private AwsCredentialsProvider getCredentialProvider()

in src/main/java/com/amazon/inspector/jenkins/amazoninspectorbuildstep/models/requests/SdkRequests.java [90:122]

• 32 lines of code
• 10 McCabe index (conditional complexity)

    private AwsCredentialsProvider getCredentialProvider(String workingProfileName, String workingOidc,
                                                         AmazonWebServicesCredentials workingCredential) {
        StsClient stsClient = StsClient.builder().region(Region.of(region)).build();
        if (workingCredential != null) {
            AmazonInspectorBuilder.logger.println("Using explicitly provided AWS credentials to authenticate.");
            return StaticCredentialsProvider.create(createRawCredentialProvider(workingCredential).resolveCredentials());
        } else if (roleArn != null && !roleArn.isEmpty() && workingOidc != null && !workingOidc.isEmpty()) {
            AmazonInspectorBuilder.logger.println("Using OAuth token and role to authenticate.");
            stsClient = StsClient.builder().credentialsProvider(createRawCredentialProvider(workingCredential))
                    .region(Region.of(region)).build();
            AssumeRoleWithWebIdentityRequest webIdentityRequest = AssumeRoleWithWebIdentityRequest.builder()
                    .roleArn(roleArn)
                    .roleSessionName("inspectorscan")
                    .webIdentityToken(workingOidc)
                    .build();
            stsClient.assumeRoleWithWebIdentity(webIdentityRequest);
            return StsAssumeRoleWithWebIdentityCredentialsProvider.builder().stsClient(stsClient).refreshRequest(webIdentityRequest).build();
        } else if (roleArn != null && !roleArn.isEmpty()) {
            AmazonInspectorBuilder.logger.println("Authenticating to STS via a role and default credential provider chain.");

            return StsAssumeRoleCredentialsProvider.builder().stsClient(stsClient).refreshRequest(AssumeRoleRequest.builder()
                    .roleArn(roleArn).roleSessionName("inspectorscan").build()).build();
        } else if (workingProfileName != null && !workingProfileName.isEmpty()) {
            AmazonInspectorBuilder.logger.println(
                    String.format("AWS Credential and role not provided, authenticating using \"%s\" as profile name.",
                            workingProfileName)
            );
            return ProfileCredentialsProvider.builder().profileName(workingProfileName).build();
        } else {
            AmazonInspectorBuilder.logger.println("Using default credential provider chain to authenticate.");
            return DefaultCredentialsProvider.create();
        }
    }