refactor: migrate type refs

Author: Hweinstock

packages/core/src/awsService/apprunner/wizards/imageRepositoryWizard.ts

@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { AppRunner, IAM } from 'aws-sdk'
+import { AppRunner } from 'aws-sdk'
 import { createCommonButtons, QuickInputButton, QuickInputToggleButton } from '../../../shared/ui/buttons'
 import { toArrayAsync } from '../../../shared/utilities/collectionUtils'
 import { EcrClient, EcrRepository } from '../../../shared/clients/ecrClient'
@@ -17,7 +17,7 @@ import * as nls from 'vscode-nls'
 import { WizardForm } from '../../../shared/wizards/wizardForm'
 import { createVariablesPrompter } from '../../../shared/ui/common/variablesPrompter'
 import { makeDeploymentButton } from './deploymentButton'
-import { IamClient } from '../../../shared/clients/iam'
+import { IamClient, IamRole } from '../../../shared/clients/iam'
 import { createRolePrompter } from '../../../shared/ui/common/roles'
 import { getLogger } from '../../../shared/logger/logger'
 import { getAppRunnerCreateServiceDocUrl, isCloud9 } from '../../../shared/extensionUtilities'
@@ -35,7 +35,7 @@ interface ImagePrompterOptions {
     extraButtons?: QuickInputButton<void | WizardControl>
 }
 
-function createEcrRole(client: IamClient): Promise<IAM.Role> {
+function createEcrRole(client: IamClient): Promise<IamRole> {
     const policy = {
         Version: '2008-10-17',
         Statement: [
@@ -59,7 +59,7 @@ function createEcrRole(client: IamClient): Promise<IAM.Role> {
             AssumeRolePolicyDocument: JSON.stringify(policy),
         })
         .then((resp) => {
-            const role = resp.Role
+            const role = resp.Role! as IamRole
             return client.attachRolePolicy({ RoleName: role.RoleName, PolicyArn: ecrPolicy }).then(() => role)
         })
 }
@@ -257,13 +257,14 @@ export class AppRunnerImageRepositoryWizard extends Wizard<AppRunner.SourceConfi
     constructor(ecrClient: EcrClient, iamClient: IamClient, autoDeployButton = makeDeploymentButton()) {
         super()
         const form = this.form
-        const createAccessRolePrompter = () => {
-            return createRolePrompter(iamClient, {
+        const createAccessRolePrompter: () => picker.QuickPickPrompter<string> = () => {
+            const prompter = createRolePrompter(iamClient, {
                 title: localize('AWS.apprunner.createService.selectRole.title', 'Select a role to pull from ECR'),
                 helpUrl: getAppRunnerCreateServiceDocUrl(),
                 roleFilter: (role) => (role.AssumeRolePolicyDocument ?? '').includes(appRunnerEcrEntity),
                 createRole: createEcrRole.bind(undefined, iamClient),
-            }).transform((resp) => resp.Arn)
+            })
+            return prompter.transform((resp) => resp.Arn)
         }
 
         form.ImageRepository.applyBoundForm(createImageRepositorySubForm(ecrClient, autoDeployButton))

packages/core/src/awsService/ec2/model.ts

@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import * as vscode from 'vscode'
-import { IAM } from 'aws-sdk'
 import { Ec2Selection } from './prompter'
 import { getOrInstallCli } from '../../shared/utilities/cliUtils'
 import { isCloud9 } from '../../shared/extensionUtilities'
@@ -18,7 +17,7 @@ import {
     openRemoteTerminal,
     promptToAddInlinePolicy,
 } from '../../shared/remoteSession'
-import { IamClient } from '../../shared/clients/iam'
+import { IamClient, IamRole } from '../../shared/clients/iam'
 import { ErrorInformation } from '../../shared/errors'
 import {
     sshAgentSocketVariable,
@@ -95,7 +94,7 @@ export class Ec2Connecter implements vscode.Disposable {
         return this.sessionManager.isConnectedTo(instanceId)
     }
 
-    public async getAttachedIamRole(instanceId: string): Promise<IAM.Role | undefined> {
+    public async getAttachedIamRole(instanceId: string): Promise<IamRole | undefined> {
         const IamInstanceProfile = await this.ec2Client.getAttachedIamInstanceProfile(instanceId)
         if (IamInstanceProfile && IamInstanceProfile.Arn) {
             const IamRole = await this.iamClient.getIAMRoleFromInstanceProfile(IamInstanceProfile.Arn)

packages/core/src/shared/clients/clientWrapper.ts

@@ -32,8 +32,7 @@ export abstract class ClientWrapper<C extends AwsClient> implements vscode.Dispo
         command: new (o: CommandInput) => Command,
         commandOptions: CommandInput
     ) {
-        const client = this.getClient()
-        return await client.send(new command(commandOptions))
+        return await this.getClient().send(new command(commandOptions))
     }
 
     protected makePaginatedRequest<CommandInput extends object, CommandOutput extends object, Output extends object>(

packages/core/src/shared/clients/iam.ts

@@ -12,6 +12,7 @@ import {
     CreateRoleResponse,
     EvaluationResult,
     GetInstanceProfileCommand,
+    GetInstanceProfileCommandOutput,
     IAMClient,
     ListRolesRequest,
     paginateListAttachedRolePolicies,
@@ -26,17 +27,24 @@ import { AsyncCollection } from '../utilities/asyncCollection'
 import { ToolkitError } from '../errors'
 import { ClientWrapper } from './clientWrapper'
 
+export interface IamRole extends Role {
+    RoleName: string
+    Arn: string
+}
+
 export class IamClient extends ClientWrapper<IAMClient> {
     public constructor(public override readonly regionCode: string) {
         super(regionCode, IAMClient)
     }
 
-    public getRoles(request: ListRolesRequest = {}, maxPages: number = 500): AsyncCollection<Role[]> {
-        return this.makePaginatedRequest(paginateListRoles, request, (p) => p.Roles).limit(maxPages)
+    public getRoles(request: ListRolesRequest = {}, maxPages: number = 500): AsyncCollection<IamRole[]> {
+        return this.makePaginatedRequest(paginateListRoles, request, (p) => p.Roles)
+            .limit(maxPages)
+            .map((roles) => roles.filter(hasRequiredFields))
     }
 
     /** Gets all roles. */
-    public async resolveRoles(request: ListRolesRequest = {}): Promise<Role[]> {
+    public async resolveRoles(request: ListRolesRequest = {}): Promise<IamRole[]> {
         return this.getRoles(request).flatten().promise()
     }
 
@@ -86,11 +94,15 @@ export class IamClient extends ClientWrapper<IAMClient> {
         )
     }
 
-    public async getIAMRoleFromInstanceProfile(instanceProfileArn: string): Promise<Role> {
-        const response = await this.makeRequest(GetInstanceProfileCommand, {
+    public async getIAMRoleFromInstanceProfile(instanceProfileArn: string): Promise<IamRole> {
+        const response: GetInstanceProfileCommandOutput = await this.makeRequest(GetInstanceProfileCommand, {
             InstanceProfileName: this.getFriendlyName(instanceProfileArn),
         })
-        if (response.InstanceProfile.Roles.length === 0) {
+        if (
+            !response.InstanceProfile?.Roles ||
+            response.InstanceProfile.Roles.length === 0 ||
+            !hasRequiredFields(response.InstanceProfile.Roles[0])
+        ) {
             throw new ToolkitError(`Failed to find IAM role associated with Instance profile ${instanceProfileArn}`)
         }
         return response.InstanceProfile.Roles[0]
@@ -104,3 +116,7 @@ export class IamClient extends ClientWrapper<IAMClient> {
         })
     }
 }
+
+function hasRequiredFields(role: Role): role is IamRole {
+    return role.RoleName !== undefined && role.Arn !== undefined
+}

packages/core/src/shared/remoteSession.ts

@@ -20,8 +20,8 @@ import { pushIf } from './utilities/collectionUtils'
 import { ChildProcess } from './utilities/processUtils'
 import { findSshPath, getVscodeCliPath } from './utilities/pathFind'
 import { IamClient } from './clients/iam'
-import { IAM } from 'aws-sdk'
 import { getIdeProperties } from './extensionUtilities'
+import { EvaluationResult } from '@aws-sdk/client-iam'
 
 const policyAttachDelay = 5000
 
@@ -243,7 +243,7 @@ function getSsmPolicyDocument() {
             }`
 }
 
-export async function getDeniedSsmActions(client: IamClient, roleArn: string): Promise<IAM.EvaluationResult[]> {
+export async function getDeniedSsmActions(client: IamClient, roleArn: string): Promise<EvaluationResult[]> {
     const deniedActions = await client.getDeniedActions({
         PolicySourceArn: roleArn,
         ActionNames: minimumSsmActions,

packages/core/src/shared/ui/common/roles.ts

@@ -3,8 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { IAM } from 'aws-sdk'
-import { IamClient } from '../../clients/iam'
+import { IamClient, IamRole } from '../../clients/iam'
 import { createCommonButtons, createPlusButton, createRefreshButton } from '../buttons'
 import { createQuickPick, DataQuickPickItem, QuickPickPrompter } from '../pickerPrompter'
 import * as nls from 'vscode-nls'
@@ -21,19 +20,19 @@ interface RolePrompterOptions {
     readonly title?: string
     readonly helpUrl?: string | vscode.Uri
     readonly noRoleDetail?: string
-    readonly roleFilter?: (role: IAM.Role) => boolean
-    readonly createRole?: () => Promise<IAM.Role>
+    readonly roleFilter?: (role: IamRole) => boolean
+    readonly createRole?: () => Promise<IamRole>
 }
 
-export function createRolePrompter(client: IamClient, options: RolePrompterOptions = {}): QuickPickPrompter<IAM.Role> {
-    const placeholderItem: DataQuickPickItem<IAM.Role> = {
+export function createRolePrompter(client: IamClient, options: RolePrompterOptions = {}): QuickPickPrompter<IamRole> {
+    const placeholderItem: DataQuickPickItem<IamRole> = {
         label: localize('AWS.rolePrompter.noRoles.title', 'No valid roles found'),
         data: WIZARD_BACK,
         detail: options.noRoleDetail,
     }
 
     const loadItems = () => {
-        const filterRoles = (roles: IAM.Role[]) => (options.roleFilter ? roles.filter(options.roleFilter) : roles)
+        const filterRoles = (roles: IamRole[]) => (options.roleFilter ? roles.filter(options.roleFilter) : roles)
 
         return client
             .getRoles()
@@ -62,7 +61,7 @@ export function createRolePrompter(client: IamClient, options: RolePrompterOptio
 }
 
 function addCreateRoleButton(
-    prompter: QuickPickPrompter<IAM.Role>,
+    prompter: QuickPickPrompter<IamRole>,
     createRole: RolePrompterOptions['createRole']
 ): typeof prompter {
     if (!createRole) {

packages/core/src/stepFunctions/utils.ts

@@ -5,7 +5,7 @@
 import * as nls from 'vscode-nls'
 const localize = nls.loadMessageBundle()
 
-import { IAM, StepFunctions } from 'aws-sdk'
+import { StepFunctions } from 'aws-sdk'
 import * as vscode from 'vscode'
 import { StepFunctionsClient } from '../shared/clients/stepFunctionsClient'
 import { fileExists } from '../shared/filesystemUtilities'
@@ -20,6 +20,7 @@ import { HttpResourceFetcher } from '../shared/resourcefetcher/httpResourceFetch
 import globals from '../shared/extensionGlobals'
 import { fromExtensionManifest } from '../shared/settings'
 import { fs } from '../shared/fs/fs'
+import { IamRole } from '../shared/clients/iam'
 
 const documentSettings: DocumentLanguageSettings = { comments: 'error', trailingCommas: 'error' }
 const languageService = getLanguageService({})
@@ -211,7 +212,7 @@ export async function* listStateMachines(
  * Checks if the given IAM Role is assumable by AWS Step Functions.
  * @param role The IAM role to check
  */
-export function isStepFunctionsRole(role: IAM.Role): boolean {
+export function isStepFunctionsRole(role: IamRole): boolean {
     const stepFunctionsSevicePrincipal: string = 'states.amazonaws.com'
     const assumeRolePolicyDocument: string | undefined = role.AssumeRolePolicyDocument
 

packages/core/src/test/awsService/ec2/model.test.ts

@@ -10,9 +10,8 @@ import { SsmClient } from '../../../shared/clients/ssm'
 import { Ec2Client } from '../../../shared/clients/ec2'
 import { Ec2Selection } from '../../../awsService/ec2/prompter'
 import { ToolkitError } from '../../../shared/errors'
-import { IAM } from 'aws-sdk'
 import { SshKeyPair } from '../../../awsService/ec2/sshKeyPair'
-import { IamClient } from '../../../shared/clients/iam'
+import { IamClient, IamRole } from '../../../shared/clients/iam'
 import { assertNoTelemetryMatch, createTestWorkspaceFolder } from '../../testUtil'
 import { fs } from '../../../shared'
 import path from 'path'
@@ -31,13 +30,11 @@ describe('Ec2ConnectClient', function () {
 
     describe('getAttachedIamRole', async function () {
         it('only returns role if receives ARN from instance profile', async function () {
-            let role: IAM.Role | undefined
+            let role: IamRole | undefined
             const getInstanceProfileStub = sinon.stub(Ec2Client.prototype, 'getAttachedIamInstanceProfile')
 
             getInstanceProfileStub.resolves({ Arn: 'thisIsAnArn' })
-            sinon
-                .stub(IamClient.prototype, 'getIAMRoleFromInstanceProfile')
-                .resolves({ Arn: 'ThisIsARoleArn' } as IAM.Role)
+            sinon.stub(IamClient.prototype, 'getIAMRoleFromInstanceProfile').resolves(getFakeRole('ThisIsARoleArn'))
 
             role = await client.getAttachedIamRole('test-instance')
             assert.ok(role)
@@ -116,7 +113,7 @@ describe('Ec2ConnectClient', function () {
 
         it('throws EC2SSMAgent error if instance is running and has IAM Role, but agent is not running', async function () {
             sinon.stub(Ec2Connecter.prototype, 'isInstanceRunning').resolves(true)
-            sinon.stub(Ec2Connecter.prototype, 'getAttachedIamRole').resolves({ Arn: 'testRole' } as IAM.Role)
+            sinon.stub(Ec2Connecter.prototype, 'getAttachedIamRole').resolves(getFakeRole('testRole'))
             sinon.stub(Ec2Connecter.prototype, 'hasProperPermissions').resolves(true)
             sinon.stub(SsmClient.prototype, 'getInstanceAgentPingStatus').resolves('offline')
 
@@ -141,7 +138,7 @@ describe('Ec2ConnectClient', function () {
 
         it('does not throw an error if all checks pass', async function () {
             sinon.stub(Ec2Connecter.prototype, 'isInstanceRunning').resolves(true)
-            sinon.stub(Ec2Connecter.prototype, 'getAttachedIamRole').resolves({ Arn: 'testRole' } as IAM.Role)
+            sinon.stub(Ec2Connecter.prototype, 'getAttachedIamRole').resolves(getFakeRole('testRole'))
             sinon.stub(Ec2Connecter.prototype, 'hasProperPermissions').resolves(true)
             sinon.stub(SsmClient.prototype, 'getInstanceAgentPingStatus').resolves('Online')
 
@@ -307,3 +304,13 @@ describe('getRemoveLinesCommand', async function () {
         assert.throws(() => getRemoveLinesCommand('pat/tern', 'macOS', 'test.txt'))
     })
 })
+
+function getFakeRole(Arn: string) {
+    return {
+        RoleName: 'hasArn',
+        Arn,
+        Path: 'thisIsAPath',
+        RoleId: '1',
+        CreateDate: new Date(),
+    }
+}

packages/core/src/test/shared/clients/iamClient.test.ts

@@ -3,25 +3,25 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { IAM } from 'aws-sdk'
 import assert from 'assert'
 import * as sinon from 'sinon'
 import { IamClient } from '../../../shared/clients/iam'
+import { SimulatePolicyResponse, SimulatePrincipalPolicyRequest } from '@aws-sdk/client-iam'
 
 describe('iamClient', function () {
     describe('getDeniedActions', async function () {
         const iamClient: IamClient = new IamClient('us-west-2')
-        const request: IAM.SimulatePrincipalPolicyRequest = {
+        const request: SimulatePrincipalPolicyRequest = {
             PolicySourceArn: 'taskRoleArn1234',
             ActionNames: ['example:permission'],
         }
-        const correctPermissionsResponse = {
+        const correctPermissionsResponse: SimulatePolicyResponse = {
             EvaluationResults: [{ EvalActionName: 'example:permission', EvalDecision: 'allowed' }],
         }
-        const incorrectPermissionsResponse = {
-            EvaluationResults: [{ EvalActionName: 'example:permission', EvalDecision: 'denied' }],
+        const incorrectPermissionsResponse: SimulatePolicyResponse = {
+            EvaluationResults: [{ EvalActionName: 'example:permission', EvalDecision: 'explicitDeny' }],
         }
-        const organizationsDenyPermissionsResponse = {
+        const organizationsDenyPermissionsResponse: SimulatePolicyResponse = {
             EvaluationResults: [
                 {
                     EvalActionName: 'example:permission',

packages/core/src/test/shared/ui/prompters/roles.test.ts

@@ -6,8 +6,7 @@
 import * as vscode from 'vscode'
 import * as sinon from 'sinon'
 import assert from 'assert'
-import { IAM } from 'aws-sdk'
-import { IamClient } from '../../../../shared/clients/iam'
+import { IamClient, IamRole } from '../../../../shared/clients/iam'
 import { createQuickPickPrompterTester, QuickPickPrompterTester } from '../testUtils'
 import { createRolePrompter } from '../../../../shared/ui/common/roles'
 import { toCollection } from '../../../../shared/utilities/asyncCollection'
@@ -17,9 +16,9 @@ import { getOpenExternalStub } from '../../../globalSetup.test'
 const helpUri = vscode.Uri.parse('https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html')
 
 describe('createRolePrompter', function () {
-    let roles: IAM.Role[]
-    let newRole: IAM.Role
-    let tester: QuickPickPrompterTester<IAM.Role>
+    let roles: IamRole[]
+    let newRole: IamRole
+    let tester: QuickPickPrompterTester<IamRole>
 
     beforeEach(function () {
         roles = [