fix(amazonq): not set IAM auth as default for SMAI remote ssh (aws#7795)

## Problem

In SMAI remote ssh space, Q chat request failed as IAM creds not found

## Solution

Discussed with SMAI team, for SMAI remote ssh space, not set the default
auth mode as IAM.


## Test
before tested with the latest version v1.87.0


https://github.com/user-attachments/assets/7a4f8b23-fb64-453c-830a-bfc58fc8394c

after tested with a local build version



https://github.com/user-attachments/assets/765c772c-13b2-444f-bada-eb9eb5068d55





---

- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

Author: yueny2020

packages/core/src/shared/lsp/utils/platform.ts

@@ -8,7 +8,7 @@ import { ToolkitError } from '../../errors'
 import { Logger } from '../../logger/logger'
 import { ChildProcess } from '../../utilities/processUtils'
 import { waitUntil } from '../../utilities/timeoutUtils'
-import { isDebugInstance } from '../../vscode/env'
+import { isDebugInstance, isRemoteWorkspace } from '../../vscode/env'
 import { isSageMaker } from '../../extensionUtilities'
 import { getLogger } from '../../logger/logger'
 
@@ -124,8 +124,16 @@ export function createServerOptions({
                     getLogger().info(`[SageMaker Debug] Using SSO auth mode, not setting USE_IAM_AUTH`)
                 }
             } catch (err) {
-                getLogger().warn(`[SageMaker Debug] Failed to parse SageMaker cookies, defaulting to IAM auth: ${err}`)
-                env.USE_IAM_AUTH = 'true'
+                if (isRemoteWorkspace() && env.SERVICE_NAME !== 'SageMakerUnifiedStudio') {
+                    getLogger().warn(
+                        `[SageMaker Debug] Failed to parse SageMaker cookies in remote space, not SMUS env, not defaulting to IAM auth: ${err}`
+                    )
+                } else {
+                    getLogger().warn(
+                        `[SageMaker Debug] Failed to parse SageMaker cookies, defaulting to IAM auth: ${err}`
+                    )
+                    env.USE_IAM_AUTH = 'true'
+                }
             }
 
             // Log important environment variables for debugging

packages/core/src/test/shared/lsp/utils/platform.test.ts

@@ -0,0 +1,209 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import assert from 'assert'
+import * as sinon from 'sinon'
+import * as vscode from 'vscode'
+import { createServerOptions } from '../../../../shared/lsp/utils/platform'
+import * as extensionUtilities from '../../../../shared/extensionUtilities'
+import * as env from '../../../../shared/vscode/env'
+import { ChildProcess } from '../../../../shared/utilities/processUtils'
+
+describe('createServerOptions - SageMaker Authentication', function () {
+    let sandbox: sinon.SinonSandbox
+    let isSageMakerStub: sinon.SinonStub
+    let isRemoteWorkspaceStub: sinon.SinonStub
+    let executeCommandStub: sinon.SinonStub
+
+    beforeEach(function () {
+        sandbox = sinon.createSandbox()
+
+        isSageMakerStub = sandbox.stub(extensionUtilities, 'isSageMaker')
+        isRemoteWorkspaceStub = sandbox.stub(env, 'isRemoteWorkspace')
+        sandbox.stub(env, 'isDebugInstance').returns(false)
+        executeCommandStub = sandbox.stub(vscode.commands, 'executeCommand')
+
+        sandbox.stub(ChildProcess.prototype, 'run').resolves()
+        sandbox.stub(ChildProcess.prototype, 'send').resolves()
+        sandbox.stub(ChildProcess.prototype, 'proc').returns({} as any)
+    })
+
+    afterEach(function () {
+        sandbox.restore()
+    })
+
+    // jscpd:ignore-start
+    it('sets USE_IAM_AUTH=true when authMode is Iam', async function () {
+        isSageMakerStub.returns(true)
+        executeCommandStub.withArgs('sagemaker.parseCookies').resolves({ authMode: 'Iam' })
+
+        // Capture constructor arguments using sinon stub
+        let capturedOptions: any = undefined
+        const childProcessConstructorSpy = sandbox.stub().callsFake((command: string, args: string[], options: any) => {
+            capturedOptions = options
+            // Create a fake instance with the methods we need
+            const fakeInstance = {
+                run: sandbox.stub().resolves(),
+                send: sandbox.stub().resolves(),
+                proc: sandbox.stub().returns({}),
+                pid: sandbox.stub().returns(12345),
+                stop: sandbox.stub(),
+                stopped: false,
+            }
+            return fakeInstance
+        })
+
+        // Replace ChildProcess constructor
+        sandbox.replace(
+            require('../../../../shared/utilities/processUtils'),
+            'ChildProcess',
+            childProcessConstructorSpy
+        )
+
+        const serverOptions = createServerOptions({
+            encryptionKey: Buffer.from('test-key'),
+            executable: ['node'],
+            serverModule: 'test-module.js',
+            execArgv: ['--stdio'],
+        })
+
+        await serverOptions()
+
+        assert(capturedOptions, 'ChildProcess constructor should have been called')
+        assert(capturedOptions.spawnOptions, 'spawnOptions should be defined')
+        assert(capturedOptions.spawnOptions.env, 'spawnOptions.env should be defined')
+        assert.equal(capturedOptions.spawnOptions.env.USE_IAM_AUTH, 'true')
+    })
+
+    it('does not set USE_IAM_AUTH when authMode is Sso', async function () {
+        isSageMakerStub.returns(true)
+        executeCommandStub.withArgs('sagemaker.parseCookies').resolves({ authMode: 'Sso' })
+
+        // Capture constructor arguments using sinon stub
+        let capturedOptions: any = undefined
+        const childProcessConstructorSpy = sandbox.stub().callsFake((command: string, args: string[], options: any) => {
+            capturedOptions = options
+            // Create a fake instance with the methods we need
+            const fakeInstance = {
+                run: sandbox.stub().resolves(),
+                send: sandbox.stub().resolves(),
+                proc: sandbox.stub().returns({}),
+                pid: sandbox.stub().returns(12345),
+                stop: sandbox.stub(),
+                stopped: false,
+            }
+            return fakeInstance
+        })
+
+        // Replace ChildProcess constructor
+        sandbox.replace(
+            require('../../../../shared/utilities/processUtils'),
+            'ChildProcess',
+            childProcessConstructorSpy
+        )
+
+        const serverOptions = createServerOptions({
+            encryptionKey: Buffer.from('test-key'),
+            executable: ['node'],
+            serverModule: 'test-module.js',
+            execArgv: ['--stdio'],
+        })
+
+        await serverOptions()
+
+        assert(capturedOptions, 'ChildProcess constructor should have been called')
+        assert(capturedOptions.spawnOptions, 'spawnOptions should be defined')
+        assert(capturedOptions.spawnOptions.env, 'spawnOptions.env should be defined')
+        assert.equal(capturedOptions.spawnOptions.env.USE_IAM_AUTH, undefined)
+    })
+
+    it('defaults to IAM auth when parseCookies fails', async function () {
+        isSageMakerStub.returns(true)
+        isRemoteWorkspaceStub.returns(false)
+        executeCommandStub.withArgs('sagemaker.parseCookies').rejects(new Error('Command failed'))
+
+        // Capture constructor arguments using sinon stub
+        let capturedOptions: any = undefined
+        const childProcessConstructorSpy = sandbox.stub().callsFake((command: string, args: string[], options: any) => {
+            capturedOptions = options
+            // Create a fake instance with the methods we need
+            const fakeInstance = {
+                run: sandbox.stub().resolves(),
+                send: sandbox.stub().resolves(),
+                proc: sandbox.stub().returns({}),
+                pid: sandbox.stub().returns(12345),
+                stop: sandbox.stub(),
+                stopped: false,
+            }
+            return fakeInstance
+        })
+
+        // Replace ChildProcess constructor
+        sandbox.replace(
+            require('../../../../shared/utilities/processUtils'),
+            'ChildProcess',
+            childProcessConstructorSpy
+        )
+
+        const serverOptions = createServerOptions({
+            encryptionKey: Buffer.from('test-key'),
+            executable: ['node'],
+            serverModule: 'test-module.js',
+            execArgv: ['--stdio'],
+        })
+
+        await serverOptions()
+
+        assert(capturedOptions, 'ChildProcess constructor should have been called')
+        assert(capturedOptions.spawnOptions, 'spawnOptions should be defined')
+        assert(capturedOptions.spawnOptions.env, 'spawnOptions.env should be defined')
+        assert.equal(capturedOptions.spawnOptions.env.USE_IAM_AUTH, 'true')
+    })
+
+    it('does not default to IAM in remote workspace without SMUS', async function () {
+        isSageMakerStub.returns(true)
+        isRemoteWorkspaceStub.returns(true)
+        process.env.SERVICE_NAME = 'OtherService'
+        executeCommandStub.withArgs('sagemaker.parseCookies').rejects(new Error('Command failed'))
+
+        // Capture constructor arguments using sinon stub
+        let capturedOptions: any = undefined
+        const childProcessConstructorSpy = sandbox.stub().callsFake((command: string, args: string[], options: any) => {
+            capturedOptions = options
+            // Create a fake instance with the methods we need
+            const fakeInstance = {
+                run: sandbox.stub().resolves(),
+                send: sandbox.stub().resolves(),
+                proc: sandbox.stub().returns({}),
+                pid: sandbox.stub().returns(12345),
+                stop: sandbox.stub(),
+                stopped: false,
+            }
+            return fakeInstance
+        })
+
+        // Replace ChildProcess constructor
+        sandbox.replace(
+            require('../../../../shared/utilities/processUtils'),
+            'ChildProcess',
+            childProcessConstructorSpy
+        )
+
+        const serverOptions = createServerOptions({
+            encryptionKey: Buffer.from('test-key'),
+            executable: ['node'],
+            serverModule: 'test-module.js',
+            execArgv: ['--stdio'],
+        })
+
+        await serverOptions()
+
+        assert(capturedOptions, 'ChildProcess constructor should have been called')
+        assert(capturedOptions.spawnOptions, 'spawnOptions should be defined')
+        assert(capturedOptions.spawnOptions.env, 'spawnOptions.env should be defined')
+        assert.equal(capturedOptions.spawnOptions.env.USE_IAM_AUTH, undefined)
+    })
+    // jscpd:ignore-end
+})