iam-policy-validator 1.3.0__py3-none-any.whl → 1.3.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of iam-policy-validator might be problematic. Click here for more details.

Files changed (8) hide show
  1. {iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/METADATA +8 -2
  2. {iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/RECORD +8 -8
  3. iam_validator/__version__.py +1 -1
  4. iam_validator/core/aws_fetcher.py +16 -2
  5. iam_validator/core/defaults.py +1 -1
  6. {iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/WHEEL +0 -0
  7. {iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/entry_points.txt +0 -0
  8. {iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/licenses/LICENSE +0 -0
{iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: iam-policy-validator
3
- Version: 1.3.0
3
+ Version: 1.3.1
4
4
  Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
5
5
  Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
6
6
  Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
@@ -651,7 +651,9 @@ Use as a library in your Python applications:
651
651
 
652
652
  ```python
653
653
  import asyncio
654
- from iam_validator.core import PolicyLoader, validate_policies, ReportGenerator
654
+ from iam_validator.core.policy_loader import PolicyLoader
655
+ from iam_validator.core.policy_checks import validate_policies
656
+ from iam_validator.core.report import ReportGenerator
655
657
 
656
658
  async def main():
657
659
  # Load policies
@@ -669,6 +671,10 @@ async def main():
669
671
  asyncio.run(main())
670
672
  ```
671
673
 
674
+ **📚 For comprehensive Python library documentation, see:**
675
+ - **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
676
+ - **[Library Examples](examples/library-usage/)** - Runnable code examples
677
+
672
678
  ## Validation Checks
673
679
 
674
680
  ### 1. Action Validation
{iam_policy_validator-1.3.0.dist-info → iam_policy_validator-1.3.1.dist-info}/RECORD RENAMED
@@ -1,6 +1,6 @@
1
1
  iam_validator/__init__.py,sha256=APnMR3Fu4fHhxfsHBvUM2dJIwazgvLKQbfOsSgFPidg,693
2
2
  iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
3
- iam_validator/__version__.py,sha256=BOzo0kDxoue17MkZOqACxqP9TwbfCJhkzZuMsC5TMac,206
3
+ iam_validator/__version__.py,sha256=hbgDe5p_vG5JrspHS61bAQLyKxbRMqbUDzeKUVq_gmo,206
4
4
  iam_validator/checks/__init__.py,sha256=eKTPgiZ1i3zvyP6OdKgLx9s3u69onITMYifmJPJwZgM,968
5
5
  iam_validator/checks/action_condition_enforcement.py,sha256=3M1Wj89Af6H-ywBTruZbJPzhCBBQVanVb5hwv-fkiDE,29721
6
6
  iam_validator/checks/action_resource_constraint.py,sha256=p-gP7S9QYR6M7vffrnJY6LOlMUTn0kpEbrxQ8pTY5rs,6031
@@ -24,12 +24,12 @@ iam_validator/commands/validate.py,sha256=R295cOTly8n7zL1jfvbh9RuCgiM5edBqbf6YMn
24
24
  iam_validator/core/__init__.py,sha256=1FvJPMrbzJfS9YbRUJCshJLd5gzWwR9Fd_slS0Aq9c8,416
25
25
  iam_validator/core/access_analyzer.py,sha256=poeT1i74jXpKr1B3UmvqiTvCTbq82zffWgZHwiFUwoo,24337
26
26
  iam_validator/core/access_analyzer_report.py,sha256=IrQVszlhFfQ6WykYLpig7TU3hf8dnQTegPDsOvHjR5Q,24873
27
- iam_validator/core/aws_fetcher.py,sha256=6W4ixYEMx4Y5bx9rCB65CDqZh7iUVANAvhFVHu0MOKQ,32654
27
+ iam_validator/core/aws_fetcher.py,sha256=0rG7qi3Lz6ulU6pDL0nZ6sklgSAS5pwo0ViykDspRt8,33382
28
28
  iam_validator/core/aws_global_conditions.py,sha256=ADVcMEWhgvDZWdBmRUQN3HB7a9OycbTLecXFAy3LPbo,5837
29
29
  iam_validator/core/check_registry.py,sha256=wxqaF2t_3lWgT6x7_PnnZ8XGjHKUxUk72UlmdYBLFyo,15679
30
30
  iam_validator/core/cli.py,sha256=PkXiZjlgrQ21QustBbspefYsdbxst4gxoClyG2_HQR8,3843
31
31
  iam_validator/core/config_loader.py,sha256=Pq2rd6LJtEZET0ZeW4hEZS2ZRLC5gNRsKbtLyIsT21I,16516
32
- iam_validator/core/defaults.py,sha256=tp8MPrFicRvI0dp8yH95MzJ9tC33n0N92aUC3HMkmYc,13289
32
+ iam_validator/core/defaults.py,sha256=brGPx0_8zmsMNddYryMKbcoIh8VJq2mdXZdGDItAsQs,13251
33
33
  iam_validator/core/models.py,sha256=rWIZnD-I81Sg4asgOhnB10FWJC5mxQ2JO9bdS0sHb4Q,10772
34
34
  iam_validator/core/policy_checks.py,sha256=pMlZ2XkuqppVOUZq__e8w_yGoy7lIHjAB5RiTXwJo4Q,25114
35
35
  iam_validator/core/policy_loader.py,sha256=TR7SpzlRG3TwH4HBGEFUuhNOmxIR8Cud2SQ-AmHWBpM,14040
@@ -47,8 +47,8 @@ iam_validator/core/formatters/sarif.py,sha256=tqp8g7RmUh0HRk-kKDaucx4sa-5I9ikgkS
47
47
  iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
48
48
  iam_validator/integrations/github_integration.py,sha256=bKs94vNT4PmcmUPUeuY2WJFhCYpUY2SWiBP1vj-andA,25673
49
49
  iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
50
- iam_policy_validator-1.3.0.dist-info/METADATA,sha256=FOWdp3xcENWJmZJtZ8lQlg53Bd6-8v9RpdBLKVvEY3Q,29136
51
- iam_policy_validator-1.3.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
52
- iam_policy_validator-1.3.0.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
53
- iam_policy_validator-1.3.0.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
54
- iam_policy_validator-1.3.0.dist-info/RECORD,,
50
+ iam_policy_validator-1.3.1.dist-info/METADATA,sha256=NNF1fvnG9g8pGMopQ71yn5rHtWnRIVMBUGPEeNLX9jI,29465
51
+ iam_policy_validator-1.3.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
52
+ iam_policy_validator-1.3.1.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
53
+ iam_policy_validator-1.3.1.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
54
+ iam_policy_validator-1.3.1.dist-info/RECORD,,
iam_validator/__version__.py CHANGED
@@ -3,5 +3,5 @@
3
3
  This file is the single source of truth for the package version.
4
4
  """
5
5
 
6
- __version__ = "1.3.0"
6
+ __version__ = "1.3.1"
7
7
  __version_info__ = tuple(int(part) for part in __version__.split("."))
iam_validator/core/aws_fetcher.py CHANGED
@@ -804,11 +804,12 @@ class AWSServiceFetcher:
804
804
 
805
805
  service_prefix, action_name = self.parse_action(action)
806
806
 
807
- # Check global conditions first (fast)
807
+ # Check if it's a global condition key
808
+ is_global_key = False
808
809
  if condition_key.startswith("aws:"):
809
810
  global_conditions = get_global_conditions()
810
811
  if global_conditions.is_valid_global_key(condition_key):
811
- return True, None
812
+ is_global_key = True
812
813
  else:
813
814
  return (
814
815
  False,
@@ -831,6 +832,19 @@ class AWSServiceFetcher:
831
832
  ):
832
833
  return True, None
833
834
 
835
+ # If it's a global key but the action has specific condition keys defined,
836
+ # check if the global key is explicitly listed in the action's supported keys
837
+ if is_global_key and action_detail.action_condition_keys is not None:
838
+ return (
839
+ False,
840
+ f"Condition key '{condition_key}' is not supported by action '{action}'. "
841
+ f"This action has a specific set of supported condition keys.",
842
+ )
843
+
844
+ # If it's a global key and action doesn't define specific keys, allow it
845
+ if is_global_key:
846
+ return True, None
847
+
834
848
  return (
835
849
  False,
836
850
  f"Condition key '{condition_key}' is not valid for action '{action}'",
iam_validator/core/defaults.py CHANGED
@@ -300,7 +300,7 @@ With specific values:
300
300
  ],
301
301
  },
302
302
  {
303
- "actions": ["s3:PutObject", "s3:DeleteObject", "s3:CreateBucket"],
303
+ "actions": ["s3:PutObject"],
304
304
  "severity": "medium",
305
305
  "required_conditions": [
306
306
  {