fix(toolkit): Merge from main#8536
Merged
ashishrp-aws merged 5 commits intoaws:feature/toolkitOnlyfrom Jan 28, 2026
Merged
Conversation
## Problem - workspace connection is currently failing via presigned url due to change of attributes ## Solution - reverting change and using eks cluster attr for hostname ## Testing - updated unit tests - tested locally with new vsix --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…aws#8514) ## Problem Console session credentials fail to work properly in two scenarios: 1. After token refresh or profile overwrite: Users encounter "Your session has expired" errors even after successfully running aws login, requiring manual VS Code restart without clear guidance (reported in aws#8488) 2. Immediate connection use after CLI login: When users try to use a connection immediately after aws login completes, the credential provider was created before the CLI wrote the new login session to disk, causing authentication failures ## Solution - Enhanced makeConsoleSessionCredentialsProvider() to detect stale credential scenarios and prompt for window reload <img width="1409" height="939" alt="final-2-after-succeeds" src="https://github.com/user-attachments/assets/2c0b77be-ea10-4a41-9642-29d637a03110" /> - Added user-friendly messages showing identity ARN after successful login <img width="1408" height="941" alt="final-1-before-retry" src="https://github.com/user-attachments/assets/841721be-525d-4853-8d7a-b49f7d97c272" /> - Improved inline documentation explaining AWS CLI vs SDK credential handling differences - Added handling for does not contain login_session error when provider is created too early - Removed try-catch wrapper when verifying that connection exists after CLI succeeds ## Tradeoffs Reloading the VS Code window is a heavier UX, but it is the only deterministic way to fully reinitialize credential providers and avoid using stale credentials. Reloading guarantees that all in0memory credential providers, Auth state, and AWS SDK clients are fully reinitialized. This avoids subtle, hard-to-debug states where credentials appear refreshed on disk but stale credentials are still used at runtime. The reload is user-initiated via confirmation, not automatic. For future direction, this needs a supported Auth/provider reset mechanism to refresh credentials without requiring a window reload. ## Testing 1. Run `npm run compile` to verify build. 2. Run `npm run package`. Manual verification of end-to-end flow - Verified token refresh flow prompts for reload and works after reload - Tested immediate connection use after aws login triggers appropriate reload prompt - Confirmed profile overwrite scenarios handle credential refresh correctly --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260122 into main. MCM-XXX --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem
After updating AWS CLI for console credentials, the success message
didn't show users which AWS CLI installation the Toolkit was actually
using. This made it unclear whether the update was successful or if
multiple CLI installations existed on the system.
This is particularly problematic for users who encountered repeated
update prompts during console credentials authentication, as they can't
verify if the correct CLI version is being used.
## Solution
- Added child process execution to run the OS-specific command (which on
Unix/macOS, where on Windows) after CLI update
- Retrieved the actual AWS CLI path that the Toolkit uses for console
credentials
- Updated the success message to display: 'AWS CLI updated successfully
to "{path}"'
This helps users immediately verify the CLI installation location and
confirms which CLI binary the Toolkit will use for console login.
### Notes
We make a display message clearer that this is about what the Toolkit
will be used going forward, not necessarily what the installer was just
installed. This helps distinguish between:
- What the installer just updated/installed
- What the Toolkit will actually use (which could be a different
installation if multiple exist)
<img width="1197" height="800" alt="cli-1-detect-need-to-update"
src="https://github.com/user-attachments/assets/f728cec2-7428-4b86-9b65-a06007a248da"
/>
<img width="1199" height="795" alt="cli-2-installer-proceeds"
src="https://github.com/user-attachments/assets/792438b6-9fae-49e7-bbd1-8c52d4a7f414"
/>
<img width="1197" height="799" alt="cli-3-show-path-in-message"
src="https://github.com/user-attachments/assets/3bf6957f-f13f-4c33-a5e3-c0515a0e173c"
/>
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
---------
Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
chungjac
approved these changes
Jan 27, 2026
Will-ShaoHua
approved these changes
Jan 27, 2026
laileni-aws
force-pushed
the
feature/toolkitOnly
branch
from
d5ca9c5 to
afddd9d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Solution
feature/xbranches will not be squash-merged at release time.