def disableFederation()

in app/aws/Federation.scala [148:193]

• 39 lines of code
• 3 McCabe index (conditional complexity)

  def disableFederation(
      account: AwsAccount,
      after: Instant,
      roleArn: String,
      stsClient: StsClient
  )(implicit mode: Mode): Unit = {
    val revocationPolicyDocument = denyOlderSessionsPolicyDocument(after)

    val username = mode match {
      case Prod => "janus"
      case _    => "janus-dev"
    }

    // assume role in the target account to authenticate the revocation
    val creds = Federation.assumeRole(
      username,
      roleArn,
      Policies.revokeAccessPermission(account),
      stsClient,
      Federation.awsMinimumSessionLength
    )
    val sessionCredentials = AwsSessionCredentials.create(
      creds.accessKeyId,
      creds.secretAccessKey,
      creds.sessionToken
    )
    val provider = StaticCredentialsProvider.create(sessionCredentials)
    val iamClient = IamClient
      .builder()
      .region(EU_WEST_1)
      .credentialsProvider(provider)
      .build()

    // remove access from assumed role
    val roleName = getRoleName(roleArn)
    val roleRevocationPolicy = PutRolePolicyRequest
      .builder()
      .roleName(roleName)
      .policyName("janus-role-revocation-policy")
      //           ^
      // this name should match policy in cloudformation/federation.template.yaml
      .policyDocument(revocationPolicyDocument)
      .build()
    iamClient.putRolePolicy(roleRevocationPolicy)
    iamClient.close()
  }