iam-policy-validator 1.15.3__py3-none-any.whl → 1.15.5__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/METADATA +1 -1
- {iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/RECORD +11 -11
- iam_validator/__version__.py +1 -1
- iam_validator/checks/wildcard_resource.py +1 -1
- iam_validator/commands/completion.py +2 -4
- iam_validator/commands/query.py +0 -2
- iam_validator/sdk/context.py +4 -4
- iam_validator/sdk/shortcuts.py +1 -14
- {iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/WHEEL +0 -0
- {iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/entry_points.txt +0 -0
- {iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/licenses/LICENSE +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.15.
|
|
3
|
+
Version: 1.15.5
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://boogy.github.io/iam-policy-validator
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
iam_validator/__init__.py,sha256=xHdUASOxFHwEXfT_GSr_KrkLlnxZ-pAAr1wW1PwAGko,693
|
|
2
2
|
iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
|
|
3
|
-
iam_validator/__version__.py,sha256=
|
|
3
|
+
iam_validator/__version__.py,sha256=U-wVS3NvN8FNHihwmPm5Li3BYK5Ld0cc3hv7gIhvzM0,374
|
|
4
4
|
iam_validator/checks/__init__.py,sha256=wFU5Lz-ZIQBcn2y1u0Kl88B--vEO3btOOaTGPPSjJ74,2106
|
|
5
5
|
iam_validator/checks/action_condition_enforcement.py,sha256=2-XUMbof9tQ7SHZNmAHMkR1DgbOIzY2eFWlp9S9dwLk,60625
|
|
6
6
|
iam_validator/checks/action_resource_matching.py,sha256=qND0hfDgNoxFEdLWwrxOPVDfdj3k50nzedT2qF7nK7o,19428
|
|
@@ -21,7 +21,7 @@ iam_validator/checks/set_operator_validation.py,sha256=GMZ1OWqySptYWV7565-K4R5OD
|
|
|
21
21
|
iam_validator/checks/sid_uniqueness.py,sha256=MPQwALBjcvbY4Q55mpxDrGMqmVCMb13YSg621YbQYF8,6048
|
|
22
22
|
iam_validator/checks/trust_policy_validation.py,sha256=r3fM2hU7W0yCFS6hbd4ZSlD8y2tm0zk99mUVlIt0LsI,17956
|
|
23
23
|
iam_validator/checks/wildcard_action.py,sha256=VhWezb1JXmFnwV9WKgVu-48ythScGfZasg8fFd6tAG4,2001
|
|
24
|
-
iam_validator/checks/wildcard_resource.py,sha256=
|
|
24
|
+
iam_validator/checks/wildcard_resource.py,sha256=idKURJhuPT-AdxdnQK2wRgu_OM5vH9YjvFEP4WZZQOo,22422
|
|
25
25
|
iam_validator/checks/utils/__init__.py,sha256=iI9jHIDlDuuPK2vxjJA-qc927PaWC9zVJb9z3vBRUsQ,356
|
|
26
26
|
iam_validator/checks/utils/action_parser.py,sha256=zA_NGknc5gJvsmIlf4aC14eHFIkBLyL9if5ad80gHwY,4421
|
|
27
27
|
iam_validator/checks/utils/policy_level_checks.py,sha256=pr-uLo-otB612YLZ-rd8W5Kl9ENaTHuzTNOUhQaULKc,7593
|
|
@@ -31,11 +31,11 @@ iam_validator/commands/__init__.py,sha256=BgtZqCIazIhCpQIw49J8hOG853Y-sltg4w-SsS
|
|
|
31
31
|
iam_validator/commands/analyze.py,sha256=rtXZmevC7GCXrADoGrxihRkrLbma59wMAMP2yBhqWPU,21752
|
|
32
32
|
iam_validator/commands/base.py,sha256=5baCCMwxz7pdQ6XMpWfXFNz7i1l5dB8Qv9dKKR04Gzs,1074
|
|
33
33
|
iam_validator/commands/cache.py,sha256=ZMfNe1HfKlCKESqa-9OkBcgZUqAIcV6m7rDrBxLq700,16162
|
|
34
|
-
iam_validator/commands/completion.py,sha256=
|
|
34
|
+
iam_validator/commands/completion.py,sha256=hvTO4XFjR1Q3FUeJoUoQY5-TN7NwIAaf_z0jsKpXJSQ,23031
|
|
35
35
|
iam_validator/commands/download_services.py,sha256=KKz3ybMLT8DQUf9aFZ0tilJ-o1b6PE8Pf1pC4K6cT8I,9175
|
|
36
36
|
iam_validator/commands/mcp.py,sha256=ttJXeWvV9GIK7ipa5xjS0gMjRjw3qcuRhJajF_8_rrU,6315
|
|
37
37
|
iam_validator/commands/post_to_pr.py,sha256=CvUXs2xvO-UhluxdfNM6F0TCWD8hDBEOiYw60fm1Dms,2363
|
|
38
|
-
iam_validator/commands/query.py,sha256=
|
|
38
|
+
iam_validator/commands/query.py,sha256=IzNHZDNBhYcyPM8aceRkFJashx41W7l4atTR23UqyqI,35928
|
|
39
39
|
iam_validator/commands/validate.py,sha256=4wk-eSwhgqnQvyUre426S831JadVUctb0FDeCZD4RTk,34176
|
|
40
40
|
iam_validator/core/__init__.py,sha256=hYXkSbxplKzhM6dqrVzV4M3k7GKLsZbgExypxKq74gs,376
|
|
41
41
|
iam_validator/core/access_analyzer.py,sha256=mtMaY-FnKjKEVITky_9ywZe1FaCAm61ElRv5Z_ZeC7E,24562
|
|
@@ -102,18 +102,18 @@ iam_validator/mcp/tools/query.py,sha256=05X0dhNGY0KcmyKJIn9vYw2ed3yGlFnRC2rqOoyV
|
|
|
102
102
|
iam_validator/mcp/tools/validation.py,sha256=XrG7rBGbHnpeZSgNZdfNWyD3XeZwmdBTj-w5ErLOt2c,13219
|
|
103
103
|
iam_validator/sdk/__init__.py,sha256=rfWkijjIA8iKrHE2Wd1HnXAl0jJWHHwYgUFZeISQGiI,6297
|
|
104
104
|
iam_validator/sdk/arn_matching.py,sha256=HSDpLltOYISq-SoPebAlM89mKOaUaghq_04urchEFDA,12778
|
|
105
|
-
iam_validator/sdk/context.py,sha256=
|
|
105
|
+
iam_validator/sdk/context.py,sha256=u9kLdDkXEeOhuQjfPJrhpJaJnjp5vW9URRr8m4841uQ,6974
|
|
106
106
|
iam_validator/sdk/exceptions.py,sha256=tm91TxIwU157U_UHN7w5qICf_OhU11agj6pV5W_YP-4,1023
|
|
107
107
|
iam_validator/sdk/helpers.py,sha256=sjfK0na_Fo7O8GhEVhl44rVHqOdw6nAKkBL4FVL-QdU,5697
|
|
108
108
|
iam_validator/sdk/policy_utils.py,sha256=zSn3UFdwr5pik-n1Y4pv_AZheyCuFqaGlSIt403L0is,14386
|
|
109
109
|
iam_validator/sdk/query_utils.py,sha256=kp1sORVnouRMt7kvzyZo1569l7j20jJGmHICR7O8Cqs,14455
|
|
110
|
-
iam_validator/sdk/shortcuts.py,sha256=
|
|
110
|
+
iam_validator/sdk/shortcuts.py,sha256=r0aYCinNwG-VBUwxqIsUV9__oeveQ7QNCECqAq_-xlM,7794
|
|
111
111
|
iam_validator/utils/__init__.py,sha256=NveA2F3G1E6-ANZzFr7J6Q6u5mogvMp862iFokmYuCs,1021
|
|
112
112
|
iam_validator/utils/cache.py,sha256=wOQKOBeoG6QqC5f0oXcHz63Cjtu_-SsSS-0pTSwyAiM,3254
|
|
113
113
|
iam_validator/utils/regex.py,sha256=xHoMECttb7qaMhts-c9b0GIxdhHNZTt-UBr7wNhWfzg,6219
|
|
114
114
|
iam_validator/utils/terminal.py,sha256=FsRaRMH_JAyDgXWBCOgOEhbS89cs17HCmKYoughq5io,724
|
|
115
|
-
iam_policy_validator-1.15.
|
|
116
|
-
iam_policy_validator-1.15.
|
|
117
|
-
iam_policy_validator-1.15.
|
|
118
|
-
iam_policy_validator-1.15.
|
|
119
|
-
iam_policy_validator-1.15.
|
|
115
|
+
iam_policy_validator-1.15.5.dist-info/METADATA,sha256=sDFNSXMKvzmHQTDPBTdfBDpV0fVJ7xjGa094bBlzGbU,34939
|
|
116
|
+
iam_policy_validator-1.15.5.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
|
|
117
|
+
iam_policy_validator-1.15.5.dist-info/entry_points.txt,sha256=VXAcx1evo9fuxX0Gtj3J2HnzWcBHSXugiZwBtQ1BXE0,162
|
|
118
|
+
iam_policy_validator-1.15.5.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
|
|
119
|
+
iam_policy_validator-1.15.5.dist-info/RECORD,,
|
iam_validator/__version__.py
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
This file is the single source of truth for the package version.
|
|
4
4
|
"""
|
|
5
5
|
|
|
6
|
-
__version__ = "1.15.
|
|
6
|
+
__version__ = "1.15.5"
|
|
7
7
|
# Parse version, handling pre-release suffixes like -rc, -alpha, -beta
|
|
8
8
|
_version_base = __version__.split("-", maxsplit=1)[0] # Remove pre-release suffix if present
|
|
9
9
|
__version_info__ = tuple(int(part) for part in _version_base.split("."))
|
|
@@ -234,7 +234,7 @@ class WildcardResourceCheck(PolicyCheck):
|
|
|
234
234
|
else:
|
|
235
235
|
action_list = ", ".join(f"`{a}`" for a in sorted_actions[:5])
|
|
236
236
|
action_list += f" (+{len(sorted_actions) - 5} more)"
|
|
237
|
-
message = 'Statement applies to all resources (`"*"`)'
|
|
237
|
+
message = f'Statement applies to all resources (`"*"`) with actions that typically require specific resources: {action_list}'
|
|
238
238
|
|
|
239
239
|
# Add adjustment reason if present
|
|
240
240
|
if adjustment_reason:
|
|
@@ -313,7 +313,7 @@ _iam_validator_completion() {{
|
|
|
313
313
|
return 0
|
|
314
314
|
;;
|
|
315
315
|
mcp)
|
|
316
|
-
opts="--transport --host --port --verbose -v --config
|
|
316
|
+
opts="--transport --host --port --verbose -v --config"
|
|
317
317
|
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
|
|
318
318
|
return 0
|
|
319
319
|
;;
|
|
@@ -487,9 +487,7 @@ _iam_validator() {{
|
|
|
487
487
|
'--host[Host for SSE transport]:host:' \\
|
|
488
488
|
'--port[Port for SSE transport]:port:' \\
|
|
489
489
|
'(--verbose -v)'{{--verbose,-v}}'[Enable verbose logging]' \\
|
|
490
|
-
'--config[Path to configuration YAML file]:file:_files'
|
|
491
|
-
'--instructions[Custom instructions for policy generation]:text:' \\
|
|
492
|
-
'--instructions-file[Path to file containing custom instructions]:file:_files'
|
|
490
|
+
'--config[Path to configuration YAML file]:file:_files'
|
|
493
491
|
;;
|
|
494
492
|
esac
|
|
495
493
|
;;
|
iam_validator/commands/query.py
CHANGED
iam_validator/sdk/context.py
CHANGED
|
@@ -197,8 +197,8 @@ async def validator(
|
|
|
197
197
|
... results = await v.validate_directory("./policies")
|
|
198
198
|
... v.generate_report(results, format="console")
|
|
199
199
|
"""
|
|
200
|
-
|
|
201
|
-
|
|
200
|
+
async with AWSServiceFetcher() as fetcher:
|
|
201
|
+
yield ValidationContext(fetcher, config_path)
|
|
202
202
|
|
|
203
203
|
|
|
204
204
|
@asynccontextmanager
|
|
@@ -219,5 +219,5 @@ async def validator_from_config(config_path: str) -> AsyncIterator[ValidationCon
|
|
|
219
219
|
... results = await v.validate_directory("./policies")
|
|
220
220
|
... v.generate_report(results)
|
|
221
221
|
"""
|
|
222
|
-
|
|
223
|
-
|
|
222
|
+
async with AWSServiceFetcher() as fetcher:
|
|
223
|
+
yield ValidationContext(fetcher, config_path=config_path)
|
iam_validator/sdk/shortcuts.py
CHANGED
|
@@ -7,7 +7,6 @@ validation tasks without requiring deep knowledge of the internal API.
|
|
|
7
7
|
|
|
8
8
|
from pathlib import Path
|
|
9
9
|
|
|
10
|
-
from iam_validator.core.config.config_loader import ValidatorConfig
|
|
11
10
|
from iam_validator.core.models import PolicyValidationResult, ValidationIssue
|
|
12
11
|
from iam_validator.core.policy_checks import validate_policies
|
|
13
12
|
from iam_validator.core.policy_loader import PolicyLoader
|
|
@@ -16,7 +15,6 @@ from iam_validator.core.policy_loader import PolicyLoader
|
|
|
16
15
|
async def validate_file(
|
|
17
16
|
file_path: str | Path,
|
|
18
17
|
config_path: str | None = None,
|
|
19
|
-
config: ValidatorConfig | None = None,
|
|
20
18
|
) -> PolicyValidationResult:
|
|
21
19
|
"""
|
|
22
20
|
Validate a single IAM policy file.
|
|
@@ -24,7 +22,6 @@ async def validate_file(
|
|
|
24
22
|
Args:
|
|
25
23
|
file_path: Path to the policy file (JSON or YAML)
|
|
26
24
|
config_path: Optional path to configuration file
|
|
27
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
28
25
|
|
|
29
26
|
Returns:
|
|
30
27
|
PolicyValidationResult for the policy
|
|
@@ -62,7 +59,6 @@ async def validate_file(
|
|
|
62
59
|
async def validate_directory(
|
|
63
60
|
dir_path: str | Path,
|
|
64
61
|
config_path: str | None = None,
|
|
65
|
-
config: ValidatorConfig | None = None,
|
|
66
62
|
recursive: bool = True,
|
|
67
63
|
) -> list[PolicyValidationResult]:
|
|
68
64
|
"""
|
|
@@ -71,7 +67,6 @@ async def validate_directory(
|
|
|
71
67
|
Args:
|
|
72
68
|
dir_path: Path to directory containing policy files
|
|
73
69
|
config_path: Optional path to configuration file
|
|
74
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
75
70
|
recursive: Whether to search subdirectories (default: True)
|
|
76
71
|
|
|
77
72
|
Returns:
|
|
@@ -83,7 +78,7 @@ async def validate_directory(
|
|
|
83
78
|
>>> print(f"{valid_count}/{len(results)} policies are valid")
|
|
84
79
|
"""
|
|
85
80
|
loader = PolicyLoader()
|
|
86
|
-
policies = loader.load_from_path(str(dir_path))
|
|
81
|
+
policies = loader.load_from_path(str(dir_path), recursive=recursive)
|
|
87
82
|
|
|
88
83
|
if not policies:
|
|
89
84
|
raise ValueError(f"No IAM policies found in {dir_path}")
|
|
@@ -98,7 +93,6 @@ async def validate_json(
|
|
|
98
93
|
policy_json: dict,
|
|
99
94
|
policy_name: str = "inline-policy",
|
|
100
95
|
config_path: str | None = None,
|
|
101
|
-
config: ValidatorConfig | None = None,
|
|
102
96
|
) -> PolicyValidationResult:
|
|
103
97
|
"""
|
|
104
98
|
Validate an IAM policy from a Python dictionary.
|
|
@@ -107,7 +101,6 @@ async def validate_json(
|
|
|
107
101
|
policy_json: IAM policy as a Python dict
|
|
108
102
|
policy_name: Name to identify this policy in results
|
|
109
103
|
config_path: Optional path to configuration file
|
|
110
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
111
104
|
|
|
112
105
|
Returns:
|
|
113
106
|
PolicyValidationResult for the policy
|
|
@@ -148,7 +141,6 @@ async def validate_json(
|
|
|
148
141
|
async def quick_validate(
|
|
149
142
|
policy: str | Path | dict,
|
|
150
143
|
config_path: str | None = None,
|
|
151
|
-
config: ValidatorConfig | None = None,
|
|
152
144
|
) -> bool:
|
|
153
145
|
"""
|
|
154
146
|
Quick validation returning just True/False.
|
|
@@ -158,7 +150,6 @@ async def quick_validate(
|
|
|
158
150
|
Args:
|
|
159
151
|
policy: File path, directory path, or policy dict
|
|
160
152
|
config_path: Optional path to configuration file
|
|
161
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
162
153
|
|
|
163
154
|
Returns:
|
|
164
155
|
True if all policies are valid, False otherwise
|
|
@@ -194,7 +185,6 @@ async def get_issues(
|
|
|
194
185
|
policy: str | Path | dict,
|
|
195
186
|
min_severity: str = "medium",
|
|
196
187
|
config_path: str | None = None,
|
|
197
|
-
config: ValidatorConfig | None = None,
|
|
198
188
|
) -> list[ValidationIssue]:
|
|
199
189
|
"""
|
|
200
190
|
Get just the issues from validation, filtered by severity.
|
|
@@ -203,7 +193,6 @@ async def get_issues(
|
|
|
203
193
|
policy: File path, directory path, or policy dict
|
|
204
194
|
min_severity: Minimum severity to include (critical, high, medium, low, info)
|
|
205
195
|
config_path: Optional path to configuration file
|
|
206
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
207
196
|
|
|
208
197
|
Returns:
|
|
209
198
|
List of ValidationIssues meeting the severity threshold
|
|
@@ -252,7 +241,6 @@ async def get_issues(
|
|
|
252
241
|
async def count_issues_by_severity(
|
|
253
242
|
policy: str | Path | dict,
|
|
254
243
|
config_path: str | None = None,
|
|
255
|
-
config: ValidatorConfig | None = None,
|
|
256
244
|
) -> dict[str, int]:
|
|
257
245
|
"""
|
|
258
246
|
Count issues grouped by severity level.
|
|
@@ -260,7 +248,6 @@ async def count_issues_by_severity(
|
|
|
260
248
|
Args:
|
|
261
249
|
policy: File path, directory path, or policy dict
|
|
262
250
|
config_path: Optional path to configuration file
|
|
263
|
-
config: Optional ValidatorConfig object (overrides config_path)
|
|
264
251
|
|
|
265
252
|
Returns:
|
|
266
253
|
Dictionary mapping severity levels to counts
|
|
File without changes
|
{iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{iam_policy_validator-1.15.3.dist-info → iam_policy_validator-1.15.5.dist-info}/licenses/LICENSE
RENAMED
|
File without changes
|