py +0 -564
  124. iam_policy_validator-1.14.7/tests/core/test_models.py +0 -541
  125. iam_policy_validator-1.14.7/uv.lock +0 -1519
  126. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/dependabot.yml +0 -0
  127. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/cleanup-prereleases.yml +0 -0
  128. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/CONTRIBUTING.md +0 -0
  129. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/LICENSE +0 -0
  130. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/api-reference/checks.md +0 -0
  131. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/api-reference/exceptions.md +0 -0
  132. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/api-reference/index.md +0 -0
  133. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/api-reference/models.md +0 -0
  134. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/changelog.md +0 -0
  135. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/contributing/development-setup.md +0 -0
  136. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/contributing/index.md +0 -0
  137. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/contributing/releasing.md +0 -0
  138. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/custom-checks/best-practices.md +0 -0
  139. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/custom-checks/index.md +0 -0
  140. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/custom-checks/tutorial.md +0 -0
  141. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/index.md +0 -0
  142. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/sdk/advanced.md +0 -0
  143. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/sdk/index.md +0 -0
  144. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/sdk/quickstart.md +0 -0
  145. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/developer-guide/sdk/validation.md +0 -0
  146. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/getting-started/index.md +0 -0
  147. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/getting-started/installation.md +0 -0
  148. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/includes/abbreviations.md +0 -0
  149. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/integrations/gitlab-ci.md +0 -0
  150. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/integrations/pre-commit.md +0 -0
  151. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/index.md +0 -0
  152. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/docs/user-guide/troubleshooting.md +0 -0
  153. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/README.md +0 -0
  154. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/access-analyzer/example1.json +0 -0
  155. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/access-analyzer/example2.json +0 -0
  156. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/aws-service-definitions/iam.json +0 -0
  157. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/aws-service-definitions/s3.json +0 -0
  158. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/github-labels-config.yaml +0 -0
  159. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/minimal-validation-config.yaml +0 -0
  160. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/offline-validation.yaml +0 -0
  161. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/policy-level-condition-enforcement-config.yaml +0 -0
  162. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/configs/strict-security.yaml +0 -0
  163. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/custom_checks/cross_account_external_id_check.py +0 -0
  164. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/custom_checks/domain_restriction_check.py +0 -0
  165. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/access-analyzer-only.yaml +0 -0
  166. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/basic-validation.yaml +0 -0
  167. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/custom-policy-checks.yaml +0 -0
  168. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/multi-region-validation.yaml +0 -0
  169. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/resource-policy-validation.yaml +0 -0
  170. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/sarif-code-scanning.yaml +0 -0
  171. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/sequential-validation.yaml +0 -0
  172. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/two-step-validation.yaml +0 -0
  173. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/github-actions/validate-changed-files.yaml +0 -0
  174. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
  175. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
  176. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
  177. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
  178. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
  179. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
  180. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
  181. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
  182. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
  183. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
  184. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
  185. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
  186. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
  187. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
  188. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
  189. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
  190. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
  191. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
  192. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
  193. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
  194. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
  195. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
  196. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
  197. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
  198. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
  199. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
  200. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
  201. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
  202. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
  203. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
  204. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
  205. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
  206. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
  207. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/terraform-template-policy.json +0 -0
  208. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
  209. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
  210. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
  211. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
  212. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
  213. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
  214. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
  215. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
  216. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
  217. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
  218. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
  219. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
  220. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
  221. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
  222. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
  223. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
  224. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
  225. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
  226. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
  227. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
  228. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
  229. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
  230. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
  231. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
  232. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
  233. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
  234. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
  235. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
  236. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
  237. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
  238. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
  239. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
  240. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
  241. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
  242. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
  243. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
  244. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
  245. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
  246. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
  247. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
  248. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
  249. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
  250. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
  251. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
  252. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
  253. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
  254. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
  255. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
  256. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
  257. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
  258. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/correct-condition-wrong-key.json +0 -0
  259. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +0 -0
  260. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +0 -0
  261. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +0 -0
  262. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +0 -0
  263. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +0 -0
  264. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +0 -0
  265. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/iam-test-policies/wrong_actions_mismatch/typo-condition-field.json +0 -0
  266. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/quick-start/lambda-policy.json +0 -0
  267. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/quick-start/s3-policy.json +0 -0
  268. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/quick-start/user-policy.json +0 -0
  269. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/trust-policies/INVALID-wrong-principal-type.json +0 -0
  270. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/trust-policies/cross-account-trust-policy.json +0 -0
  271. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/trust-policies/github-actions-oidc-trust-policy.json +0 -0
  272. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/trust-policies/lambda-service-role-trust-policy.json +0 -0
  273. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/examples/trust-policies/saml-federated-trust-policy.json +0 -0
  274. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/__init__.py +0 -0
  275. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/__main__.py +0 -0
  276. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/action_condition_enforcement.py +0 -0
  277. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/action_resource_matching.py +0 -0
  278. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/condition_key_validation.py +0 -0
  279. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/condition_type_mismatch.py +0 -0
  280. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/full_wildcard.py +0 -0
  281. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/mfa_condition_check.py +0 -0
  282. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/policy_size.py +0 -0
  283. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/policy_structure.py +0 -0
  284. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/policy_type_validation.py +0 -0
  285. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/principal_validation.py +0 -0
  286. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/sensitive_action.py +0 -0
  287. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/service_wildcard.py +0 -0
  288. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/set_operator_validation.py +0 -0
  289. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/sid_uniqueness.py +0 -0
  290. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/trust_policy_validation.py +0 -0
  291. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/utils/__init__.py +0 -0
  292. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/utils/action_parser.py +0 -0
  293. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/utils/policy_level_checks.py +0 -0
  294. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
  295. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
  296. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/checks/wildcard_action.py +0 -0
  297. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/analyze.py +0 -0
  298. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/base.py +0 -0
  299. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/download_services.py +0 -0
  300. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/post_to_pr.py +0 -0
  301. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/commands/validate.py +0 -0
  302. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/__init__.py +0 -0
  303. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/access_analyzer.py +0 -0
  304. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/access_analyzer_report.py +0 -0
  305. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_fetcher.py +0 -0
  306. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/client.py +0 -0
  307. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/parsers.py +0 -0
  308. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/aws_service/patterns.py +0 -0
  309. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/cli.py +0 -0
  310. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/codeowners.py +0 -0
  311. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/condition_validators.py +0 -0
  312. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/__init__.py +0 -0
  313. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/aws_api.py +0 -0
  314. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/category_suggestions.py +0 -0
  315. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/condition_requirements.py +0 -0
  316. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/principal_requirements.py +0 -0
  317. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/sensitive_actions.py +0 -0
  318. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/service_principals.py +0 -0
  319. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/config/wildcards.py +0 -0
  320. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/diff_parser.py +0 -0
  321. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/finding_fingerprint.py +0 -0
  322. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/__init__.py +0 -0
  323. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/base.py +0 -0
  324. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/console.py +0 -0
  325. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/csv.py +0 -0
  326. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/enhanced.py +0 -0
  327. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/html.py +0 -0
  328. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/json.py +0 -0
  329. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/markdown.py +0 -0
  330. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/formatters/sarif.py +0 -0
  331. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/ignore_patterns.py +0 -0
  332. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/ignore_processor.py +0 -0
  333. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/ignored_findings.py +0 -0
  334. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/label_manager.py +0 -0
  335. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/policy_checks.py +0 -0
  336. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/policy_loader.py +0 -0
  337. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/pr_commenter.py +0 -0
  338. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/core/report.py +0 -0
  339. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/integrations/__init__.py +0 -0
  340. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/integrations/github_integration.py +0 -0
  341. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/integrations/ms_teams.py +0 -0
  342. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/arn_matching.py +0 -0
  343. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/context.py +0 -0
  344. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/exceptions.py +0 -0
  345. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/helpers.py +0 -0
  346. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/query_utils.py +0 -0
  347. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/sdk/shortcuts.py +0 -0
  348. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/utils/__init__.py +0 -0
  349. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/utils/cache.py +0 -0
  350. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/utils/regex.py +0 -0
  351. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/iam_validator/utils/terminal.py +0 -0
  352. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/README.md +0 -0
  353. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/__init__.py +0 -0
  354. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/__init__.py +0 -0
  355. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_custom_policy_checks.py +0 -0
  356. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_sensitive_action_filtering.py +0 -0
  357. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_sensitive_action_suggestions.py +0 -0
  358. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_sensitive_action_wildcard_expansion.py +0 -0
  359. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/checks/test_service_principal_wildcard.py +0 -0
  360. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/commands/__init__.py +0 -0
  361. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/commands/test_completion_command.py +0 -0
  362. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/config/__init__.py +0 -0
  363. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/config/test_config_loader.py +0 -0
  364. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/__init__.py +0 -0
  365. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_action_condition_enforcement.py +0 -0
  366. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_action_condition_enforcement_policy_level.py +0 -0
  367. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_aws_api_config.py +0 -0
  368. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_aws_fetcher_wildcards.py +0 -0
  369. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_check_id_in_comments.py +0 -0
  370. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_check_id_injection.py +0 -0
  371. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_codeowners.py +0 -0
  372. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_comment_truncation.py +0 -0
  373. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_diff_parser.py +0 -0
  374. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_finding_fingerprint.py +0 -0
  375. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_ignore_patterns.py +0 -0
  376. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_ignored_findings.py +0 -0
  377. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_multipart_comments.py +0 -0
  378. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_policy_loader.py +0 -0
  379. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_policy_type_validation.py +0 -0
  380. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_pr_commenter_diff_filtering.py +0 -0
  381. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_regex_utils.py +0 -0
  382. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_set_operator_validation.py +0 -0
  383. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_trust_policy_detection.py +0 -0
  384. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_trust_policy_multiple_statements.py +0 -0
  385. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_trust_policy_oidc_aud_required.py +0 -0
  386. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/core/test_trust_policy_validation.py +0 -0
  387. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/integrations/__init__.py +0 -0
  388. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/integrations/test_comment_deduplication.py +0 -0
  389. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/integrations/test_github_pagination.py +0 -0
  390. {iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/tests/integrations/test_label_manager.py +0 -0
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/ci.yml RENAMED
@@ -26,7 +26,7 @@ jobs:
26
26
  python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
27
27
 
28
28
  - name: Install uv
29
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
29
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
30
30
  with:
31
31
  enable-cache: true
32
32
 
@@ -56,7 +56,7 @@ jobs:
56
56
  python-version: ${{ matrix.python-version }}
57
57
 
58
58
  - name: Install uv
59
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
59
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
60
60
  with:
61
61
  enable-cache: true
62
62
 
@@ -80,7 +80,7 @@ jobs:
80
80
  python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
81
81
 
82
82
  - name: Install uv
83
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
83
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
84
84
  with:
85
85
  enable-cache: true
86
86
 
@@ -104,7 +104,7 @@ jobs:
104
104
  python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
105
105
 
106
106
  - name: Install uv
107
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
107
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
108
108
  with:
109
109
  enable-cache: true
110
110
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/codeql.yml RENAMED
@@ -29,15 +29,15 @@ jobs:
29
29
  uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
30
30
 
31
31
  - name: Initialize CodeQL
32
- uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
32
+ uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
33
33
  with:
34
34
  languages: ${{ matrix.language }}
35
35
  queries: security-extended,security-and-quality
36
36
 
37
37
  - name: Autobuild
38
- uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
38
+ uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
39
39
 
40
40
  - name: Perform CodeQL Analysis
41
- uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
41
+ uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
42
42
  with:
43
43
  category: "/language:${{matrix.language}}"
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/docs.yml RENAMED
@@ -63,7 +63,7 @@ jobs:
63
63
  # actions/upload-pages-artifact v3.0.1
64
64
  - name: Upload artifact
65
65
  if: github.event_name == 'push' && github.ref == 'refs/heads/main'
66
- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
66
+ uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
67
67
  with:
68
68
  path: ./site
69
69
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/pre-release.yml RENAMED
@@ -80,7 +80,7 @@ jobs:
80
80
  python-version: ${{ inputs.python_version }}
81
81
 
82
82
  - name: Install uv
83
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
83
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
84
84
  with:
85
85
  enable-cache: true
86
86
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/release.yml RENAMED
@@ -31,7 +31,7 @@ jobs:
31
31
  python-version: ${{ env.PYTHON_VERSION }}
32
32
 
33
33
  - name: Install uv
34
- uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
34
+ uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
35
35
  with:
36
36
  enable-cache: true
37
37
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.github/workflows/scorecard.yml RENAMED
@@ -57,6 +57,6 @@ jobs:
57
57
  # Upload the results to GitHub's code scanning dashboard (optional).
58
58
  # Commenting out will disable upload of results to your repo's Code Scanning dashboard
59
59
  - name: "Upload to code-scanning"
60
- uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
60
+ uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
61
61
  with:
62
62
  sarif_file: results.sarif
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/.gitignore RENAMED
@@ -84,3 +84,6 @@ coverage.xml
84
84
 
85
85
  # AWS service definitions (download with: iam-validator download-services)
86
86
  aws_services/
87
+
88
+ .mcp.json
89
+ .serena
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/CHANGELOG.md RENAMED
@@ -8,14 +8,103 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
8
8
  ## [Unreleased]
9
9
 
10
10
  ### Planned
11
- - NotAction/NotResource validation support
11
+
12
12
  - Enhanced PR comment management with configurable limits
13
13
 
14
14
  ---
15
15
 
16
+ ## [1.15.0] - 2025-01-22
17
+
18
+ ### Added
19
+
20
+ **MCP Server Integration**
21
+
22
+ - Full FastMCP server with 25+ tools for AI assistants (`iam-validator mcp` command)
23
+ - Standalone `iam-validator-mcp` entry point for easy integration
24
+ - Policy validation, generation, and AWS service querying tools
25
+ - 15 built-in secure policy templates for common use cases
26
+ - Session-wide organization configuration management
27
+ - MCP Prompts for guided workflows (generate_secure_policy, fix_policy_issues_workflow, review_policy_security)
28
+ - Custom instructions support via YAML config, environment variable, CLI, or MCP tools
29
+ - Comprehensive MCP documentation with usage examples
30
+
31
+ **New Security Check**
32
+
33
+ - `not_action_not_resource` check for detecting dangerous NotAction/NotResource patterns (high severity)
34
+
35
+ **Query Command Enhancements**
36
+
37
+ - Support multiple actions in single query (`--name s3:GetObject dynamodb:Query`)
38
+ - Wildcard pattern expansion (`--name "iam:Get*"` or `--name "s3:*Object*"`)
39
+ - Field filter options: `--show-condition-keys`, `--show-resource-types`, `--show-access-level`
40
+ - Allow service prefix in `--name`, making `--service` optional (`--name s3:GetObject`)
41
+ - Deduplicate results when querying overlapping patterns
42
+
43
+ **Validation Improvements**
44
+
45
+ - `action_validation` now validates wildcard patterns (e.g., `s3:Get*`) to ensure they match real AWS actions
46
+ - `action_validation` now validates NotAction field
47
+ - `resource_validation` now validates NotResource field
48
+ - `wildcard_resource` check has condition-aware severity adjustment:
49
+ - MEDIUM → LOW when global resource-scoping conditions present (aws:ResourceAccount, aws:ResourceOrgID, aws:ResourceOrgPaths)
50
+ - MEDIUM → LOW when aws:ResourceTag/\* conditions are used AND all actions support the condition key
51
+
52
+ **Configuration**
53
+
54
+ - Add `hide_severities` option for severity-based finding filtering (global and per-check)
55
+ - Add `iam-policy-validator` CLI alias matching PyPI package name
56
+
57
+ **Cache Improvements**
58
+
59
+ - Cache refresh now updates all cached services (not just common ones)
60
+ - Expired cache files are kept for refresh instead of deleted
61
+ - Stale cache fallback when AWS API fails for graceful degradation
62
+
63
+ **SDK**
64
+
65
+ - Export `extract_condition_keys_from_statement()` in public API
66
+ - Add `is_condition_key_supported()` to AWSServiceFetcher
67
+
68
+ ### Changed
69
+
70
+ - Development status upgraded to Production/Stable
71
+ - Batch operations use `asyncio.gather()` for parallel execution
72
+ - Template listing includes full variable metadata (name, description, required)
73
+ - Simplified condition key pattern matching for tag-key placeholders (forward-compatible)
74
+ - Test suite consolidated using `@pytest.mark.parametrize` (919 → 850 tests)
75
+
76
+ ### Fixed
77
+
78
+ - Support parameterized condition key patterns like `s3:RequestObjectTag/<key>`
79
+ - MCP tests skip properly when fastmcp is not installed
80
+ - Improved loop prevention guidance for LLM clients
81
+
82
+ ### Dependencies
83
+
84
+ - fastmcp as optional dependency (install with `[mcp]` extra)
85
+ - Updated CI dependencies (actions/cache, codeql-action, setup-uv, upload-pages-artifact)
86
+
87
+ ---
88
+
89
+ ## [1.14.7] - 2025-12-17
90
+
91
+ ### Added
92
+
93
+ - MkDocs documentation site deployed to GitHub Pages
94
+ - Comprehensive SDK API reference documentation
95
+
96
+ ### Fixed
97
+
98
+ - Correct repository name in all documentation links (iam-policy-auditor → iam-policy-validator)
99
+ - Fix SDK docstring formatting for proper mkdocstrings rendering
100
+ - Update PyPI metadata with correct documentation and changelog URLs
101
+
102
+ ---
103
+
16
104
  ## [1.14.6] - 2025-12-15
17
105
 
18
106
  ### Fixed
107
+
19
108
  - Separate security findings from validity errors in PR comments
20
109
  - Respect ignored findings when managing PR labels and review state
21
110
 
@@ -24,6 +113,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
24
113
  ## [1.14.5] - 2025-12-15
25
114
 
26
115
  ### Fixed
116
+
27
117
  - Respect ignored findings when managing PR labels and review state
28
118
 
29
119
  ---
@@ -31,6 +121,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
31
121
  ## [1.14.4] - 2025-12-12
32
122
 
33
123
  ### Fixed
124
+
34
125
  - Show pass status and list ignored findings in summary when all blocking issues are ignored
35
126
 
36
127
  ---
@@ -38,6 +129,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
38
129
  ## [1.14.3] - 2025-12-12
39
130
 
40
131
  ### Fixed
132
+
41
133
  - Add pattern matching for service-specific condition keys with tag validation
42
134
 
43
135
  ---
@@ -45,6 +137,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
45
137
  ## [1.14.2] - 2025-12-12
46
138
 
47
139
  ### Fixed
140
+
48
141
  - Use APPROVE review event when validation passes to dismiss REQUEST_CHANGES
49
142
 
50
143
  ---
@@ -52,10 +145,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
52
145
  ## [1.14.1] - 2025-12-11
53
146
 
54
147
  ### Fixed
148
+
55
149
  - Enhanced SARIF formatter with dynamic rules and rich context
56
150
  - Improved finding fingerprints for better PR comment deduplication
57
151
 
58
152
  ### Changed
153
+
59
154
  - Updated dependencies (setup-uv, actions/checkout, codeql-action)
60
155
 
61
156
  ---
@@ -63,11 +158,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
63
158
  ## [1.14.0] - 2024-12-10
64
159
 
65
160
  ### Added
161
+
66
162
  - Enhanced PR comments with fingerprint-based matching
67
163
  - Finding ignore system via PR comment replies
68
164
  - Improved review comment deduplication
69
165
 
70
166
  ### Changed
167
+
71
168
  - Better production readiness for GitHub Action integration
72
169
 
73
170
  ---
@@ -75,6 +172,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
75
172
  ## [1.13.1] - 2024-12
76
173
 
77
174
  ### Fixed
175
+
78
176
  - Bug fixes and stability improvements
79
177
 
80
178
  ---
@@ -82,6 +180,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
82
180
  ## [1.13.0] - 2024-12
83
181
 
84
182
  ### Added
183
+
85
184
  - Query command for exploring AWS service definitions
86
185
  - Shell completion support (bash, zsh, fish)
87
186
 
@@ -90,10 +189,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
90
189
  ## [1.12.0] - 2024-11
91
190
 
92
191
  ### Added
192
+
93
193
  - Trust policy validation check
94
194
  - Enhanced condition type mismatch detection
95
195
 
96
196
  ### Changed
197
+
97
198
  - Improved AWS service fetcher performance
98
199
 
99
200
  ---
@@ -101,10 +202,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
101
202
  ## [1.11.0] - 2024-11
102
203
 
103
204
  ### Added
205
+
104
206
  - Action-resource matching validation
105
207
  - Set operator validation for conditions (ForAllValues/ForAnyValue)
106
208
 
107
209
  ### Changed
210
+
108
211
  - Expanded sensitive actions database (490+ actions)
109
212
 
110
213
  ---
@@ -112,10 +215,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
112
215
  ## [1.10.0] - 2024-10
113
216
 
114
217
  ### Added
218
+
115
219
  - MFA condition check for sensitive operations
116
220
  - Condition key validation improvements
117
221
 
118
222
  ### Changed
223
+
119
224
  - Better error messages for validation failures
120
225
 
121
226
  ---
@@ -123,6 +228,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
123
228
  ## [1.9.0] - 2024-10
124
229
 
125
230
  ### Added
231
+
126
232
  - GitHub PR review comments (inline comments on changed lines)
127
233
  - Multiple output formats (JSON, SARIF, CSV, HTML, Markdown)
128
234
 
@@ -131,6 +237,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
131
237
  ## [1.8.0] - 2024-09
132
238
 
133
239
  ### Added
240
+
134
241
  - AWS Access Analyzer integration
135
242
  - Offline validation mode with pre-downloaded service definitions
136
243
 
@@ -139,10 +246,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
139
246
  ## [1.7.0] - 2024-09
140
247
 
141
248
  ### Added
249
+
142
250
  - Custom checks support via `--custom-checks-dir`
143
251
  - Configuration file support (`iam-validator.yaml`)
144
252
 
145
253
  ### Changed
254
+
146
255
  - Modular check architecture
147
256
 
148
257
  ---
@@ -150,6 +259,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
150
259
  ## [1.6.0] - 2024-08
151
260
 
152
261
  ### Added
262
+
153
263
  - Service Control Policy (SCP) validation
154
264
  - Principal validation for resource policies
155
265
 
@@ -158,17 +268,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
158
268
  ## [1.5.0] - 2024-08
159
269
 
160
270
  ### Added
271
+
161
272
  - Modular Python configuration system (5-10x faster startup)
162
273
  - Split security checks into individual modules:
163
- - `wildcard_action` - Wildcard actions (Action: "*")
164
- - `wildcard_resource` - Wildcard resources (Resource: "*")
165
- - `service_wildcard` - Service-level wildcards (e.g., "s3:*")
274
+ - `wildcard_action` - Wildcard actions (Action: "\*")
275
+ - `wildcard_resource` - Wildcard resources (Resource: "\*")
276
+ - `service_wildcard` - Service-level wildcards (e.g., "s3:\*")
166
277
  - `sensitive_action` - Sensitive actions without conditions
167
- - `full_wildcard` - Action:* + Resource:* (critical)
278
+ - `full_wildcard` - Action:_ + Resource:_ (critical)
168
279
  - GitHub Action RESOURCE_CONTROL_POLICY support
169
280
  - GitHub Actions job summary output
170
281
 
171
282
  ### Changed
283
+
172
284
  - Comprehensive documentation overhaul
173
285
 
174
286
  ---
@@ -176,9 +288,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
176
288
  ## [1.4.0] - 2024-07
177
289
 
178
290
  ### Added
291
+
179
292
  - Resource Control Policy (RCP) support with 8 validation checks
180
293
  - Enhanced principal validation:
181
- - Blocked principals (e.g., public access "*")
294
+ - Blocked principals (e.g., public access "\*")
182
295
  - Allowed principals whitelist
183
296
  - Required conditions for specific principals
184
297
  - Service principal validation
@@ -190,6 +303,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
190
303
  ## [1.3.0] - 2024-06
191
304
 
192
305
  ### Added
306
+
193
307
  - Modular Python configuration system
194
308
  - Condition requirement templates
195
309
  - Action condition enforcement check
@@ -199,6 +313,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
199
313
  ## [1.2.0] - 2024-05
200
314
 
201
315
  ### Added
316
+
202
317
  - Smart IAM policy detection and filtering
203
318
  - YAML policy support
204
319
  - Streaming mode for large policy sets
@@ -208,6 +323,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
208
323
  ## [1.1.0] - 2024-04
209
324
 
210
325
  ### Added
326
+
211
327
  - Split security checks into individual modules
212
328
  - Configurable check system
213
329
  - Per-check severity overrides
@@ -217,6 +333,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
217
333
  ## [1.0.0] - 2024-03
218
334
 
219
335
  ### Added
336
+
220
337
  - Initial release
221
338
  - Core IAM policy validation engine
222
339
  - AWS service definition fetching with caching
@@ -236,11 +353,11 @@ This project follows [Semantic Versioning](https://semver.org/):
236
353
 
237
354
  ### Supported Versions
238
355
 
239
- | Version | Support Status |
240
- | ------- | --------------------- |
241
- | 1.14.x | ✅ Active development |
242
- | 1.13.x | ⚠️ Critical fixes only |
243
- | < 1.13 | ❌ End of life |
356
+ | Version | Support Status |
357
+ | ------- | ---------------------- |
358
+ | 1.15.x | ✅ Active development |
359
+ | 1.14.x | ⚠️ Critical fixes only |
360
+ | < 1.14 | ❌ End of life |
244
361
 
245
362
  ### Deprecation Policy
246
363
 
@@ -257,6 +374,7 @@ This project follows [Semantic Versioning](https://semver.org/):
257
374
  The modular configuration system introduced in v1.5.0 changed how checks are configured:
258
375
 
259
376
  **Before (v1.4.x):**
377
+
260
378
  ```yaml
261
379
  checks:
262
380
  wildcard: high
@@ -264,6 +382,7 @@ checks:
264
382
  ```
265
383
 
266
384
  **After (v1.5.0+):**
385
+
267
386
  ```yaml
268
387
  wildcard_action:
269
388
  enabled: true
@@ -285,7 +404,9 @@ iam-validator validate --policy-type RESOURCE_CONTROL_POLICY policies/
285
404
 
286
405
  ---
287
406
 
288
- [Unreleased]: https://github.com/boogy/iam-policy-validator/compare/v1.14.6...HEAD
407
+ [Unreleased]: https://github.com/boogy/iam-policy-validator/compare/v1.15.0...HEAD
408
+ [1.15.0]: https://github.com/boogy/iam-policy-validator/compare/v1.14.7...v1.15.0
409
+ [1.14.7]: https://github.com/boogy/iam-policy-validator/compare/v1.14.6...v1.14.7
289
410
  [1.14.6]: https://github.com/boogy/iam-policy-validator/compare/v1.14.5...v1.14.6
290
411
  [1.14.5]: https://github.com/boogy/iam-policy-validator/compare/v1.14.4...v1.14.5
291
412
  [1.14.4]: https://github.com/boogy/iam-policy-validator/compare/v1.14.3...v1.14.4
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/Makefile RENAMED
@@ -1,4 +1,4 @@
1
- .PHONY: help install dev clean test lint format ruff type-check build publish publish-test version sync-defaults
1
+ .PHONY: help install dev clean test lint format ruff type-check build publish publish-test version sync-defaults docs docs-serve mcp-inspector
2
2
 
3
3
  # Default target
4
4
  help:
@@ -27,6 +27,13 @@ help:
27
27
  @echo "Examples:"
28
28
  @echo " make validate-example Run validator on example policies"
29
29
  @echo ""
30
+ @echo "Documentation:"
31
+ @echo " make docs Build documentation"
32
+ @echo " make docs-serve Serve documentation locally (http://localhost:8000)"
33
+ @echo ""
34
+ @echo "MCP Server:"
35
+ @echo " make mcp-inspector Start MCP Inspector for debugging"
36
+ @echo ""
30
37
  @echo "AWS Services Backup:"
31
38
  @echo " make download-aws-services Download all AWS service definitions"
32
39
 
@@ -121,3 +128,14 @@ download-aws-services:
121
128
  # CI/CD simulation
122
129
  ci: check build
123
130
  @echo "✓ CI checks complete!"
131
+
132
+ # Documentation
133
+ docs:
134
+ @uv run --extra docs mkdocs build
135
+
136
+ docs-serve:
137
+ @uv run --extra docs mkdocs serve -w docs/
138
+
139
+ # MCP Server debugging
140
+ mcp-inspector:
141
+ @npx @modelcontextprotocol/inspector uv run --directory $(CURDIR) --extra mcp iam-validator-mcp
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: iam-policy-validator
3
- Version: 1.14.7
3
+ Version: 1.15.1
4
4
  Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
5
5
  Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
6
6
  Project-URL: Documentation, https://boogy.github.io/iam-policy-validator
@@ -11,7 +11,7 @@ Author-email: boogy <0xboogy@gmail.com>
11
11
  License: MIT
12
12
  License-File: LICENSE
13
13
  Keywords: aws,github-action,iam,policy,security,validation
14
- Classifier: Development Status :: 4 - Beta
14
+ Classifier: Development Status :: 5 - Production/Stable
15
15
  Classifier: Intended Audience :: Developers
16
16
  Classifier: Intended Audience :: System Administrators
17
17
  Classifier: License :: OSI Approved :: MIT License
@@ -19,6 +19,8 @@ Classifier: Programming Language :: Python :: 3
19
19
  Classifier: Programming Language :: Python :: 3.10
20
20
  Classifier: Programming Language :: Python :: 3.11
21
21
  Classifier: Programming Language :: Python :: 3.12
22
+ Classifier: Programming Language :: Python :: 3.13
23
+ Classifier: Programming Language :: Python :: 3.14
22
24
  Classifier: Topic :: Security
23
25
  Classifier: Topic :: Software Development :: Libraries :: Python Modules
24
26
  Classifier: Topic :: System :: Systems Administration
@@ -44,6 +46,8 @@ Requires-Dist: mkdocs-literate-nav>=0.6.0; extra == 'docs'
44
46
  Requires-Dist: mkdocs-material>=9.5.0; extra == 'docs'
45
47
  Requires-Dist: mkdocs>=1.6.0; extra == 'docs'
46
48
  Requires-Dist: mkdocstrings[python]>=0.24.0; extra == 'docs'
49
+ Provides-Extra: mcp
50
+ Requires-Dist: fastmcp>=2.14.1; extra == 'mcp'
47
51
  Description-Content-Type: text/markdown
48
52
 
49
53
  # IAM Policy Validator
@@ -55,6 +59,8 @@ Description-Content-Type: text/markdown
55
59
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
56
60
  [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/boogy/iam-policy-validator/badge)](https://scorecard.dev/viewer/?uri=github.com/boogy/iam-policy-validator)
57
61
 
62
+ **[📖 Full Documentation](https://boogy.github.io/iam-policy-validator/)**
63
+
58
64
  ---
59
65
 
60
66
  ## Why This Tool Exists
@@ -434,15 +440,14 @@ Validates against official AWS IAM requirements:
434
440
 
435
441
  Identifies overly permissive configurations:
436
442
 
437
- | Check | What It Catches |
438
- | ------------------------------------- | ------------------------------------------------------ |
439
- | **Wildcard Action** | `Action: "*"` grants all AWS permissions |
440
- | **Wildcard Resource** | `Resource: "*"` applies to all resources |
441
- | **Full Wildcard** | Both `Action: "*"` AND `Resource: "*"` (admin access) |
442
- | **Service Wildcards** | `s3:*`, `iam:*`, `ec2:*` (overly broad) |
443
- | **Sensitive Actions (Policy-Wide)** | **Cross-statement** privilege escalation patterns |
444
- | **Sensitive Actions (Per-Statement)** | Dangerous actions in single statement |
445
- | **Condition Enforcement** | Organization-specific requirements (your custom rules) |
443
+ | Check | What It Catches |
444
+ | ------------------------- | ------------------------------------------------------ |
445
+ | **Wildcard Action** | `Action: "*"` grants all AWS permissions |
446
+ | **Wildcard Resource** | `Resource: "*"` applies to all resources |
447
+ | **Full Wildcard** | Both `Action: "*"` AND `Resource: "*"` (admin access) |
448
+ | **Service Wildcards** | `s3:*`, `iam:*`, `ec2:*` (overly broad) |
449
+ | **Sensitive Actions** | 490+ privilege escalation patterns and dangerous actions |
450
+ | **Condition Enforcement** | Organization-specific condition requirements |
446
451
 
447
452
  **Note on Sensitive Actions:** This check has two modes:
448
453
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/README.md RENAMED
@@ -7,6 +7,8 @@
7
7
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
8
8
  [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/boogy/iam-policy-validator/badge)](https://scorecard.dev/viewer/?uri=github.com/boogy/iam-policy-validator)
9
9
 
10
+ **[📖 Full Documentation](https://boogy.github.io/iam-policy-validator/)**
11
+
10
12
  ---
11
13
 
12
14
  ## Why This Tool Exists
@@ -386,15 +388,14 @@ Validates against official AWS IAM requirements:
386
388
 
387
389
  Identifies overly permissive configurations:
388
390
 
389
- | Check | What It Catches |
390
- | ------------------------------------- | ------------------------------------------------------ |
391
- | **Wildcard Action** | `Action: "*"` grants all AWS permissions |
392
- | **Wildcard Resource** | `Resource: "*"` applies to all resources |
393
- | **Full Wildcard** | Both `Action: "*"` AND `Resource: "*"` (admin access) |
394
- | **Service Wildcards** | `s3:*`, `iam:*`, `ec2:*` (overly broad) |
395
- | **Sensitive Actions (Policy-Wide)** | **Cross-statement** privilege escalation patterns |
396
- | **Sensitive Actions (Per-Statement)** | Dangerous actions in single statement |
397
- | **Condition Enforcement** | Organization-specific requirements (your custom rules) |
391
+ | Check | What It Catches |
392
+ | ------------------------- | ------------------------------------------------------ |
393
+ | **Wildcard Action** | `Action: "*"` grants all AWS permissions |
394
+ | **Wildcard Resource** | `Resource: "*"` applies to all resources |
395
+ | **Full Wildcard** | Both `Action: "*"` AND `Resource: "*"` (admin access) |
396
+ | **Service Wildcards** | `s3:*`, `iam:*`, `ec2:*` (overly broad) |
397
+ | **Sensitive Actions** | 490+ privilege escalation patterns and dangerous actions |
398
+ | **Condition Enforcement** | Organization-specific condition requirements |
398
399
 
399
400
  **Note on Sensitive Actions:** This check has two modes:
400
401
 
{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.1}/SECURITY.md RENAMED
@@ -182,7 +182,7 @@ When contributing to the project:
182
182
 
183
183
  The validator includes security features to help users:
184
184
 
185
- 1. **18 Built-in Security Checks**: Detect overly permissive policies, privilege escalation paths, and security anti-patterns
185
+ 1. **19 Built-in Security Checks**: Detect overly permissive policies, privilege escalation paths, and security anti-patterns
186
186
  2. **AWS Access Analyzer Integration**: Leverage AWS's official policy validation service
187
187
  3. **Privilege Escalation Detection**: Identify dangerous action combinations
188
188
  4. **Public Access Detection**: Check 29+ AWS resource types for public exposure
@@ -190,31 +190,6 @@ The validator includes security features to help users:
190
190
  6. **Policy Comparison**: Detect new permissions vs baseline to prevent scope creep
191
191
  7. **Wildcard Detection**: Flag overly permissive wildcards in actions and resources
192
192
 
193
- ## Vulnerability Disclosure Policy
194
-
195
- ### Scope
196
-
197
- Security vulnerabilities within scope:
198
-
199
- - **In Scope**:
200
- - Authentication and authorization bypass
201
- - Code injection vulnerabilities
202
- - Sensitive data exposure
203
- - Denial of service (DoS)
204
- - AWS credential leakage
205
- - GitHub token leakage
206
- - Path traversal vulnerabilities
207
- - Dependency vulnerabilities with active exploits
208
- - Logic errors in security checks that could miss vulnerabilities
209
-
210
- - **Out of Scope**:
211
- - Social engineering attacks
212
- - Physical attacks
213
- - Attacks requiring physical access to infrastructure
214
- - Issues in third-party dependencies without active exploits
215
- - Issues already reported and known
216
- - Self-XSS or CSP bypasses without security impact
217
-
218
193
  ### Safe Harbor
219
194
 
220
195
  We support safe harbor for security researchers who:
@@ -224,26 +199,6 @@ We support safe harbor for security researchers who:
224
199
  - Do not exploit vulnerabilities for malicious purposes
225
200
  - Follow responsible disclosure practices
226
201
 
227
- ## Security Audit History
228
-
229
- We welcome third-party security audits and will list notable audits here:
230
-
231
- - No formal audits completed yet (as of v1.7.0)
232
-
233
- ## Security-Related Configuration
234
-
235
- ### Logging Levels
236
-
237
- Be cautious with logging levels in production:
238
-
239
- ```bash
240
- # ⚠️ WARNING: Debug logging may expose sensitive policy content
241
- --log-level debug # Only use for troubleshooting
242
-
243
- # ✅ RECOMMENDED: Use warning or error in production
244
- --log-level warning
245
- ```
246
-
247
202
  ### GitHub Integration
248
203
 
249
204
  Configure minimal permissions for GitHub Actions:
@@ -286,5 +241,5 @@ _Thank you to the following researchers who have helped improve the security of
286
241
 
287
242
  ---
288
243
 
289
- **Last Updated**: 2025-11-10
290
- **Policy Version**: 1.0
244
+ **Last Updated**: 2026-01-19
245
+ **Policy Version**: 1.1