Adding request headers to uploadArtifactToS3 in CodeScan (aws#4336)

Author: laileni-aws

plugins/amazonq/chat/jetbrains-community/tst/software/aws/toolkits/jetbrains/services/amazonqFeatureDev/session/CodeGenerationStateTest.kt

@@ -20,6 +20,7 @@ import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
 import org.mockito.kotlin.mock
+import software.aws.toolkits.jetbrains.services.amazonq.FeatureDevSessionContext
 import software.aws.toolkits.jetbrains.services.amazonq.messages.MessagePublisher
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.FeatureDevException
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.FeatureDevTestBase

plugins/amazonq/chat/jetbrains-community/tst/software/aws/toolkits/jetbrains/services/amazonqFeatureDev/session/PrepareCodeGenerationStateTest.kt

@@ -21,11 +21,12 @@ import org.mockito.kotlin.mock
 import org.mockito.kotlin.times
 import org.mockito.kotlin.verify
 import org.mockito.kotlin.whenever
+import software.aws.toolkits.jetbrains.services.amazonq.FeatureDevSessionContext
+import software.aws.toolkits.jetbrains.services.amazonq.ZipCreationResult
 import software.aws.toolkits.jetbrains.services.amazonq.messages.MessagePublisher
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.FeatureDevTestBase
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.clients.FeatureDevClient
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.messages.sendAnswerPart
-import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.model.ZipCreationResult
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.util.deleteUploadArtifact
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.util.exportTaskAssistArchiveResult
 import software.aws.toolkits.jetbrains.services.amazonqFeatureDev.util.getTaskAssistCodeGeneration

plugins/core/sdk-codegen/codegen-resources/codewhispererruntime/service-2.json

@@ -672,7 +672,10 @@
             "members":{
                 "uploadId":{"shape":"UploadId"},
                 "uploadUrl":{"shape":"PreSignedUrl"},
-                "kmsKeyArn":{"shape":"ResourceArn"}
+                "kmsKeyArn":{"shape":"ResourceArn"},
+                "requestHeaders": {
+                    "shape": "RequestHeaders"
+                }
             }
         },
         "CursorState":{
@@ -1248,6 +1251,27 @@
             "min":0,
             "pattern":"arn:([-.a-z0-9]{1,63}:){2}([-.a-z0-9]{0,63}:){2}([a-zA-Z0-9-_:/]){1,1023}"
         },
+        "RequestHeaderKey": {
+            "type": "string",
+            "max": 64,
+            "min": 1
+        },
+        "RequestHeaderValue": {
+            "type": "string",
+            "max": 256,
+            "min": 1
+        },
+        "RequestHeaders": {
+            "type": "map",
+            "key": {
+                "shape": "RequestHeaderKey"
+            },
+            "value": {
+                "shape": "RequestHeaderValue"
+            },
+            "max": 16,
+            "min": 1
+        },
         "ResourceNotFoundException":{
             "type":"structure",
             "required":["message"],

plugins/toolkit/jetbrains-core/src/software/aws/toolkits/jetbrains/services/codewhisperer/codescan/CodeWhispererCodeScanException.kt

@@ -24,3 +24,6 @@ internal fun fileFormatNotSupported(format: String): Nothing =
 
 internal fun fileTooLarge(presentableSize: String): Nothing =
     throw CodeWhispererCodeScanException(message("codewhisperer.codescan.file_too_large", presentableSize))
+
+internal fun uploadArtifactFailedError(): Nothing =
+    throw CodeWhispererCodeScanException(message("codewhisperer.codescan.upload_to_s3_failed"))

plugins/toolkit/jetbrains-core/src/software/aws/toolkits/jetbrains/services/codewhisperer/codescan/CodeWhispererCodeScanSession.kt

@@ -213,13 +213,12 @@ class CodeWhispererCodeScanSession(val sessionContext: CodeScanSessionContext) {
         LOG.debug { "Fetching presigned URL for uploading $artifactType." }
         val createUploadUrlResponse = createUploadUrl(fileMd5, artifactType)
         LOG.debug { "Successfully fetched presigned URL for uploading $artifactType." }
-        val url = createUploadUrlResponse.uploadUrl()
         LOG.debug { "Uploading $artifactType using the presigned URL." }
-        uploadArtifactToS3(url, createUploadUrlResponse.uploadId(), zipFile, fileMd5, createUploadUrlResponse.kmsKeyArn())
+        uploadArtifactToS3(createUploadUrlResponse, createUploadUrlResponse.uploadId(), zipFile, fileMd5)
         createUploadUrlResponse
     } catch (e: Exception) {
         LOG.error { "Security scan failed. Something went wrong uploading artifacts: ${e.message}" }
-        throw e
+        uploadArtifactFailedError()
     }
 
     fun createUploadUrl(md5Content: String, artifactType: String): CreateUploadUrlResponse = clientAdaptor.createUploadUrl(
@@ -230,16 +229,22 @@ class CodeWhispererCodeScanSession(val sessionContext: CodeScanSessionContext) {
     )
 
     @Throws(IOException::class)
-    fun uploadArtifactToS3(url: String, uploadId: String, fileToUpload: File, md5: String, kmsArn: String?) {
+    fun uploadArtifactToS3(createUploadUrlResponse: CreateUploadUrlResponse, uploadId: String, fileToUpload: File, md5: String) {
         val uploadIdJson = """{"uploadId":"$uploadId"}"""
-        HttpRequests.put(url, "application/zip").userAgent(AwsClientManager.userAgent).tuner {
-            it.setRequestProperty(CONTENT_MD5, md5)
-            it.setRequestProperty(SERVER_SIDE_ENCRYPTION, AWS_KMS)
-            it.setRequestProperty(CONTENT_TYPE, APPLICATION_ZIP)
-            if (kmsArn?.isNotEmpty() == true) {
-                it.setRequestProperty(SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID, kmsArn)
+        HttpRequests.put(createUploadUrlResponse.uploadUrl(), "application/zip").userAgent(AwsClientManager.userAgent).tuner {
+            if (createUploadUrlResponse.requestHeaders() != null && createUploadUrlResponse.requestHeaders().isNotEmpty()) {
+                for ((key, value) in createUploadUrlResponse.requestHeaders()) {
+                    it.setRequestProperty(key, value)
+                }
+            } else {
+                it.setRequestProperty(CONTENT_MD5, md5)
+                it.setRequestProperty(SERVER_SIDE_ENCRYPTION, AWS_KMS)
+                it.setRequestProperty(CONTENT_TYPE, APPLICATION_ZIP)
+                if (createUploadUrlResponse.kmsKeyArn()?.isNotEmpty() == true) {
+                    it.setRequestProperty(SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID, createUploadUrlResponse.kmsKeyArn())
+                }
+                it.setRequestProperty(SERVER_SIDE_ENCRYPTION_CONTEXT, Base64.getEncoder().encodeToString(uploadIdJson.toByteArray()))
             }
-            it.setRequestProperty(SERVER_SIDE_ENCRYPTION_CONTEXT, Base64.getEncoder().encodeToString(uploadIdJson.toByteArray()))
         }.connect {
             val connection = it.connection as HttpURLConnection
             connection.setFixedLengthStreamingMode(fileToUpload.length())

plugins/toolkit/jetbrains-core/tst/software/aws/toolkits/jetbrains/services/codewhisperer/codescan/CodeWhispererCodeFileScanTest.kt

@@ -16,7 +16,6 @@ import org.mockito.kotlin.argumentCaptor
 import org.mockito.kotlin.doNothing
 import org.mockito.kotlin.eq
 import org.mockito.kotlin.inOrder
-import org.mockito.kotlin.isNull
 import org.mockito.kotlin.spy
 import org.mockito.kotlin.stub
 import org.mockito.kotlin.verify
@@ -96,7 +95,7 @@ class CodeWhispererCodeFileScanTest : CodeWhispererCodeScanTestBase(PythonCodeIn
         // Mock CodeWhispererClient needs to be setup before initializing CodeWhispererCodeScanSession
         codeScanSessionContext = CodeScanSessionContext(project, sessionConfigSpy)
         codeScanSessionSpy = spy(CodeWhispererCodeScanSession(codeScanSessionContext))
-        doNothing().`when`(codeScanSessionSpy).uploadArtifactToS3(any(), any(), any(), any(), isNull())
+        doNothing().`when`(codeScanSessionSpy).uploadArtifactToS3(any(), any(), any(), any())
 
         mockClient.stub {
             onGeneric { createUploadUrl(any()) }.thenReturn(fakeCreateUploadUrlResponse)
@@ -119,11 +118,10 @@ class CodeWhispererCodeFileScanTest : CodeWhispererCodeScanTestBase(PythonCodeIn
         val inOrder = inOrder(codeScanSessionSpy)
         inOrder.verify(codeScanSessionSpy).createUploadUrl(eq(fileMd5), eq("artifactType"))
         inOrder.verify(codeScanSessionSpy).uploadArtifactToS3(
-            eq(fakeCreateUploadUrlResponse.uploadUrl()),
+            eq(fakeCreateUploadUrlResponse),
             eq(fakeCreateUploadUrlResponse.uploadId()),
             eq(file),
             eq(fileMd5),
-            eq(null)
         )
     }
 

plugins/toolkit/jetbrains-core/tst/software/aws/toolkits/jetbrains/services/codewhisperer/codescan/CodeWhispererCodeScanTest.kt

@@ -16,7 +16,6 @@ import org.mockito.kotlin.argumentCaptor
 import org.mockito.kotlin.doNothing
 import org.mockito.kotlin.eq
 import org.mockito.kotlin.inOrder
-import org.mockito.kotlin.isNull
 import org.mockito.kotlin.spy
 import org.mockito.kotlin.stub
 import org.mockito.kotlin.verify
@@ -76,7 +75,7 @@ class CodeWhispererCodeScanTest : CodeWhispererCodeScanTestBase(PythonCodeInsigh
         // Mock CodeWhispererClient needs to be setup before initializing CodeWhispererCodeScanSession
         codeScanSessionContext = CodeScanSessionContext(project, sessionConfigSpy)
         codeScanSessionSpy = spy(CodeWhispererCodeScanSession(codeScanSessionContext))
-        doNothing().`when`(codeScanSessionSpy).uploadArtifactToS3(any(), any(), any(), any(), isNull())
+        doNothing().`when`(codeScanSessionSpy).uploadArtifactToS3(any(), any(), any(), any())
 
         mockClient.stub {
             onGeneric { createUploadUrl(any()) }.thenReturn(fakeCreateUploadUrlResponse)
@@ -99,11 +98,10 @@ class CodeWhispererCodeScanTest : CodeWhispererCodeScanTestBase(PythonCodeInsigh
         val inOrder = inOrder(codeScanSessionSpy)
         inOrder.verify(codeScanSessionSpy).createUploadUrl(eq(fileMd5), eq("artifactType"))
         inOrder.verify(codeScanSessionSpy).uploadArtifactToS3(
-            eq(fakeCreateUploadUrlResponse.uploadUrl()),
+            eq(fakeCreateUploadUrlResponse),
             eq(fakeCreateUploadUrlResponse.uploadId()),
             eq(file),
-            eq(fileMd5),
-            eq(null)
+            eq(fileMd5)
         )
     }
 

plugins/toolkit/jetbrains-core/tst/software/aws/toolkits/jetbrains/services/codewhisperer/codescan/CodeWhispererCodeScanTestBase.kt

@@ -24,7 +24,6 @@ import org.junit.jupiter.api.assertThrows
 import org.mockito.kotlin.any
 import org.mockito.kotlin.doNothing
 import org.mockito.kotlin.doReturn
-import org.mockito.kotlin.isNull
 import org.mockito.kotlin.mock
 import org.mockito.kotlin.spy
 import org.mockito.kotlin.stub
@@ -276,7 +275,7 @@ open class CodeWhispererCodeScanTestBase(projectRule: CodeInsightTestFixtureRule
     ) {
         val codeScanContext = CodeScanSessionContext(project, sessionConfigSpy)
         val sessionMock = spy(CodeWhispererCodeScanSession(codeScanContext))
-        doNothing().`when`(sessionMock).uploadArtifactToS3(any(), any(), any(), any(), isNull())
+        doNothing().`when`(sessionMock).uploadArtifactToS3(any(), any(), any(), any())
         doNothing().`when`(sessionMock).sleepThread()
 
         ToolWindowManager.getInstance(project).registerToolWindow(

plugins/toolkit/resources/resources/software/aws/toolkits/resources/MessagesBundle.properties

@@ -704,6 +704,7 @@ codewhisperer.codescan.stop_scan_confirm_message=Are you sure you want to stop o
 codewhisperer.codescan.stopping_scan=Stopping Security Scan...
 codewhisperer.codescan.suggested_fix_description=Why are we recommending this?
 codewhisperer.codescan.suggested_fix_label=Suggested code fix preview
+codewhisperer.codescan.upload_to_s3_failed=<html>Amazon Q is unable to upload workspace artifacts to Amazon S3 for security scans. For more information, see the Amazon Q documentation or contact your network or organization administrator.<br/> https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html</html>
 codewhisperer.codescan.view_scanned_files=View {0} scanned files
 codewhisperer.credential.login.dialog.exception.cancel_login=Login cancelled
 codewhisperer.credential.login.dialog.iam.description=Not supported by CodeWhisperer.