const getAssumeRolePolicy = function()

in lambda-packages/role_handler/index.js [84:101]

• 18 lines of code
• 1 McCabe index (conditional complexity)

const getAssumeRolePolicy = function (accountId, issuer, namespace, serviceAccount) {
  return JSON.stringify({
    Version: '2012-10-17',
    Statement: [{
      Effect: 'Allow',
      Principal: {
        Federated: `arn:aws:iam::${accountId}:oidc-provider/${issuer}`
      },
      Action: 'sts:AssumeRoleWithWebIdentity',
      Condition: {
        StringEquals: {
          [`${issuer}:sub`]: `system:serviceaccount:${namespace}:${serviceAccount}`,
          [`${issuer}:aud`]: 'sts.amazonaws.com'
        }
      }
    }]
  });
};