in tflint-ruleset-aws-serverless/rules/aws_iam_role_lambda_no_star.go [107:137]
func (r *AwsIamRoleLambdaNoStarRule) matchStarAction(runner tflint.Runner, policy *hcl.Attribute) (bool, error) {
var policyAttrValue string
err := runner.EvaluateExpr(policy.Expr, &policyAttrValue, nil)
if err != nil {
return false, err
}
rolePolicy := awsIamAssumeRole{}
err = json.Unmarshal([]byte(policyAttrValue), &rolePolicy)
if err != nil {
return false, err
}
for _, statement := range rolePolicy.Statement {
switch action := reflect.ValueOf(statement.Action); action.Kind() {
case reflect.String:
if action.String() == "*" || strings.Contains(action.String(), ":*") {
return true, nil
}
case reflect.Slice:
for i := 0; i < action.Len(); i++ {
v := action.Index(i).Interface().(string)
if v == "*" || strings.Contains(v, ":*") {
return true, nil
}
}
}
}
return false, nil
}