Take AWS error message only if details exists in refreshToken failure (#4611)

wularr · web-flow · commit c92a1666f6b9 · 2024-06-24T14:45:19.000-07:00
diff --git a/.changes/next-release/bugfix-0a41e319-c7eb-413f-b43f-367b3d6379c1.json b/.changes/next-release/bugfix-0a41e319-c7eb-413f-b43f-367b3d6379c1.json
@@ -0,0 +1,4 @@
+{
+  "type" : "bugfix",
+  "description" : "Fix refresh token failure due to null aws error details"
+}
diff --git a/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt b/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt
@@ -406,7 +406,7 @@ class SsoAccessTokenProvider(
                 else -> null
             }
             val message = when (e) {
-                is AwsServiceException -> e.awsErrorDetails().errorMessage()
+                is AwsServiceException -> e.awsErrorDetails()?.errorMessage() ?: "Unknown error"
                 else -> e.message ?: "Unknown error"
             }
             sendFailedRefreshCredentialsMetricIfNeeded(
diff --git a/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProviderTest.kt b/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProviderTest.kt
@@ -24,6 +24,7 @@ import org.mockito.kotlin.mock
 import org.mockito.kotlin.stub
 import org.mockito.kotlin.times
 import org.mockito.kotlin.verify
+import software.amazon.awssdk.awscore.exception.AwsServiceException
 import software.amazon.awssdk.services.ssooidc.SsoOidcClient
 import software.amazon.awssdk.services.ssooidc.model.AuthorizationPendingException
 import software.amazon.awssdk.services.ssooidc.model.CreateTokenRequest
@@ -300,6 +301,31 @@ class SsoAccessTokenProviderTest {
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(refreshedToken))
     }
 
+    @Test
+    fun `refresh access token error handling does not fail if AWS error details are missing`() {
+        val expirationClientRegistration = clock.instant().plusSeconds(120)
+        setupCacheStub(expirationClientRegistration)
+
+        val accessToken = DeviceAuthorizationGrantToken(ssoUrl, ssoRegion, "dummyToken", "refreshToken", clock.instant())
+        ssoCache.stub {
+            on(
+                ssoCache.loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
+            ).thenReturn(
+                accessToken
+            )
+        }
+
+        ssoOidcClient.stub {
+            on(
+                ssoOidcClient.createToken(refreshTokenRequest())
+            )
+                .thenThrow(AwsServiceException.builder().build())
+        }
+
+        assertThatThrownBy { runBlocking { sut.refreshToken(sut.accessToken()) } }
+            .isInstanceOf(AwsServiceException::class.java)
+    }
+
     @Test
     fun `PKCE refresh access token saves PKCE token`() {
         setPkceTrue()

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "type" : "bugfix",
 +  "description" : "Fix refresh token failure due to null aws error details"
 +}
Original file line number	Diff line number	Diff line change
`@@ -406,7 +406,7 @@ class SsoAccessTokenProvider(`
`406`	`406`	`else -> null`
`407`	`407`	`}`
`408`	`408`	`val message = when (e) {`
`409`		`- is AwsServiceException -> e.awsErrorDetails().errorMessage()`
	`409`	`+ is AwsServiceException -> e.awsErrorDetails()?.errorMessage() ?: "Unknown error"`
`410`	`410`	`else -> e.message ?: "Unknown error"`
`411`	`411`	`}`
`412`	`412`	`sendFailedRefreshCredentialsMetricIfNeeded(`