From 8f4540c2c5b313f2407ee2094d2bd06662161166 Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 09:52:13 -0700 Subject: [PATCH 1/6] validate customization on proifle change --- .../region/regionProfileManager.ts | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/packages/core/src/codewhisperer/region/regionProfileManager.ts b/packages/core/src/codewhisperer/region/regionProfileManager.ts index 71f6338d82a..dcbc71ec221 100644 --- a/packages/core/src/codewhisperer/region/regionProfileManager.ts +++ b/packages/core/src/codewhisperer/region/regionProfileManager.ts @@ -28,6 +28,11 @@ import { parse } from '@aws-sdk/util-arn-parser' import { isAwsError, ToolkitError } from '../../shared/errors' import { telemetry } from '../../shared/telemetry/telemetry' import { localize } from '../../shared/utilities/vsCodeUtils' +import { + getAvailableCustomizationsList, + getSelectedCustomization, + switchToBaseCustomizationAndNotify, +} from '../util/customizationUtil' // TODO: is there a better way to manage all endpoint strings in one place? export const defaultServiceConfig: CodeWhispererConfig = { @@ -219,6 +224,24 @@ export class RegionProfileManager { // persist to state await this.persistSelectRegionProfile() + + // validate user's still has access to the selected customization + const selectedCustomization = getSelectedCustomization() + // no need to validate base customization which has empty arn + if (selectedCustomization.arn.length > 0) { + getAvailableCustomizationsList() + .then((customizations) => { + const r = customizations.find((it) => it.arn === selectedCustomization.arn) + if (!r) { + void switchToBaseCustomizationAndNotify().then() + } + }) + .catch((e) => { + RegionProfileManager.logger.error( + `encounter error while validating selected customization on profile change: ${(e as Error).message}` + ) + }) + } } restoreProfileSelection = once(async () => { From 2189b27a1c18434d58bbcf90e5b563a77c44f40c Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 09:55:44 -0700 Subject: [PATCH 2/6] cl --- .../Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 packages/amazonq/.changes/next-release/Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json diff --git a/packages/amazonq/.changes/next-release/Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json b/packages/amazonq/.changes/next-release/Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json new file mode 100644 index 00000000000..214602ad834 --- /dev/null +++ b/packages/amazonq/.changes/next-release/Bug Fix-a6e9ce99-842b-4d64-b9b0-967383d7acb9.json @@ -0,0 +1,4 @@ +{ + "type": "Bug Fix", + "description": "Users might be bound to a customization which they dont have access with the selected profile and it causes service throwing 403 when using inline suggestion and chat features" +} From 916454befb97c86fed6921660585c2a3587c6ecd Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 15:21:33 -0700 Subject: [PATCH 3/6] circurlar dependency --- packages/core/src/codewhisperer/activation.ts | 28 +++++++++++++++++-- .../region/regionProfileManager.ts | 24 ---------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/packages/core/src/codewhisperer/activation.ts b/packages/core/src/codewhisperer/activation.ts index 70a7417f263..617db3b406b 100644 --- a/packages/core/src/codewhisperer/activation.ts +++ b/packages/core/src/codewhisperer/activation.ts @@ -72,7 +72,12 @@ import { AuthUtil } from './util/authUtil' import { ImportAdderProvider } from './service/importAdderProvider' import { TelemetryHelper } from './util/telemetryHelper' import { openUrl } from '../shared/utilities/vsCodeUtils' -import { notifyNewCustomizations } from './util/customizationUtil' +import { + getAvailableCustomizationsList, + getSelectedCustomization, + notifyNewCustomizations, + switchToBaseCustomizationAndNotify, +} from './util/customizationUtil' import { CodeWhispererCommandBackend, CodeWhispererCommandDeclarations } from './commands/gettingStartedPageCommands' import { SecurityIssueHoverProvider } from './service/securityIssueHoverProvider' import { SecurityIssueCodeActionProvider } from './service/securityIssueCodeActionProvider' @@ -337,7 +342,26 @@ export async function activate(context: ExtContext): Promise { [...CodeWhispererConstants.securityScanLanguageIds], SecurityIssueCodeActionProvider.instance ), - vscode.commands.registerCommand('aws.amazonq.openEditorAtRange', openEditorAtRange) + vscode.commands.registerCommand('aws.amazonq.openEditorAtRange', openEditorAtRange), + auth.regionProfileManager.onDidChangeRegionProfile(() => { + // validate user's still has access to the selected customization + const selectedCustomization = getSelectedCustomization() + // no need to validate base customization which has empty arn + if (selectedCustomization.arn.length > 0) { + getAvailableCustomizationsList() + .then((customizations) => { + const r = customizations.find((it) => it.arn === selectedCustomization.arn) + if (!r) { + void switchToBaseCustomizationAndNotify().then() + } + }) + .catch((e) => { + getLogger().error( + `encounter error while validating selected customization on profile change: ${(e as Error).message}` + ) + }) + } + }) ) // run the auth startup code with context for telemetry diff --git a/packages/core/src/codewhisperer/region/regionProfileManager.ts b/packages/core/src/codewhisperer/region/regionProfileManager.ts index dcbc71ec221..effb5e3a84b 100644 --- a/packages/core/src/codewhisperer/region/regionProfileManager.ts +++ b/packages/core/src/codewhisperer/region/regionProfileManager.ts @@ -28,11 +28,6 @@ import { parse } from '@aws-sdk/util-arn-parser' import { isAwsError, ToolkitError } from '../../shared/errors' import { telemetry } from '../../shared/telemetry/telemetry' import { localize } from '../../shared/utilities/vsCodeUtils' -import { - getAvailableCustomizationsList, - getSelectedCustomization, - switchToBaseCustomizationAndNotify, -} from '../util/customizationUtil' // TODO: is there a better way to manage all endpoint strings in one place? export const defaultServiceConfig: CodeWhispererConfig = { @@ -41,7 +36,6 @@ export const defaultServiceConfig: CodeWhispererConfig = { } // Hack until we have a single discovery endpoint. We will call each endpoint one by one to fetch profile before then. -// TODO: update correct endpoint and region const endpoints = createConstantMap({ 'us-east-1': 'https://q.us-east-1.amazonaws.com/', 'eu-central-1': 'https://q.eu-central-1.amazonaws.com/', @@ -224,24 +218,6 @@ export class RegionProfileManager { // persist to state await this.persistSelectRegionProfile() - - // validate user's still has access to the selected customization - const selectedCustomization = getSelectedCustomization() - // no need to validate base customization which has empty arn - if (selectedCustomization.arn.length > 0) { - getAvailableCustomizationsList() - .then((customizations) => { - const r = customizations.find((it) => it.arn === selectedCustomization.arn) - if (!r) { - void switchToBaseCustomizationAndNotify().then() - } - }) - .catch((e) => { - RegionProfileManager.logger.error( - `encounter error while validating selected customization on profile change: ${(e as Error).message}` - ) - }) - } } restoreProfileSelection = once(async () => { From 35a5045629de765037c3751c2c386f885764fb54 Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 16:00:11 -0700 Subject: [PATCH 4/6] addr comment 1 --- packages/core/src/codewhisperer/activation.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/core/src/codewhisperer/activation.ts b/packages/core/src/codewhisperer/activation.ts index 617db3b406b..25955ee766b 100644 --- a/packages/core/src/codewhisperer/activation.ts +++ b/packages/core/src/codewhisperer/activation.ts @@ -349,10 +349,10 @@ export async function activate(context: ExtContext): Promise { // no need to validate base customization which has empty arn if (selectedCustomization.arn.length > 0) { getAvailableCustomizationsList() - .then((customizations) => { + .then(async (customizations) => { const r = customizations.find((it) => it.arn === selectedCustomization.arn) if (!r) { - void switchToBaseCustomizationAndNotify().then() + await switchToBaseCustomizationAndNotify() } }) .catch((e) => { From 17324f971ab3014003e032663d462f354910317b Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 16:02:48 -0700 Subject: [PATCH 5/6] addr comment 2 --- packages/core/src/codewhisperer/activation.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/core/src/codewhisperer/activation.ts b/packages/core/src/codewhisperer/activation.ts index 25955ee766b..1a80bbeda2e 100644 --- a/packages/core/src/codewhisperer/activation.ts +++ b/packages/core/src/codewhisperer/activation.ts @@ -344,9 +344,9 @@ export async function activate(context: ExtContext): Promise { ), vscode.commands.registerCommand('aws.amazonq.openEditorAtRange', openEditorAtRange), auth.regionProfileManager.onDidChangeRegionProfile(() => { - // validate user's still has access to the selected customization + // Validate user still has access to the selected customization. const selectedCustomization = getSelectedCustomization() - // no need to validate base customization which has empty arn + // No need to validate base customization which has empty arn if (selectedCustomization.arn.length > 0) { getAvailableCustomizationsList() .then(async (customizations) => { @@ -357,7 +357,8 @@ export async function activate(context: ExtContext): Promise { }) .catch((e) => { getLogger().error( - `encounter error while validating selected customization on profile change: ${(e as Error).message}` + `encounter error while validating selected customization on profile change: %s`, + (e as Error).message ) }) } From 62afc561a3aec43ff33636566cd0261448c78115 Mon Sep 17 00:00:00 2001 From: Will Lo Date: Tue, 15 Apr 2025 16:04:56 -0700 Subject: [PATCH 6/6] s --- packages/core/src/codewhisperer/activation.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/codewhisperer/activation.ts b/packages/core/src/codewhisperer/activation.ts index 1a80bbeda2e..efebb01e179 100644 --- a/packages/core/src/codewhisperer/activation.ts +++ b/packages/core/src/codewhisperer/activation.ts @@ -346,7 +346,7 @@ export async function activate(context: ExtContext): Promise { auth.regionProfileManager.onDidChangeRegionProfile(() => { // Validate user still has access to the selected customization. const selectedCustomization = getSelectedCustomization() - // No need to validate base customization which has empty arn + // No need to validate base customization which has empty arn. if (selectedCustomization.arn.length > 0) { getAvailableCustomizationsList() .then(async (customizations) => {