Fix: use build(credentials=creds) instead of creds.authorize() for google-auth compatibility; add traceback logging

2026-05-08 19:57:35 -05:00
parent 9b56aa83df
commit eddbd98153
7 changed files with 24 additions and 62 deletions
--- a/cdk/cdk.out/AgentClawStack.assets.json
+++ b/cdk/cdk.out/AgentClawStack.assets.json
@@ -61,16 +61,16 @@
        }
      }
    },
-    "7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0": {
+    "91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec": {
      "displayName": "AgentClawStack Template",
      "source": {
        "path": "AgentClawStack.template.json",
        "packaging": "file"
      },
      "destinations": {
-        "495395224548-us-east-1-41667eab": {
+        "495395224548-us-east-1-27a7d4e2": {
          "bucketName": "cdk-hnb659fds-assets-495395224548-us-east-1",
-          "objectKey": "7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0.json",
+          "objectKey": "91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec.json",
          "region": "us-east-1",
          "assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-file-publishing-role-495395224548-us-east-1"
        }
--- a/cdk/cdk.out/AgentClawStack.metadata.json
+++ b/cdk/cdk.out/AgentClawStack.metadata.json
@@ -572,7 +572,7 @@
    {
      "type": "aws:cdk:creationStack",
      "data": [
-        "...SecretBase.grantRead in aws-cdk-lib...",
+        "...environmentFromArn.grantRead in aws-cdk-lib...",
        "new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:199:29)",
        "<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)",
        "...node internals, ts-node, ts-node, ts-node..."
@@ -715,7 +715,7 @@
    {
      "type": "aws:cdk:creationStack",
      "data": [
-        "...SecretBase.grantRead in aws-cdk-lib...",
+        "...environmentFromArn.grantRead in aws-cdk-lib...",
        "new AgentClawStack (/Users/daniel/agent-claw/cdk/lib/agent-claw-stack.ts:251:29)",
        "<anonymous> (/Users/daniel/agent-claw/cdk/bin/agent-claw.ts:8:1)",
        "...node internals, ts-node, ts-node, ts-node..."
--- a/cdk/cdk.out/AgentClawStack.template.json
+++ b/cdk/cdk.out/AgentClawStack.template.json
@@ -941,18 +941,7 @@
        "secretsmanager:DescribeSecret"
       ],
       "Effect": "Allow",
-       "Resource": {
-        "Fn::Join": [
-         "",
-         [
-          "arn:",
-          {
-           "Ref": "AWS::Partition"
-          },
-          ":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
-         ]
-        ]
-       }
+       "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
      },
      {
       "Action": "secretsmanager:GetSecretValue",
@@ -1012,18 +1001,7 @@
        "secretsmanager:DescribeSecret"
       ],
       "Effect": "Allow",
-       "Resource": {
-        "Fn::Join": [
-         "",
-         [
-          "arn:",
-          {
-           "Ref": "AWS::Partition"
-          },
-          ":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
-         ]
-        ]
-       }
+       "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
      },
      {
       "Action": "secretsmanager:GetSecretValue",
@@ -1088,18 +1066,7 @@
        "secretsmanager:DescribeSecret"
       ],
       "Effect": "Allow",
-       "Resource": {
-        "Fn::Join": [
-         "",
-         [
-          "arn:",
-          {
-           "Ref": "AWS::Partition"
-          },
-          ":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
-         ]
-        ]
-       }
+       "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl"
      },
      {
       "Action": [
@@ -1186,18 +1153,7 @@
    },
    "Environment": {
     "Variables": {
-      "GOOGLE_OAUTH_CLIENT_SECRET_ARN": {
-       "Fn::Join": [
-        "",
-        [
-         "arn:",
-         {
-          "Ref": "AWS::Partition"
-         },
-         ":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client"
-        ]
-       ]
-      },
+      "GOOGLE_OAUTH_CLIENT_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl",
      "USERS_TABLE_NAME": {
       "Ref": "UsersTable9725E9C8"
      },
--- a/cdk/cdk.out/manifest.json
+++ b/cdk/cdk.out/manifest.json
@@ -18,7 +18,7 @@
        "validateOnSynth": false,
        "assumeRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-deploy-role-495395224548-us-east-1",
        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::495395224548:role/cdk-hnb659fds-cfn-exec-role-495395224548-us-east-1",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-495395224548-us-east-1/7cdf99af915f7191eec65aef2668994abc0bff90a30effd9c6f67d7723bcfad0.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-495395224548-us-east-1/91a55dffd35b78473e5145ec4ffe46cfbab25239665de853966d1a1d64a186ec.json",
        "requiresBootstrapStackVersion": 6,
        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
        "additionalDependencies": [
--- a/cdk/cdk.out/tree.json
+++ b/cdk/cdk.out/tree.json
--- a/cdk/lib/agent-claw-stack.ts
+++ b/cdk/lib/agent-claw-stack.ts
@@ -188,8 +188,8 @@ export class AgentClawStack extends cdk.Stack {
    // and fed back as context param runtime1Arn.

    // ── Google Workspace MCP ──────────────────────────────────────────────
-    const googleOAuthClientSecret = secretsmanager.Secret.fromSecretNameV2(
-      this, 'GoogleOAuthClient', 'agent-claw/google-oauth-client'
+    const googleOAuthClientSecret = secretsmanager.Secret.fromSecretCompleteArn(
+      this, 'GoogleOAuthClient', 'arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl'
    );

    // workspace-mcp Lambda execution role (import existing — created during initial setup)