public async Task ResolveAWSCredentials()

in src/AWS.Deploy.CLI/AWSUtilities.cs [41:106]

• 52 lines of code
• 14 McCabe index (conditional complexity)

        public async Task<AWSCredentials> ResolveAWSCredentials(string? profileName, string? lastUsedProfileName = null)
        {
            async Task<AWSCredentials> Resolve()
            {
                var chain = new CredentialProfileStoreChain();

                if (!string.IsNullOrEmpty(profileName) && chain.TryGetAWSCredentials(profileName, out var profileCredentials) &&
                    // Skip checking CanLoadCredentials for AssumeRoleAWSCredentials because it might require an MFA token and the callback hasn't been setup yet.
                    (profileCredentials is AssumeRoleAWSCredentials || await CanLoadCredentials(profileCredentials)))
                {
                    _toolInteractiveService.WriteLine($"Configuring AWS Credentials from Profile {profileName}.");
                    return profileCredentials;
                }

                if (!string.IsNullOrEmpty(lastUsedProfileName) &&
                    chain.TryGetAWSCredentials(lastUsedProfileName, out var lastUsedCredentials) &&
                    await CanLoadCredentials(lastUsedCredentials))
                {
                    _toolInteractiveService.WriteLine($"Configuring AWS Credentials with previous configured profile value {lastUsedProfileName}.");
                    return lastUsedCredentials;
                }

                try
                {
                    var fallbackCredentials = FallbackCredentialsFactory.GetCredentials();

                    if (await CanLoadCredentials(fallbackCredentials))
                    {
                        _toolInteractiveService.WriteLine("Configuring AWS Credentials using AWS SDK credential search.");
                        return fallbackCredentials;
                    }
                }
                catch (AmazonServiceException ex)
                {
                    // FallbackCredentialsFactory throws an exception if no credentials are found. Burying exception because if no credentials are found
                    // we want to continue and ask the user to select a profile.
                    _toolInteractiveService.WriteDebugLine(ex.PrettyPrint());
                }

                var sharedCredentials = new SharedCredentialsFile();
                if (sharedCredentials.ListProfileNames().Count == 0)
                {
                    throw new NoAWSCredentialsFoundException(DeployToolErrorCode.UnableToResolveAWSCredentials, "Unable to resolve AWS credentials to access AWS.");
                }

                var selectedProfileName = _consoleUtilities.AskUserToChoose(sharedCredentials.ListProfileNames(), "Select AWS Credentials Profile", null);

                if (chain.TryGetAWSCredentials(selectedProfileName, out var selectedProfileCredentials) &&
                    (await CanLoadCredentials(selectedProfileCredentials)))
                {
                    return selectedProfileCredentials;
                }

                throw new NoAWSCredentialsFoundException(DeployToolErrorCode.UnableToCreateAWSCredentials, $"Unable to create AWS credentials for profile {selectedProfileName}.");
            }

            var credentials = await Resolve();

            if (credentials is AssumeRoleAWSCredentials assumeRoleAWSCredentials)
            {
                var assumeOptions = assumeRoleAWSCredentials.Options;
                assumeOptions.MfaTokenCodeCallback = new AssumeRoleMfaTokenCodeCallback(_toolInteractiveService, _directoryManager, assumeOptions).Execute;
            }

            return credentials;
        }