Merge master into feature/LSP-gamma

Author: aws-toolkit-automation

packages/core/src/sagemakerunifiedstudio/auth/providers/connectionCredentialsProvider.ts

@@ -73,6 +73,14 @@ export class ConnectionCredentialsProvider implements CredentialsProvider {
         return this.smusAuthProvider.getDomainRegion()
     }
 
+    /**
+     * Gets the domain AWS account ID
+     * @returns Promise resolving to the domain account ID
+     */
+    public async getDomainAccountId(): Promise<string> {
+        return this.smusAuthProvider.getDomainAccountId()
+    }
+
     /**
      * Gets the hash code
      * @returns Hash code

packages/core/src/sagemakerunifiedstudio/auth/providers/smusAuthenticationProvider.ts

@@ -14,7 +14,7 @@ import * as localizedText from '../../../shared/localizedText'
 import { ToolkitPromptSettings } from '../../../shared/settings'
 import { setContext, getContext } from '../../../shared/vscode/setContext'
 import { getLogger } from '../../../shared/logger/logger'
-import { SmusUtils, SmusErrorCodes } from '../../shared/smusUtils'
+import { SmusUtils, SmusErrorCodes, extractAccountIdFromArn } from '../../shared/smusUtils'
 import { createSmusProfile, isValidSmusConnection, SmusConnection } from '../model'
 import { DomainExecRoleCredentialsProvider } from './domainExecRoleCredentialsProvider'
 import { ProjectRoleCredentialsProvider } from './projectRoleCredentialsProvider'
@@ -23,6 +23,7 @@ import { ConnectionClientStore } from '../../shared/client/connectionClientStore
 import { getResourceMetadata } from '../../shared/utils/resourceMetadataUtils'
 import { fromIni } from '@aws-sdk/credential-providers'
 import { randomUUID } from '../../../shared/crypto'
+import { DefaultStsClient } from '../../../shared/clients/stsClient'
 
 /**
  * Sets the context variable for SageMaker Unified Studio connection state
@@ -53,6 +54,7 @@ export class SmusAuthenticationProvider {
     private credentialsProviderCache = new Map<string, any>()
     private projectCredentialProvidersCache = new Map<string, ProjectRoleCredentialsProvider>()
     private connectionCredentialProvidersCache = new Map<string, ConnectionCredentialsProvider>()
+    private cachedDomainAccountId: string | undefined
 
     public constructor(
         public readonly auth = Auth.instance,
@@ -75,6 +77,8 @@ export class SmusAuthenticationProvider {
             this.projectCredentialProvidersCache.clear()
             // Clear connection provider cache when connection changes
             this.connectionCredentialProvidersCache.clear()
+            // Clear cached domain account ID when connection changes
+            this.cachedDomainAccountId = undefined
             // Clear all clients in client store when connection changes
             ConnectionClientStore.getInstance().clearAll()
             await setSmusConnectedContext(this.isConnected())
@@ -423,6 +427,99 @@ export class SmusAuthenticationProvider {
         return this.activeConnection.domainUrl
     }
 
+    /**
+     * Gets the AWS account ID for the active domain connection
+     * In SMUS space environment, extracts from ResourceArn in metadata
+     * Otherwise, makes an STS GetCallerIdentity call using DER credentials and caches the result
+     * @returns Promise resolving to the domain's AWS account ID
+     * @throws ToolkitError if unable to retrieve account ID
+     */
+    public async getDomainAccountId(): Promise<string> {
+        const logger = getLogger()
+
+        // Return cached value if available
+        if (this.cachedDomainAccountId) {
+            logger.debug('SMUS: Using cached domain account ID')
+            return this.cachedDomainAccountId
+        }
+
+        // If in SMUS space environment, extract account ID from resource-metadata file
+        if (getContext('aws.smus.inSmusSpaceEnvironment')) {
+            try {
+                logger.debug('SMUS: Extracting domain account ID from ResourceArn in resource-metadata file')
+
+                const resourceMetadata = getResourceMetadata()!
+                const resourceArn = resourceMetadata.ResourceArn
+
+                if (!resourceArn) {
+                    throw new ToolkitError('ResourceArn not found in metadata file', {
+                        code: SmusErrorCodes.AccountIdNotFound,
+                    })
+                }
+
+                // Extract account ID from ResourceArn using SmusUtils
+                const accountId = extractAccountIdFromArn(resourceArn)
+
+                // Cache the account ID
+                this.cachedDomainAccountId = accountId
+
+                logger.debug(
+                    `Successfully extracted and cached domain account ID from resource-metadata file: ${accountId}`
+                )
+
+                return accountId
+            } catch (err) {
+                logger.error(`Failed to extract domain account ID from ResourceArn: %s`, err)
+
+                throw new ToolkitError('Failed to extract AWS account ID from ResourceArn in SMUS space environment', {
+                    code: SmusErrorCodes.GetDomainAccountIdFailed,
+                    cause: err instanceof Error ? err : undefined,
+                })
+            }
+        }
+
+        if (!this.activeConnection) {
+            throw new ToolkitError('No active SMUS connection available', { code: SmusErrorCodes.NoActiveConnection })
+        }
+
+        // Use existing STS GetCallerIdentity implementation for non-SMUS space environments
+        try {
+            logger.debug('Fetching domain account ID via STS GetCallerIdentity')
+
+            // Get DER credentials provider
+            const derCredProvider = await this.getDerCredentialsProvider()
+
+            // Get the region for STS client
+            const region = this.getDomainRegion()
+
+            // Create STS client with DER credentials
+            const stsClient = new DefaultStsClient(region, await derCredProvider.getCredentials())
+
+            // Make GetCallerIdentity call
+            const callerIdentity = await stsClient.getCallerIdentity()
+
+            if (!callerIdentity.Account) {
+                throw new ToolkitError('Account ID not found in STS GetCallerIdentity response', {
+                    code: SmusErrorCodes.AccountIdNotFound,
+                })
+            }
+
+            // Cache the account ID
+            this.cachedDomainAccountId = callerIdentity.Account
+
+            logger.debug(`Successfully retrieved and cached domain account ID: ${callerIdentity.Account}`)
+
+            return callerIdentity.Account
+        } catch (err) {
+            logger.error(`Failed to retrieve domain account ID: %s`, err)
+
+            throw new ToolkitError('Failed to retrieve AWS account ID for active domain connection', {
+                code: SmusErrorCodes.GetDomainAccountIdFailed,
+                cause: err instanceof Error ? err : undefined,
+            })
+        }
+    }
+
     public getDomainRegion(): string {
         if (getContext('aws.smus.inSmusSpaceEnvironment')) {
             const resourceMetadata = getResourceMetadata()!
@@ -516,6 +613,10 @@ export class SmusAuthenticationProvider {
                 logger.warn(`SMUS: Failed to invalidate connection credentials for cache key ${cacheKey}: %s`, err)
             }
         }
+
+        // Clear cached domain account ID
+        this.cachedDomainAccountId = undefined
+        logger.debug('SMUS: Cleared cached domain account ID')
     }
 
     /**
@@ -560,6 +661,10 @@ export class SmusAuthenticationProvider {
             }
         }
         this.credentialsProviderCache.clear()
+
+        // Clear cached domain account ID
+        this.cachedDomainAccountId = undefined
+
         this.logger.debug('SMUS Auth: Successfully disposed authentication provider')
     }
 

packages/core/src/sagemakerunifiedstudio/explorer/activation.ts

@@ -20,8 +20,8 @@ import { getLogger } from '../../shared/logger/logger'
 import { setSmusConnectedContext, SmusAuthenticationProvider } from '../auth/providers/smusAuthenticationProvider'
 import { setupUserActivityMonitoring } from '../../awsService/sagemaker/sagemakerSpace'
 import { telemetry } from '../../shared/telemetry/telemetry'
-import { SageMakerUnifiedStudioSpacesParentNode } from './nodes/sageMakerUnifiedStudioSpacesParentNode'
 import { isSageMaker } from '../../shared/extensionUtilities'
+import { recordSpaceTelemetry } from '../shared/telemetry'
 
 export async function activate(extensionContext: vscode.ExtensionContext): Promise<void> {
     // Initialize the SMUS authentication provider
@@ -75,16 +75,7 @@ export async function activate(extensionContext: vscode.ExtensionContext): Promi
                 return
             }
             await telemetry.smus_stopSpace.run(async (span) => {
-                span.record({
-                    smusSpaceKey: node.resource.DomainSpaceKey,
-                    smusDomainRegion: node.resource.regionCode,
-                    smusDomainId: (
-                        node.resource.getParent() as SageMakerUnifiedStudioSpacesParentNode
-                    )?.getAuthProvider()?.activeConnection?.domainId,
-                    smusProjectId: (
-                        node.resource.getParent() as SageMakerUnifiedStudioSpacesParentNode
-                    )?.getProjectId(),
-                })
+                await recordSpaceTelemetry(span, node)
                 await stopSpace(node.resource, extensionContext, node.resource.sageMakerClient)
             })
         }),
@@ -95,17 +86,8 @@ export async function activate(extensionContext: vscode.ExtensionContext): Promi
                 if (!validateNode(node)) {
                     return
                 }
-                await telemetry.smus_startSpace.run(async (span) => {
-                    span.record({
-                        smusSpaceKey: node.resource.DomainSpaceKey,
-                        smusDomainRegion: node.resource.regionCode,
-                        smusDomainId: (
-                            node.resource.getParent() as SageMakerUnifiedStudioSpacesParentNode
-                        )?.getAuthProvider()?.activeConnection?.domainId,
-                        smusProjectId: (
-                            node.resource.getParent() as SageMakerUnifiedStudioSpacesParentNode
-                        )?.getProjectId(),
-                    })
+                await telemetry.smus_openRemoteConnection.run(async (span) => {
+                    await recordSpaceTelemetry(span, node)
                     await openRemoteConnect(node.resource, extensionContext, node.resource.sageMakerClient)
                 })
             }

packages/core/src/sagemakerunifiedstudio/explorer/nodes/lakehouseStrategy.ts

@@ -34,7 +34,7 @@ import { createPlaceholderItem } from '../../../shared/treeview/utils'
 import { Column, Database, Table } from '@aws-sdk/client-glue'
 import { ConnectionCredentialsProvider } from '../../auth/providers/connectionCredentialsProvider'
 import { telemetry } from '../../../shared/telemetry/telemetry'
-import { getContext } from '../../../shared/vscode/setContext'
+import { recordDataConnectionTelemetry } from '../../shared/telemetry'
 
 /**
  * Lakehouse data node for SageMaker Unified Studio
@@ -152,16 +152,7 @@ export function createLakehouseConnectionNode(
         },
         async (node) => {
             return telemetry.smus_renderLakehouseNode.run(async (span) => {
-                const isInSmusSpace = getContext('aws.smus.inSmusSpaceEnvironment')
-
-                span.record({
-                    smusToolkitEnv: isInSmusSpace ? 'smus_space' : 'local',
-                    smusDomainId: connection.domainId,
-                    smusProjectId: connection.projectId,
-                    smusConnectionId: connection.connectionId,
-                    smusConnectionType: connection.type,
-                    smusProjectRegion: connection.location?.awsRegion,
-                })
+                await recordDataConnectionTelemetry(span, connection, connectionCredentialsProvider)
                 try {
                     logger.info(`Loading Lakehouse catalogs for connection ${connection.name}`)
 

packages/core/src/sagemakerunifiedstudio/explorer/nodes/redshiftStrategy.ts

@@ -131,10 +131,11 @@ export function createRedshiftConnectionNode(
         async (node) => {
             return telemetry.smus_renderRedshiftNode.run(async (span) => {
                 const isInSmusSpace = getContext('aws.smus.inSmusSpaceEnvironment')
-
+                const accountId = await connectionCredentialsProvider.getDomainAccountId()
                 span.record({
                     smusToolkitEnv: isInSmusSpace ? 'smus_space' : 'local',
                     smusDomainId: connection.domainId,
+                    smusDomainAccountId: accountId,
                     smusProjectId: connection.projectId,
                     smusConnectionId: connection.connectionId,
                     smusConnectionType: connection.type,

packages/core/src/sagemakerunifiedstudio/explorer/nodes/s3Strategy.ts

@@ -20,7 +20,7 @@ import {
 import { S3, ListObjectsV2Command } from '@aws-sdk/client-s3'
 import { ConnectionCredentialsProvider } from '../../auth/providers/connectionCredentialsProvider'
 import { telemetry } from '../../../shared/telemetry/telemetry'
-import { getContext } from '../../../shared/vscode/setContext'
+import { recordDataConnectionTelemetry } from '../../shared/telemetry'
 
 // Regex to match default S3 connection names
 // eslint-disable-next-line @typescript-eslint/naming-convention
@@ -144,16 +144,7 @@ export function createS3ConnectionNode(
         },
         async (node) => {
             return telemetry.smus_renderS3Node.run(async (span) => {
-                const isInSmusSpace = getContext('aws.smus.inSmusSpaceEnvironment')
-
-                span.record({
-                    smusToolkitEnv: isInSmusSpace ? 'smus_space' : 'local',
-                    smusDomainId: connection.domainId,
-                    smusProjectId: connection.projectId,
-                    smusConnectionId: connection.connectionId,
-                    smusConnectionType: connection.type,
-                    smusProjectRegion: connection.location?.awsRegion,
-                })
+                await recordDataConnectionTelemetry(span, connection, connectionCredentialsProvider)
                 try {
                     if (isDefaultConnection && s3Info.prefix) {
                         // For default connections, show the full path as the first node

packages/core/src/sagemakerunifiedstudio/explorer/nodes/sageMakerUnifiedStudioProjectNode.ts

@@ -82,10 +82,11 @@ export class SageMakerUnifiedStudioProjectNode implements TreeNode {
         return telemetry.smus_renderProjectChildrenNode.run(async (span) => {
             try {
                 const isInSmusSpace = getContext('aws.smus.inSmusSpaceEnvironment')
-
+                const accountId = await this.authProvider.getDomainAccountId()
                 span.record({
                     smusToolkitEnv: isInSmusSpace ? 'smus_space' : 'local',
                     smusDomainId: this.project?.domainId,
+                    smusDomainAccountId: accountId,
                     smusProjectId: this.project?.id,
                     smusDomainRegion: this.authProvider.getDomainRegion(),
                 })

packages/core/src/sagemakerunifiedstudio/explorer/nodes/sageMakerUnifiedStudioRootNode.ts

@@ -13,10 +13,10 @@ import { telemetry } from '../../../shared/telemetry/telemetry'
 import { createQuickPick } from '../../../shared/ui/pickerPrompter'
 import { SageMakerUnifiedStudioProjectNode } from './sageMakerUnifiedStudioProjectNode'
 import { SageMakerUnifiedStudioAuthInfoNode } from './sageMakerUnifiedStudioAuthInfoNode'
-import { SmusUtils } from '../../shared/smusUtils'
+import { SmusErrorCodes, SmusUtils } from '../../shared/smusUtils'
 import { SmusAuthenticationProvider } from '../../auth/providers/smusAuthenticationProvider'
 import { ToolkitError } from '../../../../src/shared/errors'
-import { errorCode } from '../../shared/errors'
+import { recordAuthTelemetry } from '../../shared/telemetry'
 
 const contextValueSmusRoot = 'sageMakerUnifiedStudioRoot'
 const contextValueSmusLogin = 'sageMakerUnifiedStudioLogin'
@@ -237,7 +237,10 @@ export const smusLoginCommand = Commands.declare('aws.smus.login', () => async (
             if (!domainUrl) {
                 // User cancelled
                 logger.debug('User cancelled domain URL input')
-                return
+                throw new ToolkitError('User cancelled domain URL input', {
+                    cancelled: true,
+                    code: SmusErrorCodes.UserCancelled,
+                })
             }
 
             // Show a simple status bar message instead of progress dialog
@@ -252,19 +255,16 @@ export const smusLoginCommand = Commands.declare('aws.smus.login', () => async (
 
                 if (!connection) {
                     throw new ToolkitError('Failed to establish connection', {
-                        code: errorCode.failedAuthConnecton,
+                        code: SmusErrorCodes.FailedAuthConnecton,
                     })
                 }
 
-                // Extract domain ID and region for logging
+                // Extract domain account ID, domain ID, and region for logging
                 const domainId = connection.domainId
                 const region = connection.ssoRegion
 
                 logger.info(`Connected to SageMaker Unified Studio domain: ${domainId} in region ${region}`)
-                span.record({
-                    smusDomainId: domainId,
-                    awsRegion: region,
-                })
+                await recordAuthTelemetry(span, authProvider, domainId, region)
 
                 // Show success message
                 void vscode.window.showInformationMessage(
@@ -292,9 +292,12 @@ export const smusLoginCommand = Commands.declare('aws.smus.login', () => async (
                 })
             }
         } catch (err) {
-            void vscode.window.showErrorMessage(
-                `SageMaker Unified Studio: Failed to initiate login: ${(err as Error).message}`
-            )
+            const isUserCancelled = err instanceof ToolkitError && err.code === SmusErrorCodes.UserCancelled
+            if (!isUserCancelled) {
+                void vscode.window.showErrorMessage(
+                    `SageMaker Unified Studio: Failed to initiate login: ${(err as Error).message}`
+                )
+            }
             logger.error('Failed to initiate login: %s', (err as Error).message)
             throw new ToolkitError('Failed to initiate login.', {
                 cause: err as Error,
@@ -329,11 +332,7 @@ export const smusSignOutCommand = Commands.declare('aws.smus.signOut', () => asy
 
             // Show status message
             vscode.window.setStatusBarMessage('Signing out from SageMaker Unified Studio...', 5000)
-
-            span.record({
-                smusDomainId: domainId,
-                awsRegion: region,
-            })
+            await recordAuthTelemetry(span, authProvider, domainId, region)
 
             // Delete the connection (this will also invalidate tokens and clear cache)
             if (activeConnection) {
@@ -425,10 +424,12 @@ export async function selectSMUSProject(projectNode?: SageMakerUnifiedStudioProj
             }
 
             const selectedProject = await showQuickPick(items)
+            const accountId = await authProvider.getDomainAccountId()
             span.record({
                 smusDomainId: authProvider.getDomainId(),
                 smusProjectId: (selectedProject as DataZoneProject).id as string | undefined,
                 smusDomainRegion: authProvider.getDomainRegion(),
+                smusDomainAccountId: accountId,
             })
             if (
                 selectedProject &&