From e419331bbe753f6942c246bec7a71af1499a08a6 Mon Sep 17 00:00:00 2001
From: Jacob Hamblin-Pyke <jacob.hamblin-pyke@digital.justice.gov.uk>
Date: Mon, 1 Jul 2024 12:11:42 +0000
Subject: [PATCH 1/4] Very slightly expand standard athena permissions

---
 examples/iam_policy.json                      | 1 +
 iam_builder/templates.py                      | 1 +
 tests/expected_policy/athena_full_access.json | 1 +
 tests/expected_policy/athena_read_only.json   | 1 +
 tests/expected_policy/athena_two_dumps.json   | 1 +
 5 files changed, 5 insertions(+)

diff --git a/examples/iam_policy.json b/examples/iam_policy.json
index 9e4f014..9a47d9c 100644
--- a/examples/iam_policy.json
+++ b/examples/iam_policy.json
@@ -85,6 +85,7 @@
                 "glue:GetDatabase",
                 "glue:GetDatabases",
                 "glue:GetTable",
+                "glue:GetTableVersions",
                 "glue:GetTables",
                 "glue:GetPartition",
                 "glue:GetPartitions",
diff --git a/iam_builder/templates.py b/iam_builder/templates.py
index 7536642..e3b5d74 100755
--- a/iam_builder/templates.py
+++ b/iam_builder/templates.py
@@ -269,6 +269,7 @@ def get_athena_read_access(dump_bucket: list) -> dict:
                     "glue:GetDatabases",
                     "glue:GetTable",
                     "glue:GetTables",
+                    "glue:GetTableVersions",
                     "glue:GetPartition",
                     "glue:GetPartitions",
                     "glue:BatchGetPartition",
diff --git a/tests/expected_policy/athena_full_access.json b/tests/expected_policy/athena_full_access.json
index 1dc2304..94f9f59 100644
--- a/tests/expected_policy/athena_full_access.json
+++ b/tests/expected_policy/athena_full_access.json
@@ -85,6 +85,7 @@
                 "glue:GetDatabase",
                 "glue:GetDatabases",
                 "glue:GetTable",
+                "glue:GetTableVersions",
                 "glue:GetTables",
                 "glue:GetPartition",
                 "glue:GetPartitions",
diff --git a/tests/expected_policy/athena_read_only.json b/tests/expected_policy/athena_read_only.json
index be206af..3269fc6 100644
--- a/tests/expected_policy/athena_read_only.json
+++ b/tests/expected_policy/athena_read_only.json
@@ -85,6 +85,7 @@
                 "glue:GetDatabase",
                 "glue:GetDatabases",
                 "glue:GetTable",
+                "glue:GetTableVersions",
                 "glue:GetTables",
                 "glue:GetPartition",
                 "glue:GetPartitions",
diff --git a/tests/expected_policy/athena_two_dumps.json b/tests/expected_policy/athena_two_dumps.json
index 445337b..bd0329a 100644
--- a/tests/expected_policy/athena_two_dumps.json
+++ b/tests/expected_policy/athena_two_dumps.json
@@ -81,6 +81,7 @@
                 "athena:GetNamespace",
                 "athena:GetNamespaces",
                 "athena:GetTable",
+                "glue:GetTableVersions",
                 "athena:GetTables",
                 "athena:GetTableMetadata",
                 "athena:RunQuery",

From 0af936aecba14773f84a04ac84f8b9695f6c534d Mon Sep 17 00:00:00 2001
From: Jacob Hamblin-Pyke <jacob.hamblin-pyke@digital.justice.gov.uk>
Date: Mon, 1 Jul 2024 12:15:40 +0000
Subject: [PATCH 2/4] update to pass tests

---
 iam_builder/templates.py                    | 2 +-
 tests/expected_policy/all_config.json       | 1 +
 tests/expected_policy/athena_two_dumps.json | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/iam_builder/templates.py b/iam_builder/templates.py
index e3b5d74..00951fa 100755
--- a/iam_builder/templates.py
+++ b/iam_builder/templates.py
@@ -268,8 +268,8 @@ def get_athena_read_access(dump_bucket: list) -> dict:
                     "glue:GetDatabase",
                     "glue:GetDatabases",
                     "glue:GetTable",
-                    "glue:GetTables",
                     "glue:GetTableVersions",
+                    "glue:GetTables",
                     "glue:GetPartition",
                     "glue:GetPartitions",
                     "glue:BatchGetPartition",
diff --git a/tests/expected_policy/all_config.json b/tests/expected_policy/all_config.json
index f048efd..aea87ea 100644
--- a/tests/expected_policy/all_config.json
+++ b/tests/expected_policy/all_config.json
@@ -85,6 +85,7 @@
                 "glue:GetDatabase",
                 "glue:GetDatabases",
                 "glue:GetTable",
+                "glue:GetTableVersions",
                 "glue:GetTables",
                 "glue:GetPartition",
                 "glue:GetPartitions",
diff --git a/tests/expected_policy/athena_two_dumps.json b/tests/expected_policy/athena_two_dumps.json
index bd0329a..b28ab97 100644
--- a/tests/expected_policy/athena_two_dumps.json
+++ b/tests/expected_policy/athena_two_dumps.json
@@ -88,6 +88,7 @@
                 "glue:GetDatabase",
                 "glue:GetDatabases",
                 "glue:GetTable",
+                "glue:GetTableVersions",
                 "glue:GetTables",
                 "glue:GetPartition",
                 "glue:GetPartitions",

From 368207bf5ad2b856baac534ad9f3b2f2f264ddbd Mon Sep 17 00:00:00 2001
From: Jacob Hamblin-Pyke <jacob.hamblin-pyke@digital.justice.gov.uk>
Date: Mon, 1 Jul 2024 12:16:49 +0000
Subject: [PATCH 3/4] Fix doubling of action

---
 tests/expected_policy/athena_two_dumps.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/expected_policy/athena_two_dumps.json b/tests/expected_policy/athena_two_dumps.json
index b28ab97..433ea6a 100644
--- a/tests/expected_policy/athena_two_dumps.json
+++ b/tests/expected_policy/athena_two_dumps.json
@@ -81,7 +81,6 @@
                 "athena:GetNamespace",
                 "athena:GetNamespaces",
                 "athena:GetTable",
-                "glue:GetTableVersions",
                 "athena:GetTables",
                 "athena:GetTableMetadata",
                 "athena:RunQuery",

From 576dfdeb9401027a2fae681444f1ef57bf35ba6f Mon Sep 17 00:00:00 2001
From: Jacob Hamblin-Pyke <jacob.hamblin-pyke@digital.justice.gov.uk>
Date: Mon, 1 Jul 2024 12:22:33 +0000
Subject: [PATCH 4/4] Setting up for new release of IAM Builder

---
 CHANGELOG.md   | 4 ++++
 pyproject.toml | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22825be..62fd08d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v4.8.0
+
+- Updates standard athena policy to add 'glue:GetTableVersions'
+
 ## v4.7.0
 
 - Add London region for Amazon Bedrock
diff --git a/pyproject.toml b/pyproject.toml
index 810720d..12105fd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "iam_builder"
-version = "4.7.0"
+version = "4.8.0"
 description = "A lil python package to generate iam policies"
 authors = ["Karik Isichei <karik.isichei@digital.justice.gov.uk>"]
 license = "MIT"