authWebview: Identity Center sign in for Explorer (#3597)

* identityCenter: remove delayed rendering mechanism

Previously this component had a mechanism to
not show its inner content until it was all done
loading.

But from a recent change this is not needed anymore
since it is done in the parent component instead.

Solution:

Remove the old mechanism

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: Update some backend methods

The existing identity center methods were
codewhisperer centric.

This commit updates and adds method for general
uses of identity center as well.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: Add identity center form state

This adds the class which manages the state of
identity center in the context of the Explorer.

In the context of the Explorer, Identity Center
form behaviour is slightly different which is reflected
in some of the implementations of the class.

In short, IC in Explorer is not required to be
actively connected. Instead it is just used to
get the Credentials profile information. So we
do not care about the active IC connection in this
scenario

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: Fix 'waiting for user' stage not being shown

The waiting for user stage is shown once the user starts
sso signup process. It wasn't activated in the actual UI,
this fixes that

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: Show different form title for Explorer

With Identity Center in the context of the Explorer
we do not care about the actual 'active' status
of an Identity Center connection.

Due to this we don't want to show anything regarding
a 'successful' connection in the form title.

Solution:

Have a conditional title that simply shows the name
if we set a certain Vue Prop and ignores the connected
stuff.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: partial explorer form setup

I still need to add the extra form that will aggregate
the IC and Credentials status in to one.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: somewhat finished explorer window

Still reloads the whole webview upon submission when
I have an existing successful connection. Due to this
if there is an error I see it briefly before the whole
page is reloaded.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: option for credentials to always show form

In the context of the resource explorer auth sign in
we want to allow users to add additional IAM credentials
even if they already have an existing one.

Solution:

In the Credentials form add a mechanism to specify that
we do not care about checking if credentials is currently
connected. This will allow users to continuously add
new credentials to whoever sets the prop checkIfConnected
when creating the component.

Additional:

Fixed identity center not updating since it used the
same mechanism but didn't emit the proper isConnected
status in the background. We still want to emit the
true isConnected status, but in the case of checkIfConnected
being false we don't want to show the user that state.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: show correct connection name once connected

The ExplorerAggregateForm that represents the status
of all connections relevant to the Explorer will now
show the name of the specific underyling connection
that enables it to be connected.

Signed-off-by: Nikolas Komonen <[email protected]>

* identityCenter: Force loading of SSO profiles

When we add the new Identity Center/SSO connection
we will now trigger loading of connected Credentials
profiles in to the profile store.

We are doing this so that users of this information
are updated with the new profiles.

Signed-off-by: Nikolas Komonen <[email protected]>

---------

Signed-off-by: Nikolas Komonen <[email protected]>

Author: nkomonen-amazon

src/auth/ui/vue/authForms/manageCredentials.vue

@@ -3,8 +3,8 @@
         <div>
             <FormTitle :isConnected="isConnected">IAM Credentials</FormTitle>
 
-            <div class="form-section">
-                <button v-if="isConnected" v-on:click="showResourceExplorer">Open Resource Explorer</button>
+            <div class="form-section" v-if="isConnected">
+                <button v-on:click="showResourceExplorer">Open Resource Explorer</button>
             </div>
 
             <div v-if="isConnected" class="form-section" v-on:click="toggleShowForm()" id="collapsible">
@@ -76,6 +76,13 @@ export default defineComponent({
             type: Object as PropType<CredentialsState>,
             required: true,
         },
+        checkIfConnected: {
+            type: Boolean,
+            default: true,
+            // In some scenarios we want to show the form and allow setup,
+            // but not care about any current identity center auth connections
+            // and if they are connected or not.
+        },
     },
     data() {
         return {
@@ -104,7 +111,7 @@ export default defineComponent({
         await this.updateDataError('profileName')
         await this.updateDataError('aws_access_key_id')
         await this.updateDataError('aws_secret_access_key')
-        this.isFormShown = !(await this.state.isAuthConnected())
+        this.isFormShown = this.checkIfConnected ? !(await this.state.isAuthConnected()) : true
         await this.updateSubmittableStatus()
 
         this.updateConnectedStatus('created')
@@ -138,8 +145,8 @@ export default defineComponent({
         },
         async updateConnectedStatus(cause?: ConnectionUpdateCause) {
             return this.state.isAuthConnected().then(isConnected => {
-                this.isConnected = isConnected
-                this.emitAuthConnectionUpdated({ id: 'credentials', isConnected: this.isConnected, cause })
+                this.isConnected = this.checkIfConnected ? isConnected : false
+                this.emitAuthConnectionUpdated({ id: 'credentials', isConnected, cause })
             })
         },
         async submitData() {

src/auth/ui/vue/authForms/manageExplorer.vue

@@ -0,0 +1,92 @@
+<template>
+    <div class="auth-form container-background border-common" id="identity-center-form">
+        <div>
+            <FormTitle :isConnected="isConnected">{{ connectionName }}</FormTitle>
+            <div v-if="!isConnected">Successor to AWS Single Sign-on</div>
+        </div>
+
+        <div v-if="isConnected" class="form-section">
+            <button v-on:click="showExplorer()">Open Resource Explorer</button>
+        </div>
+    </div>
+</template>
+<script lang="ts">
+import { PropType, defineComponent } from 'vue'
+import BaseAuthForm from './baseAuth.vue'
+import FormTitle from './formTitle.vue'
+import { WebviewClientFactory } from '../../../../webviews/client'
+import { AuthWebview } from '../show'
+import { ExplorerIdentityCenterState } from './manageIdentityCenter.vue'
+import { CredentialsState } from './manageCredentials.vue'
+import { AuthFormId } from './types'
+
+const client = WebviewClientFactory.create<AuthWebview>()
+
+export type IdentityCenterStage = 'START' | 'WAITING_ON_USER' | 'CONNECTED'
+
+/**
+ * This component is used to represent all of the multiple auth
+ * mechanisms in one place. It aggregates the possible auth mechanisms
+ * and if one of them are connected this will show that the explorer
+ * is successfully connected.
+ */
+export default defineComponent({
+    name: 'ExplorerAggregateForm',
+    extends: BaseAuthForm,
+    components: { FormTitle },
+    props: {
+        identityCenterState: {
+            type: Object as PropType<ExplorerIdentityCenterState>,
+            required: true,
+        },
+        credentialsState: {
+            type: Object as PropType<CredentialsState>,
+            required: true,
+        },
+    },
+    data() {
+        return {
+            isConnected: false,
+            connectionName: '',
+        }
+    },
+
+    async created() {
+        this.isConnected =
+            (await this.credentialsState.isAuthConnected()) || (await this.identityCenterState.isAuthConnected())
+        await this.updateConnectionName()
+        this.emitAuthConnectionUpdated({ id: 'aggregateExplorer', isConnected: this.isConnected, cause: 'created' })
+    },
+    methods: {
+        showExplorer() {
+            client.showResourceExplorer()
+        },
+        async updateConnectionName() {
+            const currentConnection = await this.getCurrentConnection()
+            if (currentConnection === undefined) {
+                this.connectionName = ''
+            } else {
+                this.connectionName = currentConnection === 'credentials' ? 'IAM Credentials' : 'IAM Identity Center'
+            }
+        },
+        /**
+         * Gets the current working connection that the explorer can use.
+         */
+        async getCurrentConnection(): Promise<AuthFormId | undefined> {
+            if (!this.isConnected) {
+                return undefined
+            }
+            return (await this.credentialsState.isAuthConnected()) ? 'credentials' : 'identityCenterExplorer'
+        },
+    },
+})
+</script>
+<style>
+@import './sharedAuthForms.css';
+@import '../shared.css';
+
+#identity-center-form {
+    width: 280px;
+    height: fit-content;
+}
+</style>

src/auth/ui/vue/authForms/manageIdentityCenter.vue

@@ -1,51 +1,56 @@
 <template>
     <div class="auth-form container-background border-common" id="identity-center-form">
-        <div v-show="canShowAll">
+        <div v-if="checkIfConnected">
             <FormTitle :isConnected="isConnected">IAM Identity Center</FormTitle>
             <div v-if="!isConnected">Successor to AWS Single Sign-on</div>
+        </div>
+        <div v-else>
+            <!-- In this scenario we do not care about the active IC connection -->
+            <FormTitle :isConnected="false">IAM Identity Center</FormTitle>
+            <div>Successor to AWS Single Sign-on</div>
+        </div>
+
+        <div v-if="stage === 'START'">
+            <div class="form-section">
+                <a href="https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/sso-credentials.html"
+                    >Learn more about IAM Identity Center.</a
+                >
+            </div>
+
+            <div class="form-section">
+                <label class="input-title">Start URL</label>
+                <label class="small-description">The Start URL</label>
+                <input v-model="data.startUrl" type="text" :data-invalid="!!errors.startUrl" />
+                <div class="small-description error-text">{{ errors.startUrl }}</div>
+            </div>
+
+            <div class="form-section">
+                <label class="input-title">Region</label>
+                <label class="small-description">The Region</label>
 
-            <div v-if="stage === 'START'">
-                <div class="form-section">
-                    <a href="https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/sso-credentials.html"
-                        >Learn more about IAM Identity Center.</a
-                    >
-                </div>
-
-                <div class="form-section">
-                    <label class="input-title">Start URL</label>
-                    <label class="small-description">The Start URL</label>
-                    <input v-model="data.startUrl" type="text" :data-invalid="!!errors.startUrl" />
-                    <div class="small-description error-text">{{ errors.startUrl }}</div>
-                </div>
-
-                <div class="form-section">
-                    <label class="input-title">Region</label>
-                    <label class="small-description">The Region</label>
-
-                    <select v-on:click="getRegion()">
-                        <option v-if="!!data.region" :selected="true">{{ data.region }}</option>
-                    </select>
-                </div>
-
-                <div class="form-section">
-                    <button v-on:click="signin()" :disabled="!canSubmit">Sign up or Sign in</button>
-                </div>
+                <select v-on:click="getRegion()">
+                    <option v-if="!!data.region" :selected="true">{{ data.region }}</option>
+                </select>
             </div>
 
-            <div v-if="stage === 'WAITING_ON_USER'">
-                <div class="form-section">
-                    <div>Follow instructions...</div>
-                </div>
+            <div class="form-section">
+                <button v-on:click="signin()" :disabled="!canSubmit">Sign up or Sign in</button>
+            </div>
+        </div>
+
+        <div v-if="stage === 'WAITING_ON_USER'">
+            <div class="form-section">
+                <div>Follow instructions...</div>
             </div>
+        </div>
 
-            <div v-if="stage === 'CONNECTED'">
-                <div class="form-section">
-                    <div v-on:click="signout()" style="cursor: pointer; color: #75beff">Sign out</div>
-                </div>
+        <div v-if="stage === 'CONNECTED'">
+            <div class="form-section">
+                <div v-on:click="signout()" style="cursor: pointer; color: #75beff">Sign out</div>
+            </div>
 
-                <div class="form-section">
-                    <button v-on:click="showView()">Open {{ authName }} in Toolkit</button>
-                </div>
+            <div class="form-section">
+                <button v-on:click="showView()">Open {{ authName }} in Toolkit</button>
             </div>
         </div>
     </div>
@@ -73,6 +78,13 @@ export default defineComponent({
             type: Object as PropType<BaseIdentityCenterState>,
             required: true,
         },
+        checkIfConnected: {
+            type: Boolean,
+            default: true,
+            // In some scenarios we want to show the form and allow setup,
+            // but not care about any current identity center auth connections
+            // and if they are connected or not.
+        },
     },
     data() {
         return {
@@ -88,7 +100,6 @@ export default defineComponent({
 
             stage: 'START' as IdentityCenterStage,
 
-            canShowAll: false,
             authName: this.state.name,
         }
     },
@@ -99,11 +110,11 @@ export default defineComponent({
         this.data.region = this.state.getValue('region')
 
         await this.update('created')
-        this.canShowAll = true
     },
     computed: {},
     methods: {
         async signin(): Promise<void> {
+            this.stage = 'WAITING_ON_USER'
             await this.state.startIdentityCenterSetup()
             await this.update('signIn')
         },
@@ -113,8 +124,9 @@ export default defineComponent({
         },
         async update(cause?: ConnectionUpdateCause) {
             this.stage = await this.state.stage()
-            this.isConnected = await this.state.isAuthConnected()
-            this.emitAuthConnectionUpdated({ id: this.state.id, isConnected: this.isConnected, cause })
+            const actualIsConnected = await this.state.isAuthConnected()
+            this.isConnected = this.checkIfConnected ? actualIsConnected : false
+            this.emitAuthConnectionUpdated({ id: this.state.id, isConnected: actualIsConnected, cause })
         },
         async getRegion() {
             const region = await this.state.getRegion()
@@ -165,6 +177,7 @@ abstract class BaseIdentityCenterState implements AuthStatus {
     protected abstract _startIdentityCenterSetup(): Promise<void>
     abstract isAuthConnected(): Promise<boolean>
     abstract showView(): Promise<void>
+    abstract signout(): Promise<void>
 
     setValue(key: IdentityCenterKey, value: string) {
         this._data[key] = value
@@ -185,10 +198,6 @@ abstract class BaseIdentityCenterState implements AuthStatus {
         return this._stage
     }
 
-    async signout(): Promise<void> {
-        return client.signoutIdentityCenter()
-    }
-
     async getRegion(): Promise<Region> {
         return client.getIdentityCenterRegion()
     }
@@ -220,7 +229,7 @@ export class CodeWhispererIdentityCenterState extends BaseIdentityCenterState {
 
     protected override async _startIdentityCenterSetup(): Promise<void> {
         const data = await this.getSubmittableDataOrThrow()
-        return client.startIdentityCenterSetup(data.startUrl, data.region)
+        return client.startCWIdentityCenterSetup(data.startUrl, data.region)
     }
 
     override async isAuthConnected(): Promise<boolean> {
@@ -230,6 +239,51 @@ export class CodeWhispererIdentityCenterState extends BaseIdentityCenterState {
     override async showView(): Promise<void> {
         client.showCodeWhispererNode()
     }
+
+    override signout(): Promise<void> {
+        return client.signoutCWIdentityCenter()
+    }
+}
+
+/**
+ * In the context of the Explorer, an Identity Center connection
+ * is not required to be active. This is due to us only needing
+ * the connection to exist so we can grab Credentials from it.
+ *
+ * With this in mind, certain methods in this class don't follow
+ * the typical connection flow.
+ */
+export class ExplorerIdentityCenterState extends BaseIdentityCenterState {
+    override get id(): AuthFormId {
+        return 'identityCenterExplorer'
+    }
+
+    override get name(): string {
+        return 'Resource Explorer'
+    }
+
+    override async stage(): Promise<IdentityCenterStage> {
+        // We always want to allow the user to add a new connection
+        // for this context, so we always keep it as the start
+        return 'START'
+    }
+
+    protected override async _startIdentityCenterSetup(): Promise<void> {
+        const data = await this.getSubmittableDataOrThrow()
+        return client.createIdentityCenterConnection(data.startUrl, data.region)
+    }
+
+    override async isAuthConnected(): Promise<boolean> {
+        return client.isIdentityCenterExists()
+    }
+
+    override async showView(): Promise<void> {
+        client.showResourceExplorer()
+    }
+
+    override signout(): Promise<void> {
+        throw new Error('Explorer Identity Center should not use "signout functionality')
+    }
 }
 </script>
 <style>

src/auth/ui/vue/authForms/shared.vue

@@ -1,17 +1,17 @@
 <script lang="ts">
 import { CodeCatalystBuilderIdState, CodeWhispererBuilderIdState } from './manageBuilderId.vue'
 import { CredentialsState } from './manageCredentials.vue'
-import { CodeWhispererIdentityCenterState } from './manageIdentityCenter.vue'
-import { AuthFormId } from './types'
+import { CodeWhispererIdentityCenterState, ExplorerIdentityCenterState } from './manageIdentityCenter.vue'
 
 /**
  * The state instance of all auth forms
  */
-const authFormsState: Readonly<Record<AuthFormId, any>> = {
+const authFormsState = {
     credentials: new CredentialsState() as CredentialsState,
     builderIdCodeWhisperer: new CodeWhispererBuilderIdState(),
     builderIdCodeCatalyst: new CodeCatalystBuilderIdState(),
     identityCenterCodeWhisperer: new CodeWhispererIdentityCenterState(),
+    identityCenterExplorer: new ExplorerIdentityCenterState()
 } as const
 
 export interface AuthStatus {

src/auth/ui/vue/authForms/types.ts

@@ -8,10 +8,14 @@ export type AuthFormId =
     | 'builderIdCodeWhisperer'
     | 'builderIdCodeCatalyst'
     | 'identityCenterCodeWhisperer'
+    | 'identityCenterExplorer'
+    | 'aggregateExplorer'
 
 export const AuthFormDisplayName: Record<AuthFormId, string> = {
     credentials: 'IAM Credentials',
     builderIdCodeCatalyst: 'Builder ID',
     builderIdCodeWhisperer: 'Builder ID',
     identityCenterCodeWhisperer: 'IAM Identity Center',
+    identityCenterExplorer: 'IAM Identity Center',
+    aggregateExplorer: ''
 } as const