feat(sagemakerunifiedstudio): Handle experience in remote ssh connection for SMUS (aws#2204)

## Problem
Need to handle experience in remote ssh connection for SMUS

## Solution
1. Read metadata from /opt/ml/metadata/resource-metadata.json
2. Read DER from cred profile
3. Pre-populate Root node and project node, only show data nodes under
them

---

- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

---------

Co-authored-by: Zulin Liu <[email protected]>

Author: liuzulin

packages/core/src/sagemakerunifiedstudio/activation.ts

@@ -12,7 +12,7 @@ import { initializeResourceMetadata } from './shared/utils/resourceMetadataUtils
 
 export async function activate(extensionContext: vscode.ExtensionContext): Promise<void> {
     // Only run when environment is a SageMaker Unified Studio space
-    if (isSageMaker('SMUS')) {
+    if (isSageMaker('SMUS') || isSageMaker('SMUS-SPACE-REMOTE-ACCESS')) {
         await initializeResourceMetadata()
         await activateConnectionMagicsSelector(extensionContext)
     }

packages/core/src/sagemakerunifiedstudio/auth/providers/smusAuthenticationProvider.ts

@@ -20,6 +20,8 @@ import { DomainExecRoleCredentialsProvider } from './domainExecRoleCredentialsPr
 import { ProjectRoleCredentialsProvider } from './projectRoleCredentialsProvider'
 import { ConnectionCredentialsProvider } from './connectionCredentialsProvider'
 import { ConnectionClientStore } from '../../shared/client/connectionClientStore'
+import { getResourceMetadata } from '../../shared/utils/resourceMetadataUtils'
+import { fromIni } from '@aws-sdk/credential-providers'
 
 /**
  * Sets the context variable for SageMaker Unified Studio connection state
@@ -28,6 +30,14 @@ import { ConnectionClientStore } from '../../shared/client/connectionClientStore
 export function setSmusConnectedContext(isConnected: boolean): Promise<void> {
     return setContext('aws.smus.connected', isConnected)
 }
+
+/**
+ * Sets the context variable for SMUS space environment state
+ * @param inSmusSpace Whether we're in SMUS space environment
+ */
+export function setSmusSpaceEnvironmentContext(inSmusSpace: boolean): Promise<void> {
+    return setContext('aws.smus.inSmusSpaceEnvironment', inSmusSpace)
+}
 const authClassName = 'SmusAuthenticationProvider'
 
 /**
@@ -63,17 +73,34 @@ export class SmusAuthenticationProvider {
             // Clear all clients in client store when connection changes
             ConnectionClientStore.getInstance().clearAll()
             await setSmusConnectedContext(this.isConnected())
+            await setSmusSpaceEnvironmentContext(SmusUtils.isInSmusSpaceEnvironment())
             this.onDidChangeEmitter.fire()
         })
 
         // Set initial context in case event does not trigger
         void setSmusConnectedContext(this.isConnectionValid())
+        void setSmusSpaceEnvironmentContext(SmusUtils.isInSmusSpaceEnvironment())
     }
 
     /**
      * Gets the active connection
      */
     public get activeConnection() {
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            const resourceMetadata = getResourceMetadata()!
+            if (resourceMetadata.AdditionalMetadata!.DataZoneDomainRegion) {
+                return {
+                    domainId: resourceMetadata.AdditionalMetadata!.DataZoneDomainId!,
+                    ssoRegion: resourceMetadata.AdditionalMetadata!.DataZoneDomainRegion!,
+                    // The following fields won't be needed in SMUS space environment
+                    // Set them to be empty string for type checks only
+                    domainUrl: '',
+                    id: '',
+                }
+            } else {
+                throw new ToolkitError('Domain region not found in metadata file.')
+            }
+        }
         return this.secondaryAuth.activeConnection
     }
 
@@ -88,13 +115,19 @@ export class SmusAuthenticationProvider {
      * Checks if the connection is valid
      */
     public isConnectionValid(): boolean {
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            return true
+        }
         return this.activeConnection !== undefined && !this.secondaryAuth.isConnectionExpired
     }
 
     /**
      * Checks if connected to SMUS
      */
     public isConnected(): boolean {
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            return true
+        }
         return this.activeConnection !== undefined
     }
 
@@ -314,6 +347,10 @@ export class SmusAuthenticationProvider {
      * @returns Domain ID
      */
     public getDomainId(): string {
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            return getResourceMetadata()!.AdditionalMetadata!.DataZoneDomainId!
+        }
+
         if (!this.activeConnection) {
             throw new ToolkitError('No active SMUS connection available', { code: SmusErrorCodes.NoActiveConnection })
         }
@@ -332,6 +369,15 @@ export class SmusAuthenticationProvider {
     }
 
     public getDomainRegion(): string {
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            const resourceMetadata = getResourceMetadata()!
+            if (resourceMetadata.AdditionalMetadata!.DataZoneDomainRegion) {
+                return resourceMetadata.AdditionalMetadata!.DataZoneDomainRegion
+            } else {
+                throw new ToolkitError('Domain region not found in metadata file.')
+            }
+        }
+
         if (!this.activeConnection) {
             throw new ToolkitError('No active SMUS connection available', { code: SmusErrorCodes.NoActiveConnection })
         }
@@ -342,10 +388,15 @@ export class SmusAuthenticationProvider {
      * Gets or creates a cached credentials provider for the active connection
      * @returns Promise resolving to the credentials provider
      */
-    public async getDerCredentialsProvider(): Promise<DomainExecRoleCredentialsProvider> {
+    public async getDerCredentialsProvider(): Promise<any> {
         const logger = getLogger()
 
-        // TODO : Return fromIni() credential provider here when in the SageMaker Unified Studio hosted IDE environment.
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            const credentials = fromIni({ profile: 'DomainExecutionRoleCreds' })
+            return {
+                getCredentials: async () => await credentials(),
+            }
+        }
 
         if (!this.activeConnection) {
             throw new ToolkitError('No active SMUS connection available', { code: SmusErrorCodes.NoActiveConnection })

packages/core/src/sagemakerunifiedstudio/explorer/nodes/sageMakerUnifiedStudioProjectNode.ts

@@ -16,6 +16,7 @@ import { SmusAuthenticationProvider } from '../../auth/providers/smusAuthenticat
 import { SageMakerUnifiedStudioComputeNode } from './sageMakerUnifiedStudioComputeNode'
 import { getIcon } from '../../../shared/icons'
 import { SmusUtils } from '../../shared/smusUtils'
+import { getResourceMetadata } from '../../shared/utils/resourceMetadataUtils'
 
 /**
  * Tree node representing a SageMaker Unified Studio project
@@ -34,7 +35,21 @@ export class SageMakerUnifiedStudioProjectNode implements TreeNode {
         private readonly parent: SageMakerUnifiedStudioRootNode,
         private readonly authProvider: SmusAuthenticationProvider,
         private readonly extensionContext: vscode.ExtensionContext
-    ) {}
+    ) {
+        // If we're in SMUS space environment, set project from resource metadata
+        if (SmusUtils.isInSmusSpaceEnvironment()) {
+            const resourceMetadata = getResourceMetadata()!
+            if (resourceMetadata.AdditionalMetadata!.DataZoneProjectId) {
+                this.project = {
+                    id: resourceMetadata!.AdditionalMetadata!.DataZoneProjectId!,
+                    name: 'Current Project',
+                    domainId: resourceMetadata!.AdditionalMetadata!.DataZoneDomainId!,
+                }
+                // Fetch the actual project name asynchronously
+                void this.fetchProjectName()
+            }
+        }
+    }
 
     public async getTreeItem(): Promise<vscode.TreeItem> {
         if (this.project) {
@@ -70,25 +85,35 @@ export class SageMakerUnifiedStudioProjectNode implements TreeNode {
                 result: 'Succeeded',
                 passive: false,
             })
-            const hasAccess = await this.checkProjectAccess(this.project.id)
-            if (!hasAccess) {
-                return [
-                    {
-                        id: 'smusProjectAccessDenied',
-                        resource: {},
-                        getTreeItem: () => {
-                            const item = new vscode.TreeItem(
-                                'You are not a member of this project. Contact any of its owners to add you as a member.',
-                                vscode.TreeItemCollapsibleState.None
-                            )
-                            return item
+
+            // Skip access check if we're in SMUS space environment (already in project space)
+            if (!SmusUtils.isInSmusSpaceEnvironment()) {
+                const hasAccess = await this.checkProjectAccess(this.project.id)
+                if (!hasAccess) {
+                    return [
+                        {
+                            id: 'smusProjectAccessDenied',
+                            resource: {},
+                            getTreeItem: () => {
+                                const item = new vscode.TreeItem(
+                                    'You are not a member of this project. Contact any of its owners to add you as a member.',
+                                    vscode.TreeItemCollapsibleState.None
+                                )
+                                return item
+                            },
+                            getParent: () => this,
                         },
-                        getParent: () => this,
-                    },
-                ]
+                    ]
+                }
             }
 
             const dataNode = new SageMakerUnifiedStudioDataNode(this)
+
+            // If we're in SMUS space environment, only show data node
+            if (SmusUtils.isInSmusSpaceEnvironment()) {
+                return [dataNode]
+            }
+
             this.sagemakerClient = await this.initializeSagemakerClient(
                 this.authProvider.activeConnection?.ssoRegion || 'us-east-1'
             )
@@ -124,7 +149,10 @@ export class SageMakerUnifiedStudioProjectNode implements TreeNode {
 
     public async clearProject(): Promise<void> {
         await this.cleanupProjectResources()
-        this.project = undefined
+        // Don't clear project if we're in SMUS space environment
+        if (!SmusUtils.isInSmusSpaceEnvironment()) {
+            this.project = undefined
+        }
         await this.refreshNode()
     }
 
@@ -154,6 +182,27 @@ export class SageMakerUnifiedStudioProjectNode implements TreeNode {
         }
     }
 
+    private async fetchProjectName(): Promise<void> {
+        if (!this.project || !SmusUtils.isInSmusSpaceEnvironment()) {
+            return
+        }
+
+        try {
+            const dzClient = await DataZoneClient.getInstance(this.authProvider)
+            const projectDetails = await dzClient.getProject(this.project.id)
+
+            if (projectDetails && projectDetails.name) {
+                this.project.name = projectDetails.name
+                // Refresh the tree item to show the updated name
+                this.onDidChangeEmitter.fire()
+            }
+        } catch (err) {
+            // No need to show error, this is just to dynamically show project name
+            // If we fail to fetch project name, we will just show the default name
+            this.logger.debug(`Failed to fetch project name: ${(err as Error).message}`)
+        }
+    }
+
     private async initializeSagemakerClient(regionCode: string): Promise<SagemakerClient> {
         if (!this.project) {
             throw new Error('No project selected for initializing SageMaker client')

packages/core/src/sagemakerunifiedstudio/explorer/nodes/sageMakerUnifiedStudioRootNode.ts

@@ -133,7 +133,7 @@ export class SageMakerUnifiedStudioRootNode implements TreeNode {
 
     /**
      * Checks if the user has authenticated to SageMaker Unified Studio
-     * This is validated by checking existing Connections for SMUS.
+     * This is validated by checking existing Connections for SMUS or resource metadata.
      */
     private isAuthenticated(): boolean {
         try {
@@ -154,7 +154,7 @@ export class SageMakerUnifiedStudioRootNode implements TreeNode {
 
             if (hasExpiredConnection) {
                 // Show reauthentication prompt to user
-                void this.authProvider.showReauthenticationPrompt(this.authProvider.activeConnection!)
+                void this.authProvider.showReauthenticationPrompt(this.authProvider.activeConnection! as any)
                 return true
             }
             return false
@@ -197,6 +197,7 @@ export const smusLearnMoreCommand = Commands.declare('aws.smus.learnMore', () =>
  */
 export const smusLoginCommand = Commands.declare('aws.smus.login', () => async () => {
     const logger = getLogger()
+
     try {
         // Get DataZoneClient instance for URL validation
 

packages/core/src/sagemakerunifiedstudio/shared/client/datazoneClient.ts

@@ -457,6 +457,39 @@ export class DataZoneClient {
         }
     }
 
+    /**
+     * Gets a specific project by ID
+     * @param projectId The project identifier
+     * @returns Promise resolving to the project details
+     */
+    public async getProject(projectId: string): Promise<DataZoneProject> {
+        try {
+            this.logger.info(`DataZoneClient: Getting project ${projectId} in domain ${this.domainId}`)
+
+            const datazoneClient = await this.getDataZoneClient()
+
+            const response = await datazoneClient.getProject({
+                domainIdentifier: this.domainId,
+                identifier: projectId,
+            })
+
+            const project: DataZoneProject = {
+                id: response.id || '',
+                name: response.name || '',
+                description: response.description,
+                domainId: this.domainId,
+                createdAt: response.createdAt ? new Date(response.createdAt) : undefined,
+                updatedAt: response.lastUpdatedAt ? new Date(response.lastUpdatedAt) : undefined,
+            }
+
+            this.logger.debug(`DataZoneClient: Retrieved project ${projectId} with name: ${project.name}`)
+            return project
+        } catch (err) {
+            this.logger.error('DataZoneClient: Failed to get project: %s', err as Error)
+            throw err
+        }
+    }
+
     /*
      * Processes a connection response to add jdbcConnection if it's a Redshift connection
      * @param connection The connection object to process

packages/core/src/sagemakerunifiedstudio/shared/smusUtils.ts

@@ -5,6 +5,8 @@
 
 import { getLogger } from '../../shared/logger/logger'
 import { ToolkitError } from '../../shared/errors'
+import { isSageMaker } from '../../shared/extensionUtilities'
+import { getResourceMetadata } from './utils/resourceMetadataUtils'
 import fetch from 'node-fetch'
 
 /**
@@ -338,4 +340,14 @@ export class SmusUtils {
         }
         return match[1]
     }
+
+    /**
+     * Checks if we're in SMUS space environment (should hide certain UI elements)
+     * @returns True if in SMUS space environment with DataZone domain ID
+     */
+    public static isInSmusSpaceEnvironment(): boolean {
+        const isSMUSspace = isSageMaker('SMUS') || isSageMaker('SMUS-SPACE-REMOTE-ACCESS')
+        const resourceMetadata = getResourceMetadata()
+        return isSMUSspace && !!resourceMetadata?.AdditionalMetadata?.DataZoneDomainId
+    }
 }

packages/core/src/sagemakerunifiedstudio/shared/utils/resourceMetadataUtils.ts

@@ -53,7 +53,7 @@ export function getResourceMetadata(): ResourceMetadata | undefined {
 export async function initializeResourceMetadata(): Promise<void> {
     const logger = getLogger()
 
-    if (!isSageMaker('SMUS')) {
+    if (!isSageMaker('SMUS') && !isSageMaker('SMUS-SPACE-REMOTE-ACCESS')) {
         logger.debug(`Not in SageMaker Unified Studio space, skipping initialization of resource metadata`)
         return
     }

packages/core/src/shared/extensionUtilities.ts

@@ -188,7 +188,7 @@ export function isCloud9(flavor: 'classic' | 'codecatalyst' | 'any' = 'any'): bo
  * @param appName to identify the proper SM instance
  * @returns true if the current system is SageMaker(SMAI or SMUS)
  */
-export function isSageMaker(appName: 'SMAI' | 'SMUS' = 'SMAI'): boolean {
+export function isSageMaker(appName: 'SMAI' | 'SMUS' | 'SMUS-SPACE-REMOTE-ACCESS' = 'SMAI'): boolean {
     // Check for SageMaker-specific environment variables first
     let hasSMEnvVars: boolean = false
     if (hasSageMakerEnvVars()) {
@@ -201,6 +201,9 @@ export function isSageMaker(appName: 'SMAI' | 'SMUS' = 'SMAI'): boolean {
             return vscode.env.appName === sageMakerAppname && hasSMEnvVars
         case 'SMUS':
             return vscode.env.appName === sageMakerAppname && isSageMakerUnifiedStudio() && hasSMEnvVars
+        case 'SMUS-SPACE-REMOTE-ACCESS':
+            // When is true, the AWS toolkit is running in remote SSH conenction to SageMaker Unified Studio space
+            return vscode.env.appName !== sageMakerAppname && isSageMakerUnifiedStudio() && hasSMEnvVars
         default:
             return false
     }

packages/core/src/shared/vscode/setContext.ts

@@ -31,6 +31,7 @@ export type contextKey =
     | 'aws.toolkit.notifications.show'
     | 'aws.amazonq.editSuggestionActive'
     | 'aws.smus.connected'
+    | 'aws.smus.inSmusSpaceEnvironment'
     // Deprecated/legacy names. New keys should start with "aws.".
     | 'codewhisperer.activeLine'
     | 'gumby.isPlanAvailable'