Added notification when starting up to an invalid credential, or when selecting an invalid credential

[awschristou]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Description

Added STS getCallerIdentity validation

• If user tries to switch to a credential profile that is not valid:
  • they get a notification indicating the credential appears invalid
  • the credential profile is not changed
• If toolkit starts up and the previously used profile is not valid:
  • they get a notification indicating the credential appears invalid
  • the toolkit's active credential profile is not set

Motivation and Context

• reduce the amount of downstream errors due to invalid credentials
• inform users that something does not seem right and requires action

Related Issue(s)

#578

Testing

• Unit Tests
• Loading toolkit and switching to an invalid credential
• Exiting toolkit on a valid credential profile, then making that profile invalid locally, then restarting toolkit

Screenshots (if appropriate)

Checklist

• I have read the README document
• I have read the CONTRIBUTING document
• Local run of gradlew check succeeds
• My code follows the code style of this project
• I have added tests to cover my changes
• All new and existing tests passed
• A short description of the change has been added to the CHANGELOG

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-io]

Codecov Report

Merging #635 into master will decrease coverage by 6.77%.
The diff coverage is 49.01%.

@@             Coverage Diff             @@
##             master    #635      +/-   ##
===========================================
- Coverage     52.07%   45.3%   -6.78%     
+ Complexity      486     446      -40     
===========================================
  Files           138     138              
  Lines          4280    4322      +42     
  Branches        623     629       +6     
===========================================
- Hits           2229    1958     -271     
- Misses         1800    2136     +336     
+ Partials        251     228      -23

Flag	Coverage Δ	Complexity Δ
#integtest	?	?
#unittest	45.3% <49.01%> (-0.08%)	446 <0> (ø)

Impacted Files	Coverage Δ	Complexity Δ
...ftware/aws/toolkits/core/credentials/AwsProfile.kt	83.16% <ø> (ø)	0 <0> (ø)	⬇️
...its/core/credentials/ToolkitCredentialsProvider.kt	32% <0%> (-18%)	3 <0> (ø)
...re/aws/toolkits/jetbrains/core/AwsSettingsPanel.kt	42.85% <0%> (-3.03%)	3 <0> (ø)
...its/jetbrains/core/credentials/CredentialWriter.kt	77.61% <100%> (+0.33%)	0 <0> (ø)	⬇️
.../aws/toolkits/jetbrains/utils/NotificationUtils.kt	23.68% <56.25%> (-1.32%)	0 <0> (ø)
.../core/credentials/ProjectAccountSettingsManager.kt	94.44% <83.33%> (-3.77%)	0 <0> (ø)
...e/src/software/aws/toolkits/core/s3/BucketUtils.kt	0% <0%> (-100%)	0% <0%> (ø)
...s/ui/wizard/java/SamInitRuntimeSelectionPanel.java	0% <0%> (-94.24%)	0% <0%> (-12%)
...ns/services/lambda/python/PythonSamDebugSupport.kt	0% <0%> (-92.11%)	0% <0%> (-3%)
...s/services/lambda/execution/sam/SamRunningState.kt	5.66% <0%> (-88.68%)	2% <0%> (-10%)
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 13887cb...ac706de. Read the comment docs.

[zhangzhx]

Can we remove the parameter and just use AwsSdkClient.getInstance().sdkHttpClient? I don't see the reason for using other SDK client.

[awschristou]

This is in core, which doesn't have a reference to jetbrains-core, where AwsSdkClient resides

[zhangzhx]

Ah, gotcha

[zhangzhx]

I think it would be better to just add this Action to the notification using Notification.addAction. That way, you don't need the listener.

[zhangzhx]

We can use NotificationAction as a wrapper of the CreateOrUpdateCredentialProfilesAction

[zhangzhx]

Do we need to provide a title for this info?

[awschristou]

I don't feel that it is necessary

[zhangzhx]

From this message, it's not clear to tell what the credentials are, although it could be inferred from the context. Maybe we should change the credentials to AWS credentials to be more clear?

[abrooksv]

AWS credential

[awschristou]

How about After modifying AWS credentials, you will need to restart the IDE for the toolkit to use your changes. ?

[abrooksv]

This will trigger MFA for loading of certain UIs that dont need it yet such as editing a run config

[awschristou]

Does my change trigger MFA where the existing code does not?

[abrooksv]

This also triggers MFA on IDE start...maybe thats okay?

[zhangzhx]

Minor: can we move these to the util file as well, so that all the notify warn can share the same behavior.