1 files changed, 49 insertions, 0 deletions

diff --git a/app/services/clusters/aws/authorize_role_service.rb b/app/services/clusters/aws/authorize_role_service.rb
new file mode 100644
index 00000000000..6eafce0597e
--- /dev/null
+++ b/app/services/clusters/aws/authorize_role_service.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Aws
+    class AuthorizeRoleService
+      attr_reader :user
+
+      Response = Struct.new(:status, :body)
+
+      ERRORS = [
+        ActiveRecord::RecordInvalid,
+        Clusters::Aws::FetchCredentialsService::MissingRoleError,
+        ::Aws::Errors::MissingCredentialsError,
+        ::Aws::STS::Errors::ServiceError
+      ].freeze
+
+      def initialize(user, params:)
+        @user = user
+        @params = params
+      end
+
+      def execute
+        @role = create_or_update_role!
+
+        Response.new(:ok, credentials)
+      rescue *ERRORS
+        Response.new(:unprocessable_entity, {})
+      end
+
+      private
+
+      attr_reader :role, :params
+
+      def create_or_update_role!
+        if role = user.aws_role
+          role.update!(params)
+
+          role
+        else
+          user.create_aws_role!(params)
+        end
+      end
+
+      def credentials
+        Clusters::Aws::FetchCredentialsService.new(role).execute
+      end
+    end
+  end
+end