npm - @lightdash/warehouses - Versions diffs - 0.2880.0 → 0.2881.0 - Mend

@lightdash/warehouses 0.2880.0 → 0.2881.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/.tsbuildinfo +1 -1
package/dist/warehouseClients/AthenaWarehouseClient.d.ts.map +1 -1
package/dist/warehouseClients/AthenaWarehouseClient.js +85 -4
package/dist/warehouseClients/AthenaWarehouseClient.test.js +96 -0
package/package.json +2 -2

package/dist/warehouseClients/AthenaWarehouseClient.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AthenaWarehouseClient.d.ts","sourceRoot":"","sources":["../../src/warehouseClients/AthenaWarehouseClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,YAAY,EAOf,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAGH,uBAAuB,EAGvB,MAAM,EAEN,mBAAmB,EACnB,gBAAgB,EAGhB,gBAAgB,EAChB,cAAc,EACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAM5C,OAAO,mBAAmB,MAAM,uBAAuB,CAAC;AACxD,OAAO,uBAAuB,MAAM,2BAA2B,CAAC;AAEhE,oBAAY,WAAW;IACnB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,IAAI,SAAS;IACb,IAAI,SAAS;IACb,IAAI,SAAS;IACb,OAAO,wBAAwB;IAC/B,SAAS,cAAc;IACvB,YAAY,6BAA6B;IACzC,KAAK,UAAU;IACf,GAAG,QAAQ;IACX,GAAG,QAAQ;IACX,SAAS,cAAc;IACvB,IAAI,SAAS;CAChB;~~AAgCD~~,qBAAa,gBAAiB,SAAQ,uBAAuB;IACzD,QAAQ,CAAC,IAAI,yBAAyB;IAEtC,cAAc,IAAI,mBAAmB;IAIrC,wBAAwB,IAAI,MAAM;IAIlC,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM;IAajD,eAAe,IAAI,MAAM;IAIzB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAmBnC,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,MAAM;IAM7D,uBAAuB,CACnB,iBAAiB,EAAE,MAAM,EACzB,eAAe,EAAE,MAAM,GACxB,MAAM;IAKT,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAIzC;AAKD,qBAAa,qBAAsB,SAAQ,mBAAmB,CAAC,uBAAuB,CAAC;IACnF,MAAM,EAAE,YAAY,CAAC;gBAET,WAAW,EAAE,uBAAuB;YAwDlC,sBAAsB;IAiDpC,OAAO,CAAC,UAAU;IA8BZ,WAAW,CACb,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,EAChE,OAAO,EAAE;QACL,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GACF,OAAO,CAAC,IAAI,CAAC;IAyGV,UAAU,CACZ,QAAQ,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,GAChE,OAAO,CAAC,gBAAgB,CAAC;~~IAwDtB~~,YAAY,IAAI,OAAO,CACzB;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CACxD;~~IAyCK~~,SAAS,CACX,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,gBAAgB,CAAC;~~IA2C5B~~,UAAU,CAAC,KAAK,EAAE,KAAK,GAAG,KAAK;CAGlC"}
1	+ {"version":3,"file":"AthenaWarehouseClient.d.ts","sourceRoot":"","sources":["../../src/warehouseClients/AthenaWarehouseClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,YAAY,EAOf,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAGH,uBAAuB,EAGvB,MAAM,EAEN,mBAAmB,EACnB,gBAAgB,EAGhB,gBAAgB,EAChB,cAAc,EACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAM5C,OAAO,mBAAmB,MAAM,uBAAuB,CAAC;AACxD,OAAO,uBAAuB,MAAM,2BAA2B,CAAC;AAEhE,oBAAY,WAAW;IACnB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,IAAI,SAAS;IACb,IAAI,SAAS;IACb,IAAI,SAAS;IACb,OAAO,wBAAwB;IAC/B,SAAS,cAAc;IACvB,YAAY,6BAA6B;IACzC,KAAK,UAAU;IACf,GAAG,QAAQ;IACX,GAAG,QAAQ;IACX,SAAS,cAAc;IACvB,IAAI,SAAS;CAChB;AA4HD,qBAAa,gBAAiB,SAAQ,uBAAuB;IACzD,QAAQ,CAAC,IAAI,yBAAyB;IAEtC,cAAc,IAAI,mBAAmB;IAIrC,wBAAwB,IAAI,MAAM;IAIlC,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM;IAajD,eAAe,IAAI,MAAM;IAIzB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAmBnC,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,MAAM;IAM7D,uBAAuB,CACnB,iBAAiB,EAAE,MAAM,EACzB,eAAe,EAAE,MAAM,GACxB,MAAM;IAKT,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAIzC;AAKD,qBAAa,qBAAsB,SAAQ,mBAAmB,CAAC,uBAAuB,CAAC;IACnF,MAAM,EAAE,YAAY,CAAC;gBAET,WAAW,EAAE,uBAAuB;YAwDlC,sBAAsB;IAiDpC,OAAO,CAAC,UAAU;IA8BZ,WAAW,CACb,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,EAChE,OAAO,EAAE;QACL,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GACF,OAAO,CAAC,IAAI,CAAC;IAyGV,UAAU,CACZ,QAAQ,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,GAChE,OAAO,CAAC,gBAAgB,CAAC;IAuDtB,YAAY,IAAI,OAAO,CACzB;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CACxD;IAwCK,SAAS,CACX,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,gBAAgB,CAAC;IA0C5B,UAAU,CAAC,KAAK,EAAE,KAAK,GAAG,KAAK;CAGlC"}

package/dist/warehouseClients/AthenaWarehouseClient.js CHANGED Viewed

@@ -62,6 +62,78 @@ const convertDataTypeToDimensionType = (type) => {
 };
 // Force lowercase for column names
 const normalizeColumnName = (columnName) => columnName.toLowerCase();
+const AWS_AUTH_ERROR_NAMES = new Set([
+    'UnrecognizedClientException',
+    'InvalidClientTokenId',
+    'InvalidSignatureException',
+    'SignatureDoesNotMatch',
+    'ExpiredToken',
+    'ExpiredTokenException',
+    'CredentialsProviderError',
+    'CredentialsError',
+    'MissingAuthenticationToken',
+    'MissingAuthenticationTokenException',
+]);
+const getAuthErrorHint = (awsErrorName) => {
+    switch (awsErrorName) {
+        case 'UnrecognizedClientException':
+        case 'InvalidClientTokenId':
+            return 'AWS rejected the access key ID. Check the access key in your project settings is correct and the IAM user is enabled.';
+        case 'InvalidSignatureException':
+        case 'SignatureDoesNotMatch':
+            return 'AWS rejected the request signature. Check the secret access key matches the access key ID, and that your system clock is in sync.';
+        case 'ExpiredToken':
+        case 'ExpiredTokenException':
+            return 'AWS credentials have expired. If you are using temporary or assume-role credentials, generate new ones.';
+        case 'CredentialsProviderError':
+        case 'CredentialsError':
+        case 'MissingAuthenticationToken':
+        case 'MissingAuthenticationTokenException':
+            return 'No AWS credentials could be loaded. If using IAM Role authentication, make sure the host has an attached role with Athena access.';
+        default:
+            return '';
+    }
+};
+// Translates a raw error from the AWS SDK (or anywhere else thrown out of an
+// Athena client.send call) into a Lightdash error. Auth/credential failures
+// are surfaced as WarehouseConnectionError so the UI categorizes them as a
+// project-config problem rather than a query problem.
+const translateAthenaError = (error, options = {}) => {
+    const err = error;
+    const awsErrorName = typeof err?.name === 'string' &&
+        err.name !== 'Error' &&
+        !err.name.startsWith('Warehouse')
+        ? err.name
+        : undefined;
+    const httpStatusCode = typeof err?.$metadata?.httpStatusCode === 'number'
+        ? err.$metadata.httpStatusCode
+        : undefined;
+    const baseMessage = (0, common_1.getErrorMessage)(error);
+    const hint = awsErrorName ? getAuthErrorHint(awsErrorName) : '';
+    // e.g. "[UnrecognizedClientException 403]" or "[403]" if name is missing.
+    const tag = [awsErrorName, httpStatusCode]
+        .filter((p) => p !== undefined && p !== '')
+        .join(' ');
+    const messageParts = [
+        options.contextPrefix,
+        tag.length > 0 ? `[${tag}]` : null,
+        baseMessage,
+        hint,
+    ].filter((p) => typeof p === 'string' && p.length > 0);
+    const fullMessage = messageParts.join(' ');
+    // Auth signal precedence: known AWS error name first; otherwise fall back
+    // to HTTP 401 which is unambiguously an authentication failure. We do
+    // *not* fall back on 403 — it also covers IAM permission gaps (e.g.
+    // missing athena:ListTableMetadata), which are query-time problems and
+    // belong in WarehouseQueryError unless the caller asks otherwise.
+    const isAuthError = (awsErrorName !== undefined &&
+        AWS_AUTH_ERROR_NAMES.has(awsErrorName)) ||
+        httpStatusCode === 401;
+    if (isAuthError || options.defaultErrorClass === 'connection') {
+        return new common_1.WarehouseConnectionError(fullMessage);
+    }
+    return new common_1.WarehouseQueryError(fullMessage);
+};
 class AthenaSqlBuilder extends WarehouseBaseSqlBuilder_1.default {
     constructor() {
         super(...arguments);
@@ -313,7 +385,10 @@ class AthenaWarehouseClient extends WarehouseBaseClient_1.default {
                 if (error.name === 'MetadataException') {
                     return undefined;
                 }
-                throw new common_1.WarehouseConnectionError(`Failed to fetch table metadata for '${database}.${schema}.${table}'. ${(0, common_1.getErrorMessage)(e)}`);
+                throw translateAthenaError(e, {
+                    contextPrefix: `Failed to fetch table metadata for '${database}.${schema}.${table}'.`,
+                    defaultErrorClass: 'connection',
+                });
             }
         });
         return results.reduce((acc, result) => {
@@ -354,7 +429,10 @@ class AthenaWarehouseClient extends WarehouseBaseClient_1.default {
             } while (nextToken);
         }
         catch (e) {
-            throw new common_1.WarehouseConnectionError(`Failed to list tables in '${this.credentials.database}.${this.credentials.schema}'. ${(0, common_1.getErrorMessage)(e)}`);
+            throw translateAthenaError(e, {
+                contextPrefix: `Failed to list tables in '${this.credentials.database}.${this.credentials.schema}'.`,
+                defaultErrorClass: 'connection',
+            });
         }
         return tables;
     }
@@ -381,11 +459,14 @@ class AthenaWarehouseClient extends WarehouseBaseClient_1.default {
             return result;
         }
         catch (e) {
-            throw new common_1.WarehouseConnectionError(`Failed to get fields for table '${db}.${sch}.${tableName}'. ${(0, common_1.getErrorMessage)(e)}`);
+            throw translateAthenaError(e, {
+                contextPrefix: `Failed to get fields for table '${db}.${sch}.${tableName}'.`,
+                defaultErrorClass: 'connection',
+            });
         }
     }
     parseError(error) {
-        return new common_1.WarehouseQueryError((0, common_1.getErrorMessage)(error));
+        return translateAthenaError(error);
     }
 }
 exports.AthenaWarehouseClient = AthenaWarehouseClient;

package/dist/warehouseClients/AthenaWarehouseClient.test.js CHANGED Viewed

@@ -103,4 +103,100 @@ describe('AthenaWarehouseClient', () => {
             });
         });
     });
+    describe('error translation', () => {
+        // Synthesizes an error with the shape produced by the AWS SDK:
+        // an Error subclass whose `name` is the AWS error code, with optional
+        // $metadata.httpStatusCode (set by the SDK on every ServiceException).
+        const makeAwsError = (name, message, httpStatusCode) => {
+            const err = new Error(message);
+            err.name = name;
+            if (httpStatusCode !== undefined) {
+                err.$metadata = { httpStatusCode };
+            }
+            return err;
+        };
+        const setMockSendToReject = (error) => {
+            mockAthenaClient.mockImplementation(() => ({
+                send: jest.fn().mockRejectedValue(error),
+            }));
+        };
+        test('translates UnrecognizedClientException into WarehouseConnectionError with hint', async () => {
+            setMockSendToReject(makeAwsError('UnrecognizedClientException', 'The security token included in the request is invalid.'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('[UnrecognizedClientException]'),
+            });
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('AWS rejected the access key ID'),
+            });
+        });
+        test('translates InvalidSignatureException into WarehouseConnectionError', async () => {
+            setMockSendToReject(makeAwsError('InvalidSignatureException', 'Signature does not match.'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('secret access key'),
+            });
+        });
+        test('translates ExpiredTokenException into WarehouseConnectionError', async () => {
+            setMockSendToReject(makeAwsError('ExpiredTokenException', 'The security token has expired.'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('expired'),
+            });
+        });
+        test('translates CredentialsProviderError into WarehouseConnectionError', async () => {
+            setMockSendToReject(makeAwsError('CredentialsProviderError', 'Could not load credentials from any providers'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('IAM Role'),
+            });
+        });
+        test('keeps non-auth errors as WarehouseQueryError from streamQuery', async () => {
+            setMockSendToReject(makeAwsError('InvalidRequestException', 'Workgroup primary not found'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseQueryError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('[InvalidRequestException]'),
+            });
+        });
+        test('falls back to httpStatusCode=401 when error name is unfamiliar', async () => {
+            // Some AWS error variants don't show up in our known-name set but
+            // are still authentication failures (e.g. credential-provider chain
+            // wrapping). HTTP 401 alone should be enough to classify as a
+            // connection error.
+            setMockSendToReject(makeAwsError('SomeFutureAwsAuthError', 'unauthenticated', 401));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('[SomeFutureAwsAuthError 401]'),
+            });
+        });
+        test('does NOT promote httpStatusCode=403 to a connection error (could be IAM gap)', async () => {
+            // AccessDeniedException is 403 but represents an IAM permission
+            // gap during a query — it should remain WarehouseQueryError when
+            // streamQuery is the caller. The catalog/tables/fields paths
+            // explicitly opt into 'connection' default elsewhere.
+            setMockSendToReject(makeAwsError('AccessDeniedException', 'You are not authorized to perform: athena:GetQueryResults', 403));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.test()).rejects.toBeInstanceOf(common_1.WarehouseQueryError);
+            await expect(client.test()).rejects.toMatchObject({
+                message: expect.stringContaining('[AccessDeniedException 403]'),
+            });
+        });
+        test('catalog/tables/fields default to WarehouseConnectionError', async () => {
+            setMockSendToReject(makeAwsError('AccessDeniedException', 'You are not authorized to perform: athena:ListTableMetadata'));
+            const client = new AthenaWarehouseClient_1.AthenaWarehouseClient(baseCredentials);
+            await expect(client.getAllTables()).rejects.toBeInstanceOf(common_1.WarehouseConnectionError);
+            await expect(client.getAllTables()).rejects.toMatchObject({
+                message: expect.stringContaining('[AccessDeniedException]'),
+            });
+            await expect(client.getAllTables()).rejects.toMatchObject({
+                message: expect.stringContaining('Failed to list tables'),
+            });
+        });
+    });
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lightdash/warehouses",
-  "version": "0.2880.0",
+  "version": "0.2881.0",
   "description": "Warehouse connectors for Lightdash",
   "license": "MIT",
   "repository": {
@@ -27,7 +27,7 @@
     "snowflake-sdk": "2.3.4",
     "ssh2": "1.14.0",
     "trino-client": "0.2.9",
-    "@lightdash/common": "0.2880.0"
+    "@lightdash/common": "0.2881.0"
   },
   "devDependencies": {
     "@types/node-fetch": "2.6.13",