PolicyDocumentSource loadPolicy()

in sources/src/main/java/com/google/solutions/jitaccess/web/EnvironmentConfiguration.java [249:294]

• 32 lines of code
• 3 McCabe index (conditional complexity)

      PolicyDocumentSource loadPolicy() {
        //
        // If we lack impersonation permissions, ImpersonatedCredentials
        // will keep retrying until the call timeout expires. The effect
        // is that the application seems hung.
        //
        // To prevent this from happening, force a refresh here.
        //
        try {
          environmentCredentials.refresh();
        }
        catch (Exception e) {
          throw new RuntimeException(
            String.format(
              "Impersonating service account '%s' of environment '%s' failed, possibly caused " +
                "by insufficient IAM permissions. Make sure that the service account '%s' has " +
                "the roles/iam.serviceAccountTokenCreator role on '%s'.",
              serviceAccountId.email(),
              environmentName,
              applicationPrincipal,
              serviceAccountId.email()));
        }

        try {
          var secretClient = new SecretManagerClient(
            environmentCredentials,
            httpOptions);

          //
          // Set default environment name in metadata so that
          // the YAML itself doesn't need to specify a name.
          //
          var metadata = new Policy.Metadata(
            secretPath,
            Instant.now(),
            null,
            environmentName);

          return PolicyDocumentSource.fromString(
            secretClient.accessSecret(secretPath),
            metadata);
        }
        catch (Exception e) {
          throw new UncheckedExecutionException(e);
        }
      }