IsValidPolicyAWSPrincipal: Reduce visibility.

ewbankkit · ewbankkit · commit c0ba5724b89c · 2025-09-29T15:15:36.000-04:00
diff --git a/internal/service/iam/exports_test.go b/internal/service/iam/exports_test.go
@@ -66,6 +66,7 @@ var (
 	AttachPolicyToUser                = attachPolicyToUser
 	CheckPwdPolicy                    = checkPwdPolicy
 	GeneratePassword                  = generatePassword
+	IsValidPolicyAWSPrincipal         = isValidPolicyAWSPrincipal
 	ListGroupsForUserPages            = listGroupsForUserPages
 	RoleNameSessionFromARN            = roleNameSessionFromARN
 	RolePolicyParseID                 = rolePolicyParseID
diff --git a/internal/service/iam/policy_model.go b/internal/service/iam/policy_model.go
@@ -273,12 +273,12 @@ func policyHasValidAWSPrincipals(policy string) (bool, error) { // nosemgrep:ci.
 	for _, principal := range principals {
 		switch x := principal.(type) {
 		case string:
-			if !IsValidPolicyAWSPrincipal(x) {
+			if !isValidPolicyAWSPrincipal(x) {
 				return false, nil
 			}
 		case []string:
 			for _, s := range x {
-				if !IsValidPolicyAWSPrincipal(s) {
+				if !isValidPolicyAWSPrincipal(s) {
 					return false, nil
 				}
 			}
@@ -288,9 +288,9 @@ func policyHasValidAWSPrincipals(policy string) (bool, error) { // nosemgrep:ci.
 	return true, nil
 }
 
-// IsValidPolicyAWSPrincipal returns true if a string is a valid AWS Princial for an IAM Policy document
+// isValidPolicyAWSPrincipal returns true if a string is a valid AWS Princial for an IAM Policy document
 // That is: either an ARN, an AWS account ID, or `*`
-func IsValidPolicyAWSPrincipal(principal string) bool { // nosemgrep:ci.aws-in-func-name
+func isValidPolicyAWSPrincipal(principal string) bool { // nosemgrep:ci.aws-in-func-name
 	if principal == "*" {
 		return true
 	}

Original file line number	Diff line number	Diff line change
`@@ -273,12 +273,12 @@ func policyHasValidAWSPrincipals(policy string) (bool, error) { // nosemgrep:ci.`
`273`	`273`	`for _, principal := range principals {`
`274`	`274`	`switch x := principal.(type) {`
`275`	`275`	`case string:`
`276`		`- if !IsValidPolicyAWSPrincipal(x) {`
	`276`	`+ if !isValidPolicyAWSPrincipal(x) {`
`277`	`277`	`return false, nil`
`278`	`278`	`}`
`279`	`279`	`case []string:`
`280`	`280`	`for _, s := range x {`
`281`		`- if !IsValidPolicyAWSPrincipal(s) {`
	`281`	`+ if !isValidPolicyAWSPrincipal(s) {`
`282`	`282`	`return false, nil`
`283`	`283`	`}`
`284`	`284`	`}`
`@@ -288,9 +288,9 @@ func policyHasValidAWSPrincipals(policy string) (bool, error) { // nosemgrep:ci.`
`288`	`288`	`return true, nil`
`289`	`289`	`}`
`290`	`290`
`291`		`-// IsValidPolicyAWSPrincipal returns true if a string is a valid AWS Princial for an IAM Policy document`
	`291`	`+// isValidPolicyAWSPrincipal returns true if a string is a valid AWS Princial for an IAM Policy document`
`292`	`292`	// That is: either an ARN, an AWS account ID, or `*`
`293`		`-func IsValidPolicyAWSPrincipal(principal string) bool { // nosemgrep:ci.aws-in-func-name`
	`293`	`+func isValidPolicyAWSPrincipal(principal string) bool { // nosemgrep:ci.aws-in-func-name`
`294`	`294`	`if principal == "*" {`
`295`	`295`	`return true`
`296`	`296`	`}`