in app/controllers/Janus.scala [209:252]
private def assumeRole(
user: UserIdentity,
permissionId: String,
accessType: JanusAccessType,
durationParams: (Option[Duration], Option[ZoneId])
): Option[(Credentials, Permission)] = {
val (requestedDuration, tzOffset) = durationParams
for {
permission <- checkUserPermission(
username(user),
permissionId,
Instant.now(),
janusData.access,
janusData.admin,
janusData.support
)
duration = Federation.duration(
permission,
requestedDuration,
tzOffset.map(Clock.system)
)
roleArn = Config.roleArn(permission.account.authConfigKey, configuration)
credentials = Federation.assumeRole(
username(user),
roleArn,
permission,
stsClient,
duration
)
auditLog = AuditTrail.createLog(
user,
permission,
accessType,
duration,
janusData.access
)
_ = AuditTrailDB.insert(auditLog)
} yield {
logger.info(
s"$accessType access to $permissionId granted for ${username(user)}"
)
(credentials, permission)
}
}