rename login to login_sso and login_iam

Author: yuxianrz

packages/amazonq/test/e2e/amazonq/utils/setup.ts

@@ -22,5 +22,5 @@ export async function loginToIdC() {
         )
     }
 
-    await AuthUtil.instance.login(startUrl, region, 'sso')
+    await AuthUtil.instance.login_sso(startUrl, region)
 }

packages/amazonq/test/unit/codewhisperer/region/regionProfileManager.test.ts

@@ -26,11 +26,11 @@ describe('RegionProfileManager', async function () {
 
     async function setupConnection(type: 'builderId' | 'idc') {
         if (type === 'builderId') {
-            await AuthUtil.instance.login(constants.builderIdStartUrl, region, 'sso')
+            await AuthUtil.instance.login_sso(constants.builderIdStartUrl, region)
             assert.ok(AuthUtil.instance.isSsoSession())
             assert.ok(AuthUtil.instance.isBuilderIdConnection())
         } else if (type === 'idc') {
-            await AuthUtil.instance.login(enterpriseSsoStartUrl, region, 'sso')
+            await AuthUtil.instance.login_sso(enterpriseSsoStartUrl, region)
             assert.ok(AuthUtil.instance.isSsoSession())
             assert.ok(AuthUtil.instance.isIdcConnection())
         }

packages/amazonq/test/unit/codewhisperer/util/authUtil.test.ts

@@ -26,19 +26,19 @@ describe('AuthUtil', async function () {
 
     describe('Auth state', function () {
         it('login with BuilderId', async function () {
-            await auth.login(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
             assert.ok(auth.isConnected())
             assert.ok(auth.isBuilderIdConnection())
         })
 
         it('login with IDC', async function () {
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
             assert.ok(auth.isConnected())
             assert.ok(auth.isIdcConnection())
         })
 
         it('identifies internal users', async function () {
-            await auth.login(constants.internalStartUrl, 'us-east-1')
+            await auth.login_sso(constants.internalStartUrl, 'us-east-1')
             assert.ok(auth.isInternalAmazonUser())
         })
 
@@ -55,7 +55,7 @@ describe('AuthUtil', async function () {
 
     describe('Token management', function () {
         it('can get token when connected with SSO', async function () {
-            await auth.login(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
             const token = await auth.getToken()
             assert.ok(token)
         })
@@ -68,14 +68,14 @@ describe('AuthUtil', async function () {
 
     describe('getTelemetryMetadata', function () {
         it('returns valid metadata for BuilderId connection', async function () {
-            await auth.login(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
             const metadata = await auth.getTelemetryMetadata()
             assert.strictEqual(metadata.credentialSourceId, 'awsId')
             assert.strictEqual(metadata.credentialStartUrl, constants.builderIdStartUrl)
         })
 
         it('returns valid metadata for IDC connection', async function () {
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
             const metadata = await auth.getTelemetryMetadata()
             assert.strictEqual(metadata.credentialSourceId, 'iamIdentityCenter')
             assert.strictEqual(metadata.credentialStartUrl, 'https://example.awsapps.com/start')
@@ -96,37 +96,38 @@ describe('AuthUtil', async function () {
         })
 
         it('returns BuilderId forms when using BuilderId', async function () {
-            await auth.login(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms, ['builderIdCodeWhisperer'])
         })
 
         it('returns IDC forms when using IDC without SSO account access', async function () {
             const session = (auth as any).session
-            sinon.stub(session, 'getProfile').resolves({
+            session && sinon.stub(session, 'getProfile').resolves({
                 ssoSession: {
                     settings: {
                         sso_registration_scopes: ['codewhisperer:*'],
                     },
                 },
             })
 
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms, ['identityCenterCodeWhisperer'])
         })
 
         it('returns IDC forms with explorer when using IDC with SSO account access', async function () {
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
             const session = (auth as any).session
-            sinon.stub(session, 'getProfile').resolves({
+
+            session && sinon.stub(session, 'getProfile').resolves({
                 ssoSession: {
                     settings: {
                         sso_registration_scopes: ['codewhisperer:*', 'sso:account:access'],
                     },
                 },
             })
 
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms.sort(), ['identityCenterCodeWhisperer', 'identityCenterExplorer'].sort())
         })
@@ -178,7 +179,7 @@ describe('AuthUtil', async function () {
         })
 
         it('updates bearer token when state is refreshed', async function () {
-            await auth.login(constants.builderIdStartUrl, 'us-east-1')
+            await auth.login_sso(constants.builderIdStartUrl, 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'refreshed' })
 
@@ -187,7 +188,7 @@ describe('AuthUtil', async function () {
         })
 
         it('cleans up when connection expires', async function () {
-            await auth.login(constants.builderIdStartUrl, 'us-east-1')
+            await auth.login_sso(constants.builderIdStartUrl, 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'expired' })
 
@@ -197,13 +198,15 @@ describe('AuthUtil', async function () {
         it('deletes bearer token when disconnected', async function () {
             await (auth as any).stateChangeHandler({ state: 'notConnected' })
 
-            assert.ok(mockLspAuth.deleteBearerToken.called)
+            if (auth.isSsoSession(auth.session)){
+                assert.ok(mockLspAuth.deleteBearerToken.called)
+            }
         })
 
         it('updates bearer token and restores profile on reconnection', async function () {
             const restoreProfileSelectionSpy = sinon.spy(regionProfileManager, 'restoreProfileSelection')
 
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'connected' })
 
@@ -215,7 +218,7 @@ describe('AuthUtil', async function () {
             const invalidateProfileSpy = sinon.spy(regionProfileManager, 'invalidateProfile')
             const clearCacheSpy = sinon.spy(regionProfileManager, 'clearCache')
 
-            await auth.login('https://example.awsapps.com/start', 'us-east-1')
+            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'expired' })
 
@@ -280,12 +283,16 @@ describe('AuthUtil', async function () {
             await auth.migrateSsoConnectionToLsp('test-client')
 
             assert.ok(memento.update.calledWith('auth.profiles', undefined))
-            assert.ok(!auth.session.updateProfile?.called)
+            assert.ok(!auth.session?.updateProfile?.called)
         })
 
         it('proceeds with migration if LSP token check throws', async function () {
             memento.get.returns({ profile1: validProfile })
             mockLspAuth.getSsoToken.rejects(new Error('Token check failed'))
+
+            if (!(auth as any).session){
+                auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
+            }
             const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
 
             await auth.migrateSsoConnectionToLsp('test-client')
@@ -297,22 +304,24 @@ describe('AuthUtil', async function () {
         it('migrates valid SSO connection', async function () {
             memento.get.returns({ profile1: validProfile })
 
-            const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
+            if ((auth as any).session) {
+                const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
 
-            await auth.migrateSsoConnectionToLsp('test-client')
+                await auth.migrateSsoConnectionToLsp('test-client')
 
-            assert.ok(updateProfileStub.calledOnce)
-            assert.ok(memento.update.calledWith('auth.profiles', undefined))
+                assert.ok(updateProfileStub.calledOnce)
+                assert.ok(memento.update.calledWith('auth.profiles', undefined))
 
-            const files = await fs.readdir(cacheDir)
-            assert.strictEqual(files.length, 2) // Should have both the token and registration file
-
-            // Verify file contents were preserved
-            const newFiles = files.map((f) => path.join(cacheDir, f[0]))
-            for (const file of newFiles) {
-                const content = await fs.readFileText(file)
-                const parsed = JSON.parse(content)
-                assert.ok(parsed.test === 'registration' || parsed.test === 'token')
+                const files = await fs.readdir(cacheDir)
+                assert.strictEqual(files.length, 2) // Should have both the token and registration file
+
+                // Verify file contents were preserved
+                const newFiles = files.map((f) => path.join(cacheDir, f[0]))
+                for (const file of newFiles) {
+                    const content = await fs.readFileText(file)
+                    const parsed = JSON.parse(content)
+                    assert.ok(parsed.test === 'registration' || parsed.test === 'token')
+                }
             }
         })
 
@@ -351,6 +360,10 @@ describe('AuthUtil', async function () {
             }
             memento.get.returns(mockProfiles)
 
+            if (!(auth as any).session){
+                auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
+            }
+
             const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
 
             await auth.migrateSsoConnectionToLsp('test-client')
@@ -376,6 +389,10 @@ describe('AuthUtil', async function () {
             }
             memento.get.returns(mockProfiles)
 
+            if (!(auth as any).session){
+                auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
+            }
+
             const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
 
             await auth.migrateSsoConnectionToLsp('test-client')
@@ -389,4 +406,4 @@ describe('AuthUtil', async function () {
             )
         })
     })
-})
+})

packages/amazonq/test/unit/codewhisperer/util/showSsoPrompt.test.ts

@@ -28,7 +28,7 @@ describe('showConnectionPrompt', function () {
     })
 
     it('can select connect to AwsBuilderId', async function () {
-        sinon.stub(AuthUtil.instance, 'login').resolves()
+        sinon.stub(AuthUtil.instance, 'login_sso').resolves()
 
         getTestWindow().onDidShowQuickPick(async (picker) => {
             await picker.untilReady()
@@ -44,7 +44,7 @@ describe('showConnectionPrompt', function () {
 
     it('connectToAwsBuilderId calls AuthUtil login with builderIdStartUrl', async function () {
         sinon.stub(vscode.commands, 'executeCommand')
-        const loginStub = sinon.stub(AuthUtil.instance, 'login').resolves()
+        const loginStub = sinon.stub(AuthUtil.instance, 'login_sso').resolves()
 
         await awsIdSignIn()
 

packages/core/src/auth/auth2.ts

@@ -283,6 +283,7 @@ export class LanguageClientAuth {
  * Abstract class for connection management
  */
 export abstract class BaseLogin {
+    protected loginType: LoginType | undefined
     protected connectionState: AuthState = 'notConnected'
     protected cancellationToken: CancellationTokenSource | undefined
     protected _data: { startUrl?: string; region?: string; accessKey?: string; secretKey?: string } | undefined
@@ -360,6 +361,7 @@ export abstract class BaseLogin {
  */
 export class SsoLogin extends BaseLogin {
     // Cached information from the identity server for easy reference
+    override readonly loginType = LoginTypes.SSO
     private ssoTokenId: string | undefined
 
     constructor(profileName: string, lspAuth: LanguageClientAuth, eventEmitter: vscode.EventEmitter<AuthStateEvent>) {
@@ -501,6 +503,7 @@ export class SsoLogin extends BaseLogin {
  */
 export class IamLogin extends BaseLogin {
     // Cached information from the identity server for easy reference
+    override readonly loginType = LoginTypes.IAM
     // private iamCredentialId: string | undefined
 
     constructor(profileName: string, lspAuth: LanguageClientAuth, eventEmitter: vscode.EventEmitter<AuthStateEvent>) {

packages/core/src/codewhisperer/ui/codeWhispererNodes.ts

@@ -271,7 +271,7 @@ export function createSignIn(): DataQuickPickItem<'signIn'> {
     if (isWeb()) {
         // TODO: nkomonen, call a Command instead
         onClick = () => {
-            void AuthUtil.instance.login(builderIdStartUrl, builderIdRegion, 'sso')
+            void AuthUtil.instance.login_sso(builderIdStartUrl, builderIdRegion)
         }
     }
 

packages/core/src/codewhisperer/util/authUtil.ts

@@ -30,7 +30,7 @@ import { showAmazonQWalkthroughOnce } from '../../amazonq/onboardingPage/walkthr
 import { setContext } from '../../shared/vscode/setContext'
 import { openUrl } from '../../shared/utilities/vsCodeUtils'
 import { telemetry } from '../../shared/telemetry/telemetry'
-import { AuthStateEvent, cacheChangedEvent, LanguageClientAuth, Login, SsoLogin, IamLogin } from '../../auth/auth2'
+import { AuthStateEvent, cacheChangedEvent, LanguageClientAuth, Login, SsoLogin, IamLogin, LoginTypes } from '../../auth/auth2'
 import { builderIdStartUrl, internalStartUrl } from '../../auth/sso/constants'
 import { VSCODE_EXTENSION_ID } from '../../shared/extensions'
 import { RegionProfileManager } from '../region/regionProfileManager'
@@ -108,11 +108,11 @@ export class AuthUtil implements IAuthProvider {
     }
 
     isSsoSession(): boolean {
-        return this.session instanceof SsoLogin
+        return this.session?.loginType === LoginTypes.SSO || this.session instanceof SsoLogin
     }
 
     isIamSession(): boolean {
-        return this.session instanceof IamLogin
+        return this.session?.loginType === LoginTypes.IAM || this.session instanceof IamLogin
     }
 
     /**
@@ -134,7 +134,7 @@ export class AuthUtil implements IAuthProvider {
             if (!this.isConnected()) {
                 // Try to restore an IAM session
                 this.session = new IamLogin(this.profileName, this.lspAuth, this.eventEmitter)
-                // await this.session.restore()
+                await this.session.restore()
                 if (!this.isConnected()) {
                     // If both fail, reset the session
                     this.session = undefined
@@ -160,25 +160,26 @@ export class AuthUtil implements IAuthProvider {
         }
     }
 
-    // Log into the desired session type using the authentication parameters
-    async login(accessKey: string, secretKey: string, loginType: 'iam'): Promise<GetIamCredentialResult | undefined>
-    async login(startUrl: string, region: string, loginType: 'sso'): Promise<GetSsoTokenResult | undefined>
-    async login(
-        first: string,
-        second: string,
-        loginType: 'iam' | 'sso'
-    ): Promise<GetSsoTokenResult | GetIamCredentialResult | undefined> {
-        let response: GetSsoTokenResult | GetIamCredentialResult | undefined
-
-        // Start session if the current session type does not match the desired type
-        if (loginType === 'sso' && !this.isSsoSession()) {
+    // Log in using SSO
+    async login_sso(startUrl: string, region: string): Promise<GetSsoTokenResult | undefined> {
+        let response: GetSsoTokenResult | undefined
+        // Create SSO login session
+        if (!this.isSsoSession()) {
             this.session = new SsoLogin(this.profileName, this.lspAuth, this.eventEmitter)
-            response = await this.session.login({ startUrl: first, region: second, scopes: amazonQScopes })
-        } else if (loginType === 'iam' && !this.isIamSession()) {
-            this.session = new IamLogin(this.profileName, this.lspAuth, this.eventEmitter)
-            response = await this.session.login({ accessKey: first, secretKey: second })
         }
+        response = await (this.session as SsoLogin).login({ startUrl: startUrl, region: region, scopes: amazonQScopes })
+        await showAmazonQWalkthroughOnce()
+        return response
+    }
 
+    // Log in using IAM or STS credentials
+    async login_iam(accessKey: string, secretKey: string, sessionToken?: string): Promise<GetIamCredentialResult | undefined> {
+        let response: GetIamCredentialResult | undefined
+        // Create IAM login session
+        if (!this.isIamSession()) {
+            this.session = new IamLogin(this.profileName, this.lspAuth, this.eventEmitter)
+        }
+        response = await (this.session as IamLogin).login({ accessKey: accessKey, secretKey: secretKey })
         await showAmazonQWalkthroughOnce()
         return response
     }
@@ -197,8 +198,8 @@ export class AuthUtil implements IAuthProvider {
     }
 
     async getToken() {
-        if (this.isSsoSession()) {
-            const token = (await this.session!.getCredential()).credential
+        if (this.session) {
+            const token = (await this.session.getCredential()).credential
             if (typeof token !== 'string') {
                 throw new ToolkitError('Cannot get token with IAM session')
             }

packages/core/src/codewhisperer/util/getStartUrl.ts

@@ -29,7 +29,7 @@ export const getStartUrl = async () => {
 
 export async function connectToEnterpriseSso(startUrl: string, region: Region['id']) {
     try {
-        await AuthUtil.instance.login(startUrl, region, 'sso')
+        await AuthUtil.instance.login_sso(startUrl, region)
     } catch (e) {
         throw ToolkitError.chain(e, CodeWhispererConstants.failedToConnectIamIdentityCenter, {
             code: 'FailedToConnect',

packages/core/src/codewhisperer/util/showSsoPrompt.ts

@@ -47,7 +47,7 @@ export const showCodeWhispererConnectionPrompt = async () => {
 export async function awsIdSignIn() {
     getLogger().info('selected AWS ID sign in')
     try {
-        await AuthUtil.instance.login(builderIdStartUrl, builderIdRegion, 'sso')
+        await AuthUtil.instance.login_sso(builderIdStartUrl, builderIdRegion)
     } catch (e) {
         throw ToolkitError.chain(e, failedToConnectAwsBuilderId, { code: 'FailedToConnect' })
     }