public Optional getMapping()

in emr-user-role-mapper-application/src/main/java/com/amazon/aws/emr/mapping/ManagedPolicyBasedUserRoleMapperImpl.java [62:99]

• 31 lines of code
• 5 McCabe index (conditional complexity)

  public Optional<AssumeRoleRequest> getMapping(String username) {
    log.debug("Got request to map user {}", username);

    List<String> principals = new ArrayList<>();
    List<PolicyDescriptorType> policyDescriptorTypes = new ArrayList<>();

    principals.add(username);
    Optional<List<String>> groups = principalResolver.getGroups(username);
    if (groups.isPresent()) {
      principals.addAll(groups.get());
    }

    log.debug("Groups user belongs to is {}", groups.orElse(Collections.EMPTY_LIST));

    principals.stream()
        .map(principal -> principalRoleMapping.getOrDefault(principal, Collections.emptyList()))
        .filter(policies -> !policies.isEmpty())
        .flatMap(List::stream)
        .distinct()
        .forEach(policyDescriptorTypes::add);

    if (policyDescriptorTypes.isEmpty()) {
      if (noMatchPolicyArn != null && noMatchPolicyArn.length() > 0) {
        log.debug("Found no mappings for this user. Returning credentials with default policy arn");
        policyDescriptorTypes.add(new PolicyDescriptorType().withArn(noMatchPolicyArn));
      } else {
        return Optional.empty();
      }
    }

    log.debug("Policies mapped for user: {}", policyDescriptorTypes);

    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest()
        .withRoleArn(roleArn)
        .withRoleSessionName(username)
        .withPolicyArns(policyDescriptorTypes);
    return Optional.of(assumeRoleRequest);
  }