Skip to content

feat(amazonq): Migrate existing SSO connections to the LSP identity server #7298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 14, 2025
Merged

feat(amazonq): Migrate existing SSO connections to the LSP identity server #7298

merged 8 commits into from
May 14, 2025

Conversation

@opieter-aws
Copy link
Contributor

@opieter-aws opieter-aws commented May 13, 2025
edited
Loading

Problem

Existing SSO connections on old auth, are not migrated automatically to the LSP Identity Server. This means that users would be signed out upon migration.

Solution

Add a migration functionality that checks for existing SSO connections, and migrate if necessary:

  • Check inside the client.ts, before we attempt to restore any connections in the new auth
  • Add migrateSsoConnectionToLsp method to AuthUtil, which:
    • Fetches environment memento, and looks for the auth.profiles key
    • Checks if there is an sso profile with amazonQScopes. If yes: migrate, if not: nothing to migrate
    • [migration]: Update the SSO profile with Flare
    • [migration]: Construct the existing (from) filenames and the Flare (to) filenames for the registration cache file and the SSO token cache file
    • [migration]: rename the files
    • [migration]: set the auth.profiles key to undefined, so migration is skipped next time

Testing

  • Covered with unit tests that confirms the actual file system operations
  • Manual E2E testing, verifying that there is no sign-out happening with this setup
  • We will verify the mechanism through bug bashing
  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.
  • License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions
Copy link

github-actions bot commented May 13, 2025

  • This pull request modifies code in src/* but no tests were added/updated.
    • Confirm whether tests should be added or ensure the PR description explains why tests are not required.
  • This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
    • Note: beta or "experiment" features that have active users should announce fixes in the changelog.
    • If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

@opieter-aws opieter-aws changed the title feat(amazonq): Migrate existing SSO connections to the LSP identity s… feat(amazonq): Migrate existing SSO connections to the LSP identity server May 13, 2025
@opieter-aws opieter-aws marked this pull request as ready for review May 13, 2025 21:41
@opieter-aws opieter-aws requested review from a team as code owners May 13, 2025 21:41
nkomonen-amazon
nkomonen-amazon reviewed May 13, 2025
View reviewed changes
nkomonen-amazon
nkomonen-amazon reviewed May 13, 2025
View reviewed changes
packages/core/src/codewhisperer/util/authUtil.ts Outdated
let profileId: string | undefined

getLogger().info(`codewhisperer: checking for old SSO connections`)
if (profiles) {
Copy link
Contributor

@nkomonen-amazon nkomonen-amazon May 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we return early if !profiles to reduce indentation depth

nkomonen-amazon
nkomonen-amazon reviewed May 13, 2025
View reviewed changes
@opieter-aws opieter-aws mentioned this pull request May 14, 2025
Open
@opieter-aws opieter-aws merged commit 8f0d76a into aws:feature/amazonqLSP-auth May 14, 2025
15 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nkomonen-amazon nkomonen-amazon nkomonen-amazon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@opieter-aws @nkomonen-amazon