Update telemetry: emit auth scopes in user state

plugins/core/jetbrains-community/resources/telemetryOverride.json

@@ -749,25 +749,6 @@
                 }
             ]
         },
-        {
-            "name": "auth_userState",
-            "description": "The state of the user's authentication.",
-            "metadata": [
-                {
-                    "type": "source",
-                    "required": true
-                },
-                {
-                    "type": "authStatus",
-                    "required": true
-                },
-                {
-                    "type": "authEnabledConnections",
-                    "required": true
-                }
-            ],
-            "passive": true
-        },
         {
             "name": "webview_amazonqSignInOpened",
             "description": "Called when a Amazon Q sign in webview is opened.",

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/GettingStartedAuthUtils.kt

@@ -15,6 +15,7 @@ import software.aws.toolkits.jetbrains.core.credentials.pinning.QConnection
 import software.aws.toolkits.jetbrains.core.credentials.reauthConnectionIfNeeded
 import software.aws.toolkits.jetbrains.core.credentials.sono.Q_SCOPES
 import software.aws.toolkits.jetbrains.core.gettingstarted.editor.SourceOfEntry
+import software.aws.toolkits.jetbrains.core.gettingstarted.editor.getAuthScopes
 import software.aws.toolkits.jetbrains.core.gettingstarted.editor.getAuthStatus
 import software.aws.toolkits.jetbrains.core.gettingstarted.editor.getConnectionCount
 import software.aws.toolkits.jetbrains.core.gettingstarted.editor.getEnabledConnections
@@ -231,10 +232,10 @@ fun reauthenticateWithQ(project: Project) {
 fun emitUserState(project: Project) {
     AuthTelemetry.userState(
         project,
-        source = getStartupState().toString(),
         authEnabledConnections = getEnabledConnections(project),
+        authScopes = getAuthScopes(project),
         authStatus = getAuthStatus(project),
-        passive = true
+        source = getStartupState().toString()
     )
 }
 

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/editor/GettingStartedPanelUtils.kt

@@ -6,6 +6,7 @@
 import com.intellij.openapi.project.Project
 import com.intellij.ui.dsl.builder.Panel
 import software.aws.toolkits.core.credentials.CredentialIdentifier
+import software.aws.toolkits.core.credentials.CredentialType
 import software.aws.toolkits.jetbrains.core.credentials.AwsBearerTokenConnection
 import software.aws.toolkits.jetbrains.core.credentials.AwsConnectionManager
 import software.aws.toolkits.jetbrains.core.credentials.ConnectionState
@@ -115,6 +116,20 @@
     }
 }
 
+fun checkIamProfileByCredentialType(project: Project): ActiveConnection {
+    val currConn = AwsConnectionManager.getInstance(project).selectedCredentialIdentifier ?: return ActiveConnection.NotConnected
+    val invalidConnection = AwsConnectionManager.getInstance(project).connectionState.let { it.isTerminal && it !is ConnectionState.ValidConnection }
+    val connectionType = when (currConn.credentialType) {
+        CredentialType.SsoProfile -> ActiveConnectionType.IAM_IDC
+        else -> ActiveConnectionType.IAM
+    }
+    return if (invalidConnection) {
+        ActiveConnection.ExpiredIam(connectionType = connectionType, activeConnectionIam = currConn)
+    } else {
+        ActiveConnection.ValidIam(connectionType = connectionType, activeConnectionIam = currConn)
+    }
+}
+
 /**
  * Finds the first valid [ActiveConnection] and returns it.
  *
@@ -146,6 +161,7 @@
     return result
 }
 
+@Deprecated("Does not work for current config file setup. Old versions still utilize this logic.")
 fun isCredentialSso(providerId: String): ActiveConnectionType {
     val profileName = providerId.split("-").first()
     val ssoSessionIds = CredentialManager.getInstance().getSsoSessionIdentifiers().map {

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/editor/GettingStartedTelemetryUtils.kt

@@ -10,6 +10,7 @@
 import software.aws.toolkits.jetbrains.core.credentials.CredentialManager
 import software.aws.toolkits.jetbrains.core.credentials.ToolkitAuthManager
 import software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileCredentialsIdentifierSso
+import software.aws.toolkits.jetbrains.core.credentials.sono.IDENTITY_CENTER_ROLE_ACCESS_SCOPE
 import software.aws.toolkits.jetbrains.settings.AwsSettings
 import software.aws.toolkits.telemetry.AuthStatus
 import software.aws.toolkits.telemetry.StartUpState
@@ -70,6 +71,36 @@
 fun getEnabledConnections(project: Project?): String =
     getEnabledConnectionsForTelemetry(project).joinToString(",")
 
+fun getAuthScopesForTelemetry(project: Project?): Set<String> {
+    project ?: return emptySet()
+    val scopes = mutableSetOf<String>()
+
+    fun addScopes(connection: ActiveConnection) {
+        if (connection !is ActiveConnection.NotConnected) {
+            val connectionScopes = connection.activeConnectionBearer?.scopes
+            if (connectionScopes != null) {
+                scopes.addAll(connectionScopes)
+            }
+        }
+    }
+
+    val explorerConnection = checkIamProfileByCredentialType(project)
+    if (explorerConnection !is ActiveConnection.NotConnected && explorerConnection.connectionType == ActiveConnectionType.IAM_IDC) {
+        scopes.add(IDENTITY_CENTER_ROLE_ACCESS_SCOPE)
+    }
+
+    val codeCatalystConnection = checkBearerConnectionValidity(project, BearerTokenFeatureSet.CODECATALYST)
+    addScopes(codeCatalystConnection)
+
+    val qConnection = checkBearerConnectionValidity(project, BearerTokenFeatureSet.Q)
+    addScopes(qConnection)
+
+    return scopes
+}
+
+fun getAuthScopes(project: Project?): String =
+    getAuthScopesForTelemetry(project).joinToString(",")
+
 fun getStartupState(): StartUpState {
     val hasStartedToolkitBefore = tryOrNull {
         getPersistentStateComponentStorageLocation(AwsSettings::class.java)?.exists()