sst 2.3.3 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -158,18 +158,34 @@ export const bind = (program) => program
158
158
  const { Logger } = await import("../../logger.js");
159
159
  const { useAWSClient } = await import("../../credentials.js");
160
160
  const sts = useAWSClient(STSClient);
161
- try {
161
+ const assumeRole = async (duration) => {
162
162
  const { Credentials: credentials } = await sts.send(new AssumeRoleCommand({
163
163
  RoleArn: roleArn,
164
164
  RoleSessionName: "dev-session",
165
- DurationSeconds: 43200,
165
+ DurationSeconds: duration,
166
166
  }));
167
167
  return credentials;
168
+ };
169
+ // Assue role with max duration first. This can fail if chaining roles, or if
170
+ // the role has a max duration set. If it fails, assume role with 1 hour duration.
171
+ let err;
172
+ try {
173
+ return await assumeRole(43200);
168
174
  }
169
175
  catch (e) {
170
- Colors.line(Colors.warning(`Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`));
171
- Logger.debug(`Failed to assume ${roleArn}.`, e);
176
+ err = e;
177
+ }
178
+ if (err.name === "ValidationError" &&
179
+ err.message.startsWith("The requested DurationSeconds exceeds")) {
180
+ try {
181
+ return await assumeRole(3600);
182
+ }
183
+ catch (e) {
184
+ err = e;
185
+ }
172
186
  }
187
+ Colors.line(Colors.warning(`Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`));
188
+ Logger.debug(`Failed to assume ${roleArn}.`, err);
173
189
  }
174
190
  async function localIamCredentials() {
175
191
  const { useAWSCredentials } = await import("../../credentials.js");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sst",
3
- "version": "2.3.3",
3
+ "version": "2.3.4",
4
4
  "bin": {
5
5
  "sst": "cli/sst.js"
6
6
  },
package/sst.mjs CHANGED
@@ -7255,23 +7255,35 @@ var bind = (program2) => program2.command(
7255
7255
  const { Logger: Logger2 } = await Promise.resolve().then(() => (init_logger(), logger_exports));
7256
7256
  const { useAWSClient: useAWSClient2 } = await Promise.resolve().then(() => (init_credentials(), credentials_exports));
7257
7257
  const sts = useAWSClient2(STSClient2);
7258
- try {
7258
+ const assumeRole = async (duration) => {
7259
7259
  const { Credentials: credentials } = await sts.send(
7260
7260
  new AssumeRoleCommand({
7261
7261
  RoleArn: roleArn,
7262
7262
  RoleSessionName: "dev-session",
7263
- DurationSeconds: 43200
7263
+ DurationSeconds: duration
7264
7264
  })
7265
7265
  );
7266
7266
  return credentials;
7267
+ };
7268
+ let err;
7269
+ try {
7270
+ return await assumeRole(43200);
7267
7271
  } catch (e) {
7268
- Colors2.line(
7269
- Colors2.warning(
7270
- `Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`
7271
- )
7272
- );
7273
- Logger2.debug(`Failed to assume ${roleArn}.`, e);
7272
+ err = e;
7273
+ }
7274
+ if (err.name === "ValidationError" && err.message.startsWith("The requested DurationSeconds exceeds")) {
7275
+ try {
7276
+ return await assumeRole(3600);
7277
+ } catch (e) {
7278
+ err = e;
7279
+ }
7274
7280
  }
7281
+ Colors2.line(
7282
+ Colors2.warning(
7283
+ `Failed to assume SSR role ${roleArn}. Falling back to using local IAM credentials.`
7284
+ )
7285
+ );
7286
+ Logger2.debug(`Failed to assume ${roleArn}.`, err);
7275
7287
  }
7276
7288
  async function localIamCredentials() {
7277
7289
  const { useAWSCredentials: useAWSCredentials3 } = await Promise.resolve().then(() => (init_credentials(), credentials_exports));