in lib/services.js [116:149]
exports.get = function(target, callback) {
var roleArn = (target.role && (target.role.length > 0)) ? target.role : "none";
if((! roles.hasOwnProperty(roleArn)) || (roles[roleArn].expiration < Date.now())) {
// This role has not yet been impersonated, or has expired
var stsSessionDuration = config.stsSessionDuration;
var stsSessionRefreshMargin = config.stsSessionRefreshMargin;
var stsSessionName = config.stsSessionName;
var params = { RoleArn: roleArn, RoleSessionName: stsSessionName, DurationSeconds: stsSessionDuration };
if(target.externalId) {
params.ExternalId = target.externalId;
}
sts.assumeRole(params, function(err, data) {
if(err) {
// Unable to impersonate role, generate error
console.error("Error creating service reference '" + target.id + "', an error occured while impersonating role '" + roleArn + "':", err);
callback(new Error("Error assuming role '" + roleArn + "'"), null);
} else {
if(config.debug) {
console.log("Assumed role '" + roleArn + "'");
}
// Clear all values, and force service refresh 5 seconds before end of impersonation
var role = { services: {}, credentials: sts.credentialsFrom(data), expiration: Date.now() + ((stsSessionDuration - stsSessionRefreshMargin) * 1000) };
roles[roleArn] = role;
ensureService(target, role, callback);
}
});
} else {
// We have a valid role, reuse or create the service
ensureService(target, roles[roleArn], callback);
}
}