make encryptionkey not required

Author: kddejong

src/auth/AwsCredentials.ts

@@ -23,14 +23,14 @@ export class AwsCredentials {
     private readonly logger = LoggerFactory.getLogger(AwsCredentials);
 
     private iamCredentials?: IamCredentials;
-    private readonly encryptionKey: Buffer;
+    private readonly encryptionKey?: Buffer;
 
     constructor(
         private readonly awsHandlers: LspAuthHandlers,
         private readonly settingsManager: SettingsManager,
-        encryptionKey: string,
+        encryptionKey?: string,
     ) {
-        this.encryptionKey = Buffer.from(encryptionKey, 'base64');
+        this.encryptionKey = encryptionKey ? Buffer.from(encryptionKey, 'base64') : undefined;
     }
 
     getIAM(): DeepReadonly<IamCredentials> {
@@ -41,6 +41,11 @@ export class AwsCredentials {
     }
 
     async handleIamCredentialsUpdate(params: UpdateCredentialsParams): Promise<boolean> {
+        if (!this.encryptionKey) {
+            this.logger.error('Authentication failed: encryption key not configured');
+            return false;
+        }
+
         try {
             const decrypted = await compactDecrypt(params.data, this.encryptionKey);
             const rawCredentials = JSON.parse(new TextDecoder().decode(decrypted.plaintext)) as unknown;

src/server/CfnInfraCore.ts

@@ -60,9 +60,6 @@ export class CfnInfraCore implements Configurables, Closeable {
         this.fileContextManager = overrides.fileContextManager ?? new FileContextManager(this.documentManager);
 
         const encryptionKey = initializeParams.initializationOptions?.encryption?.key;
-        if (!encryptionKey) {
-            throw new Error('Encryption key is required');
-        }
 
         this.awsCredentials =
             overrides.awsCredentials ??

src/services/AwsClient.ts

@@ -23,11 +23,15 @@ export class AwsClient {
     }
 
     private iamClientConfig(): IamClientConfig {
-        const credential = this.credentialsProvider.getIAM();
-        return {
-            region: credential.region,
-            credentials: this.credentialsProvider.getIAM(),
-            customUserAgent: `${ExtensionId}/${ExtensionVersion}`,
-        };
+        try {
+            const credential = this.credentialsProvider.getIAM();
+            return {
+                region: credential.region,
+                credentials: credential,
+                customUserAgent: `${ExtensionId}/${ExtensionVersion}`,
+            };
+        } catch {
+            throw new Error('AWS credentials not configured. Authentication required for online features.');
+        }
     }
 }

tst/unit/services/AwsClient.test.ts

@@ -47,9 +47,11 @@ describe('AwsClient', () => {
         });
 
         it('should handle credentials provider errors', () => {
-            mockComponents.awsCredentials.getIAM.throws(new Error('Credential provider error'));
+            mockComponents.awsCredentials.getIAM.throws(new Error('IAM credentials not configured'));
 
-            expect(() => component.getCloudFormationClient()).toThrow('Credential provider error');
+            expect(() => component.getCloudFormationClient()).toThrow(
+                'AWS credentials not configured. Authentication required for online features.',
+            );
         });
     });
 });