cx-32 add last login event feed

[agustin-conductor]

Adds event feed to get the Identity Center Users (sso_user) last login information.

This requires:
NEW PERMISSION

 {
            "Sid": "EventFeedPermissions",
            "Effect": "Allow",
            "Action": [
                "cloudtrail:LookupEvents"
            ],
            "Resource": "*"
},

Pre-requisite:
AWS account with CloudTrail setup to log events.

Summary by CodeRabbit

• New Features

  • Added support for syncing AWS SSO user last login times from CloudTrail via a new configuration option ("Sync SSO User Last Login").
  • Enabled conditional event feed for SSO login events when the feature is activated.

• Dependencies

  • Updated AWS SDK Go v2 and related libraries to v1.41.1+ to support CloudTrail integration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[linear]

CX-32 AWS: add last login for Identity Center users

[coderabbitai]

Walkthrough

Adds CloudTrail-based AWS SSO user last-login event feed functionality. Introduces configuration flag to enable CloudTrail integration, creates CloudTrail client when enabled, and implements paginated event feed for parsing AWS SSO login events from CloudTrail logs.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Bumps aws-sdk-go-v2 from v1.36.3 to v1.41.1, adds cloudtrail service dependency v1.55.5, updates smithy-go and internal AWS SDK dependencies.
Configuration Schema pkg/config/conf.gen.go, pkg/config/config.go	Introduces new SyncSSOUserLastLogin boolean configuration field with mapstructure tag support; modifies GetString to handle []byte conversion and tag-based field lookup.
Connector Integration pkg/connector/connector.go	Adds CloudTrail client field and flag to AWS struct; wires SyncSSOUserLastLogin config through initialization; implements EventFeeds() method to conditionally return SSO login event feed when flag is enabled and client is available; defers CloudTrail client creation to SetupClients.
Event Feed Implementation pkg/connector/events_last_login.go	New file providing complete SSO login event feed: includes pagination token handling (LatestEventSeen, NextPageToken, StartAt), CloudTrail event struct with JSON unmarshaling, ListEvents() implementation with time windowing and event filtering for sso.amazonaws.com Federate/Authenticate events, and user identity extraction from OnBehalfOf field.

Sequence Diagram(s)

sequenceDiagram
    actor Admin
    participant Config as Configuration
    participant Connector as AWS Connector
    participant Setup as SetupClients
    participant CloudTrail as CloudTrail Client
    participant EventFeed as Event Feed
    participant API as CloudTrail API

    Admin->>Config: Enable SyncSSOUserLastLogin flag
    Config->>Connector: New(ctx, config)
    Connector->>Connector: Set syncSSOUserLastLogin from config
    Connector->>Setup: SetupClients(ctx)
    alt SyncSSOUserLastLogin enabled
        Setup->>CloudTrail: Initialize cloudtrail.NewFromConfig()
        CloudTrail-->>Setup: Client ready
        Setup->>Connector: Store cloudTrailClient
    end
    
    Admin->>Connector: EventFeeds(ctx)
    alt Flag enabled && Client exists
        Connector->>EventFeed: newSSOLoginEventFeed(cloudTrailClient, region)
        EventFeed-->>Connector: Return feed
        Connector-->>Admin: []EventFeed
    else
        Connector-->>Admin: nil
    end
    
    Admin->>EventFeed: ListEvents(ctx, startAt, pageToken)
    EventFeed->>EventFeed: Decode pagination token
    EventFeed->>EventFeed: Compute time window
    EventFeed->>API: LookupEvents(CloudTrailInput)
    API-->>EventFeed: CloudTrail events
    EventFeed->>EventFeed: Parse JSON payloads<br/>Filter Federate/Authenticate<br/>Extract user identity
    EventFeed-->>Admin: []*v2.Event, StreamState

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A trail through the clouds we now traverse,
CloudTrail events, no longer inverse!
SSO logins tracked with care,
Pagination flows with flair—
Last login times, we declare! ☁️

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'cx-32 add last login event feed' directly describes the main change: adding a new event feed for last login information, which is the primary focus across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}