Merge pull request #735 from abhik017/master

Added support for SSO login (AWS Profile)

Author: stephanj

build.gradle.kts

@@ -7,7 +7,7 @@ plugins {
 }
 
 group = "com.devoxx.genie"
-version = "0.6.8"
+version = "0.6.9"
 
 repositories {
     mavenCentral()
@@ -69,6 +69,9 @@ dependencies {
     implementation("dev.langchain4j:langchain4j-chroma:$lg4j_version")
 //    implementation("dev.langchain4j:langchain4j-mcp:$lg4j_version")
     implementation("dev.langchain4j:langchain4j-reactor:$lg4j_version")
+    implementation("software.amazon.awssdk:sts:2.25.6")
+    implementation("software.amazon.awssdk:sso:2.31.64")
+    implementation("software.amazon.awssdk:ssooidc:2.31.64")
 
     // Retrofit dependencies
     implementation("com.squareup.retrofit2:converter-gson:2.11.0")

core/src/main/java/com/devoxx/genie/service/DevoxxGenieSettingsService.java

@@ -32,6 +32,8 @@ public interface DevoxxGenieSettingsService {
 
     String getAwsAccessKeyId();
 
+    String getAwsProfileName();
+
     String getAwsRegion();
 
     String getMistralKey();

src/main/java/com/devoxx/genie/chatmodel/cloud/bedrock/BedrockModelFactory.java

@@ -7,6 +7,8 @@
 import com.devoxx.genie.ui.settings.DevoxxGenieStateService;
 import dev.langchain4j.model.bedrock.BedrockChatModel;
 import dev.langchain4j.model.chat.request.ChatRequestParameters;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
 import software.amazon.awssdk.services.bedrockruntime.BedrockRuntimeClient;
 import dev.langchain4j.model.chat.ChatLanguageModel;
 import org.apache.commons.lang3.NotImplementedException;
@@ -15,6 +17,7 @@
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.sts.auth.StsCredentialsProvider;
 
 import java.util.List;
 
@@ -174,7 +177,11 @@ public List<LanguageModel> getModels() {
         String accessKeyId = DevoxxGenieStateService.getInstance().getAwsAccessKeyId();
         String secretKey = DevoxxGenieStateService.getInstance().getAwsSecretKey();
 
-        return StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKeyId, secretKey));
+        boolean shouldPowerFromProfile = DevoxxGenieStateService.getInstance().getShouldPowerFromAWSProfile();
+        String profileName = DevoxxGenieStateService.getInstance().getAwsProfileName();
+
+        return shouldPowerFromProfile ? ProfileCredentialsProvider.create(profileName) :
+                StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKeyId, secretKey));
     }
 
     /**

src/main/java/com/devoxx/genie/chatmodel/cloud/bedrock/BedrockService.java

@@ -1,9 +1,13 @@
 package com.devoxx.genie.chatmodel.cloud.bedrock;
 
 import com.devoxx.genie.ui.settings.DevoxxGenieStateService;
+import com.google.auth.oauth2.AwsCredentials;
 import com.intellij.openapi.application.ApplicationManager;
 import org.jetbrains.annotations.NotNull;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.bedrock.BedrockClient;
@@ -26,9 +30,11 @@ public static BedrockService getInstance() {
         String awsAccessKey = instance.getAwsAccessKeyId();
         String awsSecretKey = instance.getAwsSecretKey();
 
-        // Given
-        StaticCredentialsProvider credentialsProvider =
-                StaticCredentialsProvider.create(AwsBasicCredentials.create(awsAccessKey, awsSecretKey));
+        boolean shouldPowerFromProfile = instance.getShouldPowerFromAWSProfile();
+        String profileName = instance.getAwsProfileName();
+
+        AwsCredentialsProvider credentialsProvider = shouldPowerFromProfile
+                ? ProfileCredentialsProvider.create(profileName) : StaticCredentialsProvider.create(AwsBasicCredentials.create(awsAccessKey, awsSecretKey));
 
         try (BedrockClient bedrockClient = BedrockClient.builder()
                 .region(Region.of(awsRegion))

src/main/java/com/devoxx/genie/service/DevoxxGenieSettingsService.java

@@ -31,6 +31,8 @@ public interface DevoxxGenieSettingsService {
 
     String getAwsAccessKeyId();
 
+    String getAwsProfileName();
+
     String getAwsRegion();
 
     String getMistralKey();
@@ -114,8 +116,11 @@ public interface DevoxxGenieSettingsService {
     void setAzureOpenAIKey(String key);
 
     void setAwsAccessKeyId(String accessKeyId);
+
     void setAwsSecretKey(String secretKey);
 
+    void setAwsProfileName(String profileName);
+
     void setAwsRegion(String region);
 
     void setMistralKey(String key);

src/main/java/com/devoxx/genie/ui/settings/DevoxxGenieStateService.java

@@ -110,7 +110,6 @@ public static DevoxxGenieStateService getInstance() {
     private boolean isDeepSeekEnabled = false;
     private boolean isOpenRouterEnabled = false;
     private boolean isGrokEnabled = false;
-    private boolean isAWSEnabled = false;
 
     // LLM API Keys
     private String openAIKey = "";
@@ -127,6 +126,7 @@ public static DevoxxGenieStateService getInstance() {
     private String azureOpenAIKey = "";
     private String awsAccessKeyId = "";
     private String awsSecretKey = "";
+    private String awsProfileName = "";
     private String awsRegion = "";
 
     // Search API Keys
@@ -171,6 +171,7 @@ public static DevoxxGenieStateService getInstance() {
 
     private Boolean showAzureOpenAIFields = false;
     private Boolean showAwsFields = false;
+    private Boolean shouldPowerFromAWSProfile = false;
 
     @Setter
     private Boolean useGitIgnore = true;
@@ -330,9 +331,9 @@ public boolean isAzureOpenAIEnabled() {
 
     public boolean isAwsEnabled() {
         return showAwsFields &&
-                !awsAccessKeyId.isEmpty() &&
-                !awsSecretKey.isEmpty() &&
-                !awsRegion.isEmpty();
+                ((!awsAccessKeyId.isEmpty() && !awsSecretKey.isEmpty())
+                || (shouldPowerFromAWSProfile && !awsProfileName.isEmpty()))
+                && !awsRegion.isEmpty();
     }
 
     public @Nullable String getConfigValue(@NotNull String key) {

src/main/java/com/devoxx/genie/ui/settings/llm/LLMProvidersComponent.java

@@ -60,6 +60,8 @@ public class LLMProvidersComponent extends AbstractSettingsComponent {
     @Getter
     private final JPasswordField awsSecretKeyField = new JPasswordField(stateService.getAwsSecretKey());
     @Getter
+    private final JTextField awsProfileName = new JTextField(stateService.getAwsProfileName());
+    @Getter
     private final JPasswordField awsAccessKeyIdField = new JPasswordField(stateService.getAwsAccessKeyId());
     @Getter
     private final JTextField awsRegion = new JTextField(stateService.getAwsRegion());
@@ -105,10 +107,14 @@ public class LLMProvidersComponent extends AbstractSettingsComponent {
     private final JCheckBox enableAzureOpenAICheckBox = new JCheckBox("", stateService.getShowAzureOpenAIFields());
     @Getter
     private final JCheckBox enableAWSCheckBox = new JCheckBox("", stateService.getShowAwsFields());
+    @Getter
+    private final JCheckBox enableAWSProfileCheckBox = new JCheckBox("", stateService.getShouldPowerFromAWSProfile());
 
     private final List<JComponent> azureComponents = new ArrayList<>();
 
-    private final List<JComponent> awsComponents = new ArrayList<>();
+    private final List<JComponent> awsCommonComponents = new ArrayList<>();
+    private final List<JComponent> awsDirectCredentialsComponents = new ArrayList<>();
+    private final List<JComponent> awsProfileCredentialsComponents = new ArrayList<>();
 
     public LLMProvidersComponent() {
         addListeners();
@@ -189,7 +195,13 @@ public void addListeners() {
             setNestedComponentsVisibility(azureComponents, event.getStateChange() == ItemEvent.SELECTED, true);
         });
         enableAWSCheckBox.addItemListener(event -> {
-            setNestedComponentsVisibility(awsComponents, event.getStateChange() == ItemEvent.SELECTED, true);
+            setNestedComponentsVisibility(awsCommonComponents, event.getStateChange() == ItemEvent.SELECTED, true);
+            setNestedComponentsVisibility(awsDirectCredentialsComponents, event.getStateChange() == ItemEvent.SELECTED && !enableAWSProfileCheckBox.isSelected(), true);
+            setNestedComponentsVisibility(awsProfileCredentialsComponents, event.getStateChange() == ItemEvent.SELECTED && enableAWSProfileCheckBox.isSelected(), true);
+        });
+        enableAWSProfileCheckBox.addItemListener(event -> {
+            setNestedComponentsVisibility(awsDirectCredentialsComponents, enableAWSCheckBox.isSelected() && event.getStateChange() != ItemEvent.SELECTED, true);
+            setNestedComponentsVisibility(awsProfileCredentialsComponents, enableAWSCheckBox.isSelected() && event.getStateChange() == ItemEvent.SELECTED, true);
         });
 
         // Add new listeners for enable/disable checkboxes
@@ -232,17 +244,22 @@ private void addAzureOpenAIPanel(JPanel panel, GridBagConstraints gbc) {
 
     private void addAWSPanel(JPanel panel, GridBagConstraints gbc) {
         final String bedrockURL = "https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started-api.html";
+        final String awsProfileURL = "https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html";
         addSettingRow(panel, gbc, "Enable AWS Bedrock", enableAWSCheckBox);
 
-        addNestedSettingsRow(panel, gbc, "AWS Access Key ID",
-                createTextWithLinkButton(awsAccessKeyIdField, bedrockURL), awsComponents);
-        addNestedSettingsRow(panel, gbc, "AWS Secret Access Key",
-                createTextWithLinkButton(awsSecretKeyField, bedrockURL), awsComponents);
-        addNestedSettingsRow(panel, gbc, "AWS region",
-                createTextWithPasswordButton(awsRegion, bedrockURL), awsComponents);
+        addNestedSettingsRow(panel, gbc, "Power from AWS Profile", enableAWSProfileCheckBox, awsCommonComponents);
+        addNestedSettingsRow(panel, gbc, "AWS region", createTextWithPasswordButton(awsRegion, bedrockURL), awsCommonComponents);
+
+        addNestedSettingsRow(panel, gbc, "AWS Access Key ID", createTextWithLinkButton(awsAccessKeyIdField, bedrockURL), awsDirectCredentialsComponents);
+        addNestedSettingsRow(panel, gbc, "AWS Secret Access Key", createTextWithLinkButton(awsSecretKeyField, bedrockURL), awsDirectCredentialsComponents);
+
+        addNestedSettingsRow(panel, gbc, "AWS Profile Name", createTextWithLinkButton(awsProfileName, awsProfileURL), awsProfileCredentialsComponents);
+
 
         // Set initial visibility
-        setNestedComponentsVisibility(awsComponents, enableAWSCheckBox.isSelected(), false);
+        setNestedComponentsVisibility(awsCommonComponents, enableAWSCheckBox.isSelected(), false);
+        setNestedComponentsVisibility(awsDirectCredentialsComponents, enableAWSCheckBox.isSelected() && !enableAWSProfileCheckBox.isSelected(), false);
+        setNestedComponentsVisibility(awsProfileCredentialsComponents, enableAWSCheckBox.isSelected() && enableAWSProfileCheckBox.isSelected(), false);
     }
 
     /**

src/main/java/com/devoxx/genie/ui/settings/llm/LLMProvidersConfigurable.java

@@ -85,6 +85,8 @@ public boolean isModified() {
         isModified |= !stateService.getShowAwsFields().equals(llmSettingsComponent.getEnableAWSCheckBox().isSelected());
         isModified |= isFieldModified(llmSettingsComponent.getAwsSecretKeyField(), stateService.getAwsSecretKey());
         isModified |= isFieldModified(llmSettingsComponent.getAwsAccessKeyIdField(), stateService.getAwsAccessKeyId());
+        isModified |= !stateService.getShouldPowerFromAWSProfile().equals(llmSettingsComponent.getEnableAWSProfileCheckBox().isSelected());
+        isModified |= isFieldModified(llmSettingsComponent.getAwsProfileName(), stateService.getAwsProfileName());
         isModified |= isFieldModified(llmSettingsComponent.getAwsRegion(), stateService.getAwsRegion());
 
         isModified |= stateService.isOllamaEnabled() != llmSettingsComponent.getOllamaEnabledCheckBox().isSelected();
@@ -153,6 +155,8 @@ public void apply() {
         settings.setAwsAccessKeyId(new String(llmSettingsComponent.getAwsAccessKeyIdField().getPassword()));
         settings.setAwsSecretKey(new String(llmSettingsComponent.getAwsSecretKeyField().getPassword()));
         settings.setAwsRegion(llmSettingsComponent.getAwsRegion().getText());
+        settings.setShouldPowerFromAWSProfile(llmSettingsComponent.getEnableAWSProfileCheckBox().isSelected());
+        settings.setAwsProfileName(llmSettingsComponent.getAwsProfileName().getText());
 
         settings.setOllamaEnabled(llmSettingsComponent.getOllamaEnabledCheckBox().isSelected());
         settings.setLmStudioEnabled(llmSettingsComponent.getLmStudioEnabledCheckBox().isSelected());
@@ -188,6 +192,7 @@ public void apply() {
                     (!settings.getMistralKey().isBlank() && settings.isMistralEnabled()) ||
                     (!settings.getAwsAccessKeyId().isBlank() && !settings.getAwsSecretKey().isBlank() && settings.isAwsEnabled()) ||
                     (!settings.getAwsAccessKeyId().isBlank() && settings.getShowAwsFields()) ||
+                    (!settings.getAwsProfileName().isBlank() && settings.getShowAwsFields() && settings.getShouldPowerFromAWSProfile()) ||
                     (!settings.getAwsRegion().isBlank() && settings.getShowAwsFields()) ||
                     (!settings.getAzureOpenAIKey().isBlank() && settings.getShowAzureOpenAIFields());
 

src/main/resources/META-INF/plugin.xml

@@ -35,7 +35,7 @@
     ]]></description>
 
     <change-notes><![CDATA[
-        <h2>v0.6.8</h2>
+        <h2>v0.6.9</h2>
         <UL>
             <LI>Issue #725: Langchain4J MCP ToolSpecificationHelper fix</LI>
         </UL>

src/main/resources/application.properties

@@ -1 +1 @@
-version=0.6.8
+version=0.6.9