iam-policy-validator 1.4.0__py3-none-any.whl → 1.6.0__py3-none-any.whl

{iam_policy_validator-1.4.0.dist-info → iam_policy_validator-1.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.4.0
+Version: 1.6.0
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
 Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
@@ -58,7 +58,7 @@ Description-Content-Type: text/markdown
 
 **This tool prevents these issues** by:
 - ✅ **Validating early** - Catch errors in PRs before merge
-- ✅ **Comprehensive checks** - AWS Access Analyzer + 15+ security checks
+- ✅ **Comprehensive checks** - AWS Access Analyzer + 18 built-in security checks
 - ✅ **Smart filtering** - Auto-detects IAM policies from mixed JSON/YAML files
 - ✅ **Developer-friendly** - Clear error messages with fix suggestions
 - ✅ **Zero setup** - Works as a GitHub Action out of the box
@@ -67,7 +67,7 @@ Description-Content-Type: text/markdown
 
 ### 🔍 Multi-Layer Validation
 - **AWS IAM Access Analyzer** - Official AWS validation (syntax, permissions, security)
-- **Custom Security Checks** - 15+ specialized checks for best practices
+- **18 Built-in Security Checks** - Comprehensive validation across AWS requirements and security best practices
 - **Policy Comparison** - Detect new permissions vs baseline (prevent scope creep)
 - **Public Access Detection** - Check 29+ AWS resource types for public exposure
 - **Privilege Escalation Detection** - Identify dangerous action combinations
@@ -448,13 +448,11 @@ settings:
   enable_builtin_checks: true
 
 # Custom check configurations
-security_best_practices_check:
+wildcard_action:
   enabled: true
-  wildcard_action_check:
-    enabled: true
-    severity: high
+  severity: high
 
-action_condition_enforcement_check:
+action_condition_enforcement:
   enabled: true
   severity: critical
   action_condition_requirements:
@@ -465,7 +463,7 @@ action_condition_enforcement_check:
         - condition_key: "iam:PassedToService"
 ```
 
-See [default-config.yaml](default-config.yaml) for a complete configuration example.
+See [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml) for a complete configuration reference with all available options.
 
 ### GitHub Action Inputs
 
@@ -478,11 +476,11 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
 | `recursive`        | Recursively search directories for policy files             | No       | `true`  |
 
 #### GitHub Integration
-| Input              | Description                                          | Required | Default |
-| ------------------ | ---------------------------------------------------- | -------- | ------- |
-| `post-comment`     | Post validation summary as PR conversation comment   | No       | `true`  |
-| `create-review`    | Create line-specific review comments on PR files     | No       | `true`  |
-| `github-summary`   | Write summary to GitHub Actions job summary (Actions tab) | No       | `false` |
+| Input            | Description                                               | Required | Default |
+| ---------------- | --------------------------------------------------------- | -------- | ------- |
+| `post-comment`   | Post validation summary as PR conversation comment        | No       | `true`  |
+| `create-review`  | Create line-specific review comments on PR files          | No       | `true`  |
+| `github-summary` | Write summary to GitHub Actions job summary (Actions tab) | No       | `false` |
 
 #### Output Options
 | Input         | Description                                                                      | Required | Default   |
@@ -491,12 +489,12 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
 | `output-file` | Path to save output file (for non-console formats)                               | No       | `""`      |
 
 #### AWS Access Analyzer
-| Input                    | Description                                                                 | Required | Default           |
-| ------------------------ | --------------------------------------------------------------------------- | -------- | ----------------- |
-| `use-access-analyzer`    | Use AWS IAM Access Analyzer for validation                                  | No       | `false`           |
-| `access-analyzer-region` | AWS region for Access Analyzer                                              | No       | `us-east-1`       |
+| Input                    | Description                                                                                            | Required | Default           |
+| ------------------------ | ------------------------------------------------------------------------------------------------------ | -------- | ----------------- |
+| `use-access-analyzer`    | Use AWS IAM Access Analyzer for validation                                                             | No       | `false`           |
+| `access-analyzer-region` | AWS region for Access Analyzer                                                                         | No       | `us-east-1`       |
 | `policy-type`            | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY`, `RESOURCE_CONTROL_POLICY` | No       | `IDENTITY_POLICY` |
-| `run-all-checks`         | Run custom checks after Access Analyzer (sequential mode)                   | No       | `false`           |
+| `run-all-checks`         | Run custom checks after Access Analyzer (sequential mode)                                              | No       | `false`           |
 
 #### Custom Policy Checks (Access Analyzer)
 | Input                         | Description                                                                 | Required | Default           |
@@ -519,7 +517,7 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
 - Configure `aws-services-dir` in your config file for offline validation
 - The action automatically filters IAM policies from mixed JSON/YAML files
 
-See [examples/github-actions/](examples/github-actions/) for 8 ready-to-use workflow examples.
+See [examples/github-actions/](examples/github-actions/) for 9 ready-to-use workflow examples.
 
 ### As a CLI Tool
 
@@ -596,7 +594,7 @@ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
 **Advanced Principal Validation:**
 ```yaml
 # config.yaml
-principal_validation_check:
+principal_validation:
   enabled: true
   severity: high
   # Block public access
@@ -750,7 +748,7 @@ iam-validator analyze \
 - **API**: API Gateway REST API
 - **DevOps**: CodeArtifact Domain, Backup Vault, CloudTrail
 
-See [docs/custom-policy-checks.md](docs/custom-policy-checks.md) for complete documentation.
+See [docs/custom-checks.md](docs/custom-checks.md) for complete documentation.
 
 ### As a Python Package
 
@@ -784,70 +782,96 @@ asyncio.run(main())
 
 ## Validation Checks
 
-### 1. Action Validation
-
-Verifies that IAM actions exist in AWS services:
-
+IAM Policy Validator performs **18 built-in checks** to ensure your policies are secure and valid.
+
+**📖 For detailed check documentation with configuration examples and pass/fail scenarios:**
+- **[Check Reference Guide](docs/check-reference.md)** - Complete reference for all 18 checks
+- **[Condition Requirements](docs/condition-requirements.md)** - Action condition enforcement
+- **[Privilege Escalation Detection](docs/privilege-escalation.md)** - Detecting escalation paths
+
+### Quick Overview
+
+**AWS IAM Validation (12 checks)** - Ensure policies work correctly in AWS:
+- Statement ID uniqueness and format
+- Policy size limits
+- Action and condition key validation
+- Condition operator and value type checking
+- Set operator validation
+- MFA anti-pattern detection
+- Resource ARN format validation
+- Principal validation (resource policies)
+- Policy type validation
+- Action-resource constraint and matching
+
+**Security Best Practices (6 checks)** - Identify security risks:
+- Wildcard actions (`Action: "*"`)
+- Wildcard resources (`Resource: "*"`)
+- Full wildcard (CRITICAL: both wildcards together)
+- Service-level wildcards (`iam:*`, `s3:*`, etc.)
+- Sensitive actions without conditions (490 actions across 4 risk categories)
+- Action condition enforcement (MFA, IP restrictions, tags, etc.)
+
+### Quick Examples
+
+**Action Validation:**
 ```json
+// ✅ PASS: Valid S3 action
 {
   "Effect": "Allow",
-  "Action": "s3:GetObject",  // ✅ Valid
-  "Resource": "*"
+  "Action": "s3:GetObject",
+  "Resource": "arn:aws:s3:::my-bucket/*"
 }
-```
 
-```json
+// ❌ FAIL: Invalid action name
 {
   "Effect": "Allow",
-  "Action": "s3:InvalidAction",  // ❌ Invalid - action doesn't exist
+  "Action": "s3:InvalidAction",  // ERROR: Action doesn't exist
   "Resource": "*"
 }
 ```
 
-### 2. Condition Key Validation
+**Full Wildcard (Critical):**
+```json
+// ✅ PASS: Specific actions and resources
+{
+  "Effect": "Allow",
+  "Action": ["s3:GetObject", "s3:PutObject"],
+  "Resource": "arn:aws:s3:::my-bucket/*"
+}
 
-Checks that condition keys are valid for the specified actions:
+// ❌ FAIL: Administrative access
+{
+  "Effect": "Allow",
+  "Action": "*",        // CRITICAL: All actions
+  "Resource": "*"       // CRITICAL: All resources
+}
+```
 
+**Action Condition Enforcement:**
 ```json
+// ✅ PASS: iam:PassRole with required condition
 {
   "Effect": "Allow",
-  "Action": "s3:GetObject",
+  "Action": "iam:PassRole",
   "Resource": "*",
   "Condition": {
     "StringEquals": {
-      "aws:RequestedRegion": "us-east-1"  // ✅ Valid global condition key
+      "iam:PassedToService": ["lambda.amazonaws.com"]
     }
   }
 }
-```
-
-### 3. Resource ARN Validation
 
-Ensures ARNs follow proper AWS format:
-
-```json
-{
-  "Effect": "Allow",
-  "Action": "s3:GetObject",
-  "Resource": "arn:aws:s3:::my-bucket/*"  // ✅ Valid ARN
-}
-```
-
-```json
+// ❌ FAIL: iam:PassRole without condition
 {
   "Effect": "Allow",
-  "Action": "s3:GetObject",
-  "Resource": "not-a-valid-arn"  // ❌ Invalid ARN format
+  "Action": "iam:PassRole",  // HIGH: Missing iam:PassedToService condition
+  "Resource": "*"
 }
 ```
 
-### 4. Security Best Practices
+**📚 For complete documentation of all 18 checks with detailed examples, see [Check Reference Guide](docs/check-reference.md)**
 
-Identifies potential security risks:
-
-- Overly permissive wildcard usage (`*` for both Action and Resource)
-- Sensitive actions without conditions
-- Administrative permissions without restrictions
+_Note: The old [CHECKS.md](docs/CHECKS.md) has been deprecated in favor of the new check-reference.md with better organization and examples._
 
 ## GitHub Integration Features
 
@@ -958,27 +982,27 @@ Result: PR always shows current state, no stale comments
 
 ## 📚 Documentation
 
-**[📖 Complete Documentation →](DOCS.md)**
-
-The comprehensive [DOCS.md](DOCS.md) file contains everything you need:
-- Installation & Quick Start
-- GitHub Actions Integration
-- CLI Reference & Examples
-- Custom Policy Checks (CheckAccessNotGranted, CheckNoNewAccess, CheckNoPublicAccess)
-- Configuration Guide
-- Creating Custom Validation Rules
-- Performance Optimization
-- Troubleshooting
-
-**Additional Resources:**
-- **[Examples Directory](examples/)** - Real-world examples:
-  - [GitHub Actions Workflows](examples/github-actions/)
-  - [Custom Checks](examples/custom_checks/)
-  - [Configuration Files](examples/configs/)
-  - [Test IAM Policies](examples/iam-test-policies/)
-- **[AWS Services Backup Guide](docs/aws-services-backup.md)** - Offline validation
-- **[Contributing Guide](CONTRIBUTING.md)** - Contribution guidelines
-- **[Publishing Guide](docs/development/PUBLISHING.md)** - Release process
+### Core Documentation
+- **[📖 Complete Usage Guide (DOCS.md)](DOCS.md)** - Installation, CLI reference, GitHub Actions, configuration
+- **[✅ Validation Checks Reference](docs/check-reference.md)** - All 18 checks with pass/fail examples
+- **[🐍 Python SDK Guide (SDK.md)](docs/SDK.md)** - Use as a Python library in your applications
+- **[🤝 Contributing Guide (CONTRIBUTING.md)](CONTRIBUTING.md)** - How to contribute to the project
+
+### Examples & Resources
+- **[Configuration Examples](examples/configs/)** - 9 configuration files for different use cases
+- **[GitHub Actions Workflows](examples/github-actions/)** - Ready-to-use workflow examples
+- **[Custom Checks](examples/custom_checks/)** - Example custom validation rules
+- **[Library Usage Examples](examples/library-usage/)** - Python SDK examples
+- **[Test IAM Policies](examples/iam-test-policies/)** - Example policies for testing
+
+### Advanced Topics
+- **[Roadmap](docs/ROADMAP.md)** - Planned features and improvements
+- **[AWS Services Backup Guide](docs/aws-services-backup.md)** - Offline validation setup
+- **[Publishing Guide](docs/development/PUBLISHING.md)** - Release process for maintainers
+
+### Quick Links
+- **[GitHub Issues](https://github.com/boogy/iam-policy-validator/issues)** - Report bugs or request features
+- **[GitHub Discussions](https://github.com/boogy/iam-policy-validator/discussions)** - Ask questions and share ideas
 
 ## 🤝 Contributing
 
@@ -1015,6 +1039,10 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed instructions.
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
 
+### Third-Party Code
+
+Portions of the ARN pattern matching code in [`iam_validator/sdk/arn_matching.py`](iam_validator/sdk/arn_matching.py) are derived from [Parliament](https://github.com/duo-labs/parliament) (Copyright 2019 Duo Security, [BSD 3-Clause License](https://github.com/duo-labs/parliament/blob/master/LICENSE)). See file header for details.
+
 ## 🆘 Support
 
 - **Documentation**: Check the [docs/](docs/) directory

iam_policy_validator-1.6.0.dist-info/RECORD

@@ -0,0 +1,82 @@
+iam_validator/__init__.py,sha256=APnMR3Fu4fHhxfsHBvUM2dJIwazgvLKQbfOsSgFPidg,693
+iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
+iam_validator/__version__.py,sha256=U-2GASzFF5PD483Cth0LG6biXahUQLBsW4BrfQVnGhw,206
+iam_validator/checks/__init__.py,sha256=eDiDlVon0CwWGSBnZgM-arn1i5R5ZSG89pgR-ifETxE,1782
+iam_validator/checks/action_condition_enforcement.py,sha256=qE2ae6vzOG2LqYGrvxeDdKyXtfdtqgfCBBceTpIGqNY,36573
+iam_validator/checks/action_resource_matching.py,sha256=KyF9GgZrfSLy-DR_iaj9J9fOTOaj8G5BvBYqHEiSnkg,16577
+iam_validator/checks/action_validation.py,sha256=IpxtTsk58f2zEZ-xzAoyHw4QK8BCRV43OffP-8ydf9E,2578
+iam_validator/checks/condition_key_validation.py,sha256=E-doe2QjvKSkyjXZO9TBp0QS7M0Fv2oYYQQ9738QNxg,3918
+iam_validator/checks/condition_type_mismatch.py,sha256=qAbP6pP_vM1aBvIBRHji56XLH_5cQI4cDhpMQe19CHM,10588
+iam_validator/checks/full_wildcard.py,sha256=8zkmkQo2TkflgNgbclThH73mIBRHbuiob0YO2HwQhuE,2371
+iam_validator/checks/mfa_condition_check.py,sha256=s7K2r9hxlJI1KWk8qXl-JOWE6jLIhpxooK26Pr7acKs,4915
+iam_validator/checks/policy_size.py,sha256=gJD8rFHa1CstKaZ2Dj9B5XEI3o0wsGv7ksqjqZXoSXI,5771
+iam_validator/checks/policy_type_validation.py,sha256=w85W4zdZ6ZrDy0DmHxxnAXbJGfN8peRDjLfJ4Bp1dWc,15009
+iam_validator/checks/principal_validation.py,sha256=DLmqX_QbfuV8O5XtcuocBeR_Vwa50_3RBx35XuLQob8,29837
+iam_validator/checks/resource_validation.py,sha256=AEIoiR6AKYLuVaA8ne3QE5qy6NCMDe98_2JAiwE9-JU,4261
+iam_validator/checks/sensitive_action.py,sha256=gxPhxMxQzsj7xrvRfMZlfh1o67B2s1ddSLF_KQ0FKOw,9716
+iam_validator/checks/service_wildcard.py,sha256=1O3NF8_T1LsCzpm8SFViv1KTh9NYQSqXN8-D3xx6Erw,4156
+iam_validator/checks/set_operator_validation.py,sha256=1XjOdf-xk-m6m1bODuHsELZccriGqOJTDI-HCcuId80,7464
+iam_validator/checks/sid_uniqueness.py,sha256=1Ux9W1hPPhzgdCzfxwxvD-nSBRo1SyrxFWlnTXDcOys,6887
+iam_validator/checks/wildcard_action.py,sha256=KsAej_GP6qL2XpmvGnS56SIJw3Z-5xyvZ7VDfsERFrU,2045
+iam_validator/checks/wildcard_resource.py,sha256=V5aBmb1pr8KhbVv2G4nzjBlZWz0kCOCgW6jKnb2_U60,5504
+iam_validator/checks/utils/__init__.py,sha256=j0X4ibUB6RGx2a-kNoJnlVZwHfoEvzZsIeTmJIAoFzA,45
+iam_validator/checks/utils/policy_level_checks.py,sha256=2V60C0zhKfsFPjQ-NMlD3EemtwA9S6-4no8nETgXdQE,5274
+iam_validator/checks/utils/sensitive_action_matcher.py,sha256=e67RIi-zg7ssFwq6x4kt4wsTF-brNz91KaBxgV-23jg,10687
+iam_validator/checks/utils/wildcard_expansion.py,sha256=V3V_KRpapOzPBhpUObJjGHoMhvCH90QvDxppeEHIG_U,3152
+iam_validator/commands/__init__.py,sha256=M-5bo8w0TCWydK0cXgJyPD2fmk8bpQs-3b26YbgLzlc,565
+iam_validator/commands/analyze.py,sha256=TWlDaZ8gVOdNv6__KQQfzeLVW36qLiL5IzlhGYfvq_g,16501
+iam_validator/commands/base.py,sha256=5baCCMwxz7pdQ6XMpWfXFNz7i1l5dB8Qv9dKKR04Gzs,1074
+iam_validator/commands/cache.py,sha256=p4ucRVuh42sbK3Lk0b610L3ofAR5TnUreF00fpO6VFg,14219
+iam_validator/commands/download_services.py,sha256=KKz3ybMLT8DQUf9aFZ0tilJ-o1b6PE8Pf1pC4K6cT8I,9175
+iam_validator/commands/post_to_pr.py,sha256=CvUXs2xvO-UhluxdfNM6F0TCWD8hDBEOiYw60fm1Dms,2363
+iam_validator/commands/validate.py,sha256=vyPsEenHoQPc_ftaVv0Ek5i52OvoqHaRCpVLLjCU5As,23508
+iam_validator/core/__init__.py,sha256=1FvJPMrbzJfS9YbRUJCshJLd5gzWwR9Fd_slS0Aq9c8,416
+iam_validator/core/access_analyzer.py,sha256=poeT1i74jXpKr1B3UmvqiTvCTbq82zffWgZHwiFUwoo,24337
+iam_validator/core/access_analyzer_report.py,sha256=IrQVszlhFfQ6WykYLpig7TU3hf8dnQTegPDsOvHjR5Q,24873
+iam_validator/core/aws_fetcher.py,sha256=NEXS7w6M5_EIXAm6OyyUEenpPU6p2Aj_a_p93aR9vAI,36147
+iam_validator/core/check_registry.py,sha256=cMjtJROkZOLzXxl-mTdLYHdxyajNnOsaHGs-EeaSZ7k,21741
+iam_validator/core/cli.py,sha256=PkXiZjlgrQ21QustBbspefYsdbxst4gxoClyG2_HQR8,3843
+iam_validator/core/condition_validators.py,sha256=7zBjlcf2xGFKGbcFrXSLvWT5tFhWxoqwzhsJqS2E8uY,21524
+iam_validator/core/models.py,sha256=spL5USsDFNfzQ_7R6yaTo-fcoRANkKS-zCwn88XYjYQ,11544
+iam_validator/core/policy_checks.py,sha256=Uz2yCsqRaoIja31F4ZM-39a1pHv51yZqKyWWkGUZKNY,26489
+iam_validator/core/policy_loader.py,sha256=TR7SpzlRG3TwH4HBGEFUuhNOmxIR8Cud2SQ-AmHWBpM,14040
+iam_validator/core/pr_commenter.py,sha256=EDE8lWsabkHYrOw2ApIUrPbjI5K3-Z_QxJkjakaVsTk,11600
+iam_validator/core/report.py,sha256=Yeh_u9jQvTyDV3ignyPcWEQVfFcxNZNrxf4T0fjeWb4,33283
+iam_validator/core/config/__init__.py,sha256=CWSyIA7kEyzrskEenjYbs9Iih10BXRpiY9H2dHg61rU,2671
+iam_validator/core/config/aws_api.py,sha256=HLIzOItQ0A37wxHcgWck6ZFO0wmNY8JNTiWMMK6JKYU,1248
+iam_validator/core/config/aws_global_conditions.py,sha256=gdmMxXGBy95B3uYUG-J7rnM6Ixgc6L7Y9Pcd2XAMb60,7170
+iam_validator/core/config/category_suggestions.py,sha256=QlrYi4BTkxDSTlL7NZGE9BWN-atWetZ6XjkI9F_7YzI,4370
+iam_validator/core/config/condition_requirements.py,sha256=1PuADTB9pLqh-kNUGC7kSU6LMLtXMSc003tvI7qKeAY,5170
+iam_validator/core/config/config_loader.py,sha256=MjO9SJ3HSXl6gnv_Qy0d906pX9iW8cONM8alOotUaKI,17749
+iam_validator/core/config/defaults.py,sha256=w5ievxkqki3zYr7NaREoWtVx5rTfxBpZlgoNdovcILs,27112
+iam_validator/core/config/principal_requirements.py,sha256=VCX7fBDgeDTJQyoz7_x7GI7Kf9O1Eu-sbihoHOrKv6o,15105
+iam_validator/core/config/sensitive_actions.py,sha256=uATDIp_TD3OQQlsYTZp79qd1mSK2Bf9hJ0JwcqLBr84,25344
+iam_validator/core/config/service_principals.py,sha256=gQSROsxUWBD6P2F9qP320UZV4lHGlsyvHSkMyy0njrU,2685
+iam_validator/core/config/wildcards.py,sha256=H_v6hb-rZ0UUz4cul9lxkVI39e6knaK4Y-MbWz2Ebpw,3228
+iam_validator/core/formatters/__init__.py,sha256=fnCKAEBXItnOf2m4rhVs7zwMaTxbG6ESh3CF8V5j5ec,868
+iam_validator/core/formatters/base.py,sha256=SShDeDiy5mYQnS6BpA8xYg91N-KX1EObkOtlrVHqx1Q,4451
+iam_validator/core/formatters/console.py,sha256=lX4Yp4bTW61fxe0fCiHuO6bCZtC_6cjCwqDNQ55nT_8,1937
+iam_validator/core/formatters/csv.py,sha256=2FaN6Y_0TPMFOb3A3tNtj0-9bkEc5P-6eZ7eLROIqFE,5899
+iam_validator/core/formatters/enhanced.py,sha256=S0UgYKFOgILfOqwnBC8-WFab3F1CiEko33g0nbaswtk,17085
+iam_validator/core/formatters/html.py,sha256=j4sQi-wXiD9kCHldW5JCzbJe0frhiP5uQI9KlH3Sj_g,22994
+iam_validator/core/formatters/json.py,sha256=A7gZ8P32GEdbDvrSn6v56yQ4fOP_kyMaoFVXG2bgnew,939
+iam_validator/core/formatters/markdown.py,sha256=aPAY6FpZBHsVBDag3FAsB_X9CZzznFjX9dQr0ysDrTE,2251
+iam_validator/core/formatters/sarif.py,sha256=O3pn7whqFq5xxk-tuoqSb2k4Fk5ai_A2SKX_ph8GLV4,10469
+iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
+iam_validator/integrations/github_integration.py,sha256=bKs94vNT4PmcmUPUeuY2WJFhCYpUY2SWiBP1vj-andA,25673
+iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
+iam_validator/sdk/__init__.py,sha256=fRDSXAclGmCU3KDft4StL8JUcpAsdzwIRf8mVj461q0,5306
+iam_validator/sdk/arn_matching.py,sha256=we70RM2sriCcsd5GAUj7gL0iGKZt3oa0kle2VLF-X2E,8841
+iam_validator/sdk/context.py,sha256=SBFeedu8rhCzFA-zC2cH4wLZxEJT6XOW30hIZAyXPVU,6826
+iam_validator/sdk/exceptions.py,sha256=tm91TxIwU157U_UHN7w5qICf_OhU11agj6pV5W_YP-4,1023
+iam_validator/sdk/helpers.py,sha256=OVBg4xrW95LT74wXCg1LQkba9kw5RfFqeCLuTqhgL-A,5697
+iam_validator/sdk/policy_utils.py,sha256=CZS1OGSdiWsd2lsCwg0BDcUNWa61tUwgvn-P5rKqeN8,12987
+iam_validator/sdk/shortcuts.py,sha256=EVNSYV7rv4TFH03ulsZ3mS1UVmTSp2jKpc2AXs4j1q4,8531
+iam_validator/utils/__init__.py,sha256=V8u-SSdnL4a7NwF-yg9x0JRl5epKAXEs2f5RiwK2qPo,856
+iam_validator/utils/cache.py,sha256=wOQKOBeoG6QqC5f0oXcHz63Cjtu_-SsSS-0pTSwyAiM,3254
+iam_validator/utils/regex.py,sha256=PMVCYxjlVa2zLNEnIU3upQCSIhPazlXWg_sJClIiqiM,6221
+iam_policy_validator-1.6.0.dist-info/METADATA,sha256=rghXQo_4hFarMkPFzCmWFgD_1yMW1dwtwGIId_MsBdc,36586
+iam_policy_validator-1.6.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+iam_policy_validator-1.6.0.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
+iam_policy_validator-1.6.0.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
+iam_policy_validator-1.6.0.dist-info/RECORD,,

iam_validator/__version__.py

@@ -3,5 +3,5 @@
 This file is the single source of truth for the package version.
 """
 
-__version__ = "1.4.0"
+__version__ = "1.6.0"
 __version_info__ = tuple(int(part) for part in __version__.split("."))

iam_validator/checks/__init__.py

@@ -5,23 +5,39 @@ Built-in policy checks for IAM Policy Validator.
 from iam_validator.checks.action_condition_enforcement import (
     ActionConditionEnforcementCheck,
 )
-from iam_validator.checks.action_resource_constraint import ActionResourceConstraintCheck
+from iam_validator.checks.action_resource_matching import (
+    ActionResourceMatchingCheck,
+)
 from iam_validator.checks.action_validation import ActionValidationCheck
 from iam_validator.checks.condition_key_validation import ConditionKeyValidationCheck
+from iam_validator.checks.condition_type_mismatch import ConditionTypeMismatchCheck
+from iam_validator.checks.full_wildcard import FullWildcardCheck
+from iam_validator.checks.mfa_condition_check import MFAConditionCheck
 from iam_validator.checks.policy_size import PolicySizeCheck
 from iam_validator.checks.principal_validation import PrincipalValidationCheck
 from iam_validator.checks.resource_validation import ResourceValidationCheck
-from iam_validator.checks.security_best_practices import SecurityBestPracticesCheck
+from iam_validator.checks.sensitive_action import SensitiveActionCheck
+from iam_validator.checks.service_wildcard import ServiceWildcardCheck
+from iam_validator.checks.set_operator_validation import SetOperatorValidationCheck
 from iam_validator.checks.sid_uniqueness import SidUniquenessCheck
+from iam_validator.checks.wildcard_action import WildcardActionCheck
+from iam_validator.checks.wildcard_resource import WildcardResourceCheck
 
 __all__ = [
     "ActionConditionEnforcementCheck",
-    "ActionResourceConstraintCheck",
+    "ActionResourceMatchingCheck",
     "ActionValidationCheck",
     "ConditionKeyValidationCheck",
+    "ConditionTypeMismatchCheck",
+    "FullWildcardCheck",
+    "MFAConditionCheck",
     "PolicySizeCheck",
     "PrincipalValidationCheck",
     "ResourceValidationCheck",
-    "SecurityBestPracticesCheck",
+    "SensitiveActionCheck",
+    "ServiceWildcardCheck",
+    "SetOperatorValidationCheck",
     "SidUniquenessCheck",
+    "WildcardActionCheck",
+    "WildcardResourceCheck",
 ]