public Option getRoleAssumedByGreengrassThing()

in src/main/java/com/awslabs/iot/helpers/implementations/BasicGreengrassV2Helper.java [164:214]

• 30 lines of code
• 3 McCabe index (conditional complexity)

    public Option<Role> getRoleAssumedByGreengrassThing(ThingName thingName) {
        // Get all of the principals attached to this thing
        List<String> roleAliasNames = iotHelper.getThingPrincipals(thingName)
                // Only look at certificates
                .map(ArnHelper::getCertificateArnFromThingPrincipal)
                // Remove all of the blank values
                .flatMap(Option::toStream)
                // Get the policies attached to the certificates
                .map(certificateArn -> iotHelper.getAttachedPolicies(certificateArn).toList())
                // Get the policy documents for each policy
                .map(attachedPolicyList -> attachedPolicyList.flatMap(iotHelper::getPolicyDocument))
                // Convert the policies to type safe policies
                .flatMap(policyDocumentList -> policyDocumentList.map(value -> TypeSafePolicyDocument.fromJson(value.getDocument())))
                // Get all of the statements
                .flatMap(typeSafePolicyDocument -> typeSafePolicyDocument.Statement)
                // Only look at allow statements
                .filter(statement -> statement.getEffect().equals(Effect.Allow))
                // Find the resources that have assume role with certificate permissions
                .flatMap(this::getAssumeRoleWithCertificateResources)
                // Find the resources that are role aliases
                .filter(arn -> getArnType(arn).filter(arnType -> arnType.getTypeSafeClass().isAssignableFrom(RoleAlias.class)).isDefined())
                // Extract just the role alias names from the full ARNs
                .flatMap(ArnHelper::arnToId)
                .toList();

        if (roleAliasNames.length() > 1) {
            throw new RuntimeException("Multiple resources were found that this Greengrass Group can assume. This is not supported currently.");
        }

        if (roleAliasNames.length() == 0) {
            throw new RuntimeException("No resources were found that this Greengrass Group can assume. This is a bug.");
        }

        DescribeRoleAliasRequest describeRoleAliasRequest = DescribeRoleAliasRequest.builder()
                .roleAlias(roleAliasNames.get())
                .build();

        // Describe the role alias
        return Try.of(() -> iotClient.describeRoleAlias(describeRoleAliasRequest))
                // Convert the try to an option so we return none for failures
                .toOption()
                // Extract the role alias description
                .map(DescribeRoleAliasResponse::roleAliasDescription)
                // Extract the role ARN
                .map(RoleAliasDescription::roleArn)
                // Extract the ID (name)
                .flatMap(ArnHelper::arnToId)
                .map(name -> ImmutableRoleName.builder().name(name).build())
                // Get the role object from IAM
                .flatMap(roleName -> iamHelper.getRole(roleName));
    }