Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix AWS SSO connection with RDS using IAM #4278

Merged
merged 12 commits into from May 8, 2024
Merged

Fix AWS SSO connection with RDS using IAM #4278

merged 12 commits into from May 8, 2024

Conversation

vchikoti1998
Copy link
Contributor

@vchikoti1998 vchikoti1998 commented Apr 15, 2024
edited

Types of changes

  • [ x] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Description

When attempting to establish a connection using a new SSO profile from the config file, the absence of a generated token leads to connection problems. Implementing a fix where users will be prompted to go through the browser login flow again. This will generate the necessary token and establish the connection with the SSO profile seamlessly.

Screenshot 2024-05-07 at 4 24 59 PM

Checklist

  • My code follows the code style of this project
  • I have added tests to cover my changes
  • A short description of the change has been added to the CHANGELOG if the change is customer-facing in the IDE.
  • I have added metrics for my changes (if required)

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

@vchikoti1998 vchikoti1998 requested a review from a team as a code owner April 15, 2024 13:46
rli
rli reviewed Apr 16, 2024
View reviewed changes
...lkit/jetbrains-ultimate/tst/software/aws/toolkits/jetbrains/services/rds/auth/IamAuthTest.kt
@@ -168,7 +208,8 @@ class IamAuthTest {
hasCredentials: Boolean = true,
hasBadHost: Boolean = false,
hasSslConfig: Boolean = true,
dbmsType: Dbms = Dbms.POSTGRES
dbmsType: Dbms = Dbms.POSTGRES,
credentialId: String = this.credentialId
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new parameter is not actually used anywhere

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is being used on line number 227. It is used to store the profile name.

.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt
@@ -49,6 +58,17 @@ class IamAuth : DatabaseAuthProviderCompatabilityAdapter {

override fun createWidget(project: Project?, credentials: DatabaseCredentials, dataSource: LocalDataSource): AuthWidget? = IamAuthWidget()

inner class SsoNoTokenFix(val project: Project, val connection: ProtoConnection) : ErrorInfo.Fix {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this really need to be an inner class

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are using getAuthInformation which is not accessible without using inner class.

.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt
val simpleErrorInfo = SimpleErrorInfo(
message("rds.validation.iam_sso_connection.error_info"),
e,
listOf(SsoNoTokenFix(project, connection))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the error and fix are always the same so why do we split up the declarations

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed, we'll refactor this a bit more for the other cases -- redshift/IAM and secrets manager

.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt Show resolved Hide resolved
.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt Outdated Show resolved Hide resolved
.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt
Comment on lines +102 to +122
fun handleSsoAuthentication(project: Project, connection: ProtoConnection): ProtoConnection {
val authInformation = getAuthInformation(connection)
val profileCredentials =
CredentialManager.getInstance().getCredentialIdentifierById(authInformation.connectionSettings.credentials.id) as ProfileCredentialsIdentifierSso

val session = CredentialManager.getInstance()
.getSsoSessionIdentifiers()
.first { it.id == profileCredentials.sessionIdentifier }
val ssoConnection = ToolkitAuthManager.getInstance().getOrCreateSsoConnection(
UserConfigSsoSessionProfile(
configSessionName = profileCredentials.ssoSessionName,
ssoRegion = session.ssoRegion,
startUrl = session.startUrl,
scopes = session.scopes.toList()
)
)

reauthConnectionIfNeeded(project, ssoConnection)
return connection
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how can we reuse the existing logic instead of copy pasting it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ProfileCredentialsIdentifierSso returns a user action that performs the authentication. We are returning/throwing an error with a fix to authenticate here. Only session and ssoConnection part is common. We will have to create a separate method for that.

...lkit/jetbrains-ultimate/tst/software/aws/toolkits/jetbrains/services/rds/auth/IamAuthTest.kt Outdated Show resolved Hide resolved
...lkit/jetbrains-ultimate/tst/software/aws/toolkits/jetbrains/services/rds/auth/IamAuthTest.kt Outdated Show resolved Hide resolved
.changes/next-release/bugfix-7d06545e-eb51-4a84-9333-96a7add7e78c.json Outdated Show resolved Hide resolved
@vchikoti1998 vchikoti1998 mentioned this pull request Apr 22, 2024
Closed
rli
rli approved these changes May 7, 2024
View reviewed changes
.../toolkit/jetbrains-ultimate/src/software/aws/toolkits/jetbrains/services/rds/auth/IamAuth.kt
val simpleErrorInfo = SimpleErrorInfo(
message("rds.validation.iam_sso_connection.error_info"),
e,
listOf(SsoNoTokenFix(project, connection))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed, we'll refactor this a bit more for the other cases -- redshift/IAM and secrets manager

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 8, 2024

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@vchikoti1998 vchikoti1998 merged commit 856260c into main May 8, 2024
18 of 19 checks passed
@vchikoti1998 vchikoti1998 deleted the vchikoti/rds-connection-with-iam branch May 8, 2024 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rli rli rli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vchikoti1998 @rli