public AwsCredentialsProvider getCredentialsForTenant()

in TokenVendingLayer/src/main/java/tenant/vendinglayer/token/JwtTokenVendor.java [74:91]

• 18 lines of code
• 4 McCabe index (conditional complexity)

    public AwsCredentialsProvider getCredentialsForTenant(String scopedPolicy, String tenant) {
        if (scopedPolicy != null && !scopedPolicy.trim().isEmpty()) {
            try {
                AssumeRoleResponse assumeRoleResponse = sts.assumeRole((assumeRoleReq) -> {
                    assumeRoleReq.durationSeconds(durationSeconds).policy(scopedPolicy).roleArn(role).roleSessionName(tenant);
                });
                Credentials scopedCredentials = assumeRoleResponse.credentials();
                StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(AwsSessionCredentials.create(scopedCredentials.accessKeyId(), scopedCredentials.secretAccessKey(), scopedCredentials.sessionToken()));
                return credentialsProvider;
            } catch (SdkServiceException var6) {
                LOGGER.error("STS::AssumeRole", var6);
                throw new RuntimeException(var6);
            }
        } else {
            LOGGER.info("TokenVendor::Attempting to assumeRole with empty policy, should not happen!");
            throw new PolicyAssumptionException("Missing or empty policy, cannot allow access.");
        }
    }