func cloudSpecificCredentials()

in cmd/hub/api/cloudaccount.go [485:570]

• 85 lines of code
• 24 McCabe index (conditional complexity)

func cloudSpecificCredentials(provider, region string, args []string) (string, map[string]string, error) {
	switch provider {
	case "aws":
		var kind string
		credentials := make(map[string]string)
		if util.Contains(GovCloudRegions, region) && len(args) >= 1 {
			if maybeAwsAccessKey(args[0]) && len(args) >= 2 {
				credentials["dnsAccessKey"] = args[0]
				credentials["dnsSecretKey"] = args[1]
				args = args[2:]
			} else {
				profile := args[0]
				creds, err := awsCredentials(profile)
				if err != nil {
					return "", nil, err
				}
				if creds.SessionToken != "" {
					return "", nil, fmt.Errorf("AWS credentials retrieved has session token set (profile `%s`)", profile)
				}
				credentials["dnsAccessKey"] = creds.AccessKeyID
				credentials["dnsSecretKey"] = creds.SecretAccessKey
				args = args[1:]
			}
		}
		if len(args) == 2 {
			kind = "awscar"
			credentials["accessKey"] = args[0]
			credentials["secretKey"] = args[1]
		} else if len(args) == 1 && strings.HasPrefix(args[0], "arn:aws") {
			kind = "awsarn"
			credentials["roleArn"] = args[0]
		} else {
			profile := ""
			if len(args) == 1 {
				profile = args[0]
			}
			creds, err := awsCredentials(profile)
			if err != nil {
				return "", nil, err
			}
			kind = "awscar"
			credentials["accessKey"] = creds.AccessKeyID
			credentials["secretKey"] = creds.SecretAccessKey
			credentials["sessionToken"] = creds.SessionToken
		}
		return kind, credentials, nil

	case "azure", "gcp":
		credentialsFile := ""
		if len(args) == 1 {
			credentialsFile = args[0]
		}
		if credentialsFile == "" {
			if provider == "gcp" {
				credentialsFile = config.GcpCredentialsFile
				if credentialsFile == "" {
					credentialsFile = os.Getenv("GOOGLE_APPLICATION_CREDENTIALS")
				}
			} else if provider == "azure" {
				credentialsFile = config.AzureCredentialsFile
				if credentialsFile == "" {
					credentialsFile = os.Getenv("AZURE_AUTH_LOCATION")
				}
			}
		}
		if credentialsFile == "" {
			return "", nil, errors.New("No credentials file specified")
		}
		file, err := os.Open(credentialsFile)
		if err != nil {
			return "", nil, fmt.Errorf("Unable to open credentials file: %v", err)
		}
		defer file.Close()
		data, err := io.ReadAll(file)
		if err != nil {
			return "", nil, fmt.Errorf("Unable to read credentials file `%s`: %v", credentialsFile, err)
		}
		var creds map[string]string
		err = json.Unmarshal(data, &creds)
		if err != nil {
			return "", nil, fmt.Errorf("Unable to unmarshall credentials file `%s`: %v", credentialsFile, err)
		}
		return provider, creds, nil
	}
	return "", nil, errors.New("Unknown cloud account provider")
}