iam-policy-validator 1.5.0__tar.gz → 1.7.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (723) hide show
  1. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.github/workflows/ci.yml +10 -12
  2. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.github/workflows/release.yml +5 -2
  3. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/CONTRIBUTING.md +53 -29
  4. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/DOCS.md +126 -151
  5. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/PKG-INFO +101 -65
  6. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/README.md +100 -64
  7. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/action.yaml +43 -10
  8. iam_policy_validator-1.7.0/docs/CHECKS.md +74 -0
  9. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/ROADMAP.md +5 -5
  10. iam_policy_validator-1.7.0/docs/SDK.md +714 -0
  11. iam_policy_validator-1.7.0/docs/check-reference.md +1414 -0
  12. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/condition-requirements.md +51 -62
  13. iam_policy_validator-1.7.0/examples/configs/README.md +446 -0
  14. iam_policy_validator-1.7.0/examples/configs/ci-cd-config.yaml +91 -0
  15. iam_policy_validator-1.7.0/examples/configs/development-config.yaml +83 -0
  16. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/full-reference-config.yaml +303 -154
  17. iam_policy_validator-1.7.0/examples/configs/minimal-validation-config.yaml +61 -0
  18. iam_policy_validator-1.7.0/examples/configs/policy-level-condition-enforcement-config.yaml +175 -0
  19. iam_policy_validator-1.7.0/examples/configs/privilege-escalation-focus-config.yaml +183 -0
  20. iam_policy_validator-1.7.0/examples/configs/resource-policy-config.yaml +132 -0
  21. iam_policy_validator-1.7.0/examples/configs/security-audit-config.yaml +120 -0
  22. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/README.md +88 -0
  23. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +26 -0
  24. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +33 -0
  25. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +40 -0
  26. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +26 -0
  27. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +40 -0
  28. iam_policy_validator-1.7.0/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +26 -0
  29. iam_policy_validator-1.7.0/examples/library-usage/example1_basic_usage_new.py +76 -0
  30. iam_policy_validator-1.7.0/examples/library-usage/example2_context_manager.py +125 -0
  31. iam_policy_validator-1.7.0/examples/library-usage/example3_policy_manipulation.py +196 -0
  32. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/example4_custom_condition_requirements.py +76 -76
  33. iam_policy_validator-1.7.0/examples/library-usage/policies/my-policy.json +17 -0
  34. iam_policy_validator-1.7.0/examples/library-usage/policies/policy1.json +14 -0
  35. iam_policy_validator-1.7.0/examples/library-usage/policies/policy2.json +14 -0
  36. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/__version__.py +1 -1
  37. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/__init__.py +9 -3
  38. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/action_condition_enforcement.py +165 -3
  39. iam_policy_validator-1.7.0/iam_validator/checks/action_resource_matching.py +441 -0
  40. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/condition_key_validation.py +3 -1
  41. iam_policy_validator-1.7.0/iam_validator/checks/condition_type_mismatch.py +259 -0
  42. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/full_wildcard.py +5 -1
  43. iam_policy_validator-1.7.0/iam_validator/checks/mfa_condition_check.py +112 -0
  44. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/policy_size.py +3 -7
  45. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/policy_type_validation.py +9 -3
  46. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/principal_validation.py +1 -1
  47. iam_policy_validator-1.7.0/iam_validator/checks/resource_validation.py +138 -0
  48. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/sensitive_action.py +82 -6
  49. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/service_wildcard.py +3 -1
  50. iam_policy_validator-1.7.0/iam_validator/checks/set_operator_validation.py +157 -0
  51. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/utils/sensitive_action_matcher.py +35 -1
  52. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/wildcard_action.py +7 -2
  53. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/wildcard_resource.py +5 -1
  54. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/analyze.py +98 -1
  55. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/cache.py +1 -1
  56. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/validate.py +48 -13
  57. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/access_analyzer.py +5 -0
  58. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/access_analyzer_report.py +2 -5
  59. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/aws_fetcher.py +103 -56
  60. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/check_registry.py +165 -21
  61. iam_policy_validator-1.7.0/iam_validator/core/condition_validators.py +626 -0
  62. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/__init__.py +13 -15
  63. iam_policy_validator-1.7.0/iam_validator/core/config/aws_global_conditions.py +160 -0
  64. iam_policy_validator-1.7.0/iam_validator/core/config/category_suggestions.py +104 -0
  65. iam_policy_validator-1.7.0/iam_validator/core/config/condition_requirements.py +155 -0
  66. {iam_policy_validator-1.5.0/iam_validator/core → iam_policy_validator-1.7.0/iam_validator/core/config}/config_loader.py +6 -6
  67. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/defaults.py +187 -54
  68. iam_policy_validator-1.7.0/iam_validator/core/config/sensitive_actions.py +672 -0
  69. iam_policy_validator-1.7.0/iam_validator/core/constants.py +74 -0
  70. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/models.py +43 -14
  71. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/policy_checks.py +4 -4
  72. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/pr_commenter.py +105 -19
  73. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/report.py +49 -36
  74. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/integrations/github_integration.py +21 -1
  75. iam_policy_validator-1.7.0/iam_validator/sdk/__init__.py +187 -0
  76. iam_policy_validator-1.7.0/iam_validator/sdk/arn_matching.py +382 -0
  77. iam_policy_validator-1.7.0/iam_validator/sdk/context.py +222 -0
  78. iam_policy_validator-1.7.0/iam_validator/sdk/exceptions.py +48 -0
  79. iam_policy_validator-1.7.0/iam_validator/sdk/helpers.py +177 -0
  80. iam_policy_validator-1.7.0/iam_validator/sdk/policy_utils.py +425 -0
  81. iam_policy_validator-1.7.0/iam_validator/sdk/shortcuts.py +283 -0
  82. iam_policy_validator-1.7.0/iam_validator/utils/__init__.py +31 -0
  83. iam_policy_validator-1.7.0/iam_validator/utils/cache.py +105 -0
  84. iam_policy_validator-1.7.0/iam_validator/utils/regex.py +206 -0
  85. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/pyproject.toml +1 -1
  86. iam_policy_validator-1.7.0/tests/test_action_condition_enforcement_policy_level.py +419 -0
  87. iam_policy_validator-1.7.0/tests/test_action_resource_matching.py +564 -0
  88. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_aws_global_conditions.py +26 -4
  89. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_comment_truncation.py +3 -3
  90. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_condition_key_validation_check.py +77 -3
  91. iam_policy_validator-1.7.0/tests/test_condition_type_mismatch.py +370 -0
  92. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_config_loader.py +1 -1
  93. iam_policy_validator-1.7.0/tests/test_mfa_condition_check.py +240 -0
  94. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_models.py +5 -3
  95. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_multipart_comments.py +3 -2
  96. iam_policy_validator-1.7.0/tests/test_regex_utils.py +261 -0
  97. iam_policy_validator-1.7.0/tests/test_set_operator_validation.py +383 -0
  98. iam_policy_validator-1.7.0/uv.lock +947 -0
  99. iam_policy_validator-1.5.0/iam_validator/checks/action_resource_constraint.py +0 -151
  100. iam_policy_validator-1.5.0/iam_validator/checks/resource_validation.py +0 -108
  101. iam_policy_validator-1.5.0/iam_validator/core/aws_global_conditions.py +0 -137
  102. iam_policy_validator-1.5.0/iam_validator/core/config/condition_requirements.py +0 -535
  103. iam_policy_validator-1.5.0/iam_validator/core/config/sensitive_actions.py +0 -133
  104. iam_policy_validator-1.5.0/tests/test_action_resource_constraint.py +0 -273
  105. iam_policy_validator-1.5.0/uv.lock +0 -943
  106. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.github/dependabot.yml +0 -0
  107. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.gitignore +0 -0
  108. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.python-version +0 -0
  109. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/LICENSE +0 -0
  110. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/Makefile +0 -0
  111. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/_manifest.json +0 -0
  112. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/_services.json +0 -0
  113. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/a2c.json +0 -0
  114. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/a4b.json +0 -0
  115. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/access-analyzer.json +0 -0
  116. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/account.json +0 -0
  117. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/acm-pca.json +0 -0
  118. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/acm.json +0 -0
  119. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/action-recommendations.json +0 -0
  120. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/activate.json +0 -0
  121. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aiops.json +0 -0
  122. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/airflow.json +0 -0
  123. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/amplify.json +0 -0
  124. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/amplifybackend.json +0 -0
  125. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/amplifyuibuilder.json +0 -0
  126. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aoss.json +0 -0
  127. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/apigateway.json +0 -0
  128. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/app-integrations.json +0 -0
  129. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appconfig.json +0 -0
  130. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appfabric.json +0 -0
  131. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appflow.json +0 -0
  132. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/application-autoscaling.json +0 -0
  133. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/application-signals.json +0 -0
  134. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/application-transformation.json +0 -0
  135. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/applicationinsights.json +0 -0
  136. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appmesh-preview.json +0 -0
  137. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appmesh.json +0 -0
  138. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/apprunner.json +0 -0
  139. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appstream.json +0 -0
  140. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appstudio.json +0 -0
  141. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/appsync.json +0 -0
  142. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/apptest.json +0 -0
  143. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aps.json +0 -0
  144. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/arc-region-switch.json +0 -0
  145. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/arc-zonal-shift.json +0 -0
  146. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/arsenal.json +0 -0
  147. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/artifact.json +0 -0
  148. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/athena.json +0 -0
  149. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/auditmanager.json +0 -0
  150. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/autoscaling-plans.json +0 -0
  151. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/autoscaling.json +0 -0
  152. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aws-marketplace-management.json +0 -0
  153. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aws-marketplace.json +0 -0
  154. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/aws-portal.json +0 -0
  155. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/awsconnector.json +0 -0
  156. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/b2bi.json +0 -0
  157. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/backup-gateway.json +0 -0
  158. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/backup-search.json +0 -0
  159. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/backup-storage.json +0 -0
  160. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/backup.json +0 -0
  161. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/batch.json +0 -0
  162. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bcm-dashboards.json +0 -0
  163. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bcm-data-exports.json +0 -0
  164. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bcm-pricing-calculator.json +0 -0
  165. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bcm-recommended-actions.json +0 -0
  166. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bedrock-agentcore.json +0 -0
  167. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bedrock.json +0 -0
  168. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/billing.json +0 -0
  169. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/billingconductor.json +0 -0
  170. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/braket.json +0 -0
  171. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/budgets.json +0 -0
  172. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/bugbust.json +0 -0
  173. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cases.json +0 -0
  174. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cassandra.json +0 -0
  175. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ce.json +0 -0
  176. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/chatbot.json +0 -0
  177. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/chime.json +0 -0
  178. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cleanrooms-ml.json +0 -0
  179. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cleanrooms.json +0 -0
  180. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloud9.json +0 -0
  181. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/clouddirectory.json +0 -0
  182. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudformation.json +0 -0
  183. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudfront-keyvaluestore.json +0 -0
  184. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudfront.json +0 -0
  185. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudhsm.json +0 -0
  186. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudsearch.json +0 -0
  187. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudshell.json +0 -0
  188. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudtrail-data.json +0 -0
  189. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudtrail.json +0 -0
  190. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cloudwatch.json +0 -0
  191. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeartifact.json +0 -0
  192. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codebuild.json +0 -0
  193. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codecatalyst.json +0 -0
  194. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codecommit.json +0 -0
  195. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeconnections.json +0 -0
  196. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codedeploy-commands-secure.json +0 -0
  197. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codedeploy.json +0 -0
  198. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeguru-profiler.json +0 -0
  199. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeguru-reviewer.json +0 -0
  200. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeguru-security.json +0 -0
  201. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codeguru.json +0 -0
  202. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codepipeline.json +0 -0
  203. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codestar-connections.json +0 -0
  204. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codestar-notifications.json +0 -0
  205. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codestar.json +0 -0
  206. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/codewhisperer.json +0 -0
  207. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cognito-identity.json +0 -0
  208. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cognito-idp.json +0 -0
  209. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cognito-sync.json +0 -0
  210. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/comprehend.json +0 -0
  211. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/comprehendmedical.json +0 -0
  212. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/compute-optimizer.json +0 -0
  213. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/config.json +0 -0
  214. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/connect-campaigns.json +0 -0
  215. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/connect.json +0 -0
  216. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/consoleapp.json +0 -0
  217. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/consolidatedbilling.json +0 -0
  218. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/controlcatalog.json +0 -0
  219. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/controltower.json +0 -0
  220. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cost-optimization-hub.json +0 -0
  221. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/cur.json +0 -0
  222. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/customer-verification.json +0 -0
  223. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/databrew.json +0 -0
  224. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dataexchange.json +0 -0
  225. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/datapipeline.json +0 -0
  226. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/datasync.json +0 -0
  227. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/datazone.json +0 -0
  228. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dax.json +0 -0
  229. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dbqms.json +0 -0
  230. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/deadline.json +0 -0
  231. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/deepcomposer.json +0 -0
  232. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/deepracer.json +0 -0
  233. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/detective.json +0 -0
  234. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/devicefarm.json +0 -0
  235. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/devops-guru.json +0 -0
  236. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/directconnect.json +0 -0
  237. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/discovery.json +0 -0
  238. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dlm.json +0 -0
  239. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dms.json +0 -0
  240. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/docdb-elastic.json +0 -0
  241. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/drs.json +0 -0
  242. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ds-data.json +0 -0
  243. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ds.json +0 -0
  244. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dsql.json +0 -0
  245. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/dynamodb.json +0 -0
  246. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ebs.json +0 -0
  247. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ec2-instance-connect.json +0 -0
  248. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ec2.json +0 -0
  249. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ec2messages.json +0 -0
  250. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ecr-public.json +0 -0
  251. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ecr.json +0 -0
  252. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ecs.json +0 -0
  253. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/eks-auth.json +0 -0
  254. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/eks.json +0 -0
  255. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elasticache.json +0 -0
  256. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elasticbeanstalk.json +0 -0
  257. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elasticfilesystem.json +0 -0
  258. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elasticloadbalancing.json +0 -0
  259. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elasticmapreduce.json +0 -0
  260. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elastictranscoder.json +0 -0
  261. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elemental-activations.json +0 -0
  262. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elemental-appliances-software.json +0 -0
  263. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elemental-support-cases.json +0 -0
  264. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/elemental-support-content.json +0 -0
  265. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/emr-containers.json +0 -0
  266. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/emr-serverless.json +0 -0
  267. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/entityresolution.json +0 -0
  268. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/es.json +0 -0
  269. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/events.json +0 -0
  270. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/evidently.json +0 -0
  271. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/evs.json +0 -0
  272. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/execute-api.json +0 -0
  273. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/finspace-api.json +0 -0
  274. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/finspace.json +0 -0
  275. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/firehose.json +0 -0
  276. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/fis.json +0 -0
  277. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/fms.json +0 -0
  278. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/forecast.json +0 -0
  279. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/frauddetector.json +0 -0
  280. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/freertos.json +0 -0
  281. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/freetier.json +0 -0
  282. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/fsx.json +0 -0
  283. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/gamelift.json +0 -0
  284. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/gameliftstreams.json +0 -0
  285. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/geo-maps.json +0 -0
  286. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/geo-places.json +0 -0
  287. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/geo-routes.json +0 -0
  288. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/geo.json +0 -0
  289. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/glacier.json +0 -0
  290. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/globalaccelerator.json +0 -0
  291. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/glue.json +0 -0
  292. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/grafana.json +0 -0
  293. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/greengrass.json +0 -0
  294. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/groundstation.json +0 -0
  295. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/groundtruthlabeling.json +0 -0
  296. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/guardduty.json +0 -0
  297. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/health.json +0 -0
  298. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/healthlake.json +0 -0
  299. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/honeycode.json +0 -0
  300. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iam.json +0 -0
  301. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/identity-sync.json +0 -0
  302. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/identitystore-auth.json +0 -0
  303. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/identitystore.json +0 -0
  304. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/imagebuilder.json +0 -0
  305. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/importexport.json +0 -0
  306. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/inspector-scan.json +0 -0
  307. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/inspector.json +0 -0
  308. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/inspector2.json +0 -0
  309. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/internetmonitor.json +0 -0
  310. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/invoicing.json +0 -0
  311. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iot-device-tester.json +0 -0
  312. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iot.json +0 -0
  313. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotanalytics.json +0 -0
  314. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotdeviceadvisor.json +0 -0
  315. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotevents.json +0 -0
  316. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotfleethub.json +0 -0
  317. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotfleetwise.json +0 -0
  318. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotjobsdata.json +0 -0
  319. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotmanagedintegrations.json +0 -0
  320. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotsitewise.json +0 -0
  321. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iottwinmaker.json +0 -0
  322. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iotwireless.json +0 -0
  323. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iq-permission.json +0 -0
  324. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/iq.json +0 -0
  325. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ivs.json +0 -0
  326. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ivschat.json +0 -0
  327. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kafka-cluster.json +0 -0
  328. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kafka.json +0 -0
  329. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kafkaconnect.json +0 -0
  330. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kendra-ranking.json +0 -0
  331. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kendra.json +0 -0
  332. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kinesis.json +0 -0
  333. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kinesisanalytics.json +0 -0
  334. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kinesisvideo.json +0 -0
  335. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/kms.json +0 -0
  336. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lakeformation.json +0 -0
  337. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lambda.json +0 -0
  338. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/launchwizard.json +0 -0
  339. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lex.json +0 -0
  340. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/license-manager-linux-subscriptions.json +0 -0
  341. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/license-manager-user-subscriptions.json +0 -0
  342. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/license-manager.json +0 -0
  343. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lightsail.json +0 -0
  344. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/logs.json +0 -0
  345. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lookoutequipment.json +0 -0
  346. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lookoutmetrics.json +0 -0
  347. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/lookoutvision.json +0 -0
  348. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/m2.json +0 -0
  349. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/machinelearning.json +0 -0
  350. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/macie2.json +0 -0
  351. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/managedblockchain-query.json +0 -0
  352. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/managedblockchain.json +0 -0
  353. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mapcredits.json +0 -0
  354. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/marketplacecommerceanalytics.json +0 -0
  355. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mechanicalturk.json +0 -0
  356. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediaconnect.json +0 -0
  357. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediaconvert.json +0 -0
  358. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediaimport.json +0 -0
  359. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/medialive.json +0 -0
  360. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediapackage-vod.json +0 -0
  361. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediapackage.json +0 -0
  362. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediapackagev2.json +0 -0
  363. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediastore.json +0 -0
  364. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mediatailor.json +0 -0
  365. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/medical-imaging.json +0 -0
  366. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/memorydb.json +0 -0
  367. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mgh.json +0 -0
  368. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mgn.json +0 -0
  369. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/migrationhub-orchestrator.json +0 -0
  370. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/migrationhub-strategy.json +0 -0
  371. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mobileanalytics.json +0 -0
  372. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mobiletargeting.json +0 -0
  373. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/monitron.json +0 -0
  374. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mpa.json +0 -0
  375. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/mq.json +0 -0
  376. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/neptune-db.json +0 -0
  377. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/neptune-graph.json +0 -0
  378. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/network-firewall.json +0 -0
  379. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/network-security-director.json +0 -0
  380. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/networkflowmonitor.json +0 -0
  381. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/networkmanager-chat.json +0 -0
  382. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/networkmanager.json +0 -0
  383. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/networkmonitor.json +0 -0
  384. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/nimble.json +0 -0
  385. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/notifications-contacts.json +0 -0
  386. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/notifications.json +0 -0
  387. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/oam.json +0 -0
  388. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/observabilityadmin.json +0 -0
  389. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/odb.json +0 -0
  390. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/omics.json +0 -0
  391. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/one.json +0 -0
  392. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/opensearch.json +0 -0
  393. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/opsworks-cm.json +0 -0
  394. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/opsworks.json +0 -0
  395. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/organizations.json +0 -0
  396. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/osis.json +0 -0
  397. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/outposts.json +0 -0
  398. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/panorama.json +0 -0
  399. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/partnercentral-account-management.json +0 -0
  400. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/partnercentral.json +0 -0
  401. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/payment-cryptography.json +0 -0
  402. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/payments.json +0 -0
  403. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pca-connector-ad.json +0 -0
  404. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pca-connector-scep.json +0 -0
  405. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pcs.json +0 -0
  406. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/personalize.json +0 -0
  407. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pi.json +0 -0
  408. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pipes.json +0 -0
  409. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/polly.json +0 -0
  410. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/pricing.json +0 -0
  411. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/private-networks.json +0 -0
  412. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/profile.json +0 -0
  413. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/proton.json +0 -0
  414. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/purchase-orders.json +0 -0
  415. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/q.json +0 -0
  416. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/qapps.json +0 -0
  417. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/qbusiness.json +0 -0
  418. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/qdeveloper.json +0 -0
  419. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/qldb.json +0 -0
  420. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/quicksight.json +0 -0
  421. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ram.json +0 -0
  422. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rbin.json +0 -0
  423. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rds-data.json +0 -0
  424. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rds-db.json +0 -0
  425. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rds.json +0 -0
  426. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/redshift-data.json +0 -0
  427. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/redshift-serverless.json +0 -0
  428. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/redshift.json +0 -0
  429. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/refactor-spaces.json +0 -0
  430. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rekognition.json +0 -0
  431. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/repostspace.json +0 -0
  432. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/resiliencehub.json +0 -0
  433. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/resource-explorer-2.json +0 -0
  434. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/resource-explorer.json +0 -0
  435. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/resource-groups.json +0 -0
  436. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rhelkb.json +0 -0
  437. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/robomaker.json +0 -0
  438. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rolesanywhere.json +0 -0
  439. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53-recovery-cluster.json +0 -0
  440. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53-recovery-control-config.json +0 -0
  441. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53-recovery-readiness.json +0 -0
  442. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53.json +0 -0
  443. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53domains.json +0 -0
  444. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53profiles.json +0 -0
  445. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/route53resolver.json +0 -0
  446. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rtbfabric.json +0 -0
  447. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/rum.json +0 -0
  448. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3-object-lambda.json +0 -0
  449. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3-outposts.json +0 -0
  450. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3.json +0 -0
  451. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3express.json +0 -0
  452. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3tables.json +0 -0
  453. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/s3vectors.json +0 -0
  454. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sagemaker-data-science-assistant.json +0 -0
  455. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sagemaker-geospatial.json +0 -0
  456. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sagemaker-mlflow.json +0 -0
  457. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sagemaker.json +0 -0
  458. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/savingsplans.json +0 -0
  459. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/scheduler.json +0 -0
  460. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/schemas.json +0 -0
  461. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/scn.json +0 -0
  462. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sdb.json +0 -0
  463. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/secretsmanager.json +0 -0
  464. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/security-ir.json +0 -0
  465. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/securityhub.json +0 -0
  466. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/securitylake.json +0 -0
  467. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/serverlessrepo.json +0 -0
  468. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/servicecatalog.json +0 -0
  469. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/servicediscovery.json +0 -0
  470. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/serviceextract.json +0 -0
  471. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/servicequotas.json +0 -0
  472. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ses.json +0 -0
  473. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/shield.json +0 -0
  474. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/signer.json +0 -0
  475. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/signin.json +0 -0
  476. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/simspaceweaver.json +0 -0
  477. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sms-voice.json +0 -0
  478. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sms.json +0 -0
  479. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/snow-device-management.json +0 -0
  480. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/snowball.json +0 -0
  481. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sns.json +0 -0
  482. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/social-messaging.json +0 -0
  483. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sqlworkbench.json +0 -0
  484. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sqs.json +0 -0
  485. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm-contacts.json +0 -0
  486. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm-guiconnect.json +0 -0
  487. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm-incidents.json +0 -0
  488. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm-quicksetup.json +0 -0
  489. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm-sap.json +0 -0
  490. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssm.json +0 -0
  491. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ssmmessages.json +0 -0
  492. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sso-directory.json +0 -0
  493. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sso-oauth.json +0 -0
  494. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sso.json +0 -0
  495. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/states.json +0 -0
  496. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/storagegateway.json +0 -0
  497. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sts.json +0 -0
  498. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/support-console.json +0 -0
  499. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/support.json +0 -0
  500. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/supportapp.json +0 -0
  501. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/supportplans.json +0 -0
  502. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/sustainability.json +0 -0
  503. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/swf.json +0 -0
  504. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/synthetics.json +0 -0
  505. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/tag.json +0 -0
  506. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/tax.json +0 -0
  507. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/textract.json +0 -0
  508. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/thinclient.json +0 -0
  509. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/timestream-influxdb.json +0 -0
  510. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/timestream.json +0 -0
  511. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/tiros.json +0 -0
  512. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/tnb.json +0 -0
  513. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/transcribe.json +0 -0
  514. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/transfer.json +0 -0
  515. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/transform.json +0 -0
  516. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/translate.json +0 -0
  517. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/trustedadvisor.json +0 -0
  518. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/ts.json +0 -0
  519. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/user-subscriptions.json +0 -0
  520. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/uxc.json +0 -0
  521. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/vendor-insights.json +0 -0
  522. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/verified-access.json +0 -0
  523. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/verifiedpermissions.json +0 -0
  524. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/voiceid.json +0 -0
  525. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/vpc-lattice-svcs.json +0 -0
  526. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/vpc-lattice.json +0 -0
  527. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/vpce.json +0 -0
  528. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/waf-regional.json +0 -0
  529. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/waf.json +0 -0
  530. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/wafv2.json +0 -0
  531. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/wam.json +0 -0
  532. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/wellarchitected.json +0 -0
  533. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/wickr.json +0 -0
  534. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/wisdom.json +0 -0
  535. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workdocs.json +0 -0
  536. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/worklink.json +0 -0
  537. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workmail.json +0 -0
  538. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workmailmessageflow.json +0 -0
  539. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workspaces-instances.json +0 -0
  540. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workspaces-web.json +0 -0
  541. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/workspaces.json +0 -0
  542. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/aws_services/xray.json +0 -0
  543. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/README.md +0 -0
  544. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/aws-api-configuration.md +0 -0
  545. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/aws-services-backup.md +0 -0
  546. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/configuration.md +0 -0
  547. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/custom-checks.md +0 -0
  548. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/development/PUBLISHING.md +0 -0
  549. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/github-actions-examples.md +0 -0
  550. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/github-actions-workflows.md +0 -0
  551. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/modular-configuration.md +0 -0
  552. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/privilege-escalation.md +0 -0
  553. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/python-library-usage.md +0 -0
  554. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/docs/smart-filtering.md +0 -0
  555. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/README.md +0 -0
  556. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/access-analyzer/example1.json +0 -0
  557. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/access-analyzer/example2.json +0 -0
  558. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/basic-config.yaml +0 -0
  559. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/offline-validation.yaml +0 -0
  560. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/principal-condition-enforcement.yaml +0 -0
  561. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/principal-validation-public-with-conditions.yaml +0 -0
  562. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/principal-validation-relaxed.yaml +0 -0
  563. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/principal-validation-strict.yaml +0 -0
  564. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/configs/strict-security.yaml +0 -0
  565. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/README.md +0 -0
  566. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
  567. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/cross_account_external_id_check.py +0 -0
  568. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/domain_restriction_check.py +0 -0
  569. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/encryption_required_check.py +0 -0
  570. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/mfa_required_check.py +0 -0
  571. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/region_restriction_check.py +0 -0
  572. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/tag_enforcement_check.py +0 -0
  573. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/custom_checks/time_based_access_check.py +0 -0
  574. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/README.md +0 -0
  575. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/access-analyzer-only.yaml +0 -0
  576. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/basic-validation.yaml +0 -0
  577. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/custom-policy-checks.yaml +0 -0
  578. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/multi-region-validation.yaml +0 -0
  579. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/resource-policy-validation.yaml +0 -0
  580. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/sarif-code-scanning.yaml +0 -0
  581. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/sequential-validation.yaml +0 -0
  582. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/two-step-validation.yaml +0 -0
  583. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/github-actions/validate-changed-files.yaml +0 -0
  584. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/README.md +0 -0
  585. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
  586. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
  587. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
  588. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
  589. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
  590. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
  591. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
  592. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
  593. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
  594. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
  595. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
  596. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
  597. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
  598. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
  599. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
  600. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
  601. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
  602. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
  603. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
  604. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
  605. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
  606. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
  607. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
  608. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
  609. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
  610. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
  611. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
  612. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
  613. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
  614. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
  615. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
  616. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
  617. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
  618. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
  619. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
  620. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
  621. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
  622. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
  623. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
  624. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
  625. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
  626. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
  627. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
  628. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
  629. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
  630. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
  631. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/README.md +0 -0
  632. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
  633. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
  634. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
  635. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
  636. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
  637. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
  638. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
  639. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
  640. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
  641. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
  642. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
  643. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
  644. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
  645. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
  646. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
  647. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
  648. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
  649. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
  650. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
  651. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
  652. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
  653. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
  654. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
  655. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
  656. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
  657. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
  658. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
  659. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
  660. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
  661. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
  662. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
  663. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
  664. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
  665. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
  666. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
  667. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
  668. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
  669. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/README.md +0 -0
  670. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/example1_basic_usage.py +0 -0
  671. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/example2_config_file.py +0 -0
  672. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/example3_programmatic_config.py +0 -0
  673. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/examples/library-usage/quick_reference.py +0 -0
  674. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/__init__.py +0 -0
  675. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/__main__.py +0 -0
  676. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/action_validation.py +0 -0
  677. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/sid_uniqueness.py +0 -0
  678. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/utils/__init__.py +0 -0
  679. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/utils/policy_level_checks.py +0 -0
  680. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
  681. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/__init__.py +0 -0
  682. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/base.py +0 -0
  683. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/download_services.py +0 -0
  684. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/commands/post_to_pr.py +0 -0
  685. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/__init__.py +0 -0
  686. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/cli.py +0 -0
  687. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/aws_api.py +0 -0
  688. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/principal_requirements.py +0 -0
  689. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/service_principals.py +0 -0
  690. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/config/wildcards.py +0 -0
  691. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/__init__.py +0 -0
  692. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/base.py +0 -0
  693. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/console.py +0 -0
  694. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/csv.py +0 -0
  695. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/enhanced.py +0 -0
  696. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/html.py +0 -0
  697. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/json.py +0 -0
  698. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/markdown.py +0 -0
  699. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/formatters/sarif.py +0 -0
  700. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/core/policy_loader.py +0 -0
  701. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/integrations/__init__.py +0 -0
  702. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/iam_validator/integrations/ms_teams.py +0 -0
  703. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/scripts/download_aws_services.py +0 -0
  704. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/scripts/sync_defaults_from_yaml.py +0 -0
  705. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/README.md +0 -0
  706. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/__init__.py +0 -0
  707. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_action_condition_enforcement.py +0 -0
  708. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_action_validation_check.py +0 -0
  709. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_aws_api_config.py +0 -0
  710. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_aws_fetcher_wildcards.py +0 -0
  711. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_check_registry.py +0 -0
  712. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_custom_policy_checks.py +0 -0
  713. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_full_wildcard_check.py +0 -0
  714. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_policy_loader.py +0 -0
  715. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_policy_size_check.py +0 -0
  716. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_policy_type_validation.py +0 -0
  717. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_principal_validation_check.py +0 -0
  718. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_resource_validation_check.py +0 -0
  719. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_sensitive_action_wildcard_expansion.py +0 -0
  720. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_service_wildcard_check.py +0 -0
  721. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_sid_uniqueness_check.py +0 -0
  722. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_wildcard_action_check.py +0 -0
  723. {iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/tests/test_wildcard_resource_check.py +0 -0
{iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.github/workflows/ci.yml RENAMED
@@ -7,6 +7,9 @@ on:
7
7
  branches: [main, develop]
8
8
  workflow_dispatch:
9
9
 
10
+ env:
11
+ DEFAULT_PYTHON_VERSION: "3.13"
12
+
10
13
  jobs:
11
14
  lint:
12
15
  name: Lint with Ruff
@@ -18,7 +21,7 @@ jobs:
18
21
  - name: Set up Python
19
22
  uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
20
23
  with:
21
- python-version: "3.12"
24
+ python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
22
25
 
23
26
  - name: Install uv
24
27
  uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
@@ -40,7 +43,7 @@ jobs:
40
43
  strategy:
41
44
  fail-fast: false
42
45
  matrix:
43
- python-version: ["3.10", "3.11", "3.12", "3.13"]
46
+ python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
44
47
  steps:
45
48
  - name: Checkout code
46
49
  uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
@@ -72,7 +75,7 @@ jobs:
72
75
  - name: Set up Python
73
76
  uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
74
77
  with:
75
- python-version: "3.12"
78
+ python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
76
79
 
77
80
  - name: Install uv
78
81
  uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
@@ -96,7 +99,7 @@ jobs:
96
99
  - name: Set up Python
97
100
  uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
98
101
  with:
99
- python-version: "3.12"
102
+ python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
100
103
 
101
104
  - name: Install uv
102
105
  uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
@@ -106,17 +109,12 @@ jobs:
106
109
  - name: Install dependencies
107
110
  run: uv sync
108
111
 
109
- - name: Run validator on example policies
110
- run: |
111
- if [ -d "examples" ]; then
112
- uv run iam-validator --path examples/ --format console --verbose || true
113
- else
114
- echo "No examples directory found, skipping integration test"
115
- fi
116
-
117
112
  - name: Test CLI help
118
113
  run: uv run iam-validator --help
119
114
 
115
+ - name: Test CLI version
116
+ run: uv run iam-validator --version
117
+
120
118
  all-checks-pass:
121
119
  name: All Checks Pass
122
120
  runs-on: ubuntu-latest
{iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/.github/workflows/release.yml RENAMED
@@ -9,6 +9,9 @@ permissions:
9
9
  contents: write
10
10
  id-token: write
11
11
 
12
+ env:
13
+ PYTHON_VERSION: "3.13"
14
+
12
15
  jobs:
13
16
  build-and-release:
14
17
  name: Build and Create Release
@@ -24,7 +27,7 @@ jobs:
24
27
  - name: Set up Python
25
28
  uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
26
29
  with:
27
- python-version: "3.12"
30
+ python-version: ${{ env.PYTHON_VERSION }}
28
31
 
29
32
  - name: Install uv
30
33
  uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
@@ -32,7 +35,7 @@ jobs:
32
35
  enable-cache: true
33
36
 
34
37
  - name: Install dependencies
35
- run: uv sync
38
+ run: uv sync --frozen
36
39
 
37
40
  - name: Build package
38
41
  run: uv build
{iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/CONTRIBUTING.md RENAMED
@@ -23,7 +23,7 @@ This project follows a code of conduct to ensure a welcoming environment for all
23
23
 
24
24
  ### Prerequisites
25
25
 
26
- - Python 3.11 or higher
26
+ - Python 3.12 or higher
27
27
  - [uv](https://github.com/astral-sh/uv) package manager
28
28
  - Git
29
29
  - AWS account (optional, for testing AWS integrations)
@@ -33,8 +33,8 @@ This project follows a code of conduct to ensure a welcoming environment for all
33
33
  1. **Fork and Clone the Repository**
34
34
 
35
35
  ```bash
36
- git clone https://github.com/YOUR-USERNAME/iam-policy-auditor.git
37
- cd iam-policy-auditor
36
+ git clone https://github.com/boogy/iam-policy-validator.git
37
+ cd iam-policy-validator
38
38
  ```
39
39
 
40
40
  2. **Install uv (if not already installed)**
@@ -103,36 +103,46 @@ uv run mypy iam_validator
103
103
  ```
104
104
  iam-policy-auditor/
105
105
  ├── iam_validator/ # Main package
106
- │ ├── cli.py # CLI entry point
107
- │ ├── checks/ # Built-in validation checks
106
+ │ ├── checks/ # Built-in validation checks (18 checks)
108
107
  │ ├── commands/ # CLI command implementations
109
108
  │ ├── core/ # Core validation engine
109
+ │ │ ├── cli.py # CLI entry point
110
110
  │ │ ├── formatters/ # Output formatters
111
- │ │ └── data/ # Static data files
112
- └── integrations/ # External integrations
111
+ │ │ ├── config/ # Configuration system (modular Python configs)
112
+ │ ├── models.py # Data models
113
+ │ │ ├── policy_checks.py # Policy validation orchestrator
114
+ │ │ └── aws_fetcher.py # AWS service definition fetcher
115
+ │ ├── integrations/ # External integrations (Access Analyzer, PR comments)
116
+ │ ├── sdk/ # Python SDK for library usage
117
+ │ └── utils/ # Utility functions
113
118
 
114
119
  ├── tests/ # Test suite
115
- │ ├── test_policy_checks.py # Core validation tests
116
- ├── test_aws_fetcher.py # AWS integration tests
117
- │ ├── test_cache_and_optimizations.py # Cache/optimization tests
118
- │ └── test_benchmarks.py # Performance benchmarks
120
+ │ ├── test_*.py # Test files for each check/module
121
+ └── conftest.py # Pytest configuration and fixtures
119
122
 
120
123
  ├── docs/ # Documentation
121
- │ ├── getting-started/ # Quick start guides
122
- │ ├── guides/ # User guides
123
- │ ├── reference/ # Reference documentation
124
- │ ├── advanced/ # Advanced topics
125
- └── development/ # Development docs
124
+ │ ├── check-reference.md # Complete reference for all 18 checks
125
+ │ ├── CHECKS.md # Deprecated - migration guide
126
+ │ ├── SDK.md # Python SDK documentation
127
+ │ ├── configuration.md # Configuration guide
128
+ ├── condition-requirements.md # Action condition enforcement
129
+ │ ├── privilege-escalation.md # Privilege escalation detection
130
+ │ ├── custom-checks.md # Custom check development guide
131
+ │ └── development/ # Development documentation
126
132
 
127
- ├── examples/ # Example policies and configs
128
- │ ├── configs/ # Configuration examples
133
+ ├── examples/ # Examples and sample files
134
+ │ ├── configs/ # 9+ configuration examples
129
135
  │ ├── custom_checks/ # Custom check examples
130
- └── github-actions/ # GitHub Actions examples
136
+ ├── library-usage/ # Python SDK examples
137
+ │ ├── github-actions/ # GitHub Actions workflow examples
138
+ │ └── iam-test-policies/ # Sample IAM policies for testing
131
139
 
140
+ ├── scripts/ # Development and utility scripts
141
+ ├── aws_services/ # Cached AWS service definitions
132
142
  ├── .github/workflows/ # CI/CD workflows
133
- ├── pyproject.toml # Project metadata and dependencies
143
+ ├── pyproject.toml # Project metadata and dependencies (uv)
134
144
  ├── Makefile # Development commands
135
- └── default-config.yaml # Example configuration file
145
+ └── CONTRIBUTING.md # This file
136
146
  ```
137
147
 
138
148
  ## Development Workflow
@@ -293,11 +303,17 @@ This runs linting, type checking, and tests.
293
303
 
294
304
  ### Documentation Structure
295
305
 
296
- - **Getting Started**: Quick start guides for new users
297
- - **Guides**: In-depth tutorials and how-tos
298
- - **Reference**: API and configuration reference
299
- - **Advanced**: Advanced topics and patterns
300
- - **Development**: Contributor documentation
306
+ - **README.md**: Project overview, quick start, and feature highlights
307
+ - **DOCS.md**: Complete usage guide, CLI reference, and configuration
308
+ - **docs/check-reference.md**: Complete validation checks reference with pass/fail examples
309
+ - **docs/CHECKS.md**: (Deprecated) Migration guide to new check documentation
310
+ - **docs/SDK.md**: Python library documentation and API reference
311
+ - **docs/**: Additional guides and advanced topics
312
+ - **configuration.md**: Configuration guide
313
+ - **condition-requirements.md**: Action condition enforcement
314
+ - **privilege-escalation.md**: Privilege escalation detection
315
+ - **custom-checks.md**: Custom check development
316
+ - **development/**: Contributor documentation
301
317
 
302
318
  ### Building Documentation
303
319
 
@@ -371,6 +387,7 @@ Releases are managed by project maintainers. The process includes:
371
387
  1. **Version Bump**
372
388
  ```bash
373
389
  # Update version in pyproject.toml
390
+ # Update version in __version__.py
374
391
  # Update CHANGELOG.md
375
392
  ```
376
393
 
@@ -474,9 +491,16 @@ See the comprehensive [Custom Checks Guide](docs/custom-checks.md) for detailed
474
491
 
475
492
  ## Getting Help
476
493
 
477
- - **Documentation**: Check [docs/](docs/)
478
- - **Issues**: Search [existing issues](https://github.com/Boogy/iam-policy-auditor/issues)
479
- - **Discussions**: Start a [discussion](https://github.com/Boogy/iam-policy-auditor/discussions)
494
+ ### Documentation Resources
495
+ - **[Complete Usage Guide](../DOCS.md)** - CLI, GitHub Actions, configuration
496
+ - **[Validation Checks](docs/check-reference.md)** - All 18 checks with examples
497
+ - **[Python SDK](docs/SDK.md)** - Library usage and API reference
498
+ - **[Additional Docs](docs/)** - Guides and advanced topics
499
+
500
+ ### Support Channels
501
+ - **Issues**: Search [existing issues](https://github.com/boogy/iam-policy-validator/issues)
502
+ - **Discussions**: Start a [discussion](https://github.com/boogy/iam-policy-validator/discussions)
503
+ - **Examples**: Check [examples/](examples/) directory for code samples
480
504
 
481
505
  ## Recognition
482
506
 
{iam_policy_validator-1.5.0 → iam_policy_validator-1.7.0}/DOCS.md RENAMED
@@ -1,8 +1,8 @@
1
- # IAM Policy Auditor - Complete Documentation
1
+ # IAM Policy Validator - Complete Documentation
2
2
 
3
- > High-performance AWS IAM policy validation using AWS Access Analyzer and custom checks
3
+ > High-performance AWS IAM policy validation using AWS Access Analyzer and 18 built-in security checks
4
4
 
5
- **Quick Links:** [Installation](#installation) • [Quick Start](#quick-start) • [GitHub Actions](#github-actions) • [Custom Checks](#custom-policy-checks) • [CLI Reference](#cli-reference) • [Configuration](#configuration)
5
+ **Quick Links:** [Installation](#installation) • [Quick Start](#quick-start) • [GitHub Actions](#github-actions) • [Validation Checks](#validation-checks) • [CLI Reference](#cli-reference) • [Configuration](#configuration)
6
6
 
7
7
  ---
8
8
 
@@ -11,10 +11,10 @@
11
11
  1. [Installation](#installation)
12
12
  2. [Quick Start](#quick-start)
13
13
  3. [GitHub Actions Integration](#github-actions)
14
- 4. [CLI Usage](#cli-reference)
15
- 5. [Custom Policy Checks](#custom-policy-checks)
16
- 6. [Configuration](#configuration)
17
- 7. [Built-in Checks](#built-in-validation-checks)
14
+ 4. [Validation Checks](#validation-checks)
15
+ 5. [CLI Usage](#cli-reference)
16
+ 6. [Custom Policy Checks (AWS Access Analyzer)](#custom-policy-checks)
17
+ 7. [Configuration](#configuration)
18
18
  8. [Custom Validation Rules](#creating-custom-checks)
19
19
  9. [Performance & Optimization](#performance-optimization)
20
20
  10. [Cache Management](#cache-command)
@@ -403,6 +403,62 @@ See `examples/github-actions/` for more workflow examples.
403
403
 
404
404
  ---
405
405
 
406
+ ## Validation Checks
407
+
408
+ IAM Policy Validator performs **18 built-in validation checks** to ensure your IAM policies are correct, secure, and follow best practices.
409
+
410
+ ### Check Categories
411
+
412
+ 1. **AWS Validation Checks (6 checks)** - Ensure policies conform to AWS IAM requirements
413
+ - Action Validation
414
+ - Condition Key Validation
415
+ - Condition Type Mismatch
416
+ - MFA Condition Anti-Patterns
417
+ - Resource ARN Validation
418
+ - SID Uniqueness
419
+
420
+ 2. **Security Best Practice Checks (7 checks)** - Identify security anti-patterns
421
+ - Wildcard Action
422
+ - Wildcard Resource
423
+ - Full Wildcard (CRITICAL)
424
+ - Service Wildcard
425
+ - Sensitive Action (490 actions across 4 categories)
426
+ - Principal Validation (resource policies)
427
+ - Policy Size
428
+
429
+ 3. **Advanced Enforcement Checks (5 checks)** - Enforce org-specific requirements
430
+ - Action Condition Enforcement (MFA, IP, tags, etc.)
431
+ - Action-Resource Matching
432
+ - Action-Resource Constraint
433
+ - Set Operator Validation
434
+ - Policy Type Validation
435
+
436
+ ### Quick Examples
437
+
438
+ ```bash
439
+ # Run all built-in checks
440
+ iam-validator validate --path ./policies/
441
+
442
+ # Run only specific severity levels
443
+ iam-validator validate --path ./policies/ --fail-on-warnings
444
+
445
+ # Use custom configuration
446
+ iam-validator validate --path ./policies/ --config my-config.yaml
447
+ ```
448
+
449
+ ### Detailed Documentation
450
+
451
+ **📚 For complete documentation of all 18 checks with detailed pass/fail examples, see [Check Reference Guide](docs/check-reference.md)**
452
+
453
+ The check-reference.md file provides:
454
+ - Detailed explanation of what each check validates
455
+ - Pass examples (valid policies)
456
+ - Fail examples (invalid policies with error messages)
457
+ - Configuration options for each check
458
+ - How to use ignore patterns to filter findings
459
+
460
+ ---
461
+
406
462
  ## Custom Policy Checks
407
463
 
408
464
  AWS IAM Access Analyzer provides specialized checks beyond basic validation:
@@ -834,7 +890,7 @@ permissions:
834
890
 
835
891
  ### Configuration File
836
892
 
837
- Create a configuration file (e.g., `my-config.yaml`) based on [default-config.yaml](default-config.yaml):
893
+ Create a configuration file (e.g., `my-config.yaml`) based on [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml):
838
894
 
839
895
  ```yaml
840
896
  # ============================================================================
@@ -882,10 +938,14 @@ action_validation:
882
938
  description: "Validates that actions exist in AWS services"
883
939
  # Note: Wildcard security checks are handled by security_best_practices
884
940
 
885
- # Validate condition keys
941
+ # Validate condition keys (validates against action and resource definitions)
886
942
  condition_key_validation:
887
943
  enabled: true
888
944
  severity: error
945
+ config:
946
+ # Warn when global condition keys are used with actions that have specific keys
947
+ # Set to false to disable these warnings
948
+ warn_on_global_condition_keys: true
889
949
 
890
950
  # Validate resource ARN format
891
951
  resource_validation:
@@ -930,7 +990,7 @@ action_condition_enforcement:
930
990
 
931
991
  Use with: `iam-validator validate --path policy.json --config my-config.yaml`
932
992
 
933
- See [default-config.yaml](default-config.yaml) for full documentation with all available options.
993
+ See [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml) for full documentation with all available options.
934
994
 
935
995
  ### Severity Levels
936
996
 
@@ -963,163 +1023,78 @@ See [examples/configs/](examples/configs/) directory for configurations:
963
1023
 
964
1024
  ## Built-in Validation Checks
965
1025
 
966
- ### 1. Action Validation
967
-
968
- Verifies IAM actions exist in AWS service definitions. This check focuses **solely on validity** - security concerns like wildcards are handled by [Security Best Practices](#4-security-best-practices).
969
-
970
- ```json
971
- {
972
- "Effect": "Allow",
973
- "Action": "s3:GetObject", // ✅ Valid action
974
- "Resource": "*"
975
- }
976
- ```
977
-
978
- ```json
979
- {
980
- "Effect": "Allow",
981
- "Action": "s3:InvalidAction", // Invalid - action doesn't exist
982
- "Resource": "*"
983
- }
984
- ```
985
-
986
- ```json
987
- {
988
- "Effect": "Allow",
989
- "Action": "s3:List*", // Valid - wildcards skipped (checked by security_best_practices)
990
- "Resource": "*"
991
- }
992
- ```
993
-
994
- ### 2. Condition Key Validation
1026
+ IAM Policy Validator includes **18 comprehensive validation checks** across three categories. Each check can be individually configured, enabled/disabled, and customized to match your organization's security requirements.
1027
+
1028
+ ### Overview
1029
+
1030
+ - **AWS Validation Checks (6)** - Ensure policies meet AWS IAM requirements
1031
+ - **Security Best Practices (7)** - Identify anti-patterns and security risks
1032
+ - **Advanced Enforcement (5)** - Enforce organization-specific security policies
1033
+
1034
+ ### Quick Reference
1035
+
1036
+ | Check | Category | Severity | What It Does |
1037
+ |-------|----------|----------|--------------|
1038
+ | action_validation | AWS | error | Validates actions exist in AWS services |
1039
+ | condition_key_validation | AWS | error | Validates condition keys for actions/resources |
1040
+ | condition_type_mismatch | AWS | error | Validates operator/key type matching |
1041
+ | mfa_condition_antipattern | AWS | warning | Detects dangerous MFA patterns |
1042
+ | resource_validation | AWS | error | Validates ARN format |
1043
+ | sid_uniqueness | AWS | error | Ensures unique statement IDs |
1044
+ | wildcard_action | Security | medium | Detects `Action: "*"` |
1045
+ | wildcard_resource | Security | medium | Detects `Resource: "*"` |
1046
+ | full_wildcard | Security | **critical** | Detects both wildcards (admin access) |
1047
+ | service_wildcard | Security | high | Detects `service:*` patterns |
1048
+ | sensitive_action | Security | medium | 490 sensitive actions across 4 categories |
1049
+ | principal_validation | Security | high | Validates resource policy principals |
1050
+ | policy_size | AWS | error | Validates against AWS size limits |
1051
+ | action_condition_enforcement | Enforcement | high | Requires conditions for actions |
1052
+ | action_resource_matching | Enforcement | medium | Validates resource types and account-level actions |
1053
+ | set_operator_validation | AWS | error | Validates ForAllValues/ForAnyValue |
1054
+ | policy_type_validation | Enforcement | error | Validates policy matches declared type |
995
1055
 
996
- Checks condition keys are valid for specified actions:
1056
+ ### Examples
997
1057
 
1058
+ **Pass Example (Specific permissions):**
998
1059
  ```json
999
1060
  {
1000
- "Effect": "Allow",
1001
- "Action": "s3:GetObject",
1002
- "Resource": "*",
1003
- "Condition": {
1004
- "StringEquals": {
1005
- "aws:RequestedRegion": "us-east-1" // ✅ Valid global condition
1061
+ "Version": "2012-10-17",
1062
+ "Statement": [{
1063
+ "Effect": "Allow",
1064
+ "Action": ["s3:GetObject", "s3:PutObject"],
1065
+ "Resource": "arn:aws:s3:::my-bucket/*",
1066
+ "Condition": {
1067
+ "StringEquals": {"aws:RequestedRegion": "us-east-1"}
1006
1068
  }
1007
- }
1069
+ }]
1008
1070
  }
1009
1071
  ```
1010
1072
 
1011
- ### 3. Resource ARN Validation
1012
-
1013
- Ensures ARNs follow proper AWS format:
1014
-
1015
- ```json
1016
- {
1017
- "Effect": "Allow",
1018
- "Action": "s3:GetObject",
1019
- "Resource": "arn:aws:s3:::my-bucket/*" // ✅ Valid ARN
1020
- }
1021
- ```
1022
-
1023
- ### 4. Security Best Practices
1024
-
1025
- Identifies security risks:
1026
-
1027
- - **Overly permissive wildcards**: `Action: "*"` with `Resource: "*"`
1028
- - **Sensitive actions without conditions**: Administrative permissions
1029
- - **Missing MFA requirements**: For privileged operations
1030
-
1031
- ### 5. SID Uniqueness
1032
-
1033
- Ensures Statement IDs are unique within a policy:
1034
-
1073
+ **Fail Example (Administrative access):**
1035
1074
  ```json
1036
1075
  {
1037
- "Statement": [
1038
- { "Sid": "AllowRead", "Effect": "Allow", "Action": "s3:GetObject" },
1039
- { "Sid": "AllowRead", "Effect": "Allow", "Action": "s3:ListBucket" } // ❌ Duplicate SID
1040
- ]
1076
+ "Version": "2012-10-17",
1077
+ "Statement": [{
1078
+ "Effect": "Allow",
1079
+ "Action": "*", // ❌ CRITICAL: All actions
1080
+ "Resource": "*" // ❌ CRITICAL: All resources
1081
+ }]
1041
1082
  }
1042
1083
  ```
1043
1084
 
1044
- ### 6. Wildcard Action Validation
1045
-
1046
- The `security_best_practices` handles all wildcard security validation with customizable allowlists:
1047
-
1048
- ```yaml
1049
- security_best_practices:
1050
- enabled: true
1051
-
1052
- # Define allowed wildcard patterns (e.g., safe read-only operations)
1053
- # These patterns are considered acceptable and won't trigger warnings
1054
- allowed_wildcards:
1055
- - "s3:List*" # Safe: listing resources
1056
- - "s3:Describe*" # Safe: describing configurations
1057
- - "ec2:Describe*" # Safe: read-only operations
1058
- - "iam:Get*" # Safe: non-sensitive IAM reads
1059
- - "iam:List*" # Safe: listing IAM entities
1060
- - "cloudwatch:Describe*"
1061
- - "logs:Describe*"
1062
-
1063
- # Wildcard resource check uses allowed_wildcards
1064
- # Resource: "*" is acceptable if ALL actions match allowed_wildcards
1065
- wildcard_resource_check:
1066
- enabled: true
1067
- severity: medium
1068
- # Optionally override parent allowed_wildcards for this check:
1069
- # allowed_wildcards:
1070
- # - "s3:List*"
1071
-
1072
- # Flag service-level wildcards (e.g., "s3:*")
1073
- service_wildcard_check:
1074
- enabled: true
1075
- severity: high
1076
- # Allow specific services to use wildcards
1077
- allowed_services:
1078
- - "logs"
1079
- - "cloudwatch"
1080
- ```
1081
-
1082
- **Note:** The `action_validation` now focuses solely on validating that actions exist in AWS service definitions. All wildcard security concerns are handled by `security_best_practices`.
1083
-
1084
- ### Configuration Migration
1085
-
1086
- If you have a custom configuration file from before v1.1.0, update it as follows:
1087
-
1088
- **Before (v1.0.x):**
1089
- ```yaml
1090
- action_validation:
1091
- enabled: true
1092
- severity: error
1093
- allowed_wildcards:
1094
- - "s3:List*"
1095
- - "ec2:Describe*"
1096
- disable_wildcard_warnings: true
1097
- ```
1098
-
1099
- **After (v1.1.0+):**
1100
- ```yaml
1101
- action_validation:
1102
- enabled: true
1103
- severity: error
1104
- # allowed_wildcards removed - moved to security_best_practices
1105
- # disable_wildcard_warnings removed - no longer needed
1085
+ ### Complete Documentation
1106
1086
 
1107
- security_best_practices:
1108
- enabled: true
1109
- # Move allowed_wildcards here
1110
- allowed_wildcards:
1111
- - "s3:List*"
1112
- - "ec2:Describe*"
1087
+ **📚 For detailed documentation of all 18 checks with comprehensive pass/fail examples:**
1113
1088
 
1114
- wildcard_resource_check:
1115
- enabled: true
1116
- # Automatically inherits allowed_wildcards from parent
1117
- ```
1089
+ **[→ View Complete Checks Reference](docs/check-reference.md)**
1118
1090
 
1119
- **Why this change?**
1120
- - **Clearer separation**: Action validation checks **validity**, security checks handle **safety**
1121
- - **Less confusion**: No overlap between validation and security concerns
1122
- - **Better architecture**: Wildcard security logic is centralized in one place
1091
+ The check-reference.md file includes:
1092
+ - What each check validates
1093
+ - Pass examples (valid policies)
1094
+ - Fail examples with error messages
1095
+ - ✅ Configuration options
1096
+ - ✅ Ignore patterns and filtering
1097
+ - ✅ Best practices and recommendations
1123
1098
 
1124
1099
  ---
1125
1100