fix(amazonq): validate customization on profile change #7049

## Problem
- Before region expansion:
  customization is bound to a specific idc instance
- After region expansion:
  customization is bound to a specific Q profile and an idc instance can
  have multi profiles
  - therefore each Q profile will have access to different sets of
    customization

## Solution
We need to validate if the selected customization is accessible from the
user's selected profile, otherwise will get
```
*An error occurred while processing your request.*
This error is reported to the team automatically. We will attempt to fix it as soon as possible.
Details: The provided profile ARN and customization ARN is mismatched. (Service: CodeWhispererRuntime, Status Code: 403, 
```

Author: Will-ShaoHua

packages/amazonq/.changes/next-release/Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Users might be bound to a customization which they dont have access with the selected profile and it causes service throwing 403 when using inline suggestion and chat features"
+}

packages/core/src/codewhisperer/activation.ts

@@ -72,7 +72,12 @@ import { AuthUtil } from './util/authUtil'
 import { ImportAdderProvider } from './service/importAdderProvider'
 import { TelemetryHelper } from './util/telemetryHelper'
 import { openUrl } from '../shared/utilities/vsCodeUtils'
-import { notifyNewCustomizations } from './util/customizationUtil'
+import {
+    getAvailableCustomizationsList,
+    getSelectedCustomization,
+    notifyNewCustomizations,
+    switchToBaseCustomizationAndNotify,
+} from './util/customizationUtil'
 import { CodeWhispererCommandBackend, CodeWhispererCommandDeclarations } from './commands/gettingStartedPageCommands'
 import { SecurityIssueHoverProvider } from './service/securityIssueHoverProvider'
 import { SecurityIssueCodeActionProvider } from './service/securityIssueCodeActionProvider'
@@ -337,7 +342,27 @@ export async function activate(context: ExtContext): Promise<void> {
             [...CodeWhispererConstants.securityScanLanguageIds],
             SecurityIssueCodeActionProvider.instance
         ),
-        vscode.commands.registerCommand('aws.amazonq.openEditorAtRange', openEditorAtRange)
+        vscode.commands.registerCommand('aws.amazonq.openEditorAtRange', openEditorAtRange),
+        auth.regionProfileManager.onDidChangeRegionProfile(() => {
+            // Validate user still has access to the selected customization.
+            const selectedCustomization = getSelectedCustomization()
+            // No need to validate base customization which has empty arn.
+            if (selectedCustomization.arn.length > 0) {
+                getAvailableCustomizationsList()
+                    .then(async (customizations) => {
+                        const r = customizations.find((it) => it.arn === selectedCustomization.arn)
+                        if (!r) {
+                            await switchToBaseCustomizationAndNotify()
+                        }
+                    })
+                    .catch((e) => {
+                        getLogger().error(
+                            `encounter error while validating selected customization on profile change: %s`,
+                            (e as Error).message
+                        )
+                    })
+            }
+        })
     )
 
     // run the auth startup code with context for telemetry

packages/core/src/codewhisperer/region/regionProfileManager.ts

@@ -36,7 +36,6 @@ export const defaultServiceConfig: CodeWhispererConfig = {
 }
 
 // Hack until we have a single discovery endpoint. We will call each endpoint one by one to fetch profile before then.
-// TODO: update correct endpoint and region
 const endpoints = createConstantMap({
     'us-east-1': 'https://q.us-east-1.amazonaws.com/',
     'eu-central-1': 'https://q.eu-central-1.amazonaws.com/',