lib/telephony/pinpoint/aws_credential_builder.rb from 18F/identity-idp

lib/telephony/pinpoint/aws_credential_builder.rb

Summary

Maintainability

0 mins

Test Coverage

100%

Issues

# frozen_string_literal: true
 
module Telephony
  module Pinpoint
    class AwsCredentialBuilder
      attr_reader :config
 
      # @param [Telephony::PinpointVoiceConfiguration, Telephony::PinpointSmsConfiguration] config
      def initialize(config)
        @config = config
      end
 
      def call
        if config.credential_role_arn && config.credential_role_session_name
          build_assumed_role_credential
        elsif config.access_key_id && config.secret_access_key
          build_access_key_credential
        end
      end
 
      private
 
      def build_assumed_role_credential
        Aws::AssumeRoleCredentials.new(
          role_arn: config.credential_role_arn,
          role_session_name: config.credential_role_session_name,
          external_id: config.credential_external_id,
          client: Aws::STS::Client.new(region: config.region),
        )
 
      # STS makes an HTTP call that can fail
      rescue Aws::Errors::MissingCredentialsError, Seahorse::Client::NetworkingError => e
        notify_role_failure(error: e, region: config.region)
        nil
      end
 
      def build_access_key_credential
        Aws::Credentials.new(
          config.access_key_id,
          config.secret_access_key,
        )
      end
 
      def notify_role_failure(error:, region:)
        error_log = { error: error, region: region }
        Telephony.log_warn(event: error_log)
      end
    end
  end
end