Surface error popup dialog on login failure (#4780)

Author: rli

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/LoginUtils.kt

@@ -6,20 +6,18 @@ package software.aws.toolkits.jetbrains.core.credentials
 import com.intellij.openapi.progress.ProcessCanceledException
 import com.intellij.openapi.project.Project
 import com.intellij.openapi.vfs.VirtualFileManager
-import org.slf4j.LoggerFactory
-import org.slf4j.event.Level
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
 import software.amazon.awssdk.profiles.Profile
 import software.amazon.awssdk.profiles.ProfileProperty
+import software.amazon.awssdk.profiles.internal.ProfileFileReader
 import software.amazon.awssdk.regions.Region
 import software.amazon.awssdk.services.ssooidc.model.InvalidGrantException
 import software.amazon.awssdk.services.ssooidc.model.InvalidRequestException
 import software.amazon.awssdk.services.ssooidc.model.SsoOidcException
 import software.amazon.awssdk.services.sts.StsClient
 import software.aws.toolkits.core.credentials.validatedSsoIdentifierFromUrl
 import software.aws.toolkits.core.region.AwsRegion
-import software.aws.toolkits.core.utils.tryOrNull
 import software.aws.toolkits.jetbrains.core.AwsClientManager
 import software.aws.toolkits.jetbrains.core.credentials.profiles.SsoSessionConstants
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_REGION
@@ -30,22 +28,30 @@ import software.aws.toolkits.resources.AwsCoreBundle
 import software.aws.toolkits.telemetry.CredentialSourceId
 import java.io.IOException
 
-private val LOG = LoggerFactory.getLogger("LoginUtils")
-
-sealed interface Login {
-    val id: CredentialSourceId
+sealed class Login<T> {
+    abstract val id: CredentialSourceId
+    abstract val onError: (Exception) -> Unit
+    protected abstract fun doLogin(project: Project): T
+
+    fun login(project: Project): T {
+        try {
+            return doLogin(project)
+        } catch (e: Exception) {
+            onError(e)
+            throw e
+        }
+    }
 
     data class BuilderId(
         val scopes: List<String>,
         val onPendingToken: (InteractiveBearerTokenProvider) -> Unit,
-        val onError: (Exception) -> Unit,
+        override val onError: (Exception) -> Unit,
         val onSuccess: () -> Unit
-    ) : Login {
+    ) : Login<Unit>() {
         override val id: CredentialSourceId = CredentialSourceId.AwsId
 
-        fun loginBuilderId(project: Project): Boolean {
-            loginSso(project, SONO_URL, SONO_REGION, scopes, onPendingToken, onError, onSuccess)
-            return true
+        override fun doLogin(project: Project) {
+            loginSso(project, SONO_URL, SONO_REGION, scopes, onPendingToken, onError, onSuccess) != null
         }
     }
 
@@ -55,16 +61,19 @@ sealed interface Login {
         val scopes: List<String>,
         val onPendingToken: (InteractiveBearerTokenProvider) -> Unit,
         val onSuccess: () -> Unit,
-        val onError: (Exception, AuthProfile) -> Unit
-    ) : Login {
+        override val onError: (Exception) -> Unit
+    ) : Login<AwsBearerTokenConnection?>() {
         override val id: CredentialSourceId = CredentialSourceId.IamIdentityCenter
         private val configFilesFacade = DefaultConfigFilesFacade()
 
-        fun loginIdc(project: Project): AwsBearerTokenConnection? {
+        override fun doLogin(project: Project): AwsBearerTokenConnection? {
             // we have this check here so we blow up early if user has an invalid config file
-            LOG.tryOrNull("Failed to read sso sessions file", level = Level.ERROR) {
+            try {
                 configFilesFacade.readSsoSessions()
-            } ?: return null
+            } catch (e: Exception) {
+                onError(ConfigFacadeException(e))
+                return null
+            }
 
             val profile = UserConfigSsoSessionProfile(
                 configSessionName = validatedSsoIdentifierFromUrl(startUrl),
@@ -73,6 +82,7 @@ sealed interface Login {
                 scopes = scopes
             )
 
+            // expect 'authAndUpdateConfig' to call onError on failure
             val conn = authAndUpdateConfig(project, profile, configFilesFacade, onPendingToken, onSuccess, onError) ?: return null
 
             // TODO: delta, make sure we are good to switch immediately
@@ -90,21 +100,21 @@ sealed interface Login {
     data class LongLivedIAM(
         val profileName: String,
         val accessKey: String,
-        val secretKey: String
-    ) : Login {
+        val secretKey: String,
+        val onConfigFileFacadeError: (Exception) -> Unit,
+        val onProfileAlreadyExist: () -> Unit,
+        val onConnectionValidationError: (Exception) -> Unit
+    ) : Login<Boolean>() {
+        override val onError: (Exception) -> Unit = {}
+
         override val id: CredentialSourceId = CredentialSourceId.SharedCredentials
         private val configFilesFacade = DefaultConfigFilesFacade()
 
-        fun loginIAM(
-            project: Project,
-            onConfigFileFacadeError: (Exception) -> Unit,
-            onProfileAlreadyExist: () -> Unit,
-            onConnectionValidationError: () -> Unit
-        ): Boolean {
+        override fun doLogin(project: Project): Boolean {
             val existingProfiles = try {
                 configFilesFacade.readAllProfiles()
             } catch (e: Exception) {
-                onConfigFileFacadeError(e)
+                onConfigFileFacadeError(ConfigFacadeException(e))
                 return false
             }
 
@@ -113,7 +123,7 @@ sealed interface Login {
                 return false
             }
 
-            val callerIdentity = tryOrNull {
+            try {
                 runUnderProgressIfNeeded(project, AwsCoreBundle.message("settings.states.validating.short"), cancelable = true) {
                     AwsClientManager.getInstance().createUnmanagedClient<StsClient>(
                         StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey)),
@@ -122,10 +132,8 @@ sealed interface Login {
                         client.getCallerIdentity()
                     }
                 }
-            }
-
-            if (callerIdentity == null) {
-                onConnectionValidationError()
+            } catch (e: Exception) {
+                onConnectionValidationError(e)
                 return false
             }
 
@@ -156,7 +164,7 @@ fun authAndUpdateConfig(
     configFilesFacade: ConfigFilesFacade,
     onPendingToken: (InteractiveBearerTokenProvider) -> Unit,
     onSuccess: () -> Unit,
-    onError: (Exception, AuthProfile) -> Unit
+    onError: (Exception) -> Unit
 ): AwsBearerTokenConnection? {
     val requestedScopes = profile.scopes
     val allScopes = requestedScopes.toMutableSet()
@@ -181,7 +189,7 @@ fun authAndUpdateConfig(
             reauthConnectionIfNeeded(project, connection, onPendingToken)
         }
     } catch (e: Exception) {
-        onError(e, profile)
+        onError(e)
         return null
     }
 
@@ -202,11 +210,12 @@ fun authAndUpdateConfig(
     return connection
 }
 
-internal fun ssoErrorMessageFromException(e: Exception) = when (e) {
+fun ssoErrorMessageFromException(e: Exception) = when (e) {
     is IllegalStateException -> e.message ?: AwsCoreBundle.message("general.unknown_error")
     is ProcessCanceledException -> AwsCoreBundle.message("codewhisperer.credential.login.dialog.exception.cancel_login")
     is InvalidRequestException -> AwsCoreBundle.message("codewhisperer.credential.login.exception.invalid_input")
     is InvalidGrantException, is SsoOidcException -> e.message ?: AwsCoreBundle.message("codewhisperer.credential.login.exception.invalid_grant")
+    is ConfigFacadeException -> e.message
     else -> {
         val baseMessage = when (e) {
             is IOException -> "codewhisperer.credential.login.exception.io"
@@ -216,3 +225,23 @@ internal fun ssoErrorMessageFromException(e: Exception) = when (e) {
         AwsCoreBundle.message(baseMessage, "${e.javaClass.name}: ${e.message}")
     }
 }
+
+class ConfigFacadeException(override val cause: Exception) : Exception() {
+    override val message: String
+        get() = messageFromConfigFacadeError(cause).first
+
+    override fun getStackTrace() = cause.stackTrace
+}
+
+fun messageFromConfigFacadeError(e: Exception): Pair<String, String> {
+    // we'll consider nested exceptions and exception loops to be out of scope
+    val (errorTemplate, errorType) = if (e.stackTrace.any { it.className == ProfileFileReader::class.java.canonicalName }) {
+        "gettingstarted.auth.config.issue" to "ConfigParseError"
+    } else {
+        "codewhisperer.credential.login.exception.general" to e::class.java.name
+    }
+
+    val errorMessage = AwsCoreBundle.message(errorTemplate, e.localizedMessage ?: e::class.java.name)
+
+    return errorMessage to errorType
+}

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/SetupAuthenticationDialog.kt

@@ -27,7 +27,6 @@ import org.jetbrains.annotations.VisibleForTesting
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
 import software.amazon.awssdk.profiles.Profile
-import software.amazon.awssdk.profiles.internal.ProfileFileReader
 import software.amazon.awssdk.regions.Region
 import software.amazon.awssdk.services.sts.StsClient
 import software.aws.toolkits.core.region.AwsRegion
@@ -42,6 +41,7 @@ import software.aws.toolkits.jetbrains.core.credentials.ToolkitConnectionManager
 import software.aws.toolkits.jetbrains.core.credentials.UserConfigSsoSessionProfile
 import software.aws.toolkits.jetbrains.core.credentials.authAndUpdateConfig
 import software.aws.toolkits.jetbrains.core.credentials.loginSso
+import software.aws.toolkits.jetbrains.core.credentials.messageFromConfigFacadeError
 import software.aws.toolkits.jetbrains.core.credentials.sono.IDENTITY_CENTER_ROLE_ACCESS_SCOPE
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_REGION
 import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_URL
@@ -277,7 +277,7 @@ class SetupAuthenticationDialog(
                     scopes = scopes
                 )
 
-                val connection = authAndUpdateConfig(project, profile, configFilesFacade, {}, {}) { e, _ ->
+                val connection = authAndUpdateConfig(project, profile, configFilesFacade, {}, {}) { e ->
                     Messages.showErrorDialog(project, e.message, title)
                     AuthTelemetry.addConnection(
                         project,
@@ -430,12 +430,7 @@ class SetupAuthenticationDialog(
     }
 
     private fun handleConfigFacadeError(e: Exception) {
-        // we'll consider nested exceptions and exception loops to be out of scope
-        val (errorTemplate, errorType) = if (e.stackTrace.any { it.className == ProfileFileReader::class.java.canonicalName }) {
-            "gettingstarted.auth.config.issue" to "ConfigParseError"
-        } else {
-            "codewhisperer.credential.login.exception.general" to e::class.java.name
-        }
+        val (errorMessage, errorType) = messageFromConfigFacadeError(e)
 
         AuthTelemetry.addConnection(
             project,
@@ -448,9 +443,8 @@ class SetupAuthenticationDialog(
             reason = errorType
         )
 
-        val error = AwsCoreBundle.message(errorTemplate, e.localizedMessage ?: e::class.java.name)
-        LOG.error(e) { error }
-        Messages.showErrorDialog(project, error, title)
+        LOG.error(e) { errorMessage }
+        Messages.showErrorDialog(project, errorMessage, title)
     }
 
     companion object {