Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[route53][waitUntilResourceRecordSetsChanged] waits endlessly if no permissions #3081

Closed
Faithfinder opened this issue Dec 2, 2021 · 4 comments
Closed

[route53][waitUntilResourceRecordSetsChanged] waits endlessly if no permissions #3081

Faithfinder opened this issue Dec 2, 2021 · 4 comments
Assignees
@RanVaknin
Labels
bug This issue is a bug. p3 This is a minor priority issue

Comments

@Faithfinder
Copy link

Describe the bug

waitUntilResourceRecordSetsChanged from @aws-sdk/client-route-53 doesn't throw if you don't have route53:GetChange permission

Your environment

SDK version number

@aws-sdk/[email protected]

Is the issue in the browser/Node.js/ReactNative?

Node.js

Details of the browser/Node.js/ReactNative version

Lambda, really

Steps to reproduce

Have a lambda like this, without route53:GetChange permission

 const result = await r53Client.send(createRecordCommand);
await waitUntilResourceRecordSetsChanged(
    { client: r53Client, maxWaitTime: Infinity },
    { Id: result.ChangeInfo?.Id }
);

Observed behavior

Waiter never exits

Expected behavior

Waiter throws

Additional context

Sure, Infinity in the maxWaitTIme is cheeky, but I don't think it's entirely relevant - I still want the waiter to throw if there's no permission.
@Faithfinder Faithfinder added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 2, 2021
@ajredniwja ajredniwja self-assigned this Dec 6, 2021
@ajredniwja ajredniwja added investigating Issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Dec 13, 2021
@webdestroya
Copy link

This happens in all the waiters, I presume.

I was pulling my hair out trying to figure out why my ECS waitUntilTasksRunning and waitUntilTasksStopped were hanging for no reason.

@RanVaknin RanVaknin added the p3 This is a minor priority issue label Feb 22, 2023
@ghmeier
Copy link

ghmeier commented Mar 9, 2023

Can confirm - this happened for my waiters as well.

@aBurmeseDev aBurmeseDev assigned RanVaknin and unassigned ajredniwja Feb 28, 2024
@RanVaknin RanVaknin removed the investigating Issue is being investigated and/or work is in progress to resolve the issue. label May 3, 2024
@RanVaknin
Copy link
Contributor

Hi there,

This is the intended behavior. The waiter's definition of when to "exit" the await state, is defined upstream with the service model itself. I go over why this might be the intended behavior here.

I understand that having the underlying errors swallowed makes them hard to discover. Because of this you can enable the logger on your client to see the underlying error like so:

const r53Client = new Route53Client({
    region: "us-east-1",
    logger:console,
});

/*
{
  clientName: 'Route53Client',
  commandName: 'GetChangeCommand',
  input: { Id: 'REDACTED' },
  error: AccessDenied: User: arn:aws:sts::REDACTED:assumed-role/Route53LimitedAccessRole/testRoute53Session is not authorized to perform: route53:GetChange on resource: arn:aws:route53:::change/REDACTED with an explicit deny in an identity-based policy
      at throwDefaultError (/Users/rvaknin/test_folder/3081/node_modules/@smithy/smithy-client/dist-cjs/index.js:838:20)
      at /Users/rvaknin/test_folder/3081/node_modules/@smithy/smithy-client/dist-cjs/index.js:847:5
      at de_CommandError (/Users/rvaknin/test_folder/3081/node_modules/@aws-sdk/client-route-53/dist-cjs/index.js:4141:14)
      at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
      at async /Users/rvaknin/test_folder/3081/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
      at async /Users/rvaknin/test_folder/3081/node_modules/@smithy/core/dist-cjs/index.js:165:18
      at async /Users/rvaknin/test_folder/3081/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38
      at async /Users/rvaknin/test_folder/3081/node_modules/@aws-sdk/middleware-logger/dist-cjs/index.js:33:22
      at async checkState (/Users/rvaknin/test_folder/3081/node_modules/@aws-sdk/client-route-53/dist-cjs/index.js:7725:20)
      at async runPolling (/Users/rvaknin/test_folder/3081/node_modules/@smithy/util-waiter/dist-cjs/index.js:99:48) {
    '$fault': 'client',
    '$metadata': {
      httpStatusCode: 403,
      requestId: 'REDACTED',
      extendedRequestId: undefined,
      cfId: undefined,
      attempts: 1,
      totalRetryDelay: 0
    },
    Type: 'Sender',
    Code: 'AccessDenied'
  },
*/

Thanks,
Ran~

@RanVaknin RanVaknin closed this as not planned Won't fix, can't repro, duplicate, stale May 6, 2024
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@RanVaknin RanVaknin

Labels
bug This issue is a bug. p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@webdestroya @ghmeier @Faithfinder @ajredniwja @RanVaknin