feat(auth): add SecondaryAuth (#2991)

JadenSimon · web-flow · commit 06eb8462ebae · 2022-11-17T11:51:47.000-08:00
## Problem
* No "Edit Credentials" button when switching connections
* Persisting connections is not cohesive

## Solution
* Add "Edit Credentials" button
* Add `SecondaryAuth` class (dead code)
diff --git a/src/credentials/auth.ts b/src/credentials/auth.ts
@@ -413,6 +413,10 @@ export class Auth implements AuthService, ConnectionManager {
         return connections.find(c => c.id === connection.id)
     }
 
+    public getConnectionState(connection: Pick<Connection, 'id'>): StatefulConnection['state'] | undefined {
+        return this.store.getProfile(connection.id)?.metadata.connectionState
+    }
+
     /**
      * Attempts to remove all auth state related to the connection.
      *
@@ -666,25 +670,32 @@ function toPickerItem(conn: Connection) {
 
 export async function promptForConnection(auth: Auth, type?: 'iam' | 'sso') {
     const addNewConnection = {
-        label: codicon`${getIcon('vscode-plus')} Add new connection`,
+        label: codicon`${getIcon('vscode-plus')} Add New Connection`,
         data: 'addNewConnection' as const,
     }
 
+    const editCredentials = {
+        label: codicon`${getIcon('vscode-pencil')} Edit Credentials`,
+        data: 'editCredentials' as const,
+    }
+
     const items = (async function () {
         // TODO: list linked connections
         const connections = await auth.listConnections()
         connections.sort((a, b) => (a.type === 'sso' ? -1 : b.type === 'sso' ? 1 : a.label.localeCompare(b.label)))
         const filtered = type !== undefined ? connections.filter(c => c.type === type) : connections
+        const items = [...filtered.map(toPickerItem), addNewConnection]
+        const canShowEdit = connections.filter(isIamConnection).filter(c => c.label.startsWith('profile')).length > 0
 
-        return [...filtered.map(toPickerItem), addNewConnection]
+        return canShowEdit ? [...items, editCredentials] : items
     })()
 
     const placeholder =
         type === 'iam'
             ? localize('aws.auth.promptConnection.iam.placeholder', 'Select an IAM credential')
             : localize('aws.auth.promptConnection.all.placeholder', 'Select a connection')
 
-    const resp = await showQuickPick<Connection | 'addNewConnection'>(items, {
+    const resp = await showQuickPick<Connection | 'addNewConnection' | 'editCredentials'>(items, {
         placeholder,
         title: localize('aws.auth.promptConnection.title', 'Switch Connection'),
         buttons: createCommonButtons(),
@@ -698,6 +709,10 @@ export async function promptForConnection(auth: Auth, type?: 'iam' | 'sso') {
         return addConnection.execute()
     }
 
+    if (resp === 'editCredentials') {
+        return globals.awsContextCommands.onCommandEditCredentials()
+    }
+
     return resp
 }
 
diff --git a/src/credentials/secondaryAuth.ts b/src/credentials/secondaryAuth.ts
@@ -0,0 +1,175 @@
+/*!
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import globals from '../shared/extensionGlobals'
+
+import * as vscode from 'vscode'
+import { getLogger } from '../shared/logger'
+import { showQuickPick } from '../shared/ui/pickerPrompter'
+import { cast, Optional } from '../shared/utilities/typeConstructors'
+import { Auth, Connection } from './auth'
+import { once } from '../shared/utilities/functionUtils'
+import { UnknownError } from '../shared/errors'
+
+async function promptUseNewConnection(newConn: Connection, oldConn: Connection, tools: string[]) {
+    // Multi-select picker would be better ?
+    const saveConnectionItem = {
+        label: `Yes, keep using ${newConn.label} with ${tools.join(', ')} while using ${
+            oldConn.label
+        } with other services.`,
+        detail: `To remove later, select "Remove Connection from Tool" from the tool's context (right-click) menu.`,
+        data: 'yes',
+    } as const
+
+    const useConnectionItem = {
+        label: `No, switch everything to authenticate with ${newConn.label}.`,
+        detail: 'This will not log you out; you can reconnect at any time by switching connections.',
+        data: 'no',
+    } as const
+
+    const resp = await showQuickPick([saveConnectionItem, useConnectionItem], {
+        title: `Some tools you've been using don't work with ${newConn.label}. Keep using ${newConn.label} in the background while using ${oldConn.label}?`,
+        placeholder: 'Confirm choice',
+    })
+
+    return resp
+}
+
+let oldConn: Auth['activeConnection']
+const auths = new Map<string, SecondaryAuth>()
+const registerAuthListener = once(() => {
+    Auth.instance.onDidChangeActiveConnection(async conn => {
+        const potentialConn = oldConn
+        if (conn !== undefined && potentialConn?.state === 'valid') {
+            const saveableAuths = Array.from(auths.values()).filter(
+                a => !a.isUsingSavedConnection && a.isUsable(potentialConn) && !a.isUsable(conn)
+            )
+            const toolNames = saveableAuths.map(a => a.toolLabel)
+            if (saveableAuths.length > 0 && (await promptUseNewConnection(potentialConn, conn, toolNames)) === 'yes') {
+                await Promise.all(saveableAuths.map(a => a.saveConnection(potentialConn)))
+            }
+        }
+
+        oldConn = conn
+    })
+})
+
+export function getSecondaryAuth<T extends Connection>(
+    toolId: string,
+    toolLabel: string,
+    isValid: (conn: Connection) => conn is T
+): SecondaryAuth<T> {
+    const auth = new SecondaryAuth(toolId, toolLabel, isValid)
+    auths.set(toolId, auth)
+    registerAuthListener()
+
+    return auth
+}
+
+/**
+ * Enables a tool to bind to a connection independently from the global {@link Auth} service.
+ *
+ * Not all connections are usable by every tool, so callers of this class must provide a function
+ * that can identify usable connections. Toolkit users are notified whenever a loss of functionality
+ * would occur after switching connections. Users can then choose to save the usable connection to
+ * the tool, allowing the global connection to move freely.
+ */
+export class SecondaryAuth<T extends Connection = Connection> {
+    #activeConnection: Connection | undefined
+    #savedConnection: T | undefined
+
+    private readonly key = `${this.toolId}.savedConnectionId`
+    private readonly onDidChangeActiveConnectionEmitter = new vscode.EventEmitter<T | undefined>()
+    public readonly onDidChangeActiveConnection = this.onDidChangeActiveConnectionEmitter.event
+
+    public constructor(
+        public readonly toolId: string,
+        public readonly toolLabel: string,
+        public readonly isUsable: (conn: Connection) => conn is T,
+        private readonly auth = Auth.instance,
+        private readonly memento = globals.context.globalState
+    ) {
+        this.auth.onDidChangeActiveConnection(async conn => {
+            if (
+                conn === undefined &&
+                this.#savedConnection &&
+                this.#savedConnection.id === this.#activeConnection?.id
+            ) {
+                await this.removeConnection()
+            } else {
+                this.#activeConnection = conn
+                this.onDidChangeActiveConnectionEmitter.fire(this.activeConnection)
+            }
+        })
+    }
+
+    public get activeConnection(): T | undefined {
+        return (
+            this.#savedConnection ??
+            (this.#activeConnection && this.isUsable(this.#activeConnection) ? this.#activeConnection : undefined)
+        )
+    }
+
+    public get isUsingSavedConnection() {
+        return this.#savedConnection !== undefined
+    }
+
+    public get isConnectionExpired() {
+        return !!this.activeConnection && this.auth.getConnectionState(this.activeConnection) === 'invalid'
+    }
+
+    public async saveConnection(conn: T) {
+        await this.memento.update(this.key, conn.id)
+        this.#savedConnection = conn
+        this.onDidChangeActiveConnectionEmitter.fire(this.activeConnection)
+    }
+
+    public async removeConnection() {
+        await this.memento.update(this.key, undefined)
+        this.#savedConnection = undefined
+        this.onDidChangeActiveConnectionEmitter.fire(this.activeConnection)
+    }
+
+    public async useNewConnection(conn: T) {
+        if (this.auth.activeConnection !== undefined && !this.isUsable(this.auth.activeConnection)) {
+            if ((await promptUseNewConnection(conn, this.auth.activeConnection, [this.toolLabel])) === 'yes') {
+                await this.saveConnection(conn)
+            } else {
+                await this.auth.useConnection(conn)
+            }
+        } else {
+            await this.auth.useConnection(conn)
+        }
+    }
+
+    // Used to lazily restore persisted connections.
+    // Kind of clunky. We need an async module loader layer to make things ergonomic.
+    public readonly restoreConnection: () => Promise<T | undefined> = once(async () => {
+        try {
+            await this.auth.tryAutoConnect()
+            this.#savedConnection = await this.loadSavedConnection()
+            this.onDidChangeActiveConnectionEmitter.fire(this.activeConnection)
+
+            return this.#savedConnection
+        } catch (err) {
+            getLogger().warn(`auth (${this.toolId}): failed to restore connection: ${UnknownError.cast(err).message}`)
+        }
+    })
+
+    private async loadSavedConnection() {
+        const id = cast(this.memento.get(this.key), Optional(String))
+        const conn = id !== undefined ? await this.auth.getConnection({ id }) : undefined
+
+        if (conn === undefined) {
+            getLogger().warn(`auth (${this.toolId}): removing saved connection "${this.key}" as it no longer exists`)
+            await this.memento.update(this.key, undefined)
+        } else if (!this.isUsable(conn)) {
+            getLogger().warn(`auth (${this.toolId}): saved connection "${this.key}" is not valid`)
+            await this.memento.update(this.key, undefined)
+        } else {
+            return conn
+        }
+    }
+}
