iam-policy-validator 1.7.1__py3-none-any.whl → 1.8.0__py3-none-any.whl

iam_validator/core/models.py

@@ -8,10 +8,13 @@ from typing import Any, ClassVar, Literal
 
 from pydantic import BaseModel, ConfigDict, Field
 
+from iam_validator.core import constants
+
 # Policy Type Constants
 PolicyType = Literal[
     "IDENTITY_POLICY",
     "RESOURCE_POLICY",
+    "TRUST_POLICY",  # Trust policies (role assumption policies - subtype of resource policies)
     "SERVICE_CONTROL_POLICY",
     "RESOURCE_CONTROL_POLICY",
 ]
@@ -89,9 +92,8 @@ class ServiceDetail(BaseModel):
     resources_list: list[ResourceType] = Field(default_factory=list, alias="Resources")
     condition_keys_list: list[ConditionKey] = Field(default_factory=list, alias="ConditionKeys")
 
-    def model_post_init(self, __context: Any) -> None:
+    def model_post_init(self, __context: Any, /) -> None:
         """Convert lists to dictionaries for easier lookup."""
-        del __context  # Unused
         # Convert actions list to dict
         self.actions = {action.name: action for action in self.actions_list}
         # Convert resources list to dict
@@ -104,10 +106,10 @@ class ServiceDetail(BaseModel):
 class Statement(BaseModel):
     """IAM policy statement."""
 
-    model_config = ConfigDict(populate_by_name=True)
+    model_config = ConfigDict(populate_by_name=True, extra="allow")
 
     sid: str | None = Field(default=None, alias="Sid")
-    effect: str = Field(alias="Effect")
+    effect: str | None = Field(default=None, alias="Effect")
     action: list[str] | str | None = Field(default=None, alias="Action")
     not_action: list[str] | str | None = Field(default=None, alias="NotAction")
     resource: list[str] | str | None = Field(default=None, alias="Resource")
@@ -134,10 +136,10 @@ class Statement(BaseModel):
 class IAMPolicy(BaseModel):
     """IAM policy document."""
 
-    model_config = ConfigDict(populate_by_name=True)
+    model_config = ConfigDict(populate_by_name=True, extra="allow")
 
-    version: str = Field(alias="Version")
-    statement: list[Statement] = Field(alias="Statement")
+    version: str | None = Field(default=None, alias="Version")
+    statement: list[Statement] | None = Field(default=None, alias="Statement")
     id: str | None = Field(default=None, alias="Id")
 
 
@@ -161,7 +163,11 @@ class ValidationIssue(BaseModel):
     resource: str | None = None
     condition_key: str | None = None
     suggestion: str | None = None
+    example: str | None = None  # Code example (JSON/YAML) - formatted separately for GitHub
     line_number: int | None = None  # Line number in the policy file (if available)
+    check_id: str | None = (
+        None  # Check that triggered this issue (e.g., "policy_size", "sensitive_action")
+    )
 
     # Severity level constants (ClassVar to avoid Pydantic treating them as fields)
     VALID_SEVERITIES: ClassVar[frozenset[str]] = frozenset(
@@ -225,8 +231,8 @@ class ValidationIssue(BaseModel):
 
         # Add identifier for bot comment cleanup (HTML comment - not visible to users)
         if include_identifier:
-            parts.append("<!-- iam-policy-validator-review -->\n")
-            parts.append("🤖 **IAM Policy Validator**\n")
+            parts.append(f"{constants.REVIEW_IDENTIFIER}\n")
+            parts.append(f"{constants.BOT_IDENTIFIER}\n")
 
         # Build statement context for better navigation
         statement_context = f"Statement[{self.statement_index}]"
@@ -241,7 +247,9 @@ class ValidationIssue(BaseModel):
         parts.append(self.message)
 
         # Put additional details in collapsible section if there are any
-        has_details = bool(self.action or self.resource or self.condition_key or self.suggestion)
+        has_details = bool(
+            self.action or self.resource or self.condition_key or self.suggestion or self.example
+        )
 
         if has_details:
             parts.append("")
@@ -266,10 +274,24 @@ class ValidationIssue(BaseModel):
                 parts.append("**💡 Suggested Fix:**")
                 parts.append("")
                 parts.append(self.suggestion)
+                parts.append("")
+
+            # Add example if present (formatted as JSON code block for GitHub)
+            if self.example:
+                parts.append("**Example:**")
+                parts.append("```json")
+                parts.append(self.example)
+                parts.append("```")
 
             parts.append("")
             parts.append("</details>")
 
+        # Add check ID at the bottom if available
+        if self.check_id:
+            parts.append("")
+            parts.append("---")
+            parts.append(f"*Check: `{self.check_id}`*")
+
         return "\n".join(parts)
 
 
@@ -298,6 +320,9 @@ class ValidationReport(BaseModel):
     validity_issues: int = 0  # Count of IAM validity issues (error/warning/info)
     security_issues: int = 0  # Count of security issues (critical/high/medium/low)
     results: list[PolicyValidationResult] = Field(default_factory=list)
+    parsing_errors: list[tuple[str, str]] = Field(
+        default_factory=list
+    )  # (file_path, error_message)
 
     def get_summary(self) -> str:
         """Generate a human-readable summary."""