stackql · jeffreyaven · Jul 9, 2025 · Jul 9, 2025 · Jul 9, 2025
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-20.04, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:
       - uses: actions/checkout@v4
@@ -25,7 +25,7 @@ jobs:
         run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
       - name: Install dependencies on Linux
-        if: matrix.os == 'ubuntu-20.04'
+        if: matrix.os == 'ubuntu-latest'
         run: sudo apt-get install -y sqlite3 gcc unzip
 
       - name: Install dependencies on Windows
@@ -50,7 +50,7 @@ jobs:
           make download-sqlite
 
       - name: Build for Linux
-        if: matrix.os == 'ubuntu-20.04'
+        if: matrix.os == 'ubuntu-latest'
         run: |
           make compile-linux
           make pack-linux version=${{ env.VERSION }}

diff --git a/README.md b/README.md
@@ -146,7 +146,11 @@ make clean
 
 ### Publishing to `sqlpkg`
 
-To publish new functions to [`sqlpkg`](https://sqlpkg.org/), raise a PR to [nalgeon/sqlpkg](https://github.com/nalgeon/sqlpkg) adding the new function manifest JSON files.
+To publish new functions to [`sqlpkg`](https://sqlpkg.org/)  
+
+- Push a tag matching the version in the `.json` files in the `sqlpkg` directory
+- Create a release from the tag pushed
+- Raise a PR to [nalgeon/sqlpkg](https://github.com/nalgeon/sqlpkg) adding the new function manifest JSON files
 
 ## License
 

diff --git a/docs/aws_policy_equal.md b/docs/aws_policy_equal.md
@@ -0,0 +1,67 @@
+## aws_policy_equal
+
+```text
+aws_policy_equal(POLICY1, POLICY2)
+```
+
+Compares two AWS IAM policy JSON strings and returns 1 if they are semantically equivalent according to AWS IAM policy evaluation rules, 0 otherwise. This function handles the specific comparison rules for AWS policies, where certain elements (like Action, Resource, and Principal) are treated as unordered sets.
+
+```sql
+-- Compare identical policies
+SELECT aws_policy_equal(
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":"*"}]}',
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":"*"}]}'
+); -- Returns 1 (true)
+
+-- Compare policies with different Action ordering
+SELECT aws_policy_equal(
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:GetObject","s3:PutObject"],"Resource":"*"}]}',
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:PutObject","s3:GetObject"],"Resource":"*"}]}'
+); -- Returns 1 (true)
+
+-- Compare policies with different Principal formats
+SELECT aws_policy_equal(
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:role/role1"},"Action":"sts:AssumeRole"}]}',
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:role/role1"]},"Action":"sts:AssumeRole"}]}'
+); -- Returns 1 (true)
+
+-- Compare different policies
+SELECT aws_policy_equal(
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:GetObject"],"Resource":"*"}]}',
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Action":["s3:GetObject"],"Resource":"*"}]}'
+); -- Returns 0 (false)
+```
+
+### Key Features
+
+- **Semantic Policy Comparison:** Compares AWS IAM policies according to AWS evaluation rules.
+- **Unordered Arrays:** Treats arrays in fields like `Action`, `Resource`, and `Principal` as unordered sets.
+- **Principal Format Support:** Handles both string and array formats for principals and other elements.
+- **Condition Block Handling:** Correctly compares condition blocks regardless of key order.
+- **Case-Insensitive ARNs:** Performs case-insensitive comparison for service names in ARNs.
+
+### Supported Policy Types
+
+- **IAM Policies:** Identity-based policies attached to IAM roles, users, and groups.
+- **Trust Policies:** Resource-based policies that define which principals can assume an IAM role.
+- **S3 Bucket Policies:** Resource-based policies attached to S3 buckets.
+
+### Installation and Usage
+
+SQLite command-line interface:
+
+```
+sqlite> .load ./aws_policy_equal.so
+sqlite> SELECT aws_policy_equal(
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":"*"}]}',
+  '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":"*"}]}'
+);
+```
+
+### Implementation Details
+
+The `aws_policy_equal` function is implemented using the [cJSON library](https://github.com/DaveGamble/cJSON) and includes specialized comparison logic for AWS policy elements. It is part of the StackQL extension suite for SQLite, providing enhanced cloud policy management capabilities.
+
+[⬇️ Download](https://github.com/stackql/stackql/releases/latest) •
+[✨ Explore](https://github.com/stackql/stackql) •
+[🚀 Follow](https://github.com/stackql)
diff --git a/sqlpkg/aws_policy_equal.json b/sqlpkg/aws_policy_equal.json
@@ -0,0 +1,19 @@
+{
+    "owner": "stackql",
+    "name": "aws_policy_equal",
+    "version": "v1.0.4",
+    "homepage": "https://github.com/stackql/sqlite-ext-functions/blob/main/docs/aws_policy_equal.md",
+    "repository": "https://github.com/stackql/sqlite-ext-functions",
+    "authors": ["Jeffrey Aven"],
+    "license": "MIT",
+    "description": "A SQLite extension for comparing AWS IAM policy documents semantically according to AWS policy evaluation rules.",
+    "keywords": ["AWS", "IAM policy", "policy comparison", "aws_policy_equal"],
+    "assets": {
+        "files": {
+            "darwin-amd64": "stackql-sqlite-ext-functions-macos-universal.zip",
+            "darwin-arm64": "stackql-sqlite-ext-functions-macos-universal.zip",
+            "linux-amd64": "stackql-sqlite-ext-functions-linux-amd64.zip",
+            "windows-amd64": "stackql-sqlite-ext-functions-windows-amd64.zip"
+        }
+    }
+}
diff --git a/sqlpkg/json_equal.json b/sqlpkg/json_equal.json
@@ -1,7 +1,7 @@
 {
     "owner": "stackql",
     "name": "json_equal",
-    "version": "1.0.5",
+    "version": "v1.0.4",
     "homepage": "https://github.com/stackql/sqlite-ext-functions/blob/main/docs/json_equal.md",
     "repository": "https://github.com/stackql/sqlite-ext-functions",
     "authors": ["Jeffrey Aven"],

diff --git a/sqlpkg/regexp.json b/sqlpkg/regexp.json
@@ -1,7 +1,7 @@
 {
     "owner": "stackql",
     "name": "regexp",
-    "version": "1.0.5",
+    "version": "v1.0.4",
     "homepage": "https://github.com/stackql/sqlite-ext-functions/blob/main/docs/regexp.md",
     "repository": "https://github.com/stackql/sqlite-ext-functions",
     "authors": ["Jeffrey Aven"],

diff --git a/sqlpkg/split_part.json b/sqlpkg/split_part.json
@@ -1,7 +1,7 @@
 {
     "owner": "stackql",
     "name": "split_part",
-    "version": "1.0.5",
+    "version": "v1.0.4",
     "homepage": "https://github.com/stackql/sqlite-ext-functions/blob/main/docs/split_part.md",
     "repository": "https://github.com/stackql/sqlite-ext-functions",
     "authors": ["Jeffrey Aven"],