iam-policy-validator 1.7.1__tar.gz → 1.7.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/pre-release.yml +8 -3
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/Makefile +4 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/PKG-INFO +1 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/README.md +0 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/action.yaml +11 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/condition-requirements.md +12 -4
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/configuration.md +38 -23
- iam_policy_validator-1.7.2/examples/iam-test-policies/identity-policies/terraform-template-policy.json +44 -0
- iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/correct-condition-wrong-key.json +16 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/wrong_actions_mismatch/dynamodb-wrong-resources.json +3 -6
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/wrong_actions_mismatch/ec2-wrong-resources.json +4 -8
- iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +35 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/wrong_actions_mismatch/lambda-wrong-resources.json +3 -6
- iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +35 -0
- iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +23 -0
- iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/typo-condition-field.json +16 -0
- iam_policy_validator-1.7.2/iam_validator/__version__.py +9 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/action_condition_enforcement.py +20 -13
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/action_resource_matching.py +70 -36
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/condition_key_validation.py +7 -7
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/condition_type_mismatch.py +8 -6
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/full_wildcard.py +2 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/mfa_condition_check.py +8 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/principal_validation.py +24 -20
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/sensitive_action.py +3 -9
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/service_wildcard.py +2 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/sid_uniqueness.py +1 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/wildcard_action.py +2 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/wildcard_resource.py +2 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/validate.py +2 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/aws_fetcher.py +115 -22
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/config_loader.py +1 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/defaults.py +16 -7
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/constants.py +57 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/console.py +10 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/csv.py +2 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/enhanced.py +42 -8
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/markdown.py +2 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/models.py +22 -7
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/policy_checks.py +5 -4
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/policy_loader.py +71 -14
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/report.py +65 -24
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/integrations/github_integration.py +4 -5
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/utils/__init__.py +4 -0
- iam_policy_validator-1.7.2/iam_validator/utils/terminal.py +22 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/pyproject.toml +1 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_action_resource_matching.py +1 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_condition_key_validation_check.py +55 -44
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_full_wildcard_check.py +2 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_principal_validation_check.py +2 -1
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_service_wildcard_check.py +2 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_wildcard_action_check.py +2 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_wildcard_resource_check.py +2 -2
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/uv.lock +1 -1
- iam_policy_validator-1.7.1/examples/iam-test-policies/wrong_actions_mismatch/iam-wrong-resources.json +0 -40
- iam_policy_validator-1.7.1/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json +0 -40
- iam_policy_validator-1.7.1/examples/iam-test-policies/wrong_actions_mismatch/sqs-sns-wrong-resources.json +0 -26
- iam_policy_validator-1.7.1/iam_validator/__version__.py +0 -7
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/dependabot.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/ci.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/cleanup-prereleases.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/codeql.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/release.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.github/workflows/scorecard.yml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.gitignore +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/.python-version +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/CONTRIBUTING.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/DOCS.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/LICENSE +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/SECURITY.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/_manifest.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/_services.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/a2c.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/a4b.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/access-analyzer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/acm-pca.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/acm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/action-recommendations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/activate.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aiops.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/airflow.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/amplify.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/amplifybackend.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/amplifyuibuilder.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aoss.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/apigateway.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/app-integrations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appconfig.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appfabric.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appflow.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/application-autoscaling.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/application-signals.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/application-transformation.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/applicationinsights.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appmesh-preview.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appmesh.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/apprunner.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appstream.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appstudio.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/appsync.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/apptest.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aps.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/arc-region-switch.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/arc-zonal-shift.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/arsenal.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/artifact.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/athena.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/auditmanager.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/autoscaling-plans.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/autoscaling.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aws-marketplace-management.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aws-marketplace.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/aws-portal.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/awsconnector.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/b2bi.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/backup-gateway.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/backup-search.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/backup-storage.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/backup.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/batch.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bcm-dashboards.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bcm-data-exports.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bcm-pricing-calculator.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bcm-recommended-actions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bedrock-agentcore.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bedrock.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/billing.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/billingconductor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/braket.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/budgets.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/bugbust.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cases.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cassandra.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ce.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/chatbot.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/chime.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cleanrooms-ml.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cleanrooms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloud9.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/clouddirectory.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudformation.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudfront-keyvaluestore.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudfront.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudhsm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudsearch.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudshell.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudtrail-data.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudtrail.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cloudwatch.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeartifact.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codebuild.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codecatalyst.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codecommit.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeconnections.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codedeploy-commands-secure.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codedeploy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeguru-profiler.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeguru-reviewer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeguru-security.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codeguru.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codepipeline.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codestar-connections.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codestar-notifications.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codestar.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/codewhisperer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cognito-identity.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cognito-idp.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cognito-sync.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/comprehend.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/comprehendmedical.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/compute-optimizer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/config.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/connect-campaigns.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/connect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/consoleapp.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/consolidatedbilling.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/controlcatalog.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/controltower.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cost-optimization-hub.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/cur.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/customer-verification.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/databrew.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dataexchange.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/datapipeline.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/datasync.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/datazone.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dax.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dbqms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/deadline.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/deepcomposer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/deepracer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/detective.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/devicefarm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/devops-guru.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/directconnect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/discovery.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dlm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/docdb-elastic.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/drs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ds-data.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ds.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dsql.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/dynamodb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ebs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ec2-instance-connect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ec2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ec2messages.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ecr-public.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ecr.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ecs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/eks-auth.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/eks.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elasticache.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elasticbeanstalk.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elasticfilesystem.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elasticloadbalancing.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elasticmapreduce.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elastictranscoder.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elemental-activations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elemental-appliances-software.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elemental-support-cases.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/elemental-support-content.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/emr-containers.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/emr-serverless.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/entityresolution.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/es.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/events.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/evidently.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/evs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/execute-api.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/finspace-api.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/finspace.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/firehose.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/fis.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/fms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/forecast.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/frauddetector.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/freertos.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/freetier.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/fsx.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/gamelift.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/gameliftstreams.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/geo-maps.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/geo-places.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/geo-routes.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/geo.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/glacier.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/globalaccelerator.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/glue.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/grafana.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/greengrass.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/groundstation.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/groundtruthlabeling.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/guardduty.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/health.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/healthlake.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/honeycode.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iam.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/identity-sync.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/identitystore-auth.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/identitystore.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/imagebuilder.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/importexport.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/inspector-scan.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/inspector.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/inspector2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/internetmonitor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/invoicing.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iot-device-tester.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iot.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotanalytics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotdeviceadvisor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotevents.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotfleethub.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotfleetwise.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotjobsdata.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotmanagedintegrations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotsitewise.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iottwinmaker.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iotwireless.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iq-permission.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/iq.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ivs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ivschat.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kafka-cluster.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kafka.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kafkaconnect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kendra-ranking.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kendra.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kinesis.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kinesisanalytics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kinesisvideo.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/kms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lakeformation.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lambda.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/launchwizard.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lex.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/license-manager-linux-subscriptions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/license-manager-user-subscriptions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/license-manager.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lightsail.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/logs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lookoutequipment.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lookoutmetrics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/lookoutvision.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/m2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/machinelearning.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/macie2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/managedblockchain-query.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/managedblockchain.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mapcredits.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/marketplacecommerceanalytics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mechanicalturk.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediaconnect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediaconvert.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediaimport.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/medialive.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediapackage-vod.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediapackage.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediapackagev2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediastore.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mediatailor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/medical-imaging.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/memorydb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mgh.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mgn.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/migrationhub-orchestrator.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/migrationhub-strategy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mobileanalytics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mobiletargeting.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/monitron.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mpa.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/mq.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/neptune-db.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/neptune-graph.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/network-firewall.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/network-security-director.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/networkflowmonitor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/networkmanager-chat.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/networkmanager.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/networkmonitor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/nimble.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/notifications-contacts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/notifications.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/oam.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/observabilityadmin.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/odb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/omics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/one.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/opensearch.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/opsworks-cm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/opsworks.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/organizations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/osis.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/outposts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/panorama.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/partnercentral-account-management.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/partnercentral.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/payment-cryptography.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/payments.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pca-connector-ad.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pca-connector-scep.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pcs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/personalize.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pi.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pipes.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/polly.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/pricing.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/private-networks.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/profile.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/proton.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/purchase-orders.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/q.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/qapps.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/qbusiness.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/qdeveloper.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/qldb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/quicksight.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ram.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rbin.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rds-data.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rds-db.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rds.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/redshift-data.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/redshift-serverless.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/redshift.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/refactor-spaces.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rekognition.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/repostspace.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/resiliencehub.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/resource-explorer-2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/resource-explorer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/resource-groups.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rhelkb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/robomaker.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rolesanywhere.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53-recovery-cluster.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53-recovery-control-config.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53-recovery-readiness.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53domains.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53profiles.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/route53resolver.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rtbfabric.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/rum.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3-object-lambda.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3-outposts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3express.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3tables.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/s3vectors.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sagemaker-data-science-assistant.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sagemaker-geospatial.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sagemaker-mlflow.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sagemaker.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/savingsplans.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/scheduler.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/schemas.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/scn.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sdb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/secretsmanager.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/security-ir.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/securityhub.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/securitylake.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/serverlessrepo.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/servicecatalog.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/servicediscovery.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/serviceextract.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/servicequotas.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ses.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/shield.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/signer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/signin.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/simspaceweaver.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sms-voice.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sms.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/snow-device-management.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/snowball.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sns.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/social-messaging.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sqlworkbench.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sqs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm-contacts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm-guiconnect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm-incidents.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm-quicksetup.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm-sap.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssm.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ssmmessages.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sso-directory.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sso-oauth.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sso.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/states.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/storagegateway.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/support-console.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/support.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/supportapp.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/supportplans.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/sustainability.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/swf.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/synthetics.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/tag.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/tax.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/textract.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/thinclient.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/timestream-influxdb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/timestream.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/tiros.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/tnb.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/transcribe.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/transfer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/transform.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/translate.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/trustedadvisor.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/ts.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/user-subscriptions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/uxc.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/vendor-insights.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/verified-access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/verifiedpermissions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/voiceid.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/vpc-lattice-svcs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/vpc-lattice.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/vpce.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/waf-regional.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/waf.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/wafv2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/wam.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/wellarchitected.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/wickr.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/wisdom.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workdocs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/worklink.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workmail.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workmailmessageflow.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workspaces-instances.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workspaces-web.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/workspaces.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/aws_services/xray.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/CHECKS.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/ROADMAP.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/SDK.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/aws-api-configuration.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/aws-services-backup.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/check-reference.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/custom-checks.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/development/PUBLISHING.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/development/pre-release-guide.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/github-actions-examples.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/github-actions-workflows.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/modular-configuration.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/privilege-escalation.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/python-library-usage.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/docs/smart-filtering.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/access-analyzer/example1.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/access-analyzer/example2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/basic-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/ci-cd-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/development-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/full-reference-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/minimal-validation-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/offline-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/policy-level-condition-enforcement-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/principal-condition-enforcement.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/principal-validation-public-with-conditions.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/principal-validation-relaxed.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/principal-validation-strict.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/privilege-escalation-focus-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/resource-policy-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/security-audit-config.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/configs/strict-security.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/cross_account_external_id_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/domain_restriction_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/encryption_required_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/mfa_required_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/region_restriction_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/tag_enforcement_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/custom_checks/time_based_access_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/access-analyzer-only.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/basic-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/custom-policy-checks.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/multi-region-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/resource-policy-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/sarif-code-scanning.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/sequential-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/two-step-validation.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/github-actions/validate-changed-files.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/allowed-wildcard-resource.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/api_gateway_management.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/athena_query_access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/backup_vault_access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/cloudformation_deployer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/cloudwatch_monitoring.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/cognito_user_pool.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/dynamodb_table_access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/ecs_task_execution.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/eventbridge_rules.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/glue_etl_jobs.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/insecure_policy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/insecure_policy.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/invalid-resource-constraint.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/invalid_policy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/kms_encryption_keys.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/lambda_developer.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/lambda_developer.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/maximum_size_policy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/policy_missing_required_tags.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/policy_tag_enforcement_example.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/policy_with_wildcard_resources.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/privilege_escalation_scattered.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/rds_database_admin.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/s3_bucket_access.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/sample_policy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/sample_policy.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/secrets_manager_access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/sensitive-action-wildcards.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/sns_sqs_messaging.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/step_functions_workflow.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/test_none_of_valid.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/test_none_of_violations.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/valid-sid-formats.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/wildcard_examples.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/wildcard_examples.yaml +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/wrong-condition-key.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/service-control-policies/require-mfa.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/service-control-policies/restrict-regions.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/iam-test-policies/wrong_actions_mismatch/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example1_basic_usage.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example1_basic_usage_new.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example2_config_file.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example2_context_manager.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example3_policy_manipulation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example3_programmatic_config.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/example4_custom_condition_requirements.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/policies/my-policy.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/policies/policy1.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/policies/policy2.json +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/examples/library-usage/quick_reference.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/__main__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/action_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/policy_size.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/policy_type_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/resource_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/set_operator_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/utils/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/utils/policy_level_checks.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/analyze.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/base.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/cache.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/download_services.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/commands/post_to_pr.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/access_analyzer.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/access_analyzer_report.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/check_registry.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/cli.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/condition_validators.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/aws_api.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/aws_global_conditions.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/category_suggestions.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/condition_requirements.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/principal_requirements.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/sensitive_actions.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/service_principals.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/config/wildcards.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/base.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/html.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/json.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/formatters/sarif.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/core/pr_commenter.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/integrations/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/integrations/ms_teams.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/arn_matching.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/context.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/exceptions.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/helpers.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/policy_utils.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/sdk/shortcuts.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/utils/cache.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/iam_validator/utils/regex.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/scripts/download_aws_services.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/scripts/sync_defaults_from_yaml.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/README.md +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/__init__.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_action_condition_enforcement.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_action_condition_enforcement_policy_level.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_action_validation_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_aws_api_config.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_aws_fetcher_wildcards.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_aws_global_conditions.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_check_registry.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_comment_truncation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_condition_type_mismatch.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_config_loader.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_custom_policy_checks.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_mfa_condition_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_models.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_multipart_comments.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_policy_loader.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_policy_size_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_policy_type_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_regex_utils.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_resource_validation_check.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_sensitive_action_wildcard_expansion.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_set_operator_validation.py +0 -0
- {iam_policy_validator-1.7.1 → iam_policy_validator-1.7.2}/tests/test_sid_uniqueness_check.py +0 -0
|
@@ -44,7 +44,7 @@ jobs:
|
|
|
44
44
|
environment: prerelease # Requires approval from environment reviewers
|
|
45
45
|
permissions:
|
|
46
46
|
contents: write # Required for creating releases and tags
|
|
47
|
-
pull-requests:
|
|
47
|
+
pull-requests: write # Required for reading PR info and commenting
|
|
48
48
|
id-token: write # Required for PyPI trusted publishing (test.pypi.org)
|
|
49
49
|
|
|
50
50
|
steps:
|
|
@@ -173,10 +173,14 @@ jobs:
|
|
|
173
173
|
|
|
174
174
|
cat PRERELEASE_NOTES.md
|
|
175
175
|
|
|
176
|
+
- name: Get current commit SHA
|
|
177
|
+
id: commit
|
|
178
|
+
run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
|
|
179
|
+
|
|
176
180
|
- name: Create GitHub Pre-Release
|
|
177
181
|
uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2
|
|
178
182
|
with:
|
|
179
|
-
name: "${{ steps.version.outputs.tag }}
|
|
183
|
+
name: "${{ steps.version.outputs.tag }}"
|
|
180
184
|
tag_name: ${{ steps.version.outputs.tag }}
|
|
181
185
|
body_path: PRERELEASE_NOTES.md
|
|
182
186
|
files: |
|
|
@@ -185,7 +189,8 @@ jobs:
|
|
|
185
189
|
draft: false
|
|
186
190
|
prerelease: true
|
|
187
191
|
generate_release_notes: false
|
|
188
|
-
target_commitish: ${{ steps.
|
|
192
|
+
target_commitish: ${{ steps.commit.outputs.sha }}
|
|
193
|
+
make_latest: false
|
|
189
194
|
env:
|
|
190
195
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
191
196
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
.PHONY: help install dev clean test lint format type-check build publish publish-test version sync-defaults
|
|
1
|
+
.PHONY: help install dev clean test lint format ruff type-check build publish publish-test version sync-defaults
|
|
2
2
|
|
|
3
3
|
# Default target
|
|
4
4
|
help:
|
|
@@ -14,6 +14,7 @@ help:
|
|
|
14
14
|
@echo " make test Run tests"
|
|
15
15
|
@echo " make lint Run linting checks"
|
|
16
16
|
@echo " make format Format code with ruff"
|
|
17
|
+
@echo " make ruff Format code with ruff (alias for format)"
|
|
17
18
|
@echo " make type-check Run mypy type checking"
|
|
18
19
|
@echo " make check Run all checks (lint + type + test)"
|
|
19
20
|
@echo ""
|
|
@@ -73,6 +74,8 @@ format:
|
|
|
73
74
|
@uv run ruff format iam_validator/
|
|
74
75
|
@uv run ruff check --fix iam_validator/
|
|
75
76
|
|
|
77
|
+
ruff: format
|
|
78
|
+
|
|
76
79
|
type-check:
|
|
77
80
|
uv run mypy iam_validator/
|
|
78
81
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.7.
|
|
3
|
+
Version: 1.7.2
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
|
|
@@ -426,4 +426,3 @@ MIT License - see [LICENSE](LICENSE) file for details.
|
|
|
426
426
|
## 🆘 Support
|
|
427
427
|
|
|
428
428
|
- **Issues**: [GitHub Issues](https://github.com/boogy/iam-policy-validator/issues)
|
|
429
|
-
- **Discussions**: [GitHub Discussions](https://github.com/boogy/iam-policy-validator/discussions)
|
|
@@ -384,4 +384,3 @@ MIT License - see [LICENSE](LICENSE) file for details.
|
|
|
384
384
|
## 🆘 Support
|
|
385
385
|
|
|
386
386
|
- **Issues**: [GitHub Issues](https://github.com/boogy/iam-policy-validator/issues)
|
|
387
|
-
- **Discussions**: [GitHub Discussions](https://github.com/boogy/iam-policy-validator/discussions)
|
|
@@ -153,6 +153,17 @@ runs:
|
|
|
153
153
|
run: uv sync --frozen
|
|
154
154
|
shell: bash
|
|
155
155
|
|
|
156
|
+
- name: Display version information
|
|
157
|
+
working-directory: ${{ github.action_path }}
|
|
158
|
+
run: |
|
|
159
|
+
# Get version from package
|
|
160
|
+
VERSION=$(uv run python -c "from iam_validator.__version__ import __version__; print(__version__)")
|
|
161
|
+
|
|
162
|
+
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
163
|
+
echo "🛡️ IAM Policy Validator ${VERSION}"
|
|
164
|
+
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
165
|
+
shell: bash
|
|
166
|
+
|
|
156
167
|
- name: Get current week for cache key
|
|
157
168
|
id: week
|
|
158
169
|
run: echo "week=$(date +%Y-W%V)" >> $GITHUB_OUTPUT
|
|
@@ -97,16 +97,24 @@ description = IAM_PASS_ROLE_REQUIREMENT['required_conditions'][0]['description']
|
|
|
97
97
|
```python
|
|
98
98
|
{
|
|
99
99
|
"actions": ["iam:PassRole"],
|
|
100
|
-
"severity": "high",
|
|
100
|
+
"severity": "high", # Optional: Override check-level severity
|
|
101
101
|
"required_conditions": [{
|
|
102
102
|
"condition_key": "iam:PassedToService",
|
|
103
|
-
"description": "
|
|
104
|
-
"
|
|
105
|
-
"
|
|
103
|
+
"description": "Restrict which services can assume the role", # User-facing explanation
|
|
104
|
+
"example": '{\n "Condition": {\n "StringEquals": {\n "iam:PassedToService": "lambda.amazonaws.com"\n }\n }\n}', # Optional: Shows in GitHub with ```json formatting
|
|
105
|
+
"expected_value": "lambda.amazonaws.com", # Optional: Specific value to check
|
|
106
|
+
"operator": "StringEquals", # Optional: Condition operator (default: StringEquals)
|
|
106
107
|
}]
|
|
107
108
|
}
|
|
108
109
|
```
|
|
109
110
|
|
|
111
|
+
**Field Reference:**
|
|
112
|
+
- `condition_key` (required) - The IAM condition key to enforce
|
|
113
|
+
- `description` (optional) - Explanation shown to users (plain text suggestion)
|
|
114
|
+
- `example` (optional) - Code example (formatted as ` ```json ` block in GitHub PR comments)
|
|
115
|
+
- `expected_value` (optional) - Specific value the condition should have
|
|
116
|
+
- `operator` (optional) - Condition operator type (default: "StringEquals")
|
|
117
|
+
|
|
110
118
|
**Advanced Conditions:**
|
|
111
119
|
```python
|
|
112
120
|
{
|
|
@@ -135,12 +135,14 @@ Tailor validation messages to your organization's guidelines. Each check support
|
|
|
135
135
|
|
|
136
136
|
When configuring checks, you can customize these fields:
|
|
137
137
|
|
|
138
|
-
| Field | Purpose | When Shown | Audience |
|
|
139
|
-
| ------------- | -------------------------------------------- | ------------------------------ | ------------------------------- |
|
|
140
|
-
| `description` | Technical description of what the check does | Documentation, check listings | Developers maintaining the tool |
|
|
141
|
-
| `message` | Error/warning message when issue is detected | Validation reports, CLI output | End users fixing policies |
|
|
142
|
-
| `suggestion` | Guidance on how to fix or mitigate the issue | Validation reports
|
|
143
|
-
| `example` | Concrete code example showing before/after | Validation reports
|
|
138
|
+
| Field | Purpose | When Shown | Audience | GitHub Formatting |
|
|
139
|
+
| ------------- | -------------------------------------------- | ------------------------------ | ------------------------------- | ----------------- |
|
|
140
|
+
| `description` | Technical description of what the check does | Documentation, check listings | Developers maintaining the tool | Plain text |
|
|
141
|
+
| `message` | Error/warning message when issue is detected | Validation reports, CLI output | End users fixing policies | Plain text |
|
|
142
|
+
| `suggestion` | Guidance on how to fix or mitigate the issue | Validation reports, GitHub PRs | Developers implementing fixes | Plain text |
|
|
143
|
+
| `example` | Concrete code example showing before/after | Validation reports, GitHub PRs | Developers writing policy code | ` ```json ` block |
|
|
144
|
+
|
|
145
|
+
**GitHub PR Comments:** The `example` field is automatically wrapped in ` ```json ` code blocks when posted to GitHub PR review comments, providing syntax highlighting and proper formatting. Console and enhanced output display examples as plain text.
|
|
144
146
|
|
|
145
147
|
### Field Progression
|
|
146
148
|
|
|
@@ -193,8 +195,7 @@ full_wildcard:
|
|
|
193
195
|
|
|
194
196
|
### Output Example
|
|
195
197
|
|
|
196
|
-
|
|
197
|
-
|
|
198
|
+
**Console/Enhanced Output:**
|
|
198
199
|
```
|
|
199
200
|
❌ full_wildcard (CRITICAL)
|
|
200
201
|
|
|
@@ -208,15 +209,17 @@ Replace:
|
|
|
208
209
|
"Resource": "*"
|
|
209
210
|
|
|
210
211
|
With specific values:
|
|
211
|
-
"Action": [
|
|
212
|
-
|
|
213
|
-
"s3:PutObject"
|
|
214
|
-
],
|
|
215
|
-
"Resource": [
|
|
216
|
-
"arn:aws:s3:::my-bucket/*"
|
|
217
|
-
]
|
|
212
|
+
"Action": ["s3:GetObject", "s3:PutObject"],
|
|
213
|
+
"Resource": ["arn:aws:s3:::my-bucket/*"]
|
|
218
214
|
```
|
|
219
215
|
|
|
216
|
+
**GitHub PR Comment:**
|
|
217
|
+
The same issue in a GitHub PR review comment automatically formats the example with syntax highlighting:
|
|
218
|
+
|
|
219
|
+
<img width="600" alt="GitHub PR comment with formatted JSON" src="https://github.com/user-attachments/assets/example.png">
|
|
220
|
+
|
|
221
|
+
The `example` field is wrapped in ` ```json ` blocks for proper GitHub markdown rendering, while suggestion remains plain text.
|
|
222
|
+
|
|
220
223
|
### Template Placeholders
|
|
221
224
|
|
|
222
225
|
Some checks support dynamic placeholders in messages that get replaced with actual values when issues are detected. This allows you to create flexible, context-aware validation messages.
|
|
@@ -420,16 +423,28 @@ wildcard_action:
|
|
|
420
423
|
|
|
421
424
|
### Field Availability by Check
|
|
422
425
|
|
|
423
|
-
Not all checks support all
|
|
426
|
+
Not all checks support all customizable fields:
|
|
427
|
+
|
|
428
|
+
**Universal Fields (all checks):**
|
|
429
|
+
- ✅ `enabled` - Enable/disable the check
|
|
430
|
+
- ✅ `severity` - Override severity level
|
|
431
|
+
- ✅ `description` - Technical description (internal documentation)
|
|
432
|
+
|
|
433
|
+
**Configurable Message Fields (security & wildcard checks):**
|
|
434
|
+
- ✅ `message` - Custom error/warning text
|
|
435
|
+
- Supported by: `wildcard_action`, `wildcard_resource`, `full_wildcard`, `service_wildcard`, `sensitive_action`
|
|
436
|
+
- ✅ `suggestion` - Custom guidance text (plain text)
|
|
437
|
+
- Supported by: `wildcard_action`, `wildcard_resource`, `full_wildcard`, `service_wildcard`, `sensitive_action`
|
|
438
|
+
- ✅ `example` - Custom code example (formatted as ` ```json ` in GitHub)
|
|
439
|
+
- Supported by: `wildcard_action`, `wildcard_resource`, `full_wildcard`, `service_wildcard`, `sensitive_action`
|
|
440
|
+
|
|
441
|
+
**Advanced Checks (per-requirement customization):**
|
|
442
|
+
- `action_condition_enforcement` - Each requirement can have `description` and `example` (see [condition-requirements.md](condition-requirements.md))
|
|
443
|
+
- `principal_validation` - Each principal requirement can have `description` and `example` in the `required_conditions` block
|
|
424
444
|
|
|
425
|
-
|
|
426
|
-
- ✅ `severity` - Supported by all checks
|
|
427
|
-
- ✅ `enabled` - Supported by all checks
|
|
428
|
-
- ⚠️ `message` - Supported by most checks (wildcards, sensitive actions, etc.)
|
|
429
|
-
- ⚠️ `suggestion` - Supported by security checks
|
|
430
|
-
- ⚠️ `example` - Supported by security checks
|
|
445
|
+
**Note:** Validation checks (e.g., `action_validation`, `condition_key_validation`, `resource_validation`) generate messages automatically based on AWS service definitions and do not support custom message fields.
|
|
431
446
|
|
|
432
|
-
**Default Messages:** See [defaults.py](../iam_validator/core/config/defaults.py) for all built-in messages and fields
|
|
447
|
+
**Default Messages:** See [defaults.py](../iam_validator/core/config/defaults.py) for all built-in messages and available fields per check
|
|
433
448
|
|
|
434
449
|
## Principal Validation
|
|
435
450
|
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "PassExecRoleToLambda",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": [
|
|
8
|
+
"iam:GetRole",
|
|
9
|
+
"iam:PassRole"
|
|
10
|
+
],
|
|
11
|
+
"Resource": "arn:aws:iam::${aws_account_id}:role/lambda-exec-role"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"Sid": "ReadExecRole",
|
|
15
|
+
"Effect": "Allow",
|
|
16
|
+
"Action": "iam:GetRole",
|
|
17
|
+
"Resource": "arn:aws:iam::${aws_account_id}:role/${environment}-*"
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
"Sid": "DDKeysSecret",
|
|
21
|
+
"Effect": "Allow",
|
|
22
|
+
"Action": [
|
|
23
|
+
"secretsmanager:DescribeSecret",
|
|
24
|
+
"secretsmanager:GetResourcePolicy"
|
|
25
|
+
],
|
|
26
|
+
"Resource": "arn:aws:secretsmanager:*:${aws_account_id}:secret:main/datadog/api-key/platform/plaintext-*"
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"Sid": "S3BucketAccess",
|
|
30
|
+
"Effect": "Allow",
|
|
31
|
+
"Action": [
|
|
32
|
+
"s3:GetObject",
|
|
33
|
+
"s3:PutObject"
|
|
34
|
+
],
|
|
35
|
+
"Resource": "arn:aws:s3:::${bucket_name}/*"
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"Sid": "CloudFormationTemplate",
|
|
39
|
+
"Effect": "Allow",
|
|
40
|
+
"Action": "iam:GetRole",
|
|
41
|
+
"Resource": "arn:aws:iam::${AWS::AccountId}:role/CloudFormationRole"
|
|
42
|
+
}
|
|
43
|
+
]
|
|
44
|
+
}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "ExampleWithWrongConditionKey",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": ["s3:PutObject"],
|
|
8
|
+
"Resource": "arn:aws:s3:::example-bucket/*",
|
|
9
|
+
"Condition": {
|
|
10
|
+
"StringEquals": {
|
|
11
|
+
"iam:PassedToService": "lambda.amazonaws.com"
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
@@ -5,22 +5,19 @@
|
|
|
5
5
|
"Sid": "GetItemWithIndexARN",
|
|
6
6
|
"Effect": "Allow",
|
|
7
7
|
"Action": "dynamodb:GetItem",
|
|
8
|
-
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/index/*"
|
|
9
|
-
"Comment": "WRONG: dynamodb:GetItem requires table ARN, not index ARN"
|
|
8
|
+
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/index/*"
|
|
10
9
|
},
|
|
11
10
|
{
|
|
12
11
|
"Sid": "QueryWithStreamARN",
|
|
13
12
|
"Effect": "Allow",
|
|
14
13
|
"Action": "dynamodb:Query",
|
|
15
|
-
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/stream/*"
|
|
16
|
-
"Comment": "WRONG: dynamodb:Query requires table ARN, not stream ARN"
|
|
14
|
+
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/stream/*"
|
|
17
15
|
},
|
|
18
16
|
{
|
|
19
17
|
"Sid": "DeleteTableWithBackupARN",
|
|
20
18
|
"Effect": "Allow",
|
|
21
19
|
"Action": "dynamodb:DeleteTable",
|
|
22
|
-
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/backup/*"
|
|
23
|
-
"Comment": "WRONG: dynamodb:DeleteTable requires table ARN only"
|
|
20
|
+
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable/backup/*"
|
|
24
21
|
}
|
|
25
22
|
]
|
|
26
23
|
}
|
|
@@ -5,29 +5,25 @@
|
|
|
5
5
|
"Sid": "TerminateInstancesWithVolumeARN",
|
|
6
6
|
"Effect": "Allow",
|
|
7
7
|
"Action": "ec2:TerminateInstances",
|
|
8
|
-
"Resource": "arn:aws:ec2:us-east-1:123456789012:volume/*"
|
|
9
|
-
"Comment": "WRONG: ec2:TerminateInstances requires instance ARN, not volume ARN"
|
|
8
|
+
"Resource": "arn:aws:ec2:us-east-1:123456789012:volume/*"
|
|
10
9
|
},
|
|
11
10
|
{
|
|
12
11
|
"Sid": "DeleteVolumeWithInstanceARN",
|
|
13
12
|
"Effect": "Allow",
|
|
14
13
|
"Action": "ec2:DeleteVolume",
|
|
15
|
-
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
|
|
16
|
-
"Comment": "WRONG: ec2:DeleteVolume requires volume ARN, not instance ARN"
|
|
14
|
+
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
|
|
17
15
|
},
|
|
18
16
|
{
|
|
19
17
|
"Sid": "CreateSnapshotWithInstanceARN",
|
|
20
18
|
"Effect": "Allow",
|
|
21
19
|
"Action": "ec2:CreateSnapshot",
|
|
22
|
-
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
|
|
23
|
-
"Comment": "WRONG: ec2:CreateSnapshot requires volume ARN"
|
|
20
|
+
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
|
|
24
21
|
},
|
|
25
22
|
{
|
|
26
23
|
"Sid": "AttachVolumeWithSnapshotARN",
|
|
27
24
|
"Effect": "Allow",
|
|
28
25
|
"Action": "ec2:AttachVolume",
|
|
29
|
-
"Resource": "arn:aws:ec2:us-east-1:123456789012:snapshot/*"
|
|
30
|
-
"Comment": "WRONG: ec2:AttachVolume requires volume and instance ARNs"
|
|
26
|
+
"Resource": "arn:aws:ec2:us-east-1:123456789012:snapshot/*"
|
|
31
27
|
}
|
|
32
28
|
]
|
|
33
29
|
}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "GetUserWithRoleARN",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": "iam:GetUser",
|
|
8
|
+
"Resource": "arn:aws:iam::123456789012:role/*"
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
"Sid": "GetRoleWithUserARN",
|
|
12
|
+
"Effect": "Allow",
|
|
13
|
+
"Action": "iam:GetRole",
|
|
14
|
+
"Resource": "arn:aws:iam::123456789012:user/*"
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"Sid": "GetPolicyWithUserARN",
|
|
18
|
+
"Effect": "Allow",
|
|
19
|
+
"Action": "iam:GetPolicy",
|
|
20
|
+
"Resource": "arn:aws:iam::123456789012:user/TestUser"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"Sid": "CreateUserWithSpecificARN",
|
|
24
|
+
"Effect": "Allow",
|
|
25
|
+
"Action": "iam:CreateUser",
|
|
26
|
+
"Resource": "arn:aws:iam::123456789012:user/SpecificUser"
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"Sid": "DeleteRoleWithGroupARN",
|
|
30
|
+
"Effect": "Allow",
|
|
31
|
+
"Action": "iam:DeleteRole",
|
|
32
|
+
"Resource": "arn:aws:iam::123456789012:group/*"
|
|
33
|
+
}
|
|
34
|
+
]
|
|
35
|
+
}
|
|
@@ -5,22 +5,19 @@
|
|
|
5
5
|
"Sid": "InvokeFunctionWithLayerARN",
|
|
6
6
|
"Effect": "Allow",
|
|
7
7
|
"Action": "lambda:InvokeFunction",
|
|
8
|
-
"Resource": "arn:aws:lambda:us-east-1:123456789012:layer:my-layer:*"
|
|
9
|
-
"Comment": "WRONG: lambda:InvokeFunction requires function ARN, not layer ARN"
|
|
8
|
+
"Resource": "arn:aws:lambda:us-east-1:123456789012:layer:my-layer:*"
|
|
10
9
|
},
|
|
11
10
|
{
|
|
12
11
|
"Sid": "GetLayerVersionWithFunctionARN",
|
|
13
12
|
"Effect": "Allow",
|
|
14
13
|
"Action": "lambda:GetLayerVersion",
|
|
15
|
-
"Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
|
|
16
|
-
"Comment": "WRONG: lambda:GetLayerVersion requires layer version ARN"
|
|
14
|
+
"Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
|
|
17
15
|
},
|
|
18
16
|
{
|
|
19
17
|
"Sid": "DeleteFunctionWithEventSourceARN",
|
|
20
18
|
"Effect": "Allow",
|
|
21
19
|
"Action": "lambda:DeleteFunction",
|
|
22
|
-
"Resource": "arn:aws:lambda:us-east-1:123456789012:event-source-mapping:*"
|
|
23
|
-
"Comment": "WRONG: lambda:DeleteFunction requires function ARN"
|
|
20
|
+
"Resource": "arn:aws:lambda:us-east-1:123456789012:event-source-mapping:*"
|
|
24
21
|
}
|
|
25
22
|
]
|
|
26
23
|
}
|
iam_policy_validator-1.7.2/examples/iam-test-policies/wrong_actions_mismatch/s3-wrong-resources.json
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "GetObjectWithBucketARN",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": "s3:GetObject",
|
|
8
|
+
"Resource": "arn:aws:s3:::my-bucket"
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
"Sid": "ListBucketWithObjectARN",
|
|
12
|
+
"Effect": "Allow",
|
|
13
|
+
"Action": "s3:ListBucket",
|
|
14
|
+
"Resource": "arn:aws:s3:::my-bucket/*"
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"Sid": "PutObjectWithBucketARN",
|
|
18
|
+
"Effect": "Allow",
|
|
19
|
+
"Action": "s3:PutObject",
|
|
20
|
+
"Resource": "arn:aws:s3:::my-bucket"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"Sid": "DeleteObjectWithBucketARN",
|
|
24
|
+
"Effect": "Allow",
|
|
25
|
+
"Action": "s3:DeleteObject",
|
|
26
|
+
"Resource": "arn:aws:s3:::my-bucket"
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"Sid": "DeleteBucketWithObjectARN",
|
|
30
|
+
"Effect": "Allow",
|
|
31
|
+
"Action": "s3:DeleteBucket",
|
|
32
|
+
"Resource": "arn:aws:s3:::my-bucket/*"
|
|
33
|
+
}
|
|
34
|
+
]
|
|
35
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "SendMessageToSNSTopic",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": "sqs:SendMessage",
|
|
8
|
+
"Resource": "arn:aws:sns:us-east-1:123456789012:MyTopic"
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
"Sid": "PublishToSQSQueue",
|
|
12
|
+
"Effect": "Allow",
|
|
13
|
+
"Action": "sns:Publish",
|
|
14
|
+
"Resource": "arn:aws:sqs:us-east-1:123456789012:MyQueue"
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"Sid": "DeleteQueueWithTopicARN",
|
|
18
|
+
"Effect": "Allow",
|
|
19
|
+
"Action": "sqs:DeleteQueue",
|
|
20
|
+
"Resource": "arn:aws:sns:us-east-1:123456789012:*"
|
|
21
|
+
}
|
|
22
|
+
]
|
|
23
|
+
}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Version": "2012-10-17",
|
|
3
|
+
"Statement": [
|
|
4
|
+
{
|
|
5
|
+
"Sid": "ExampleWithTypo",
|
|
6
|
+
"Effect": "Allow",
|
|
7
|
+
"Action": ["s3:PutObject"],
|
|
8
|
+
"Resource": "arn:aws:s3:::example-bucket/*",
|
|
9
|
+
"Ciondition": {
|
|
10
|
+
"StringEquals": {
|
|
11
|
+
"iam:PassedToService": "lambda.amazonaws.com"
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"""Version information for IAM Validator.
|
|
2
|
+
|
|
3
|
+
This file is the single source of truth for the package version.
|
|
4
|
+
"""
|
|
5
|
+
|
|
6
|
+
__version__ = "1.7.2"
|
|
7
|
+
# Parse version, handling pre-release suffixes like -rc, -alpha, -beta
|
|
8
|
+
_version_base = __version__.split("-")[0] # Remove pre-release suffix if present
|
|
9
|
+
__version_info__ = tuple(int(part) for part in _version_base.split("."))
|
|
@@ -349,7 +349,10 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
349
349
|
return issues
|
|
350
350
|
|
|
351
351
|
async def _check_action_match(
|
|
352
|
-
self,
|
|
352
|
+
self,
|
|
353
|
+
statement_actions: list[str],
|
|
354
|
+
requirement: dict[str, Any],
|
|
355
|
+
fetcher: AWSServiceFetcher,
|
|
353
356
|
) -> tuple[bool, list[str]]:
|
|
354
357
|
"""
|
|
355
358
|
Check if statement actions match the requirement.
|
|
@@ -766,6 +769,10 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
766
769
|
or self.get_severity(config) # Global check severity
|
|
767
770
|
)
|
|
768
771
|
|
|
772
|
+
suggestion_text, example_code = self._build_suggestion(
|
|
773
|
+
condition_key, description, example, expected_value, operator
|
|
774
|
+
)
|
|
775
|
+
|
|
769
776
|
return ValidationIssue(
|
|
770
777
|
severity=severity,
|
|
771
778
|
statement_sid=statement.sid,
|
|
@@ -774,9 +781,8 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
774
781
|
message=f"{message_prefix} Action(s) {matching_actions} require condition '{condition_key}'",
|
|
775
782
|
action=", ".join(matching_actions),
|
|
776
783
|
condition_key=condition_key,
|
|
777
|
-
suggestion=
|
|
778
|
-
|
|
779
|
-
),
|
|
784
|
+
suggestion=suggestion_text,
|
|
785
|
+
example=example_code,
|
|
780
786
|
line_number=statement.line_number,
|
|
781
787
|
)
|
|
782
788
|
|
|
@@ -787,19 +793,20 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
787
793
|
example: str,
|
|
788
794
|
expected_value: Any = None,
|
|
789
795
|
operator: str = "StringEquals",
|
|
790
|
-
) -> str:
|
|
791
|
-
"""Build
|
|
792
|
-
parts = []
|
|
796
|
+
) -> tuple[str, str]:
|
|
797
|
+
"""Build suggestion and example for adding the missing condition.
|
|
793
798
|
|
|
794
|
-
|
|
795
|
-
|
|
799
|
+
Returns:
|
|
800
|
+
Tuple of (suggestion_text, example_code)
|
|
801
|
+
"""
|
|
802
|
+
suggestion = description if description else f"Add condition: {condition_key}"
|
|
796
803
|
|
|
797
804
|
# Build example based on condition key type
|
|
798
805
|
if example:
|
|
799
|
-
|
|
806
|
+
example_code = example
|
|
800
807
|
else:
|
|
801
808
|
# Auto-generate example
|
|
802
|
-
example_lines = [
|
|
809
|
+
example_lines = [f' "{operator}": {{']
|
|
803
810
|
|
|
804
811
|
if isinstance(expected_value, list):
|
|
805
812
|
value_str = (
|
|
@@ -826,9 +833,9 @@ class ActionConditionEnforcementCheck(PolicyCheck):
|
|
|
826
833
|
example_lines.append(f' "{condition_key}": {value_str}')
|
|
827
834
|
example_lines.append(" }")
|
|
828
835
|
|
|
829
|
-
|
|
836
|
+
example_code = "\n".join(example_lines)
|
|
830
837
|
|
|
831
|
-
return
|
|
838
|
+
return suggestion, example_code
|
|
832
839
|
|
|
833
840
|
def _build_any_of_suggestion(self, any_of_conditions: list[dict[str, Any]]) -> str:
|
|
834
841
|
"""Build suggestion for any_of conditions."""
|