in plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/gettingstarted/SetupAuthenticationDialog.kt [249:388]
public override fun doOKAction() {
if (!okAction.isEnabled) {
return
}
applyFields()
val scopes = if (promptForIdcPermissionSet) {
(scopes + IDENTITY_CENTER_ROLE_ACCESS_SCOPE).toSet().toList()
} else {
scopes
}
when (selectedTab()) {
SetupAuthenticationTabs.IDENTITY_CENTER -> {
authType = CredentialSourceId.IamIdentityCenter
val profileName = state.idcTabState.profileName
// we have this check here so we blow up early if user has an invalid config file
try {
configFilesFacade.readSsoSessions()
} catch (e: Exception) {
handleConfigFacadeError(e)
return
}
val profile = UserConfigSsoSessionProfile(
configSessionName = profileName,
ssoRegion = state.idcTabState.region.id,
startUrl = state.idcTabState.startUrl,
scopes = scopes
)
val connection = authAndUpdateConfig(project, profile, configFilesFacade, {}, {}) { e ->
Messages.showErrorDialog(project, e.message, title)
Telemetry.auth.addConnection.use {
it.source(getSourceOfEntry(sourceOfEntry, isFirstInstance, connectionInitiatedFromExplorer, connectionInitiatedFromQChatPanel))
.featureId(featureId)
.credentialSourceId(CredentialSourceId.IamIdentityCenter)
.isAggregated(false)
.attempts(++attempts)
.result(MetricResult.Failed)
.reason("ConnectionUnsuccessful")
.isReAuth(false)
}
} ?: return
if (!promptForIdcPermissionSet) {
ToolkitConnectionManager.getInstance(project).switchConnection(connection)
close(OK_EXIT_CODE)
return
}
val tokenProvider = connection.getConnectionSettings().tokenProvider
val rolePopup = IdcRolePopup(
project,
state.idcTabState.region.id,
profileName,
tokenProvider,
state.idcTabState.rolePopupState,
configFilesFacade = configFilesFacade
)
if (!rolePopup.showAndGet()) {
// don't close window if role is needed but was not confirmed
return
}
}
SetupAuthenticationTabs.BUILDER_ID -> {
authType = CredentialSourceId.AwsId
loginSso(project, SONO_URL, SONO_REGION, scopes)
}
SetupAuthenticationTabs.IAM_LONG_LIVED -> {
authType = CredentialSourceId.SharedCredentials
val profileName = state.iamTabState.profileName
val existingProfiles = try {
configFilesFacade.readAllProfiles()
} catch (e: Exception) {
handleConfigFacadeError(e)
return
}
if (existingProfiles.containsKey(profileName)) {
Messages.showErrorDialog(project, AwsCoreBundle.message("gettingstarted.setup.iam.profile.exists", profileName), title)
Telemetry.auth.addConnection.use {
it.source(getSourceOfEntry(sourceOfEntry, isFirstInstance, connectionInitiatedFromExplorer))
.featureId(featureId)
.credentialSourceId(CredentialSourceId.SharedCredentials)
.isAggregated(false)
.attempts(++attempts)
.result(MetricResult.Failed)
.reason("DuplicateProfileName")
.isReAuth(false)
}
return
}
val callerIdentity = tryOrNull {
runUnderProgressIfNeeded(project, AwsCoreBundle.message("settings.states.validating.short"), cancelable = true) {
AwsClientManager.getInstance().createUnmanagedClient<StsClient>(
StaticCredentialsProvider.create(AwsBasicCredentials.create(state.iamTabState.accessKey, state.iamTabState.secretKey)),
Region.AWS_GLOBAL
).use { client ->
client.getCallerIdentity()
}
}
}
if (callerIdentity == null) {
Messages.showErrorDialog(project, AwsCoreBundle.message("gettingstarted.setup.iam.profile.invalid_credentials"), title)
Telemetry.auth.addConnection.use {
it.source(getSourceOfEntry(sourceOfEntry, isFirstInstance, connectionInitiatedFromExplorer))
.featureId(featureId)
.credentialSourceId(CredentialSourceId.SharedCredentials)
.isAggregated(false)
.attempts(++attempts)
.result(MetricResult.Failed)
.reason("InvalidCredentials")
.isReAuth(false)
}
return
}
val profile = Profile.builder()
.name(profileName)
.properties(
mapOf(
"aws_access_key_id" to state.iamTabState.accessKey,
"aws_secret_access_key" to state.iamTabState.secretKey
)
)
.build()
configFilesFacade.appendProfileToCredentials(profile)
}
}
close(OK_EXIT_CODE)
}