Skip to content

feat: add IAM credentials authentication #1981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

feat: add IAM credentials authentication #1981

wants to merge 9 commits into from

Conversation

@liramon1
Copy link

@liramon1 liramon1 commented Jul 24, 2025
edited
Loading

The identity LSP was changed to load and save IAM profile kinds.

Problem

Flare only provides bare-bones support for IAM credentials. While language clients can provide their IAM credentials to the Flare credentials provider, they must manage IAM credentials themselves. This adds code duplication and complexity to each IDE extension.

Furthermore, the agentic bundle for the CodeWhisperer LSP only supports SSO. If language clients want it to consume IAM credentials, they must start a completely separate bundle which includes the IAM implementation of the CodeWhisperer LSP. This prevents clients from seamlessly switching authentication methods at runtime.

Solution

This feature is split into multiple PRs (in order):
Identity LSP:

  1. feat(identity): add support for IAM profile management #1845
  2. feat(identity): add support for retrieving IAM user credentials #1869
  3. feat(identity): add STS credential management #1846
  4. feat: add IAM credentials discovery from process, metadata, and env #2004
  5. feat: add telemetry to IAM credentials management #2020
  6. feat: add shared config file watcher #2021

CodeWhisperer LSP:

  1. refactor(amazonq): split CodeWhispererService into multiple files #1974
  2. feat(amazonq): add token methods to codewhisperer clients #1958
  3. refactor(amazonq): combine IAM and SSO implementations of AmazonQServiceManager #1984
  4. refactor(amazonq): change AmazonQServiceManager references #1960

Each PR will be merged into liramon/flare-iam-base, which will be merged into branch main at the end.

These changes allows the identity LSP to load and save IAM credentials to the shared config, generate temporary credentials from STS AssumeRole, and cache/invalidate/refresh temporary credentials. This PR also contains a refactor of the CodeWhisperer LSP to switch between consuming IAM and bearer credentials at runtime.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@liramon1 liramon1 requested a review from a team as a code owner July 24, 2025 22:48
@liramon1 liramon1 marked this pull request as draft July 24, 2025 22:48
@codecov-commenter
Copy link

codecov-commenter commented Jul 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 79.65116% with 315 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.39%. Comparing base (89ae720) to head (854f6e0).

Files with missing lines Patch % Lines
...ed/codeWhispererService/codeWhispererServiceIAM.ts 58.70% 83 Missing ⚠️
server/aws-lsp-identity/src/iam/utils.ts 59.39% 54 Missing ⚠️
...lsp-identity/src/language-server/identityServer.ts 0.00% 44 Missing ⚠️
server/aws-lsp-identity/src/iam/iamProvider.ts 82.06% 39 Missing and 1 partial ⚠️
...erver/aws-lsp-identity/src/sts/stsAutoRefresher.ts 69.04% 26 Missing ⚠️
...s-lsp-identity/src/sts/cache/fileSystemStsCache.ts 88.23% 15 Missing and 1 partial ⚠️
...d/codeWhispererService/codeWhispererServiceBase.ts 94.14% 12 Missing ⚠️
.../codeWhispererService/codeWhispererServiceToken.ts 80.64% 12 Missing ⚠️
...codewhisperer/src/shared/streamingClientService.ts 58.33% 10 Missing ⚠️
...sp-identity/src/language-server/identityService.ts 94.11% 9 Missing ⚠️
... and 3 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1981      +/-   ##
==========================================
+ Coverage   60.99%   61.39%   +0.40%     
==========================================
  Files         239      247       +8     
  Lines       52533    53743    +1210     
  Branches     3174     3271      +97     
==========================================
+ Hits        32041    32998     +957     
- Misses      20431    20682     +251     
- Partials       61       63       +2
Flag Coverage Δ
unittests 61.39% <79.65%> (+0.40%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@liramon1 liramon1 force-pushed the liramon/flare-iam-base branch 4 times, most recently from 4f5fc2d to d093e42 Compare July 25, 2025 18:10
This was referenced Jul 28, 2025
Merged
Merged
Merged
Merged
Merged
Open
Open
@liramon1 liramon1 force-pushed the liramon/flare-iam-base branch 3 times, most recently from 82eeaf9 to e96e1c1 Compare July 28, 2025 20:07
@liramon1 liramon1 mentioned this pull request Jul 29, 2025
Merged
@liramon1 liramon1 force-pushed the liramon/flare-iam-base branch 4 times, most recently from 776a609 to 8f1c33a Compare July 31, 2025 14:00
This was referenced Jul 31, 2025
Merged
Merged
@liramon1 liramon1 force-pushed the liramon/flare-iam-base branch from 24d84ef to b62b302 Compare August 1, 2025 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liramon1 @codecov-commenter