load: function load()

in lib/credentials/sso_credentials.js [81:154]

• 68 lines of code
• 22 McCabe index (conditional complexity)

  load: function load(callback) {
    var self = this;

    try {
      var profiles = AWS.util.getProfilesFromSharedConfig(iniLoader, this.filename);
      var profile = profiles[this.profile] || {};

      if (Object.keys(profile).length === 0) {
        throw AWS.util.error(
          new Error('Profile ' + this.profile + ' not found'),
          { code: self.errorCode }
        );
      }

      if (profile.sso_session) {
        if (!profile.sso_account_id || !profile.sso_role_name) {
          throw AWS.util.error(
            new Error('Profile ' + this.profile + ' with session ' + profile.sso_session +
              ' does not have valid SSO credentials. Required parameters "sso_account_id", "sso_session", ' +
              '"sso_role_name". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html'),
            { code: self.errorCode }
          );
        }
      } else {
        if (!profile.sso_start_url || !profile.sso_account_id || !profile.sso_region || !profile.sso_role_name) {
          throw AWS.util.error(
            new Error('Profile ' + this.profile + ' does not have valid SSO credentials. Required parameters "sso_account_id", "sso_region", ' +
            '"sso_role_name", "sso_start_url". Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html'),
            { code: self.errorCode }
          );
        }
      }

      this.getToken(this.profile, profile, function (err, token) {
        if (err) {
          return callback(err);
        }
        var request = {
          accessToken: token,
          accountId: profile.sso_account_id,
          roleName: profile.sso_role_name,
        };

        if (!self.service || self.service.config.region !== profile.sso_region) {
          self.service = new AWS.SSO({
            region: profile.sso_region,
            httpOptions: self.httpOptions,
          });
        }

        self.service.getRoleCredentials(request, function(err, data) {
          if (err || !data || !data.roleCredentials) {
            callback(AWS.util.error(
              err || new Error('Please log in using "aws sso login"'),
              { code: self.errorCode }
            ), null);
          } else if (!data.roleCredentials.accessKeyId || !data.roleCredentials.secretAccessKey || !data.roleCredentials.sessionToken || !data.roleCredentials.expiration) {
            throw AWS.util.error(new Error(
              'SSO returns an invalid temporary credential.'
            ));
          } else {
            self.expired = false;
            self.accessKeyId = data.roleCredentials.accessKeyId;
            self.secretAccessKey = data.roleCredentials.secretAccessKey;
            self.sessionToken = data.roleCredentials.sessionToken;
            self.expireTime = new Date(data.roleCredentials.expiration);
            callback(null);
          }
        });
      });
    } catch (err) {
      callback(err);
    }
  },