feat(autoconnect): try up to 3 non-default profiles #2316

Useful for Cloud9 and other ECS-like envs. Example:

    2021-11-18 17:51:08 [INFO]: autoconnect: trying "profile:default"
    2021-11-18 17:51:09 [WARN]: autoconnect: failed to connect: 'profile:default'
    2021-11-18 17:51:09 [INFO]: autoconnect: trying "profile:sso-test"
    2021-11-18 17:51:09 [INFO]: autoconnect: trying "profile:foo-dev"
    2021-11-18 17:51:10 [INFO]: autoconnect: connected: 'profile:foo-dev'

Author: justinmk3

.changes/next-release/Bug Fix-24b2dcff-9177-4c02-8d75-803abbe08262.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Improve auto-connect reliability"
+}

.changes/next-release/Bug Fix-7427c4fd-dc23-4334-8da1-a18a69290772.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Toolkit appeared stuck at \"Connecting...\""
+}

src/credentials/activation.ts

@@ -34,10 +34,16 @@ export async function initialize(parameters: CredentialsInitializeParameters): P
     )
 }
 
+/**
+ * Auto-connects with the last-used credentials, else the "default" profile,
+ * else randomly tries the first three profiles (for Cloud9, ECS, or other
+ * container-like environments).
+ */
 export async function loginWithMostRecentCredentials(
     toolkitSettings: SettingsConfiguration,
     loginManager: LoginManager
 ): Promise<void> {
+    const defaultName = 'profile:default'
     const manager = CredentialsProviderManager.getInstance()
     const previousCredentialsId = toolkitSettings.readSetting<string>(profileSettingKey, '')
 
@@ -48,7 +54,7 @@ export async function loginWithMostRecentCredentials(
             getLogger().warn('autoconnect: getCredentialsProvider() lookup failed for profile: %O', asString(creds))
         } else if (provider.canAutoConnect()) {
             if (!(await loginManager.login({ passive: true, providerId: creds }))) {
-                getLogger().warn('autoconnect: failed to connect: %O', asString(creds))
+                getLogger().warn('autoconnect: failed to connect: "%s"', asString(creds))
                 return false
             }
             getLogger().info('autoconnect: connected: %O', asString(creds))
@@ -77,32 +83,44 @@ export async function loginWithMostRecentCredentials(
         if (await tryConnect(loginCredentialsId, false)) {
             return
         }
-        getLogger().warn('autoconnect: failed to login "%s"', previousCredentialsId)
+        getLogger().warn('autoconnect: login failed: "%s"', previousCredentialsId)
     }
 
     const providerMap = await manager.getCredentialProviderNames()
     const profileNames = Object.keys(providerMap)
     // Look for "default" profile or exactly one (any name).
-    const defaultProfile = profileNames.includes('profile:default')
-        ? 'profile:default'
+    const defaultProfile = profileNames.includes(defaultName)
+        ? defaultName
         : profileNames.length === 1
         ? profileNames[0]
         : undefined
 
-    if (!previousCredentialsId && !defaultProfile) {
+    if (!previousCredentialsId && profileNames.length === 0) {
         await loginManager.logout(true)
         getLogger().info('autoconnect: skipped (profileNames=%d)', profileNames.length)
         return
     }
 
-    // Auto-connect if there is a default profile.
+    // Try to auto-connect the default profile.
     if (defaultProfile) {
-        getLogger().debug('autoconnect: trying "%s"', defaultProfile)
+        getLogger().info('autoconnect: trying "%s"', defaultProfile)
         if (await tryConnect(providerMap[defaultProfile], !isCloud9())) {
             return
         }
     }
 
+    // Try to auto-connect up to 3 other profiles (useful for Cloud9, ECS, …).
+    for (let i = 0; i < 4 && i < profileNames.length; i++) {
+        const p = profileNames[i]
+        if (p === defaultName) {
+            continue
+        }
+        getLogger().info('autoconnect: trying "%s"', p)
+        if (await tryConnect(providerMap[p], !isCloud9())) {
+            return
+        }
+    }
+
     await loginManager.logout(true)
 }
 

src/credentials/loginManager.ts

@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+import { TimeoutError } from '../shared/utilities/timeoutUtils'
 import { AwsContext } from '../shared/awsContext'
 import { getAccountId } from '../shared/credentials/accountId'
 import { getLogger } from '../shared/logger'
@@ -67,8 +68,7 @@ export class LoginManager {
             telemetryResult = 'Succeeded'
             return true
         } catch (err) {
-            // TODO: don't hardcode logic using error message, have a 'type' field instead
-            if (!(err as Error).message.includes('cancel')) {
+            if (!TimeoutError.isCancelled(err)) {
                 const msg = `login: failed to connect with "${asString(args.providerId)}": ${(err as Error).message}`
                 if (!args.passive) {
                     notifyUserInvalidCredentials(args.providerId)

src/shared/utilities/timeoutUtils.ts

@@ -13,6 +13,10 @@ export class TimeoutError extends Error {
     public constructor(public readonly type: 'expired' | 'cancelled') {
         super(type === 'cancelled' ? TIMEOUT_CANCELLED_MESSAGE : TIMEOUT_EXPIRED_MESSAGE)
     }
+
+    public static isCancelled(err: any): err is TimeoutError & { type: 'cancelled' } {
+        return err instanceof TimeoutError && err.type === 'cancelled'
+    }
 }
 
 /**