func loadCredentialsFromWebIdentityParameters()

in signer/msk_auth_token_provider.go [186:215]

• 24 lines of code
• 3 McCabe index (conditional complexity)

func loadCredentialsFromWebIdentityParameters(
	ctx context.Context, region, roleArn, webIdentityToken, stsSessionName string,
) (*aws.Credentials, error) {
	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))

	if err != nil {
		return nil, fmt.Errorf("unable to load SDK config: %w", err)
	}

	stsClient := sts.NewFromConfig(cfg)

	assumeRoleWithWebIdentityInput := &sts.AssumeRoleWithWebIdentityInput{
		RoleArn:          aws.String(roleArn),
		RoleSessionName:  aws.String(stsSessionName),
		WebIdentityToken: aws.String(webIdentityToken),
	}
	assumeRoleWithWebIdentityOutput, err := stsClient.AssumeRoleWithWebIdentity(ctx, assumeRoleWithWebIdentityInput)
	if err != nil {
		return nil, fmt.Errorf("unable to assume role with web identity, %s: %w", roleArn, err)
	}

	//Create new aws.Credentials instance using the credentials from AssumeRoleWithWebIdentityOutput.Credentials
	creds := aws.Credentials{
		AccessKeyID:     *assumeRoleWithWebIdentityOutput.Credentials.AccessKeyId,
		SecretAccessKey: *assumeRoleWithWebIdentityOutput.Credentials.SecretAccessKey,
		SessionToken:    *assumeRoleWithWebIdentityOutput.Credentials.SessionToken,
	}

	return &creds, nil
}