in emr-user-role-mapper-application/src/main/java/com/amazon/aws/emr/mapping/DefaultUserRoleMapperImpl.java [106:143]
void processFile(String jsonString) {
log.info("Received the following JSON {}", jsonString);
PrincipalRoleMappings principalRoleMappings = GSON.fromJson(jsonString, PrincipalRoleMappings.class);
// Clear the old mapping now since we found a new valid mapping!
userRoleMapping.clear();
groupRoleMapping.clear();
for (PrincipalRoleMapping principalRoleMapping : principalRoleMappings.getPrincipalRoleMappings()) {
if (principalRoleMapping == null) {
log.info("Invalid record!");
continue;
}
String principal = principalRoleMapping.getUsername() != null ? principalRoleMapping.getUsername() :
principalRoleMapping.getGroupname();
if (principal == null) {
log.info("Invalid record containing no username or groupname");
continue;
}
String roleArn = principalRoleMapping.getRoleArn();
if (roleArn == null) {
log.info("Invalid record containing no role ARN");
continue;
}
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest()
.withRoleArn(principalRoleMapping.getRoleArn())
.withRoleSessionName(principal) // Use principal as session name
.withDurationSeconds(principalRoleMapping.getDurationSeconds())
.withPolicy(principalRoleMapping.getPolicy())
.withSerialNumber(principalRoleMapping.getSerialNumber())
.withExternalId(principalRoleMapping.getExternalId());
if (principalRoleMapping.getUsername() != null) {
userRoleMapping.put(principal, assumeRoleRequest);
} else {
groupRoleMapping.put(principal, assumeRoleRequest);
}
log.info("Mapped {} to {}", principal, assumeRoleRequest);
}
}