Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TypeError: Illegal invocation while assuming role #6690

Open
3 of 4 tasks
neerajtk13 opened this issue Nov 25, 2024 · 6 comments
Open
3 of 4 tasks

TypeError: Illegal invocation while assuming role #6690

neerajtk13 opened this issue Nov 25, 2024 · 6 comments
Assignees
@zshzbh
Labels
p2 This is a standard priority issue workaround-available This issue has a work around available.

Comments

@neerajtk13
Copy link

neerajtk13 commented Nov 25, 2024
edited by zshzbh
Loading

Checkboxes for prior research

Describe the bug

const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts");
const { saveAwsCredentails } = require("../store");

const awsAccessKeyId = process.env.AWS_ACCESS_KEY_ID;
const awsSecretAccessKey =
  process.env.AWS_SECRET_ACCESS_KEY;
const awsSTSRegion = process.env.AWS_STS_REGION || "us-east-1";

let credentials = null;
let expiration = null;
let client = null;
const refreshBuffer = 300000; // Buffer time in milliseconds (5 minutes)

const initializeClient = () => {
  if (!client) {
    client = new STSClient({
      region: awsSTSRegion,
      credentials: {
        accessKeyId: awsAccessKeyId,
        secretAccessKey: awsSecretAccessKey,
      },
    });
  }
};

const assumeRole = async (
  roleArn,
  sessionName,
  externalId,
  sessionDuration
) => {
  try {
    const command = new AssumeRoleCommand({
      RoleArn: roleArn,
      RoleSessionName: sessionName,
      DurationSeconds: sessionDuration,
      ExternalId: externalId,
    });

    console.log("Sending AssumeRoleCommand with parameters:", {
      RoleArn: roleArn,
      RoleSessionName: sessionName,
      DurationSeconds: sessionDuration,
      ExternalId: externalId,
    });

    const response = await client.send(command);
    console.log("Assumed role successfully:", response);

    credentials = {
      accessKeyId: response.Credentials.AccessKeyId,
      secretAccessKey: response.Credentials.SecretAccessKey,
      expiration: response.Credentials.Expiration,
      sessionToken: response.Credentials.SessionToken,
    };

    await saveAwsCredentails(credentials);
    expiration = new Date(response.Credentials.Expiration).getTime();
    return credentials;
  } catch (err) {
    console.error("Error assuming role:", err);
    throw new Error("Failed to assume role");
  }
};

const getCredentials = async (
  roleArn,
  sessionName,
  externalId,
  sessionDuration
) => {
  initializeClient();
  const currentTime = Date.now();

  if (credentials && expiration - currentTime > refreshBuffer) {
    console.log("Returning cached credentials.");
    return credentials;
  }

  console.log("Credentials expired or not available; refetching...");
  return await assumeRole(roleArn, sessionName, externalId, sessionDuration);
};

module.exports = {
  getCredentials,
};

Regression Issue

  • Select this option if this issue appears to be a regression.

SDK version number

"@aws-sdk/client-sts": "^3.696.0"

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

electron js : 21.1.0, Node js: 18.12.0

Reproduction Steps

im running this inside my electron app.

Observed Behavior

the code is failing at const response = await client.send(command);
it is saying TypeError: Illegal invocation while assuming role. it used to work fine till last week .

Expected Behavior

Should return credentials response

Possible Solution

No response

Additional Information/Context

No response
@neerajtk13 neerajtk13 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 25, 2024
@zshzbh
Copy link
Contributor

zshzbh commented Nov 25, 2024
edited
Loading

Hey @neerajtk13 ,

Thanks for this feedback! This typically happens due to incorrect binding of the STS client.

I can't reproduce this issue. I can share my working reproduction code with you.
package version - "@aws-sdk/client-sts": "3.696",
electron version - "electron": "21.1.0"

const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts");

let credentials = null;
let expiration = null;
let client = null;
const refreshBuffer = 300000; // 5 minutes
const RoleArn = "arn:aws:iam::XXX:role/s3-role";
const RoleSessionName = "session1";
const DurationSeconds = 900;

const initializeClient = () => {
    if (!client) {
        client = new STSClient({
            region: "us-west-2",
        });
    }
};

const assumeRole = async (roleArn, sessionName, sessionDuration) => {
    try {
        const command = new AssumeRoleCommand({
            RoleArn: roleArn,
            RoleSessionName: sessionName,
            DurationSeconds: sessionDuration,
        });

        console.log("Sending AssumeRoleCommand with parameters:", {
            RoleArn: roleArn,
            RoleSessionName: sessionName,
            DurationSeconds: sessionDuration,
        });

        const response = await client.send(command);
        console.log("Assumed role successfully:", response);

        credentials = {
            accessKeyId: response.Credentials.AccessKeyId,
            secretAccessKey: response.Credentials.SecretAccessKey,
            expiration: response.Credentials.Expiration,
            sessionToken: response.Credentials.SessionToken,
        };

        expiration = new Date(response.Credentials.Expiration).getTime();
        return credentials;
    } catch (err) {
        console.error("Error assuming role:", err);
        throw new Error("Failed to assume role");
    }
};

const getCredentials = async () => {
    initializeClient();
    const currentTime = Date.now();

    if (credentials && expiration - currentTime > refreshBuffer) {
        console.log("Returning cached credentials.");
        return credentials;
    }

    console.log("Credentials expired or not available; refetching...");
    return await assumeRole(RoleArn, RoleSessionName, DurationSeconds);
};

module.exports = getCredentials;

When I export the module like this - module.exports = { getCredentials, };, I got Error: getCredentials is not a function error message

Could you please check if you can update the export module part to -

module.exports = getCredentials;

@zshzbh zshzbh self-assigned this Nov 25, 2024
@zshzbh zshzbh added p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 25, 2024
@mason-atayo
Copy link

Do you by chance have this line in your esbuild config file:

platform: "node",

Was just facing this issue in an electron app and the solution was to remove that line.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. label Nov 26, 2024
@zshzbh
Copy link
Contributor

zshzbh commented Nov 26, 2024

I don't have this line in the config. I just check the esbuild doc

By default, esbuild's bundler is configured to generate code intended for the browser. If your bundled code is intended to run in node instead, you should set the platform to node

Since I don't have this line, it sets to default value, which is browser. And I think this is the root cause of this issue. Glad we figured it out!

Please LMK if you have other questions!

Thanks!
Maggie

@zshzbh zshzbh added closing-soon This issue will automatically close in 4 days unless further comments are made. guidance General information and guidance, answers to FAQs, or recommended best practices/resources. and removed bug This issue is a bug. labels Nov 26, 2024
@neerajtk13
Copy link
Author

im using electron-builder i dont have esbuild-config file or this platform: "node" line of code anywhere.

@neerajtk13
Copy link
Author

my code is working on first time role creation and when that session expires upon rehitting the assumerole function im getting this illegal invocation error

@zshzbh
Copy link
Contributor

zshzbh commented Nov 26, 2024

@neerajtk13
Could you please provide your minimal code reproduction? Every project has different framework setup& configs. We have to troubleshoot the root cause with minimal code reprodution.

@github-actions github-actions bot removed the closing-soon This issue will automatically close in 4 days unless further comments are made. label Nov 27, 2024
@zshzbh zshzbh added workaround-available This issue has a work around available. and removed guidance General information and guidance, answers to FAQs, or recommended best practices/resources. labels Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zshzbh zshzbh

Labels
p2 This is a standard priority issue workaround-available This issue has a work around available.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@neerajtk13 @zshzbh @mason-atayo