0.6.4: Easier usage of Policy Sentry as a python package

Developers can now leverage Policy Sentry as a python package without needing to build the database from the html docs. Just use db_session = connect_db('bundled') before passing in commands that require the db_session and you're ready to go. Also moved to a saner subfolder structure

0.6.3: Minor change. Analysis feature is easier when importing as a PyPi package

Broke up the guts of get_actions_from_policy_file in the shared/analyze.py file to a separate function, get_actions_from_policy so we can use this outside of Policy Sentry. See the test_analyze_by_access_level unit test in tests/test_analyze.py for an example.

0.6.2: `initialize --fetch` to pull latest IAM docs remotely

• Added --fetch argument to policy_sentry initialize command.
• Fixed scraping process because AWS changed their documentation
• overrides-resource-policies.yml to specifically identify API calls that modify resource based policies.

0.6.0: Bulk Analysis and Reporting of IAM Policies based on risk categories; download IAM policies from bulk accounts; docs refresh

New features:

• Analyze functionality now creates a comprehensive report (CSV and raw JSON, and optionally markdown) of IAM actions allowed per policy across multiple risk categories
• Analyze functionality can recursively analyze hundreds of downloaded IAM policies for allowed actions and include that in the report
• Report functionality supports custom report configuration, exclusion of roles to filter out false positives.
• HTML docs refresh for newer AWS services.
• download-policies now has the option to recursively download all IAM policies from accounts listed in your AWS credentials file. You can authenticate to all your accounts using a tool like Gossamer, then use this new feature to download all of the policies automagically for local analysis.

Breaking changes:

• Analysis folder is changed to ~/.policy_sentry/analysis (instead of ~/.policy_sentry/policy-analysis)
• analyze-iam-policy is now analyze

0.5.5: Fix issue with initialize command from last release. AWS docs refresh.

• Fixed issue where initialize was not working due to db_session being declared outside of a function. This only applied to the last release.
• Analyze command: Added credentials-exposure.txt audit file
• Fixed some stuff in the documentation that had old errors.
• Version bump
• HTML Documentation update approach (Fixes GH-23)
  • get_links.py and other util scripts are now updated. We no longer have to maintain the big list of service-to-html-names.
  • Missing services are now fixed by this HTML documentation update approach:
    • applicationinsights
    • appmesh
    • appmesh-preview
    • backup-storage
    • chatbot
    • codestar-notifications
    • dataexchange
    • ec2-instance-connect
    • iotthingsgraph
    • mediapackage-vod
    • managedblockchain
    • personalize
    • rdsiamauthentiation
    • savingsplans
    • pinpointemailservice
    • workmailmessageflow
    • Marketplace links:
      • Marketplace catalog
      • Marketplace Entitlement Service
      • Marketplace Image Building Service
      • Marketplace Procurement systems integration
      • Private Marketplace

0.5.4: Query the IAM database directly via CLI; write-policy CRUD mode now supports actions that cannot restrict according to specific ARNs

• Query the IAM database directly via CLI using policy_sentry query action-table, policy_sentry query arn-table, or policy_sentry query condition-table
• Policy writing CRUD mode now supports actions that cannot restrict according to specific ARNs, like s3:CreateBucket, or secretsmanager:CreateSecret
• Other bug fixes, documentation improvements, and cleanup activities.
• See documentation on https://policy-sentry.readthedocs.io/en/latest/

0.5.3: quick fix for boto dependencies and download-policies include-unattached flag

Making a quick fix for that issue so it doesn't block anyone.

2019-10-24
Added
Added boto3 and botocore to setup.py
Cutting a new release to provide a quick fix for those issues
This fixes #28
Changed
Updated Pipfile.lock
Fixed an issue with the list_policies command
Fixed the help text for the download-policies --include-unattached flag

0.5.2: Code to create policy-analysis subdirectory upon initialize was missing with last release... added it

Added

• analyze-iam-policy Code to create policy-analysis directory, was missing with last release... added it

Changed

• Removed leftover code before access-level overrides was a feature

Major increase in Access Level default overrides; added 3 missing services

Added

• access-level overrides now includes a TON of overrides.
• Services: Deepracer, Signer, EventBridge. Fixes #18 and Fixes #15
• Releasing 0.5.1 because of all the major changes to the database

Changed

• Links file
• Improvements to the documentation updating scripts.

0.5.0: Override Access levels so we aren't dependent on incorrect AWS documentation

Added

• We can now override Access levels so we aren't entirely dependent upon accurate AWS documentation for proper ACLs. Fixes #8.
• Test cases for the new Access level override functions
• You can now supply a custom YML file as part of the initialize command to test out your own overrides (so you don't have to depend on updates to this repository if you don't want to)
• Created policy_sentry/shared/data/access-level-overrides.yml for a preloaded set, based on the current known issues with AWS IAM access levels.
• Cut a new release because this is a big improvement (and because I moved around a function or two)