laileni-aws
diff --git a/‎packages/core/package.nls.json‎
Lines changed: 3 additions & 1 deletion b/‎packages/core/package.nls.json‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎packages/core/src/auth/secondaryAuth.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/core/src/auth/secondaryAuth.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/core/src/sagemakerunifiedstudio/auth/model.ts‎
Lines changed: 68 additions & 0 deletions b/‎packages/core/src/sagemakerunifiedstudio/auth/model.ts‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎packages/core/src/sagemakerunifiedstudio/auth/smusAuthenticationProvider.ts‎
Lines changed: 218 additions & 0 deletions b/‎packages/core/src/sagemakerunifiedstudio/auth/smusAuthenticationProvider.ts‎
Lines changed: 218 additions & 0 deletions
diff --git a/‎packages/core/src/sagemakerunifiedstudio/explorer/activation.ts‎
Lines changed: 32 additions & 1 deletion b/‎packages/core/src/sagemakerunifiedstudio/explorer/activation.ts‎
Lines changed: 32 additions & 1 deletion
@@ -231,6 +231,7 @@
     "AWS.command.s3.uploadFile": "Upload Files...",
     "AWS.command.s3.uploadFileToParent": "Upload to Parent...",
     "AWS.command.smus.switchProject": "Switch Project",
+    "AWS.command.smus.signOut": "Sign Out",
     "AWS.command.sagemaker.filterSpaces": "Filter Sagemaker Spaces",
     "AWS.command.stepFunctions.createStateMachineFromTemplate": "Create a new Step Functions state machine",
     "AWS.command.stepFunctions.publishStateMachine": "Publish state machine to Step Functions",
@@ -482,5 +483,6 @@
     "AWS.toolkit.lambda.walkthrough.step1.description": "Locally test and debug your code.",
     "AWS.toolkit.lambda.walkthrough.step2.title": "Deploy to the cloud",
     "AWS.toolkit.lambda.walkthrough.step2.description": "Test your application in the cloud from within VS Code. \n\nNote: The AWS CLI and the SAM CLI require AWS Credentials to interact with the cloud. For information on setting up your credentials, see [Authentication and access credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html). \n\n[Configure credentials](command:aws.toolkit.lambda.walkthrough.credential)",
-    "AWS.toolkit.lambda.serverlessLand.quickpickTitle": "Create application with Serverless template"
+    "AWS.toolkit.lambda.serverlessLand.quickpickTitle": "Create application with Serverless template",
+    "AWS.command.smus.signout": "Sign Out"
 }
@@ -18,7 +18,7 @@ import { withTelemetryContext } from '../shared/telemetry/util'
 import { isNetworkError } from '../shared/errors'
 import globals from '../shared/extensionGlobals'
 
-export type ToolId = 'codecatalyst' | 'codewhisperer' | 'testId'
+export type ToolId = 'codecatalyst' | 'codewhisperer' | 'testId' | 'smus'
 
 let currentConn: Auth['activeConnection']
 const auths = new Map<string, SecondaryAuth>()
 
@@ -0,0 +1,68 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { SsoProfile, SsoConnection } from '../../auth/connection'
+
+/**
+ * Scope for SageMaker Unified Studio authentication
+ */
+export const scopeSmus = 'datazone:domain:access'
+
+/**
+ * SageMaker Unified Studio profile extending the base SSO profile
+ */
+export interface SmusProfile extends SsoProfile {
+    readonly domainUrl: string
+    readonly domainId: string
+}
+
+/**
+ * SageMaker Unified Studio connection extending the base SSO connection
+ */
+export interface SmusConnection extends SmusProfile, SsoConnection {
+    readonly id: string
+    readonly label: string
+}
+
+/**
+ * Creates a SageMaker Unified Studio profile
+ * @param domainUrl The SageMaker Unified Studio domain URL
+ * @param domainId The SageMaker Unified Studio domain ID
+ * @param startUrl The SSO start URL (issuer URL)
+ * @param region The AWS region
+ * @returns A SageMaker Unified Studio profile
+ */
+export function createSmusProfile(
+    domainUrl: string,
+    domainId: string,
+    startUrl: string,
+    region: string,
+    scopes = [scopeSmus]
+): SmusProfile & { readonly scopes: string[] } {
+    return {
+        scopes,
+        type: 'sso',
+        startUrl,
+        ssoRegion: region,
+        domainUrl,
+        domainId,
+    }
+}
+
+/**
+ * Checks if a connection is a valid SageMaker Unified Studio connection
+ * @param conn Connection to check
+ * @returns True if the connection is a valid SMUS connection
+ */
+export function isValidSmusConnection(conn?: any): conn is SmusConnection {
+    if (!conn || conn.type !== 'sso') {
+        return false
+    }
+    // Check if the connection has the required SMUS scope
+    const hasScope = Array.isArray(conn.scopes) && conn.scopes.includes(scopeSmus)
+    // Check if the connection has the required SMUS properties
+    const hasSmusProps = 'domainUrl' in conn && 'domainId' in conn
+    return !!hasScope && !!hasSmusProps
+}
@@ -0,0 +1,218 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import * as vscode from 'vscode'
+import { Auth } from '../../auth/auth'
+import { getSecondaryAuth } from '../../auth/secondaryAuth'
+import { ToolkitError } from '../../shared/errors'
+import { withTelemetryContext } from '../../shared/telemetry/util'
+import { SsoConnection } from '../../auth/connection'
+import { showReauthenticateMessage } from '../../shared/utilities/messages'
+import * as localizedText from '../../shared/localizedText'
+import { ToolkitPromptSettings } from '../../shared/settings'
+import { setContext } from '../../shared/vscode/setContext'
+import { DataZoneClient } from '../shared/client/datazoneClient'
+import { createSmusProfile, isValidSmusConnection, SmusConnection } from './model'
+import { getLogger } from '../../shared/logger/logger'
+
+/**
+ * Sets the context variable for SageMaker Unified Studio connection state
+ * @param isConnected Whether SMUS is connected
+ */
+export function setSmusConnectedContext(isConnected: boolean): Promise<void> {
+    return setContext('aws.smus.connected', isConnected)
+}
+const authClassName = 'SmusAuthenticationProvider'
+
+/**
+ * Authentication provider for SageMaker Unified Studio
+ * Manages authentication state and credentials for SMUS
+ */
+export class SmusAuthenticationProvider {
+    public readonly onDidChangeActiveConnection = this.secondaryAuth.onDidChangeActiveConnection
+    private readonly onDidChangeEmitter = new vscode.EventEmitter<void>()
+    public readonly onDidChange = this.onDidChangeEmitter.event
+
+    public constructor(
+        public readonly auth = Auth.instance,
+        public readonly secondaryAuth = getSecondaryAuth(
+            auth,
+            'smus',
+            'SageMaker Unified Studio',
+            isValidSmusConnection
+        )
+    ) {
+        this.onDidChangeActiveConnection(async () => {
+            await setSmusConnectedContext(this.isConnected())
+            this.onDidChangeEmitter.fire()
+        })
+
+        // Set initial context in case event does not trigger
+        void setSmusConnectedContext(this.isConnectionValid())
+    }
+
+    /**
+     * Gets the active connection
+     */
+    public get activeConnection() {
+        return this.secondaryAuth.activeConnection
+    }
+
+    /**
+     * Checks if using a saved connection
+     */
+    public get isUsingSavedConnection() {
+        return this.secondaryAuth.hasSavedConnection
+    }
+
+    /**
+     * Checks if the connection is valid
+     */
+    public isConnectionValid(): boolean {
+        return this.activeConnection !== undefined && !this.secondaryAuth.isConnectionExpired
+    }
+
+    /**
+     * Checks if connected to SMUS
+     */
+    public isConnected(): boolean {
+        return this.activeConnection !== undefined
+    }
+
+    /**
+     * Restores the previous connection
+     * Uses a promise to prevent multiple simultaneous restore calls
+     */
+    public async restore() {
+        await this.secondaryAuth.restoreConnection()
+    }
+
+    /**
+     * Authenticates with SageMaker Unified Studio using a domain URL
+     * @param domainUrl The SageMaker Unified Studio domain URL
+     * @returns Promise resolving to the connection
+     */
+    @withTelemetryContext({ name: 'connectToSmus', class: authClassName })
+    public async connectToSmus(domainUrl: string): Promise<SmusConnection> {
+        const logger = getLogger()
+
+        try {
+            // Create DataZoneClient instance and extract domain info
+            const dataZoneClient = DataZoneClient.getInstance()
+            const { domainId, region } = dataZoneClient.extractDomainInfoFromUrl(domainUrl)
+
+            // Validate domain ID
+            if (!domainId) {
+                throw new ToolkitError('Invalid domain URL format', { code: 'InvalidDomainUrl' })
+            }
+
+            logger.info(`SMUS: Connecting to domain ${domainId} in region ${region}`)
+
+            // Check if we already have a connection for this domain
+            const existingConn = (await this.auth.listConnections()).find(
+                (c): c is SmusConnection =>
+                    isValidSmusConnection(c) && (c as any).domainUrl?.toLowerCase() === domainUrl.toLowerCase()
+            )
+
+            if (existingConn) {
+                const connectionState = this.auth.getConnectionState(existingConn)
+                logger.info(`SMUS: Found existing connection ${existingConn.id} with state: ${connectionState}`)
+
+                // If connection is valid, use it directly without triggering new auth flow
+                if (connectionState === 'valid') {
+                    logger.info('SMUS: Using existing valid connection')
+
+                    // Use the existing connection
+                    const result = await this.secondaryAuth.useNewConnection(existingConn)
+                    logger.debug(`SMUS: Reused existing connection successfully, id=${result.id}`)
+                    return result
+                }
+
+                // If connection is invalid or expired, reauthenticate
+                if (connectionState === 'invalid') {
+                    logger.info('SMUS: Existing connection is invalid, reauthenticating')
+                    const reauthenticatedConn = await this.reauthenticate(existingConn)
+
+                    // Create the SMUS connection wrapper
+                    const smusConn: SmusConnection = {
+                        ...reauthenticatedConn,
+                        domainUrl,
+                        domainId,
+                    }
+
+                    const result = await this.secondaryAuth.useNewConnection(smusConn)
+                    logger.debug(`SMUS: Reauthenticated connection successfully, id=${result.id}`)
+                    return result
+                }
+            }
+
+            // No existing connection found, create a new one
+            logger.info('SMUS: No existing connection found, creating new connection')
+
+            // Get SSO instance info from DataZone
+            const ssoInstanceInfo = await dataZoneClient.getSsoInstanceInfo(domainUrl)
+
+            // Create a new connection
+            const profile = createSmusProfile(domainUrl, domainId, ssoInstanceInfo.issuerUrl, ssoInstanceInfo.region)
+            const newConn = await this.auth.createConnection(profile)
+            logger.debug(`SMUS: Created new connection ${newConn.id}`)
+
+            const smusConn: SmusConnection = {
+                ...newConn,
+                domainUrl,
+                domainId,
+            }
+
+            const result = await this.secondaryAuth.useNewConnection(smusConn)
+            return result
+        } catch (e) {
+            throw ToolkitError.chain(e, 'Failed to connect to SageMaker Unified Studio', {
+                code: 'FailedToConnect',
+            })
+        }
+    }
+
+    /**
+     * Reauthenticates an existing connection
+     * @param conn Connection to reauthenticate
+     * @returns Promise resolving to the reauthenticated connection
+     */
+    @withTelemetryContext({ name: 'reauthenticate', class: authClassName })
+    public async reauthenticate(conn: SsoConnection) {
+        try {
+            return await this.auth.reauthenticate(conn)
+        } catch (err) {
+            throw ToolkitError.chain(err, 'Unable to reauthenticate SageMaker Unified Studio connection.')
+        }
+    }
+
+    /**
+     * Shows a reauthentication prompt to the user
+     * @param conn Connection to reauthenticate
+     */
+    public async showReauthenticationPrompt(conn: SsoConnection): Promise<void> {
+        await showReauthenticateMessage({
+            message: localizedText.connectionExpired('SageMaker Unified Studio'),
+            connect: localizedText.reauthenticate,
+            suppressId: 'smusConnectionExpired',
+            settings: ToolkitPromptSettings.instance,
+            reauthFunc: async () => {
+                await this.reauthenticate(conn)
+            },
+        })
+    }
+
+    // URL extraction functions have been moved to DataZoneClient
+
+    static #instance: SmusAuthenticationProvider | undefined
+
+    public static get instance(): SmusAuthenticationProvider | undefined {
+        return SmusAuthenticationProvider.#instance
+    }
+
+    public static fromContext() {
+        return (this.#instance ??= new this())
+    }
+}
@@ -9,14 +9,27 @@ import {
     retrySmusProjectsCommand,
     smusLoginCommand,
     smusLearnMoreCommand,
+    smusSignOutCommand,
     SageMakerUnifiedStudioRootNode,
     selectSMUSProject,
 } from './nodes/sageMakerUnifiedStudioRootNode'
 import { DataZoneClient } from '../shared/client/datazoneClient'
+import { getLogger } from '../../shared/logger/logger'
+import { setSmusConnectedContext, SmusAuthenticationProvider } from '../auth/smusAuthenticationProvider'
 
 export async function activate(extensionContext: vscode.ExtensionContext): Promise<void> {
+    // Initialize the SMUS authentication provider
+    const logger = getLogger()
+    logger.debug('SMUS: Initializing authentication provider')
+    // Create the auth provider instance (this will trigger restore() in the constructor)
+    const smusAuthProvider = SmusAuthenticationProvider.fromContext()
+    await smusAuthProvider.restore()
+    // Set initial auth context after restore
+    void setSmusConnectedContext(smusAuthProvider.isConnected())
+    logger.debug('SMUS: Authentication provider initialized')
+
     // Create the SMUS projects tree view
-    const smusRootNode = new SageMakerUnifiedStudioRootNode()
+    const smusRootNode = new SageMakerUnifiedStudioRootNode(smusAuthProvider)
     const treeDataProvider = new ResourceTreeDataProvider({ getChildren: () => smusRootNode.getChildren() })
 
     // Register the tree view
@@ -27,6 +40,7 @@ export async function activate(extensionContext: vscode.ExtensionContext): Promi
     extensionContext.subscriptions.push(
         smusLoginCommand.register(),
         smusLearnMoreCommand.register(),
+        smusSignOutCommand.register(),
         retrySmusProjectsCommand.register(),
         treeView,
         vscode.commands.registerCommand('aws.smus.rootView.refresh', () => {
@@ -43,6 +57,23 @@ export async function activate(extensionContext: vscode.ExtensionContext): Promi
             return await selectSMUSProject(projectNode)
         }),
 
+        vscode.commands.registerCommand('aws.smus.reauthenticate', async (connection?: any) => {
+            if (connection) {
+                try {
+                    await smusAuthProvider.reauthenticate(connection)
+                    // Refresh the tree view after successful reauthentication
+                    treeDataProvider.refresh()
+                    // Show success message
+                    void vscode.window.showInformationMessage(
+                        'Successfully reauthenticated with SageMaker Unified Studio'
+                    )
+                } catch (error) {
+                    // Show error message if reauthentication fails
+                    void vscode.window.showErrorMessage(`Failed to reauthenticate: ${error}`)
+                    logger.error('SMUS: Reauthentication failed: %O', error)
+                }
+            }
+        }),
         // Dispose DataZoneClient when extension is deactivated
         { dispose: () => DataZoneClient.dispose() }
     )