function createEndpointCredentials()

in src/lib/awsConnectionParameters.ts [149:201]

• 47 lines of code
• 8 McCabe index (conditional complexity)

function createEndpointCredentials(
    accessKey: string,
    secretKey: string,
    token: string | undefined,
    assumeRoleARN: string | undefined,
    externalId: string | undefined,
    roleSessionName: string | undefined
): AWS.Credentials {
    if (!assumeRoleARN) {
        console.log('...endpoint defines standard access/secret key credentials')

        return new AWS.Credentials({
            accessKeyId: accessKey,
            secretAccessKey: secretKey,
            sessionToken: token
        })
    }

    console.log(`...endpoint defines role-based credentials for role ${assumeRoleARN}.`)

    if (!roleSessionName) {
        roleSessionName = defaultRoleSessionName
    }
    let duration: number = minDuration

    const customDurationVariable = tl.getVariable(roleCredentialMaxDurationVariableName)
    if (customDurationVariable) {
        const customDuration = parseInt(customDurationVariable, 10)
        if (isNaN(customDuration) || customDuration < minDuration || customDuration > maxduration) {
            console.warn(
                `Invalid credential duration '${customDurationVariable}', minimum is ${minDuration}, max ${maxduration}`
            )
        } else {
            duration = customDuration
        }
    }

    const masterCredentials = new AWS.Credentials({
        accessKeyId: accessKey,
        secretAccessKey: secretKey,
        sessionToken: token
    })
    const options: STS.AssumeRoleRequest = {
        RoleArn: assumeRoleARN,
        DurationSeconds: duration,
        RoleSessionName: roleSessionName
    }
    if (externalId) {
        options.ExternalId = externalId
    }

    return new AWS.TemporaryCredentials(options, masterCredentials)
}