in tflint-ruleset-aws-serverless/rules/aws_lambda_permission_multiple_principals.go [48:128]
func (r *AwsLambdaPermissionMultiplePrincipalsRule) Check(runner tflint.Runner) error {
permissions := make(map[string]map[string][]hcl.Expression)
err := runner.WalkResources(r.resourceType, func(resource *configs.Resource) error {
// Attribute
body, _, diags := resource.Config.PartialContent(&hcl.BodySchema{
Attributes: []hcl.AttributeSchema{
{
Name: r.principal,
},
{
Name: r.functionName,
},
},
})
if diags.HasErrors() {
return diags
}
// Get attribute value
var principalVal string
principal, ok := body.Attributes[r.principal]
if !ok {
runner.EmitIssue(
r,
fmt.Sprintf("\"%s\" is not present.", r.principal),
body.MissingItemRange,
)
return nil
}
err := runner.EvaluateExpr(principal.Expr, &principalVal, nil)
if err != nil {
return err
}
// Get reference attribute value
var functionNameVal string
functionName, ok := body.Attributes[r.functionName]
if !ok {
runner.EmitIssue(
r,
fmt.Sprintf("\"%s\" is not present.", r.functionName),
body.MissingItemRange,
)
return nil
}
err = runner.EvaluateExpr(functionName.Expr, &functionNameVal, nil)
if err != nil {
return err
}
if _, ok = permissions[functionNameVal]; !ok {
permissions[functionNameVal] = make(map[string][]hcl.Expression)
}
permissions[functionNameVal][principalVal] = append(permissions[functionNameVal][principalVal], principal.Expr)
return nil
})
// Parse permissions
for _, fnPermissions := range permissions {
// More than one principal type for a given functionName
if len(fnPermissions) > 1 {
for _, exprs := range fnPermissions {
for _, expr := range exprs {
runner.EmitIssueOnExpr(
r,
fmt.Sprintf("different \"%s\" values for the same %s.", r.principal, r.functionName),
expr,
)
}
}
}
}
return err
}