From e293ff63f9ac554037c8ac5b0cf379cadce26102 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Fri, 13 Sep 2024 08:53:50 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=AA=A8=20feat:=20AWS=20Bedrock=20Default?= =?UTF-8?q?=20Credentials=20Chain=20(#4038)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: use AWS cascading default providers if credentials are omitted Environment variables exposed via process.env SSO credentials from token cache Web identity token credentials Shared credentials and config ini files The EC2/ECS Instance Metadata Service The default credential provider will invoke one provider at a time and only continue to the next if no credentials have been located. For example, if the process finds values defined via the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, the files at ~/.aws/credentials and ~/.aws/config will not be read, nor will any messages be sent to the Instance Metadata Service. * fix: usage check in OpenAIClient * refactor: Improve usage check in OpenAIClient --- api/app/clients/OpenAIClient.js | 2 ++ api/server/services/Config/EndpointService.js | 4 +++- api/server/services/Endpoints/bedrock/options.js | 10 +++++++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/api/app/clients/OpenAIClient.js b/api/app/clients/OpenAIClient.js index 789bf9915e..405465a61e 100644 --- a/api/app/clients/OpenAIClient.js +++ b/api/app/clients/OpenAIClient.js @@ -914,7 +914,9 @@ ${convo} */ getStreamUsage() { if ( + this.usage && typeof this.usage === 'object' && + 'completion_tokens_details' in this.usage && typeof this.usage.completion_tokens_details === 'object' ) { const outputTokens = Math.abs( diff --git a/api/server/services/Config/EndpointService.js b/api/server/services/Config/EndpointService.js index 485c99f373..56768905b8 100644 --- a/api/server/services/Config/EndpointService.js +++ b/api/server/services/Config/EndpointService.js @@ -45,7 +45,9 @@ module.exports = { AZURE_ASSISTANTS_BASE_URL, EModelEndpoint.azureAssistants, ), - [EModelEndpoint.bedrock]: generateConfig(process.env.BEDROCK_AWS_SECRET_ACCESS_KEY), + [EModelEndpoint.bedrock]: generateConfig( + process.env.BEDROCK_AWS_SECRET_ACCESS_KEY ?? process.env.BEDROCK_AWS_DEFAULT_REGION, + ), /* key will be part of separate config */ [EModelEndpoint.agents]: generateConfig(process.env.I_AM_A_TEAPOT), }, diff --git a/api/server/services/Endpoints/bedrock/options.js b/api/server/services/Endpoints/bedrock/options.js index 0839d033ce..d3a33fee3c 100644 --- a/api/server/services/Endpoints/bedrock/options.js +++ b/api/server/services/Endpoints/bedrock/options.js @@ -19,7 +19,7 @@ const getOptions = async ({ req, endpointOption }) => { const expiresAt = req.body.key; const isUserProvided = BEDROCK_AWS_SECRET_ACCESS_KEY === AuthType.USER_PROVIDED; - const credentials = isUserProvided + let credentials = isUserProvided ? await getUserKey({ userId: req.user.id, name: EModelEndpoint.bedrock }) : { accessKeyId: BEDROCK_AWS_ACCESS_KEY_ID, @@ -30,6 +30,14 @@ const getOptions = async ({ req, endpointOption }) => { throw new Error('Bedrock credentials not provided. Please provide them again.'); } + if ( + !isUserProvided && + (credentials.accessKeyId === undefined || credentials.accessKeyId === '') && + (credentials.secretAccessKey === undefined || credentials.secretAccessKey === '') + ) { + credentials = undefined; + } + if (expiresAt && isUserProvided) { checkUserKeyExpiry(expiresAt, EModelEndpoint.bedrock); }