Merge master into feature/ui-e2e-tests

package.json

@@ -42,7 +42,7 @@
         "scan-licenses": "ts-node ./scripts/scan-licenses.ts"
     },
     "devDependencies": {
-        "@aws-toolkits/telemetry": "^1.0.338",
+        "@aws-toolkits/telemetry": "^1.0.341",
         "@playwright/browser-chromium": "^1.43.1",
         "@stylistic/eslint-plugin": "^2.11.0",
         "@types/he": "^1.2.3",

packages/core/package.json

@@ -617,7 +617,7 @@
         "@aws-sdk/credential-provider-env": "<3.731.0",
         "@aws-sdk/credential-provider-process": "<3.731.0",
         "@aws-sdk/credential-provider-sso": "<3.731.0",
-        "@aws-sdk/credential-providers": "<3.731.0",
+        "@aws-sdk/credential-providers": "^3.936.0",
         "@aws-sdk/lib-storage": "<3.731.0",
         "@aws-sdk/property-provider": "<3.731.0",
         "@aws-sdk/protocol-http": "<3.731.0",

packages/core/package.nls.json

@@ -115,6 +115,7 @@
     "AWS.command.refreshappBuilderExplorer": "Refresh Application Builder Explorer",
     "AWS.command.applicationComposer.openDialog": "Open Template with Infrastructure Composer...",
     "AWS.command.auth.addConnection": "Add New Connection",
+    "AWS.command.auth.consoleLogin": "Login with console credentials (Recommended)",
     "AWS.command.auth.showConnectionsPage": "Add New Connection",
     "AWS.command.auth.switchConnections": "Switch Connections",
     "AWS.command.auth.signout": "Sign Out",

packages/core/src/auth/credentials/types.ts

@@ -10,6 +10,7 @@ export const SharedCredentialsKeys = {
     AWS_ACCESS_KEY_ID: 'aws_access_key_id',
     AWS_SECRET_ACCESS_KEY: 'aws_secret_access_key',
     AWS_SESSION_TOKEN: 'aws_session_token',
+    CONSOLE_SESSION: 'login_session',
     CREDENTIAL_PROCESS: 'credential_process',
     CREDENTIAL_SOURCE: 'credential_source',
     ENDPOINT_URL: 'endpoint_url',

packages/core/src/auth/providers/sharedCredentialsProvider.ts

@@ -3,7 +3,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+import * as vscode from 'vscode'
 import * as AWS from '@aws-sdk/types'
+import { fromLoginCredentials } from '@aws-sdk/credential-providers'
 import { fromProcess } from '@aws-sdk/credential-provider-process'
 import { ParsedIniData } from '@smithy/types'
 import { chain } from '@aws-sdk/property-provider'
@@ -87,6 +89,8 @@ export class SharedCredentialsProvider implements CredentialsProvider {
     public getTelemetryType(): CredentialType {
         if (hasProps(this.profile, SharedCredentialsKeys.SSO_START_URL)) {
             return 'ssoProfile'
+        } else if (hasProps(this.profile, SharedCredentialsKeys.CONSOLE_SESSION)) {
+            return 'consoleSessionProfile'
         } else if (this.isCredentialSource(credentialSources.EC2_INSTANCE_METADATA)) {
             return 'ec2Metadata'
         } else if (this.isCredentialSource(credentialSources.ECS_CONTAINER)) {
@@ -199,6 +203,8 @@ export class SharedCredentialsProvider implements CredentialsProvider {
             )
         } else if (isSsoProfile(this.profile)) {
             return undefined
+        } else if (hasProps(this.profile, SharedCredentialsKeys.CONSOLE_SESSION)) {
+            return undefined
         } else {
             return 'not supported by the Toolkit'
         }
@@ -349,6 +355,14 @@ export class SharedCredentialsProvider implements CredentialsProvider {
             return this.makeSsoCredentaislProvider()
         }
 
+        if (hasProps(this.profile, SharedCredentialsKeys.CONSOLE_SESSION)) {
+            logger.verbose(
+                `Profile ${this.profileName} contains ${SharedCredentialsKeys.CONSOLE_SESSION} - treating as Console Credentials`
+            )
+
+            return this.makeConsoleSessionCredentialsProvider()
+        }
+
         logger.error(`Profile ${this.profileName} did not contain any supported properties`)
         throw new Error(`Shared Credentials profile ${this.profileName} is not supported`)
     }
@@ -381,6 +395,76 @@ export class SharedCredentialsProvider implements CredentialsProvider {
         }
     }
 
+    private makeConsoleSessionCredentialsProvider() {
+        const defaultRegion = this.getDefaultRegion() ?? 'us-east-1'
+        const baseProvider = fromLoginCredentials({
+            profile: this.profileName,
+            clientConfig: {
+                region: defaultRegion,
+            },
+        })
+        return async () => {
+            try {
+                return await baseProvider()
+            } catch (error) {
+                getLogger().error(
+                    'Console login authentication failed for profile %s in region %s: %O',
+                    this.profileName,
+                    defaultRegion,
+                    error
+                )
+
+                if (
+                    error instanceof Error &&
+                    (error.message.includes('Your session has expired') ||
+                        error.message.includes('Failed to load a token for session') ||
+                        error.message.includes('Failed to load token from'))
+                ) {
+                    // Ask for user confirmation before refreshing
+                    const response = await vscode.window.showInformationMessage(
+                        `Unable to use your console credentials for profile "${this.profileName}". Would you like to refresh it?`,
+                        'Refresh',
+                        'Cancel'
+                    )
+
+                    if (response !== 'Refresh') {
+                        throw ToolkitError.chain(error, 'User cancelled console credentials token refresh.', {
+                            code: 'LoginSessionRefreshCancelled',
+                            cancelled: true,
+                        })
+                    }
+
+                    getLogger().info('Re-authenticating using console credentials for profile %s', this.profileName)
+                    // Execute the console login command with the existing profile and region
+                    try {
+                        await vscode.commands.executeCommand(
+                            'aws.toolkit.auth.consoleLogin',
+                            this.profileName,
+                            defaultRegion
+                        )
+                    } catch (reAuthError) {
+                        throw ToolkitError.chain(
+                            reAuthError,
+                            `Failed to refresh credentials for profile ${this.profileName}. Run 'aws login --profile ${this.profileName}' to authenticate.`,
+                            { code: 'LoginSessionReAuthError' }
+                        )
+                    }
+
+                    getLogger().info(
+                        'Authentication completed for profile %s, refreshing credentials...',
+                        this.profileName
+                    )
+
+                    // Use the same provider instance but get fresh credentials
+                    return await baseProvider()
+                }
+                throw ToolkitError.chain(error, `Failed to get console credentials`, {
+                    code: 'FromLoginCredentialProviderError',
+                })
+            }
+        }
+    }
+
     private makeSharedIniFileCredentialsProvider(loadedCreds?: ParsedIniData): AWS.CredentialProvider {
         // Our credentials logic merges profiles from the credentials and config files but SDK v3 does not
         // This can cause odd behavior where the Toolkit can switch to a profile but not authenticate with it

packages/core/src/awsService/cloudformation/consoleLinksUtils.ts

@@ -2,6 +2,9 @@
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
+
+import { parse } from '@aws-sdk/util-arn-parser'
+
 export function arnToConsoleUrl(arn: string): string {
     return `https://console.aws.amazon.com/go/view?arn=${encodeURIComponent(arn)}`
 }
@@ -11,6 +14,15 @@ export function arnToConsoleTabUrl(arn: string, tab: 'resources' | 'events' | 'o
     return `https://${region}.console.aws.amazon.com/cloudformation/home?region=${region}#/stacks/${tab}?stackId=${encodeURIComponent(arn)}`
 }
 
+export function operationIdToConsoleUrl(arn: string, operationId: string): string | undefined {
+    try {
+        const region = parse(arn).region
+        return `https://${region}.console.aws.amazon.com/cloudformation/home?region=${region}#/stacks/operations/info?stackId=${encodeURIComponent(arn)}&operationId=${operationId}`
+    } catch {
+        return undefined
+    }
+}
+
 // Reference link - https://cloudscape.design/foundation/visual-foundation/iconography/ - icon name: external
 export function externalLinkSvg(): string {
     return `<svg width="14" height="14" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M4 12.0117H11.0098V14.0117H3C2.44772 14.0117 2 13.564 2 13.0117V5.01172H4V12.0117Z"/><path d="M13 2.01172C13.5523 2.01172 14 2.45943 14 3.01172V9.01172H12V5.43066L7.70605 9.71777L6.29395 8.30273L10.5908 4.01172H7V2.01172H13Z"/></svg>`

packages/core/src/awsService/cloudformation/lsp-server/lspInstaller.ts

@@ -73,7 +73,8 @@ export class CfnLspInstaller extends BaseLspInstaller {
                         throw error
                     }
                 },
-            } as any
+            } as any,
+            'sha256'
         )
     }