sst 2.3.2 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/bind.js +20 -4
- package/package.json +1 -1
- package/sst.mjs +21 -8
- package/watcher.js +1 -0
package/cli/commands/bind.js
CHANGED
|
@@ -158,18 +158,34 @@ export const bind = (program) => program
|
|
|
158
158
|
const { Logger } = await import("../../logger.js");
|
|
159
159
|
const { useAWSClient } = await import("../../credentials.js");
|
|
160
160
|
const sts = useAWSClient(STSClient);
|
|
161
|
-
|
|
161
|
+
const assumeRole = async (duration) => {
|
|
162
162
|
const { Credentials: credentials } = await sts.send(new AssumeRoleCommand({
|
|
163
163
|
RoleArn: roleArn,
|
|
164
164
|
RoleSessionName: "dev-session",
|
|
165
|
-
DurationSeconds:
|
|
165
|
+
DurationSeconds: duration,
|
|
166
166
|
}));
|
|
167
167
|
return credentials;
|
|
168
|
+
};
|
|
169
|
+
// Assue role with max duration first. This can fail if chaining roles, or if
|
|
170
|
+
// the role has a max duration set. If it fails, assume role with 1 hour duration.
|
|
171
|
+
let err;
|
|
172
|
+
try {
|
|
173
|
+
return await assumeRole(43200);
|
|
168
174
|
}
|
|
169
175
|
catch (e) {
|
|
170
|
-
|
|
171
|
-
|
|
176
|
+
err = e;
|
|
177
|
+
}
|
|
178
|
+
if (err.name === "ValidationError" &&
|
|
179
|
+
err.message.startsWith("The requested DurationSeconds exceeds")) {
|
|
180
|
+
try {
|
|
181
|
+
return await assumeRole(3600);
|
|
182
|
+
}
|
|
183
|
+
catch (e) {
|
|
184
|
+
err = e;
|
|
185
|
+
}
|
|
172
186
|
}
|
|
187
|
+
Colors.line(Colors.warning(`Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`));
|
|
188
|
+
Logger.debug(`Failed to assume ${roleArn}.`, err);
|
|
173
189
|
}
|
|
174
190
|
async function localIamCredentials() {
|
|
175
191
|
const { useAWSCredentials } = await import("../../credentials.js");
|
package/package.json
CHANGED
package/sst.mjs
CHANGED
|
@@ -3484,6 +3484,7 @@ var init_watcher = __esm({
|
|
|
3484
3484
|
"**/node_modules/**",
|
|
3485
3485
|
"**/.build/**",
|
|
3486
3486
|
"**/.sst/**",
|
|
3487
|
+
"**/.git/**",
|
|
3487
3488
|
"**/debug.log"
|
|
3488
3489
|
],
|
|
3489
3490
|
awaitWriteFinish: {
|
|
@@ -7254,23 +7255,35 @@ var bind = (program2) => program2.command(
|
|
|
7254
7255
|
const { Logger: Logger2 } = await Promise.resolve().then(() => (init_logger(), logger_exports));
|
|
7255
7256
|
const { useAWSClient: useAWSClient2 } = await Promise.resolve().then(() => (init_credentials(), credentials_exports));
|
|
7256
7257
|
const sts = useAWSClient2(STSClient2);
|
|
7257
|
-
|
|
7258
|
+
const assumeRole = async (duration) => {
|
|
7258
7259
|
const { Credentials: credentials } = await sts.send(
|
|
7259
7260
|
new AssumeRoleCommand({
|
|
7260
7261
|
RoleArn: roleArn,
|
|
7261
7262
|
RoleSessionName: "dev-session",
|
|
7262
|
-
DurationSeconds:
|
|
7263
|
+
DurationSeconds: duration
|
|
7263
7264
|
})
|
|
7264
7265
|
);
|
|
7265
7266
|
return credentials;
|
|
7267
|
+
};
|
|
7268
|
+
let err;
|
|
7269
|
+
try {
|
|
7270
|
+
return await assumeRole(43200);
|
|
7266
7271
|
} catch (e) {
|
|
7267
|
-
|
|
7268
|
-
|
|
7269
|
-
|
|
7270
|
-
|
|
7271
|
-
|
|
7272
|
-
|
|
7272
|
+
err = e;
|
|
7273
|
+
}
|
|
7274
|
+
if (err.name === "ValidationError" && err.message.startsWith("The requested DurationSeconds exceeds")) {
|
|
7275
|
+
try {
|
|
7276
|
+
return await assumeRole(3600);
|
|
7277
|
+
} catch (e) {
|
|
7278
|
+
err = e;
|
|
7279
|
+
}
|
|
7273
7280
|
}
|
|
7281
|
+
Colors2.line(
|
|
7282
|
+
Colors2.warning(
|
|
7283
|
+
`Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`
|
|
7284
|
+
)
|
|
7285
|
+
);
|
|
7286
|
+
Logger2.debug(`Failed to assume ${roleArn}.`, err);
|
|
7274
7287
|
}
|
|
7275
7288
|
async function localIamCredentials() {
|
|
7276
7289
|
const { useAWSCredentials: useAWSCredentials3 } = await Promise.resolve().then(() => (init_credentials(), credentials_exports));
|