feat(auth): support for IAM connections (#2975)

## Problem
New auth UX doesn't interact with IAM credentials

## Solution
Implement support by wrapping around existing logic. This removes the `showAuthNode` flag, moving most things over to `Auth`.

Author: JadenSimon

package.json

@@ -40,7 +40,6 @@
         "onStartupFinished",
         "onDebugResolve:aws-sam",
         "onCommand:aws.login",
-        "onCommand:aws.login2",
         "onCommand:aws.credentials.profile.create",
         "onCommand:aws.credentials.edit",
         "onCommand:aws.logout",
@@ -106,7 +105,7 @@
             "properties": {
                 "aws.profile": {
                     "type": "string",
-                    "default": "",
+                    "deprecationMessage": "The current profile is now stored internally by the Toolkit.",
                     "description": "%AWS.configuration.profileDescription%"
                 },
                 "aws.ecs.openTerminalCommand": {
@@ -739,6 +738,13 @@
                 }
             ]
         },
+        "submenus": [
+            {
+                "id": "aws.auth",
+                "label": "%AWS.submenu.auth.title%",
+                "icon": "$(ellipsis)"
+            }
+        ],
         "menus": {
             "commandPalette": [
                 {
@@ -1069,6 +1075,22 @@
                     "command": "aws.renderStateMachineGraph",
                     "when": "false"
                 },
+                {
+                    "command": "aws.auth.addConnection",
+                    "when": "false"
+                },
+                {
+                    "command": "aws.auth.switchConnections",
+                    "when": "false"
+                },
+                {
+                    "command": "aws.auth.signout",
+                    "when": "false"
+                },
+                {
+                    "command": "aws.auth.help",
+                    "when": "false"
+                },
                 {
                     "command": "aws.dev.openMenu",
                     "when": "aws.isDevMode || isCloud9"
@@ -1719,9 +1741,43 @@
                     "group": "0@2"
                 },
                 {
-                    "command": "aws.auth.logout",
+                    "command": "aws.auth.addConnection",
+                    "when": "viewItem == awsAuthNode",
+                    "group": "0@1"
+                },
+                {
+                    "command": "aws.auth.switchConnections",
+                    "when": "viewItem == awsAuthNode",
+                    "group": "0@2"
+                },
+                {
+                    "command": "aws.auth.signout",
+                    "when": "viewItem == awsAuthNode",
+                    "group": "0@3"
+                },
+                {
+                    "command": "aws.auth.help",
                     "when": "viewItem == awsAuthNode",
                     "group": "inline@1"
+                },
+                {
+                    "submenu": "aws.auth",
+                    "when": "viewItem == awsAuthNode",
+                    "group": "inline@2"
+                }
+            ],
+            "aws.auth": [
+                {
+                    "command": "aws.auth.addConnection",
+                    "group": "0@1"
+                },
+                {
+                    "command": "aws.auth.switchConnections",
+                    "group": "0@2"
+                },
+                {
+                    "command": "aws.auth.signout",
+                    "group": "0@3"
                 }
             ]
         },
@@ -1778,17 +1834,6 @@
                     }
                 }
             },
-            {
-                "command": "aws.login2",
-                "title": "%AWS.command.login2%",
-                "category": "%AWS.title%",
-                "cloud9": {
-                    "cn": {
-                        "title": "%AWS.command.login2.cn%",
-                        "category": "%AWS.title.cn%"
-                    }
-                }
-            },
             {
                 "command": "aws.credentials.profile.create",
                 "title": "%AWS.command.credentials.profile.create%",
@@ -1820,10 +1865,26 @@
                 }
             },
             {
-                "command": "aws.auth.logout",
-                "title": "%AWS.command.logout%",
+                "command": "aws.auth.addConnection",
+                "title": "%AWS.command.auth.addConnection%",
+                "category": "%AWS.title%"
+            },
+            {
+                "command": "aws.auth.switchConnections",
+                "title": "%AWS.command.auth.switchConnections%",
                 "category": "%AWS.title%"
             },
+            {
+                "command": "aws.auth.signout",
+                "title": "%AWS.command.auth.signout%",
+                "category": "%AWS.title%"
+            },
+            {
+                "command": "aws.auth.help",
+                "title": "%AWS.generic.viewDocs%",
+                "category": "%AWS.title%",
+                "icon": "$(question)"
+            },
             {
                 "command": "aws.createIssueOnGitHub",
                 "title": "%AWS.command.createIssueOnGitHub%",

package.nls.json

@@ -73,12 +73,13 @@
     "AWS.command.apig.copyUrl": "Copy URL",
     "AWS.command.apig.invokeRemoteRestApi": "Invoke on AWS",
     "AWS.command.apig.invokeRemoteRestApi.cn": "Invoke on Amazon",
+    "AWS.command.auth.addConnection": "Add new Connection",
+    "AWS.command.auth.switchConnections": "Switch Connections",
+    "AWS.command.auth.signout": "Sign out",
     "AWS.command.github": "View Source on GitHub",
     "AWS.command.help": "View Toolkit Documentation",
-    "AWS.command.login": "Choose AWS Profile...",
-    "AWS.command.login.cn": "Choose Amazon Profile...",
-    "AWS.command.login2": "Connect to AWS",
-    "AWS.command.login2.cn": "Connect to Amazon",
+    "AWS.command.login": "Connect to AWS",
+    "AWS.command.login.cn": "Connect to Amazon",
     "AWS.command.logout": "Sign out",
     "AWS.command.createIssueOnGitHub": "Report Toolkit Issue",
     "AWS.command.createNewSamApp": "Create Lambda SAM Application",
@@ -175,6 +176,7 @@
     "AWS.developerTools.explorerTitle": "Developer Tools",
     "AWS.cloudWatchLogs.limit.desc": "Maximum amount of log entries pulled per request from CloudWatch Logs (max 10000)",
     "AWS.samcli.deploy.bucket.recentlyUsed": "Buckets recently used for SAM deployments",
+    "AWS.submenu.auth.title": "Authentication",
     "AWS.generic.create": "Create...",
     "AWS.generic.save": "Save",
     "AWS.generic.close": "Close",

resources/walkthrough/setup-connect.md

@@ -11,9 +11,9 @@ To interact with Amazon Web Services \(AWS\) through the AWS Toolkit for Visual
 
 1. [Click here](command:aws.login) to open the configuration wizard to connect to AWS.
 
-    > This command can also be accessed through the [Command Palette](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/toolkit-navigation.html#command-locations) by choosing **AWS: >Choose AWS Profile...**\.
+    > This command can also be accessed through the [Command Palette](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/toolkit-navigation.html#command-locations) by choosing **AWS: >Connect to AWS**\.
     >
-    > ![AWS Toolkit Command palette, Choose AWS Profile](./images/aws-toolkit-commandpalette.png)
+    > ![AWS Toolkit Command palette, Connect to AWS](./images/aws-toolkit-commandpalette.png)
 
 2. Choose a profile from the list\.
 

src/awsexplorer/activation.ts

@@ -4,7 +4,6 @@
  */
 
 import * as vscode from 'vscode'
-import { LoginManager } from '../credentials/loginManager'
 import { submitFeedback } from '../feedback/vue/submitFeedback'
 import { deleteCloudFormation } from '../lambda/commands/deleteCloudFormation'
 import { CloudFormationStackNode } from '../lambda/explorer/cloudFormationNodes'
@@ -29,7 +28,6 @@ import { cdkNode, CdkRootNode } from '../cdk/explorer/rootNode'
 import { codewhispererNode } from '../codewhisperer/explorer/codewhispererNode'
 import { once } from '../shared/utilities/functionUtils'
 import { Auth, AuthNode } from '../credentials/auth'
-import { DevSettings } from '../shared/settings'
 
 /**
  * Activates the AWS Explorer UI and related functionality.
@@ -40,7 +38,7 @@ export async function activate(args: {
     toolkitOutputChannel: vscode.OutputChannel
     remoteInvokeOutputChannel: vscode.OutputChannel
 }): Promise<void> {
-    const awsExplorer = new AwsExplorer(globals.context, args.context.awsContext, args.regionProvider)
+    const awsExplorer = new AwsExplorer(globals.context, args.regionProvider)
 
     const view = vscode.window.createTreeView(awsExplorer.viewProviderId, {
         treeDataProvider: awsExplorer,
@@ -50,14 +48,6 @@ export async function activate(args: {
 
     await registerAwsExplorerCommands(args.context, awsExplorer, args.toolkitOutputChannel)
 
-    globals.context.subscriptions.push(
-        view.onDidChangeVisibility(async e => {
-            if (e.visible) {
-                await LoginManager.tryAutoConnect(args.context.awsContext)
-            }
-        })
-    )
-
     telemetry.vscode_activeRegions.emit({ value: args.regionProvider.getExplorerRegions().length })
 
     args.context.extensionContext.subscriptions.push(
@@ -75,10 +65,7 @@ export async function activate(args: {
         })
     )
 
-    const nodes = DevSettings.instance.get('showAuthNode', false)
-        ? [new AuthNode(Auth.instance), cdkNode, codewhispererNode]
-        : [cdkNode, codewhispererNode]
-
+    const nodes = [new AuthNode(Auth.instance), cdkNode, codewhispererNode]
     const developerTools = createLocalExplorerView(nodes)
     args.context.extensionContext.subscriptions.push(developerTools)
 

src/awsexplorer/awsExplorer.ts

@@ -4,15 +4,17 @@
  */
 
 import * as vscode from 'vscode'
-import { AwsContext } from '../shared/awsContext'
+import { Auth, AuthNode, useIamCredentials } from '../credentials/auth'
 import { getIdeProperties } from '../shared/extensionUtilities'
+import { getIcon } from '../shared/icons'
 import { getLogger, Logger } from '../shared/logger'
 import { RegionProvider } from '../shared/regions/regionProvider'
 import { RefreshableAwsTreeProvider } from '../shared/treeview/awsTreeProvider'
 import { AWSCommandTreeNode } from '../shared/treeview/nodes/awsCommandTreeNode'
 import { AWSTreeNodeBase } from '../shared/treeview/nodes/awsTreeNodeBase'
-import { makeChildrenNodes } from '../shared/treeview/utils'
+import { makeChildrenNodes, TreeShim } from '../shared/treeview/utils'
 import { intersection, toMap, updateInPlace } from '../shared/utilities/collectionUtils'
+import { once } from '../shared/utilities/functionUtils'
 import { localize } from '../shared/utilities/vsCodeUtils'
 import { RegionNode } from './regionNode'
 
@@ -23,14 +25,6 @@ export class AwsExplorer implements vscode.TreeDataProvider<AWSTreeNodeBase>, Re
     private readonly _onDidChangeTreeData: vscode.EventEmitter<AWSTreeNodeBase | undefined>
     private readonly regionNodes: Map<string, RegionNode>
 
-    private readonly ROOT_NODE_SIGN_IN = new AWSCommandTreeNode(
-        undefined,
-        localize('AWS.explorerNode.connecting.label', 'Connecting...'),
-        'aws.login',
-        undefined,
-        localize('AWS.explorerNode.connecting.tooltip', 'Connecting...')
-    )
-
     private readonly ROOT_NODE_ADD_REGION = new AWSCommandTreeNode(
         undefined,
         localize('AWS.explorerNode.addRegion', 'Add regions to {0} Explorer...', getIdeProperties().company),
@@ -45,33 +39,19 @@ export class AwsExplorer implements vscode.TreeDataProvider<AWSTreeNodeBase>, Re
 
     public constructor(
         private readonly extContext: vscode.ExtensionContext,
-        private readonly awsContext: AwsContext,
-        private readonly regionProvider: RegionProvider
+        private readonly regionProvider: RegionProvider,
+        private readonly auth = Auth.instance
     ) {
         this._onDidChangeTreeData = new vscode.EventEmitter<AWSTreeNodeBase | undefined>()
         this.onDidChangeTreeData = this._onDidChangeTreeData.event
         this.regionNodes = new Map<string, RegionNode>()
-        this.extContext.subscriptions.push(
-            this.awsContext.onDidChangeContext(e => {
-                if (!e.accountId) {
-                    this.ROOT_NODE_SIGN_IN.label = localize(
-                        'AWS.explorerNode.signIn',
-                        'Connect to {0}...',
-                        getIdeProperties().company
-                    )
-                    this.ROOT_NODE_SIGN_IN.tooltip = localize(
-                        'AWS.explorerNode.signIn.tooltip',
-                        'Click here to select credentials for the {0} Toolkit',
-                        getIdeProperties().company
-                    )
-                }
-            })
-        )
+
         this.extContext.subscriptions.push(
             this.regionProvider.onDidChange(() => {
                 this.logger.verbose('Refreshing AWS Explorer due to Region Provider updates')
                 this.refresh()
-            })
+            }),
+            this.auth.onDidChangeActiveConnection(() => this.refresh())
         )
     }
 
@@ -120,28 +100,42 @@ export class AwsExplorer implements vscode.TreeDataProvider<AWSTreeNodeBase>, Re
         this._onDidChangeTreeData.fire(node)
     }
 
+    private readonly getAuthNode = once(() => new TreeShim(new AuthNode(this.auth)))
     private async getRootNodes(): Promise<AWSTreeNodeBase[]> {
-        if (!(await this.awsContext.getCredentials())) {
-            return [this.ROOT_NODE_SIGN_IN]
+        const conn = this.auth.activeConnection
+        if (conn !== undefined && conn.type !== 'iam') {
+            // TODO: this should show up as a child node?
+            const selectIamNode = useIamCredentials.build(this.auth).asTreeNode({
+                // label: `No IAM credentials linked to ${conn.label}`,
+                // iconPath: getIcon('vscode-circle-slash'),
+                label: 'Select IAM Credentials to View Resources',
+                iconPath: getIcon('vscode-sync'),
+            })
+
+            return [this.getAuthNode(), new TreeShim(selectIamNode)]
+        } else if (conn === undefined || conn.state !== 'valid') {
+            return [this.getAuthNode()]
         }
 
         const partitionRegions = this.regionProvider.getRegions()
         const userVisibleRegionCodes = this.regionProvider.getExplorerRegions()
         const regionMap = toMap(partitionRegions, r => r.id)
 
-        return await makeChildrenNodes({
-            getChildNodes: async () => {
-                updateInPlace(
-                    this.regionNodes,
-                    intersection(regionMap.keys(), userVisibleRegionCodes),
-                    key => this.regionNodes.get(key)!.update(regionMap.get(key)!),
-                    key => new RegionNode(regionMap.get(key)!, this.regionProvider)
-                )
+        updateInPlace(
+            this.regionNodes,
+            intersection(regionMap.keys(), userVisibleRegionCodes),
+            key => this.regionNodes.get(key)!.update(regionMap.get(key)!),
+            key => new RegionNode(regionMap.get(key)!, this.regionProvider)
+        )
+
+        if (this.regionNodes.size === 0) {
+            return [this.getAuthNode(), this.ROOT_NODE_ADD_REGION]
+        }
 
-                return [...this.regionNodes.values()]
-            },
-            getNoChildrenPlaceholderNode: async () => this.ROOT_NODE_ADD_REGION,
-            sort: (nodeA, nodeB) => nodeA.regionName.localeCompare(nodeB.regionName),
+        return await makeChildrenNodes({
+            getChildNodes: async () => [this.getAuthNode(), ...this.regionNodes.values()],
+            sort: (a, b) =>
+                a instanceof TreeShim ? -1 : b instanceof TreeShim ? 1 : a.regionName.localeCompare(b.regionName),
         })
     }
 }