From 21850fe639f831c1d33de3961b4a60af1b935669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Stormacq?= Date: Fri, 8 Aug 2025 13:39:40 +0200 Subject: [PATCH 1/3] fix api keys errors introduced by latest AWS SDK --- Package.swift | 8 ++++---- Sources/BedrockAuthentication.swift | 2 +- Sources/BedrockService.swift | 11 +---------- Sources/Protocols/BedrockConfigProtocol.swift | 2 +- Tests/AuthenticationTests.swift | 4 ++-- 5 files changed, 9 insertions(+), 18 deletions(-) diff --git a/Package.swift b/Package.swift index 65ad1734..b68b61d5 100644 --- a/Package.swift +++ b/Package.swift @@ -11,10 +11,10 @@ let package = Package( ], dependencies: [ .package(url: "https://github.com/apple/swift-argument-parser.git", from: "1.6.1"), - .package(url: "https://github.com/awslabs/aws-sdk-swift", from: "1.3.50"), - .package(url: "https://github.com/smithy-lang/smithy-swift", from: "0.145.0"), - .package(url: "https://github.com/apple/swift-log.git", from: "1.6.3"), - .package(url: "https://github.com/awslabs/aws-crt-swift", from: "0.52.0"), + .package(url: "https://github.com/awslabs/aws-sdk-swift", from: "1.5.16"), + .package(url: "https://github.com/smithy-lang/smithy-swift", from: "0.152.0"), + .package(url: "https://github.com/apple/swift-log.git", from: "1.6.4"), + .package(url: "https://github.com/awslabs/aws-crt-swift", from: "0.52.1"), ], targets: [ .target( diff --git a/Sources/BedrockAuthentication.swift b/Sources/BedrockAuthentication.swift index 21a40677..fb9f267b 100644 --- a/Sources/BedrockAuthentication.swift +++ b/Sources/BedrockAuthentication.swift @@ -66,7 +66,7 @@ public enum BedrockAuthentication: Sendable, CustomStringConvertible { case .default, .apiKey(_): return nil //TODO should we throw an error when apiKey is used ? case .profile(let profileName): - return try? ProfileAWSCredentialIdentityResolver(profileName: profileName) + return ProfileAWSCredentialIdentityResolver(profileName: profileName) case .sso(let profileName): return try? SSOAWSCredentialIdentityResolver(profileName: profileName) case .webIdentity(let token, let roleARN, let region, let notification): diff --git a/Sources/BedrockService.swift b/Sources/BedrockService.swift index 7011dd20..a85fd7bd 100644 --- a/Sources/BedrockService.swift +++ b/Sources/BedrockService.swift @@ -176,18 +176,9 @@ public struct BedrockService: Sendable { // support API keys if case .apiKey(_) = authentication { - // config.httpClientConfiguration.defaultHeaders.add( - // name: "Authorization", - // value: "Bearer \(key)" - // ) if let bearerTokenIdentityresolver = authentication.getBearerTokenIdentityResolver(logger: logger) { config.bearerTokenIdentityResolver = bearerTokenIdentityresolver - - // force utilisation of a bearer token instead of AWS credentials + Signv4 - // see https://github.com/awslabs/aws-sdk-swift/blob/15b8951d108968f767f4199a3c011e27ac519d61/Sources/Services/AWSBedrockRuntime/Sources/AWSBedrockRuntime/AuthSchemeResolver.swift#L58 - config.authSchemeResolver = DefaultBedrockRuntimeAuthSchemeResolver(authSchemePreference: [ - "httpBearerAuth" - ]) + config.authSchemePreference = ["httpBearerAuth"] } else { // TODO: should we throw an error here ? logger.error( diff --git a/Sources/Protocols/BedrockConfigProtocol.swift b/Sources/Protocols/BedrockConfigProtocol.swift index 8e3e811e..06c3e84d 100644 --- a/Sources/Protocols/BedrockConfigProtocol.swift +++ b/Sources/Protocols/BedrockConfigProtocol.swift @@ -25,7 +25,7 @@ protocol BedrockConfigProtocol { // support bearer token authentication (for API Keys) var bearerTokenIdentityResolver: any SmithyIdentity.BearerTokenIdentityResolver { get set } - var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { get set } + var authSchemePreference:[String]? { get set } // not used at the moment, we use the bearer token instead //var httpClientConfiguration: ClientRuntime.HttpClientConfiguration { get set } diff --git a/Tests/AuthenticationTests.swift b/Tests/AuthenticationTests.swift index 38789ff6..3f76f3fc 100644 --- a/Tests/AuthenticationTests.swift +++ b/Tests/AuthenticationTests.swift @@ -106,8 +106,8 @@ extension BedrockServiceTests { #expect(token == testApiKey, "Expected token to match the API key") // check bearer auth scheme - let authScheme = (config.authSchemeResolver as? DefaultBedrockRuntimeAuthSchemeResolver)?.authSchemePreference - #expect(authScheme?.contains("httpBearerAuth") == true, "Expected auth scheme to be HTTP Bearer") + let authSchemePreference = config.authSchemePreference + #expect(authSchemePreference?.contains("httpBearerAuth") == true, "Expected auth scheme to be HTTP Bearer") } From 0a389ef45176d242db9df11dc58b7a5d8bdf4ab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Stormacq?= Date: Fri, 8 Aug 2025 13:42:22 +0200 Subject: [PATCH 2/3] swift -format --- Sources/Protocols/BedrockConfigProtocol.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Protocols/BedrockConfigProtocol.swift b/Sources/Protocols/BedrockConfigProtocol.swift index 06c3e84d..cc0e5b41 100644 --- a/Sources/Protocols/BedrockConfigProtocol.swift +++ b/Sources/Protocols/BedrockConfigProtocol.swift @@ -25,7 +25,7 @@ protocol BedrockConfigProtocol { // support bearer token authentication (for API Keys) var bearerTokenIdentityResolver: any SmithyIdentity.BearerTokenIdentityResolver { get set } - var authSchemePreference:[String]? { get set } + var authSchemePreference: [String]? { get set } // not used at the moment, we use the bearer token instead //var httpClientConfiguration: ClientRuntime.HttpClientConfiguration { get set } From d136fdc278f4f43be9411172c9ce8213fd0afca3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Stormacq?= Date: Fri, 8 Aug 2025 13:44:29 +0200 Subject: [PATCH 3/3] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 44331caf..4974131a 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ let bedrock = try await BedrockService( ) ``` -As usual, do not store or hardcode API Keys in yoru front end application. +As usual, do not store or hardcode API Keys in your front end application. ### Static Credentials Authentication