You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of aws-sdk-go-v2 v1.23.0 any errors from the CredentialsProvider are being stringified instead of being wrapped. This breaks any code which might have been trying to unwrap these errors to an smithy.APIError for error handling purposes.
Using the reproduction code on versions < 1.23 the error can be unwrapped to smithy.APIError
operation error STS: GetCallerIdentity, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: <not necessary>, api error AccessDenied: User: <redacted> is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789:role/this-wont-have-access
error is api error
Current Behavior
Using the reproduction code on versions >= 1.23 the error can no longer be unwrapped to smithy.APIError
operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: <not necessary>, api error AccessDenied: User: <redacted> is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789:role/this-wont-have-access
error is not api error
Reproduction Steps
package main
import (
"context""errors""fmt""github.com/aws/smithy-go""github.com/aws/aws-sdk-go-v2/aws""github.com/aws/aws-sdk-go-v2/config""github.com/aws/aws-sdk-go-v2/credentials/stscreds""github.com/aws/aws-sdk-go-v2/service/sts"
)
funcmain() {
ctx:=context.Background()
c, err:=config.LoadDefaultConfig(ctx)
iferr!=nil {
panic(err)
}
stsAssumeRole:=sts.NewFromConfig(c)
credentials:=stscreds.NewAssumeRoleProvider(stsAssumeRole, "arn:aws:iam::123456789:role/this-wont-have-access")
c.Credentials=aws.NewCredentialsCache(credentials)
stsAccount:=sts.NewFromConfig(c)
_, err=stsAccount.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
fmt.Println(err.Error())
varawsError smithy.APIErroriferrors.As(err, &awsError) {
fmt.Println("error is api error")
} else {
fmt.Println("error is not api error")
}
}
Possible Solution
#2364 introduced some usages of fmt.Errorf(...: %v, err) which I think could be using %w to allow for wrapped errors.
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
As of aws-sdk-go-v2 v1.23.0 any errors from the CredentialsProvider are being stringified instead of being wrapped. This breaks any code which might have been trying to unwrap these errors to an
smithy.APIError
for error handling purposes.The docs about error handling mention all API errors should implement
smithy.APIError
https://aws.github.io/aws-sdk-go-v2/docs/handling-errors/#api-error-responses but due being stringified this no longer works.Expected Behavior
Using the reproduction code on versions < 1.23 the error can be unwrapped to
smithy.APIError
Current Behavior
Using the reproduction code on versions >= 1.23 the error can no longer be unwrapped to
smithy.APIError
Reproduction Steps
Possible Solution
#2364 introduced some usages of
fmt.Errorf(...: %v, err)
which I think could be using%w
to allow for wrapped errors.%w
as wellAdditional Information/Context
No response
AWS Go SDK V2 Module Versions Used
aws-sdk-go-v2 v1.23.0 and above
Compiler and Version used
n/a
Operating System and version
n/a
The text was updated successfully, but these errors were encountered: