assume_role_from_profile

in gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb [249:321]


    def assume_role_from_profile(cfg, profile, opts, chain_config)
      if cfg && prof_cfg = cfg[profile]
        opts[:source_profile] ||= prof_cfg['source_profile']
        credential_source = opts.delete(:credential_source)
        credential_source ||= prof_cfg['credential_source']
        if opts[:source_profile] && credential_source
          raise Errors::CredentialSourceConflictError,
            "Profile #{profile} has a source_profile, and "\
            'a credential_source. For assume role credentials, must '\
            'provide only source_profile or credential_source, not both.'
        elsif opts[:source_profile]
          opts[:visited_profiles] ||= Set.new
          provider = resolve_source_profile(opts[:source_profile], opts)
          if provider && (opts[:credentials] = provider.credentials)
            opts[:role_session_name] ||= prof_cfg['role_session_name']
            opts[:role_session_name] ||= 'default_session'
            opts[:role_arn] ||= prof_cfg['role_arn']
            opts[:duration_seconds] ||= prof_cfg['duration_seconds']
            opts[:external_id] ||= prof_cfg['external_id']
            opts[:serial_number] ||= prof_cfg['mfa_serial']
            opts[:profile] = opts.delete(:source_profile)
            opts.delete(:visited_profiles)

            metrics = provider.metrics
            if provider.is_a?(AssumeRoleCredentials)
              opts[:credentials] = provider
              metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
            else
              metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
            end
            
            opts[:credentials].metrics = []
            with_metrics(metrics) do
              creds = AssumeRoleCredentials.new(opts)
              creds.metrics.push(*metrics)
              creds
            end
          else
            raise Errors::NoSourceProfileError,
              "Profile #{profile} has a role_arn, and source_profile, but the"\
              ' source_profile does not have credentials.'
          end
        elsif credential_source
          opts[:credentials] = credentials_from_source(credential_source, chain_config)
          if opts[:credentials]
            opts[:role_session_name] ||= prof_cfg['role_session_name']
            opts[:role_session_name] ||= 'default_session'
            opts[:role_arn] ||= prof_cfg['role_arn']
            opts[:duration_seconds] ||= prof_cfg['duration_seconds']
            opts[:external_id] ||= prof_cfg['external_id']
            opts[:serial_number] ||= prof_cfg['mfa_serial']
            opts.delete(:source_profile) 

            metrics = opts[:credentials].metrics
            metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
            
            opts[:credentials].metrics = []
            with_metrics(metrics) do
              creds = AssumeRoleCredentials.new(opts)
              creds.metrics.push(*metrics)
              creds
            end
          else
            raise Errors::NoSourceCredentials,
              "Profile #{profile} could not get source credentials from"\
              " provider #{credential_source}"
          end
        elsif prof_cfg['role_arn']
          raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, but no source_profile."
        end
      end
    end