change login_sso and login_iam, fix auth2.ts

Author: yuxianrz

packages/amazonq/test/e2e/amazonq/utils/setup.ts

@@ -22,5 +22,5 @@ export async function loginToIdC() {
         )
     }
 
-    await AuthUtil.instance.login_sso(startUrl, region)
+    await AuthUtil.instance.loginSso(startUrl, region)
 }

packages/amazonq/test/unit/codewhisperer/region/regionProfileManager.test.ts

@@ -26,11 +26,11 @@ describe('RegionProfileManager', async function () {
 
     async function setupConnection(type: 'builderId' | 'idc') {
         if (type === 'builderId') {
-            await AuthUtil.instance.login_sso(constants.builderIdStartUrl, region)
+            await AuthUtil.instance.loginSso(constants.builderIdStartUrl, region)
             assert.ok(AuthUtil.instance.isSsoSession())
             assert.ok(AuthUtil.instance.isBuilderIdConnection())
         } else if (type === 'idc') {
-            await AuthUtil.instance.login_sso(enterpriseSsoStartUrl, region)
+            await AuthUtil.instance.loginSso(enterpriseSsoStartUrl, region)
             assert.ok(AuthUtil.instance.isSsoSession())
             assert.ok(AuthUtil.instance.isIdcConnection())
         }

packages/amazonq/test/unit/codewhisperer/util/authUtil.test.ts

@@ -26,19 +26,19 @@ describe('AuthUtil', async function () {
 
     describe('Auth state', function () {
         it('login with BuilderId', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.loginSso(constants.builderIdStartUrl, constants.builderIdRegion)
             assert.ok(auth.isConnected())
             assert.ok(auth.isBuilderIdConnection())
         })
 
         it('login with IDC', async function () {
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
             assert.ok(auth.isConnected())
             assert.ok(auth.isIdcConnection())
         })
 
         it('identifies internal users', async function () {
-            await auth.login_sso(constants.internalStartUrl, 'us-east-1')
+            await auth.loginSso(constants.internalStartUrl, 'us-east-1')
             assert.ok(auth.isInternalAmazonUser())
         })
 
@@ -55,7 +55,7 @@ describe('AuthUtil', async function () {
 
     describe('Token management', function () {
         it('can get token when connected with SSO', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.loginSso(constants.builderIdStartUrl, constants.builderIdRegion)
             const token = await auth.getToken()
             assert.ok(token)
         })
@@ -68,14 +68,14 @@ describe('AuthUtil', async function () {
 
     describe('getTelemetryMetadata', function () {
         it('returns valid metadata for BuilderId connection', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.loginSso(constants.builderIdStartUrl, constants.builderIdRegion)
             const metadata = await auth.getTelemetryMetadata()
             assert.strictEqual(metadata.credentialSourceId, 'awsId')
             assert.strictEqual(metadata.credentialStartUrl, constants.builderIdStartUrl)
         })
 
         it('returns valid metadata for IDC connection', async function () {
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
             const metadata = await auth.getTelemetryMetadata()
             assert.strictEqual(metadata.credentialSourceId, 'iamIdentityCenter')
             assert.strictEqual(metadata.credentialStartUrl, 'https://example.awsapps.com/start')
@@ -96,37 +96,39 @@ describe('AuthUtil', async function () {
         })
 
         it('returns BuilderId forms when using BuilderId', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, constants.builderIdRegion)
+            await auth.loginSso(constants.builderIdStartUrl, constants.builderIdRegion)
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms, ['builderIdCodeWhisperer'])
         })
 
         it('returns IDC forms when using IDC without SSO account access', async function () {
             const session = (auth as any).session
-            session && sinon.stub(session, 'getProfile').resolves({
-                ssoSession: {
-                    settings: {
-                        sso_registration_scopes: ['codewhisperer:*'],
+            session &&
+                sinon.stub(session, 'getProfile').resolves({
+                    ssoSession: {
+                        settings: {
+                            sso_registration_scopes: ['codewhisperer:*'],
+                        },
                     },
-                },
-            })
+                })
 
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms, ['identityCenterCodeWhisperer'])
         })
 
         it('returns IDC forms with explorer when using IDC with SSO account access', async function () {
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
             const session = (auth as any).session
 
-            session && sinon.stub(session, 'getProfile').resolves({
-                ssoSession: {
-                    settings: {
-                        sso_registration_scopes: ['codewhisperer:*', 'sso:account:access'],
+            session &&
+                sinon.stub(session, 'getProfile').resolves({
+                    ssoSession: {
+                        settings: {
+                            sso_registration_scopes: ['codewhisperer:*', 'sso:account:access'],
+                        },
                     },
-                },
-            })
+                })
 
             const forms = await auth.getAuthFormIds()
             assert.deepStrictEqual(forms.sort(), ['identityCenterCodeWhisperer', 'identityCenterExplorer'].sort())
@@ -180,7 +182,7 @@ describe('AuthUtil', async function () {
         })
 
         it('updates bearer token when state is refreshed', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, 'us-east-1')
+            await auth.loginSso(constants.builderIdStartUrl, 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'refreshed' })
 
@@ -189,7 +191,7 @@ describe('AuthUtil', async function () {
         })
 
         it('cleans up when connection expires', async function () {
-            await auth.login_sso(constants.builderIdStartUrl, 'us-east-1')
+            await auth.loginSso(constants.builderIdStartUrl, 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'expired' })
 
@@ -199,15 +201,15 @@ describe('AuthUtil', async function () {
         it('deletes bearer token when disconnected', async function () {
             await (auth as any).stateChangeHandler({ state: 'notConnected' })
 
-            if (auth.isSsoSession(auth.session)){
+            if (auth.isSsoSession(auth.session)) {
                 assert.ok(mockLspAuth.deleteBearerToken.called)
             }
         })
 
         it('updates bearer token and restores profile on reconnection', async function () {
             const restoreProfileSelectionSpy = sinon.spy(regionProfileManager, 'restoreProfileSelection')
 
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'connected' })
 
@@ -219,7 +221,7 @@ describe('AuthUtil', async function () {
             const invalidateProfileSpy = sinon.spy(regionProfileManager, 'invalidateProfile')
             const clearCacheSpy = sinon.spy(regionProfileManager, 'clearCache')
 
-            await auth.login_sso('https://example.awsapps.com/start', 'us-east-1')
+            await auth.loginSso('https://example.awsapps.com/start', 'us-east-1')
 
             await (auth as any).stateChangeHandler({ state: 'expired' })
 
@@ -291,7 +293,7 @@ describe('AuthUtil', async function () {
             memento.get.returns({ profile1: validProfile })
             mockLspAuth.getSsoToken.rejects(new Error('Token check failed'))
 
-            if (!(auth as any).session){
+            if (!(auth as any).session) {
                 auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
             }
             const updateProfileStub = sinon.stub((auth as any).session, 'updateProfile').resolves()
@@ -361,7 +363,7 @@ describe('AuthUtil', async function () {
             }
             memento.get.returns(mockProfiles)
 
-            if (!(auth as any).session){
+            if (!(auth as any).session) {
                 auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
             }
 
@@ -390,7 +392,7 @@ describe('AuthUtil', async function () {
             }
             memento.get.returns(mockProfiles)
 
-            if (!(auth as any).session){
+            if (!(auth as any).session) {
                 auth.session = new auth2.SsoLogin(auth.profileName, auth.lspAuth, auth.eventEmitter)
             }
 
@@ -408,7 +410,7 @@ describe('AuthUtil', async function () {
         })
     })
 
-    describe('login_iam', function () {
+    describe('loginIam', function () {
         it('creates IAM session and logs in', async function () {
             const mockResponse = {
                 id: 'test-credential-id',
@@ -421,23 +423,25 @@ describe('AuthUtil', async function () {
                     data: 'credential-data',
                 },
             }
-            
+
             const mockIamLogin = {
                 login: sinon.stub().resolves(mockResponse),
                 loginType: 'iam',
             }
-            
+
             sinon.stub(auth2, 'IamLogin').returns(mockIamLogin as any)
-            
-            const response = await auth.login_iam('accessKey', 'secretKey', 'sessionToken')
-            
+
+            const response = await auth.loginIam('accessKey', 'secretKey', 'sessionToken')
+
             assert.ok(mockIamLogin.login.calledOnce)
-            assert.ok(mockIamLogin.login.calledWith({
-                accessKey: 'accessKey',
-                secretKey: 'secretKey',
-                sessionToken: 'sessionToken',
-                roleArn: undefined,
-            }))
+            assert.ok(
+                mockIamLogin.login.calledWith({
+                    accessKey: 'accessKey',
+                    secretKey: 'secretKey',
+                    sessionToken: 'sessionToken',
+                    roleArn: undefined,
+                })
+            )
             assert.strictEqual(response, mockResponse)
         })
 
@@ -453,23 +457,30 @@ describe('AuthUtil', async function () {
                     data: 'credential-data',
                 },
             }
-            
+
             const mockIamLogin = {
                 login: sinon.stub().resolves(mockResponse),
                 loginType: 'iam',
             }
-            
+
             sinon.stub(auth2, 'IamLogin').returns(mockIamLogin as any)
-            
-            const response = await auth.login_iam('accessKey', 'secretKey', 'sessionToken', 'arn:aws:iam::123456789012:role/TestRole')
-            
+
+            const response = await auth.loginIam(
+                'accessKey',
+                'secretKey',
+                'sessionToken',
+                'arn:aws:iam::123456789012:role/TestRole'
+            )
+
             assert.ok(mockIamLogin.login.calledOnce)
-            assert.ok(mockIamLogin.login.calledWith({
-                accessKey: 'accessKey',
-                secretKey: 'secretKey',
-                sessionToken: 'sessionToken',
-                roleArn: 'arn:aws:iam::123456789012:role/TestRole',
-            }))
+            assert.ok(
+                mockIamLogin.login.calledWith({
+                    accessKey: 'accessKey',
+                    secretKey: 'secretKey',
+                    sessionToken: 'sessionToken',
+                    roleArn: 'arn:aws:iam::123456789012:role/TestRole',
+                })
+            )
             assert.strictEqual(response, mockResponse)
         })
     })
@@ -481,19 +492,19 @@ describe('AuthUtil', async function () {
                 secretAccessKey: 'test-secret-key',
                 sessionToken: 'test-session-token',
             }
-            
+
             const mockSession = {
                 getCredential: sinon.stub().resolves({
                     credential: mockCredentials,
                     updateCredentialsParams: { data: 'test' },
                 }),
                 loginType: 'iam',
             }
-            
+
             ;(auth as any).session = mockSession
-            
+
             const result = await auth.getIamCredential()
-            
+
             assert.ok(mockSession.getCredential.calledOnce)
             assert.deepStrictEqual(result, mockCredentials)
         })
@@ -506,9 +517,9 @@ describe('AuthUtil', async function () {
                 }),
                 loginType: 'sso',
             }
-            
+
             ;(auth as any).session = mockSession
-            
+
             try {
                 await auth.getIamCredential()
                 assert.fail('Should have thrown an error')
@@ -519,7 +530,7 @@ describe('AuthUtil', async function () {
 
         it('throws error when not logged in', async function () {
             ;(auth as any).session = undefined
-            
+
             try {
                 await auth.getIamCredential()
                 assert.fail('Should have thrown an error')
@@ -533,20 +544,20 @@ describe('AuthUtil', async function () {
         it('returns true for IAM session', function () {
             const mockSession = { loginType: 'iam' }
             ;(auth as any).session = mockSession
-            
+
             assert.strictEqual(auth.isIamSession(), true)
         })
 
         it('returns false for SSO session', function () {
             const mockSession = { loginType: 'sso' }
             ;(auth as any).session = mockSession
-            
+
             assert.strictEqual(auth.isIamSession(), false)
         })
 
         it('returns false when no session', function () {
             ;(auth as any).session = undefined
-            
+
             assert.strictEqual(auth.isIamSession(), false)
         })
     })
@@ -592,4 +603,4 @@ describe('AuthUtil', async function () {
             assert.ok(mockLspAuth.deleteIamCredential.called)
         })
     })
-})
+})

packages/amazonq/test/unit/codewhisperer/util/showSsoPrompt.test.ts

@@ -28,7 +28,7 @@ describe('showConnectionPrompt', function () {
     })
 
     it('can select connect to AwsBuilderId', async function () {
-        sinon.stub(AuthUtil.instance, 'login_sso').resolves()
+        sinon.stub(AuthUtil.instance, 'loginSso').resolves()
 
         getTestWindow().onDidShowQuickPick(async (picker) => {
             await picker.untilReady()
@@ -44,7 +44,7 @@ describe('showConnectionPrompt', function () {
 
     it('connectToAwsBuilderId calls AuthUtil login with builderIdStartUrl', async function () {
         sinon.stub(vscode.commands, 'executeCommand')
-        const loginStub = sinon.stub(AuthUtil.instance, 'login_sso').resolves()
+        const loginStub = sinon.stub(AuthUtil.instance, 'loginSso').resolves()
 
         await awsIdSignIn()
 

packages/core/src/auth/auth2.ts

@@ -193,7 +193,7 @@ export class LanguageClientAuth {
     ): Promise<UpdateProfileResult> {
         // Add credentials and delete SSO settings from profile
         let profile: Profile
-        if (roleArn) {
+        if (roleArn && sourceProfile) {
             profile = {
                 kinds: [ProfileKind.IamSourceProfileProfile],
                 name: profileName,
@@ -234,10 +234,6 @@ export class LanguageClientAuth {
         }
         return this.client.sendRequest(updateProfileRequestType.method, {
             profile: profile,
-            ssoSession: {
-                name: profileName,
-                settings: undefined,
-            },
         } satisfies UpdateProfileParams)
     }