def check_assume_role_permitted()

in Onboarding/AWS/Utils.py [0:0]

• 11 lines of code
• 5 McCabe index (conditional complexity)

def check_assume_role_permitted(trust_policy_document: Dict[str, Dict]) -> bool:
    for statement in trust_policy_document.get('Statement', []):
        effect = statement.get('Effect', '')
        if effect != 'Allow':
            continue

        actions = statement.get('Action', {})
        if not isinstance(actions, list):
            actions = [actions]

        if "sts:AssumeRole" not in actions:
            return False
    return True