func setupIRSA()

in ecrtokenrefresher/pkg/secrets/aws/aws.go [164:211]

• 43 lines of code
• 9 McCabe index (conditional complexity)

func setupIRSA() error {
	roleArn := os.Getenv(envRoleARN)
	if roleArn == "" {
		return fmt.Errorf("environment variable %s missing, check that Webhook for IRSA is setup", envRoleARN)
	}

	webIdentityTokenFile := os.Getenv(envWebTokenFile)
	if webIdentityTokenFile == "" {
		return fmt.Errorf("environment variable %s missing, check that token is mounted", envWebTokenFile)
	}

	token, err := os.ReadFile(filepath.Clean(webIdentityTokenFile))
	if err != nil {
		return err
	}
	webIdentityToken := string(token)

	session, err := session.NewSession()
	if err != nil {
		return err
	}
	svc := sts.New(session)
	input := &sts.AssumeRoleWithWebIdentityInput{
		DurationSeconds:  aws.Int64(sessionTimeSeconds),
		RoleArn:          aws.String(roleArn),
		RoleSessionName:  aws.String(sessionName),
		WebIdentityToken: aws.String(webIdentityToken),
	}
	result, err := svc.AssumeRoleWithWebIdentity(input)
	if err != nil {
		return err
	}

	err = os.Setenv(envVarAwsAccessKeyID, aws.StringValue(result.Credentials.AccessKeyId))
	if err != nil {
		return err
	}
	err = os.Setenv(envVarAwsAccessKey, aws.StringValue(result.Credentials.SecretAccessKey))
	if err != nil {
		return err
	}
	err = os.Setenv(envSessionToken, aws.StringValue(result.Credentials.SessionToken))
	if err != nil {
		return err
	}

	return err
}