func()

in internal/resources/providers/awslib/iam/root_account.go [62:110]

• 41 lines of code
• 7 McCabe index (conditional complexity)

func (p Provider) listRootMFADevice(ctx context.Context, userAccount *CredentialReport) ([]AuthDevice, error) {
	if !userAccount.MfaActive {
		p.log.Debug("mfa is not enabled for the root account")
		return nil, nil
	}

	input := &iamsdk.ListVirtualMFADevicesInput{
		// We only want MFA devices associated with a user.
		AssignmentStatus: types.AssignmentStatusTypeAssigned,
	}

	// fetch all virtual mfa devices and find if one is assigned to the root account user.
	var virtualDevices []types.VirtualMFADevice
	for {
		output, err := p.client.ListVirtualMFADevices(ctx, input)
		if err != nil {
			return nil, err
		}
		virtualDevices = append(virtualDevices, output.VirtualMFADevices...)
		if !output.IsTruncated {
			break
		}
		input.Marker = output.Marker
	}

	var devices []AuthDevice
	var rootMFADevice AuthDevice
	for _, device := range virtualDevices {
		if strings.HasSuffix(*device.SerialNumber, "root-account-mfa-device") {
			rootMFADevice = AuthDevice{
				IsVirtual: true,
				MFADevice: types.MFADevice{
					EnableDate:   device.EnableDate,
					SerialNumber: device.SerialNumber,
					UserName:     device.User.UserName,
				},
			}
			return append(devices, rootMFADevice), nil
		}
	}

	// represent a hardware mfa device assigned to the root account user
	rootMFADevice = AuthDevice{
		IsVirtual: false,
		MFADevice: types.MFADevice{},
	}

	return append(devices, rootMFADevice), nil
}