search

aws / language-servers

AWS related Language Servers
Apache License 2.0
23 stars 18 forks source link

Support IAM Credential Authentication in AWS Q Developer/CodeWhisperer #262

Open twwildey opened 4 months ago

twwildey commented 4 months ago

Is your feature request related to a problem? Please describe.

The LSP server for AWS Q Developer is only supporting Bearer tokens at this time and not IAM credentials:

<-  LSP-aws-q-developer window/logMessage: {'type': 3, 'message': '[2024-05-25T03:17:58.532Z] Recommendation failure: Error: Authorization failed, bearer token is not set'}

You can see this here effectively:

  1. https://github.com/aws/language-servers/blob/c5a9b5882642b4c6ce5d59bb4815789a2636af03/app/aws-lsp-codewhisperer-binary/src/index.ts#L16
  2. https://github.com/aws/language-servers/blob/c5a9b5882642b4c6ce5d59bb4815789a2636af03/server/aws-lsp-codewhisperer/src/language-server/proxy-server.ts#L8
  3. https://github.com/aws/language-servers/blob/c5a9b5882642b4c6ce5d59bb4815789a2636af03/server/aws-lsp-codewhisperer/src/language-server/codeWhispererService.ts#L97

Describe the solution you'd like

Code search shows that nothing is actually referencing CodeWhispererServiceIAM effectively yet:

  1. https://github.com/aws/language-servers/blob/c5a9b5882642b4c6ce5d59bb4815789a2636af03/server/aws-lsp-codewhisperer/src/language-server/codeWhispererService.ts#L48C14-L48C37
    1. https://github.com/search?q=repo%3Aaws%2Flanguage-servers%20CodeWhispererServiceIAM&type=code
  2. https://github.com/aws/language-servers/blob/638b123b23905946ee68f6e403706511e62d81fb/server/aws-lsp-codewhisperer/src/language-server/codeWhispererServer.ts#L566
    1. https://github.com/search?q=repo%3Aaws%2Flanguage-servers%20CodeWhispererServerIAM&type=code

I will either need to get bearer tokens for a Builder ID, or we'll need to bridge the gap for supporting IAM-based authentication for the LSP service. As an internal employee at Amazon, it is significantly easier for me to use IAM credentials over a bearer token for a Builder ID.

viktorsaws commented 4 months ago

Hi Todd, indeed so far we didn't have example of using IAM-based Amazon Q server in this project. I've created sample configuration in this PR, it shows how to build and run it with sample VSCode extension https://github.com/aws/language-servers/pull/264

twwildey commented 4 months ago

I see that https://github.com/aws/language-servers/pull/264 was merged @viktorsaws: https://github.com/aws/language-servers/blob/main/app/aws-lsp-codewhisperer-binary/src/iam-standalone.ts

This definitely unblocks me now, but we should iterate towards an LSP server that accepts either Builder ID bearer tokens or IAM credentials without needing to switch the executable. Switching the executable is very inconvenient to any LSP plugins in Sublime Text. Should we use this GitHub issue for tracking this?