Comments (14)
AntonShuvaev
commented on June 5, 2024
There was a similar issue #25. Launching the IDE from the CLI should help. If not, please share the relevant stacktrace from idea.log.
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
Works when launching from the CLI but do I have to change my workflow just for the plugin? All else works fine, even Big Data Tools can connect to AWS using a similar connection configuration. Would love for this to be seamless so I can roll out paid licenses to my team. Thoughts?
from intellij-dynamodb.
AntonShuvaev
commented on June 5, 2024
Can you share the relevant stacktrace from idea.log (Help > Show Log in Finder ) and what credential_process is used for auth? I'll try to fix this.
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
I see the log but lots of noise in here. What kind of text am I looking for to share?
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
java.lang.IllegalStateException: Failed to refresh process-based credentials.
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.refreshCredentials(ProcessCredentialsProvider.java:139)
at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$3(CachedSupplier.java:283)
at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:419)
at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:198)
at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:127)
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.resolveCredentials(ProcessCredentialsProvider.java:121)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:50)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:120)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:179)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56)
at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRole(DefaultStsClient.java:269)
at software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider.getUpdatedCredentials(StsAssumeRoleCredentialsProvider.java:71)
at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.updateSessionCredentials(StsCredentialsProvider.java:88)
at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$3(CachedSupplier.java:283)
at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:419)
at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:198)
at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:127)
at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.resolveCredentials(StsCredentialsProvider.java:99)
at software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider.resolveCredentials(StsAssumeRoleCredentialsProvider.java:43)
at org.dynamodb4idea.c$a.resolveCredentials(SourceFile:110)
at org.dynamodb4idea.a.resolveCredentials(SourceFile:117)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:50)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:120)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:179)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56)
at software.amazon.awssdk.services.dynamodb.a.listTables(SourceFile:5145)
at software.amazon.awssdk.services.dynamodb.DynamoDbClient.listTables(DynamoDbClient.java:5787)
at org.dynamodb4idea.lH$g.a(SourceFile:143)
at org.dynamodb4idea.lH$g.invoke(SourceFile:146)
at org.dynamodb4idea.p.a(SourceFile:24)
at org.dynamodb4idea.p.b(SourceFile:49)
at org.dynamodb4idea.q$a.run(SourceFile:27)
at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.IllegalStateException: Command returned non-zero exit value (127) with error message: sh: saml2aws: command not found
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.executeCommand(ProcessCredentialsProvider.java:215)
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.refreshCredentials(ProcessCredentialsProvider.java:126)
... 63 more
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
Additionally, when launched from the CLI, the connection seems to inspect DynamoDB resources just fine but when I try a query I see the following:
AccessDeniedException
User: arn:aws:sts::<<account number>>:assumed-role/<<role name>>/aws-sdk-java-1680121851194 is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-east-1:<<account number>>:table/<<table name>> because no identity-based policy allows the dynamodb:Query action
My role certainly does not contain the aws-sdk-java-1680121851194 text in the arn path. Is that normal?
The text up until that point properly reflects the role though:
arn:aws:sts::<<account number>>:assumed-role/<<role name>>
from intellij-dynamodb.
AntonShuvaev
commented on June 5, 2024
Thanks for the info, I will look into it.
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
Much appreciated.
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
Curious when you think you'll get to looking into this. It's an unfortunate full blocker at the moment.
from intellij-dynamodb.
AntonShuvaev
commented on June 5, 2024
I'm going to release a fix next week.
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
Excellent. Looking forward to it.
from intellij-dynamodb.
AntonShuvaev
commented on June 5, 2024
This bug is fixed now, please update to 2023.1.1.
Regarding the AccessDeniedException error, aws-sdk-java-1680121851194 is the name of the temporary session which is added by AWS SDK if it is not already present. It shouldn't be a problem as long as the role has the correct permissions and there is no condition for sts:RoleSessionName.
Can you check with AWS CLI if you can run the same query?
from intellij-dynamodb.
fjaccarino
commented on June 5, 2024
I no longer see the java.lang.IllegalStateException: Failed to refresh process-based credentials error but still see the AccessDeniedException. Same from the CLI. Do you know what permission is required so I can chat with security?
from intellij-dynamodb.
AntonShuvaev
commented on June 5, 2024
Thanks for confirming that the error is gone.
You can use AmazonDynamoDBFullAccess policy or set up policy for the specific table.
For reading data you need dynamodb:ListTables, dynamodb:DescribeTable, dynamodb:Query, dynamodb:Scan and dynamodb:ExecuteStatement(for PartiQL) permissions. For managing data you also need dynamodb:UpdateItem, dynamodb:PutItem, dynamodb:DeleteItem and dynamodb:BatchWriteItem permissions.
You can find more details here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_specific-table.html
from intellij-dynamodb.
Related Issues (20)
- DynamoDB Scan Request Doesn't Work As Expected HOT 2
- [Suggestion] Make double-clicking on the row ID a shortcut to opening the edit window HOT 2
- [Suggestion] Dragging columns should be preserved if you refresh query HOT 2
- Expanding edit window doesn't expand textarea HOT 2
- Login does not support AWS temporary credentals HOT 3
- problems for export data HOT 2
- Dynamodb local cconnection fails HOT 1
- Deleting table does not refresh display HOT 1
- Sort results within ddb window HOT 1
- csv export not exporting column headers HOT 1
- New Sort feature not working properly with primary keys HOT 1
- Table names with a dot are truncated in editor tabs HOT 1
- Fetching tables list takes too long HOT 3
- Tables list search and filtering HOT 1
- Table Name Exclude Pattern HOT 1
- Quick Search in the Table Browser HOT 1
- Automatically add closing quota in Query in Data Browser HOT 1
- Plugin makes it nearly impossible to work with projects that have multiple similar named files. HOT 1
- begins_with query condition no longer allowed HOT 1
- Multiple windows, not modal HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from intellij-dynamodb.