Add assume_role credentials for bedrock#403
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9b45d627d5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
| region: z.string().min(1, "Region cannot be empty"), | ||
| auth_type: z | ||
| .enum(["iam_credentials", "api_key"]) | ||
| .enum(["iam_credentials", "api_key", "assume_role"]) |
There was a problem hiding this comment.
Adding "assume_role" to the Bedrock metadata enum makes configuration validation accept a mode that is not implemented by the runtime: all Bedrock client constructors in packages/proxy/src/providers/bedrock.ts only special-case auth_type === "api_key" and otherwise send static IAM credentials (accessKeyId/secretAccessKey/sessionToken), and the newly added external_id is never used. In practice, a secret configured with auth_type: "assume_role" will still go through the IAM-credentials branch and fail at request time instead of assuming a role.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
this is fine, we are only adding gateway support and assume_role exchanges for iam_credentials internally.
Ken Jiang (knjiang)
force-pushed
the
ken/add-assume-role-bedrock
branch
from
d09486f to
6118e90
Compare
2 participants
see main repo PR