def try_assume

def try_assume_role()

in customizations/AccountFactory/EnrollAccount/enroll_account.py [0:0]

18 lines of code
3 McCabe index (conditional complexity)


def try_assume_role(account_number, role_name, external_id):
    '''Return STS keys on success and Error on failure'''

    partition = STS.get_caller_identity()['Arn'].split(":")[1]
    role_arn = 'arn:{}:iam::{}:role/{}'.format(partition,
                                               account_number,
                                               role_name)
    result = dict()

    try:
        result = STS.assume_role(
            RoleArn=role_arn,
            RoleSessionName=str(account_number + '-' + role_name),
            ExternalId=external_id)
    except ClientError as exe:
        if str(exe.response['Error']['Code']) == 'AccessDenied':
            result = exe.response
        else:
            result['Error']['Reason'] = str(exe)

    return result