chat-ui-energy

Running

App Files Files Community

Mike Nason

nsarrazin HF Staff commited on Aug 25, 2024

Commit

cc0d6c5

unverified ·

1 Parent(s): 1f8ab3d

Dynamic credential resolution for AWS endpoints (#1419)

Browse files

* Dynamic credential resolution for AWS endpoints

If AWS credentials are provided, they will continue to be used. With this
change, they become optional parameters and the AWS SDK will attempt to
use the default resolution chain if they are not provided.

* cleanup deps

* restore optional aws region in endpointAwsParametersSchema

---------

Co-authored-by: Nathan Sarrazin <[email protected]>

Files changed (3) hide show

package-lock.json +33 -0
package.json +1 -0
src/lib/server/endpoints/aws/endpointAws.ts +23 -10

package-lock.json CHANGED Viewed

@@ -18,6 +18,7 @@
 				"@playwright/browser-chromium": "^1.43.1",
 				"@resvg/resvg-js": "^2.6.2",
 				"autoprefixer": "^10.4.14",
 				"aws4": "^1.13.0",
 				"browser-image-resizer": "^2.4.1",
 				"date-fns": "^2.29.3",
@@ -5316,6 +5317,38 @@
 				"postcss": "^8.1.0"
 			}
 		},
 		"node_modules/aws4": {
 			"version": "1.13.1",
 			"resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.1.tgz",

 				"@playwright/browser-chromium": "^1.43.1",
 				"@resvg/resvg-js": "^2.6.2",
 				"autoprefixer": "^10.4.14",
+				"aws-sigv4-fetch": "^4.0.1",
 				"aws4": "^1.13.0",
 				"browser-image-resizer": "^2.4.1",
 				"date-fns": "^2.29.3",
 				"postcss": "^8.1.0"
 			}
 		},
+		"node_modules/aws-sigv4-fetch": {
+			"version": "4.0.1",
+			"resolved": "https://registry.npmjs.org/aws-sigv4-fetch/-/aws-sigv4-fetch-4.0.1.tgz",
+			"integrity": "sha512-sd5TbxbOB82Y3mFoux6XbRn/QbNR9hTO7Dv+y8Y0G4+xlS6rP8OJCJwtgANnB4yYAshVqvLbTo6aqTrQUpthvA==",
+			"dependencies": {
+				"@aws-crypto/sha256-js": "^5.2.0",
+				"@aws-sdk/credential-provider-node": "^3.609.0",
+				"@aws-sdk/types": "^3.609.0",
+				"@smithy/protocol-http": "^4.0.3",
+				"@smithy/signature-v4": "^3.1.2"
+			},
+			"engines": {
+				"node": ">=18"
+			}
+		},
+		"node_modules/aws-sigv4-fetch/node_modules/@smithy/signature-v4": {
+			"version": "3.1.2",
+			"resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.1.2.tgz",
+			"integrity": "sha512-3BcPylEsYtD0esM4Hoyml/+s7WP2LFhcM3J2AGdcL2vx9O60TtfpDOL72gjb4lU8NeRPeKAwR77YNyyGvMbuEA==",
+			"dependencies": {
+				"@smithy/is-array-buffer": "^3.0.0",
+				"@smithy/types": "^3.3.0",
+				"@smithy/util-hex-encoding": "^3.0.0",
+				"@smithy/util-middleware": "^3.0.3",
+				"@smithy/util-uri-escape": "^3.0.0",
+				"@smithy/util-utf8": "^3.0.0",
+				"tslib": "^2.6.2"
+			},
+			"engines": {
+				"node": ">=16.0.0"
+			}
+		},
 		"node_modules/aws4": {
 			"version": "1.13.1",
 			"resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.1.tgz",

package.json CHANGED Viewed

@@ -69,6 +69,7 @@
 		"@resvg/resvg-js": "^2.6.2",
 		"autoprefixer": "^10.4.14",
 		"aws4": "^1.13.0",
 		"browser-image-resizer": "^2.4.1",
 		"date-fns": "^2.29.3",
 		"dotenv": "^16.0.3",

 		"@resvg/resvg-js": "^2.6.2",
 		"autoprefixer": "^10.4.14",
 		"aws4": "^1.13.0",
+		"aws-sigv4-fetch": "^4.0.1",
 		"browser-image-resizer": "^2.4.1",
 		"date-fns": "^2.29.3",
 		"dotenv": "^16.0.3",

src/lib/server/endpoints/aws/endpointAws.ts CHANGED Viewed

@@ -8,8 +8,20 @@ export const endpointAwsParametersSchema = z.object({
 	model: z.any(),
 	type: z.literal("aws"),
 	url: z.string().url(),
-	accessKey: z.string().min(1),
-	secretKey: z.string().min(1),
 	sessionToken: z.string().optional(),
 	service: z.union([z.literal("sagemaker"), z.literal("lambda")]).default("sagemaker"),
 	region: z.string().optional(),
@@ -18,22 +30,23 @@ export const endpointAwsParametersSchema = z.object({
 export async function endpointAws(
 	input: z.input<typeof endpointAwsParametersSchema>
 ): Promise<Endpoint> {
-	let AwsClient;
 	try {
-		AwsClient = (await import("aws4fetch")).AwsClient;
 	} catch (e) {
-		throw new Error("Failed to import aws4fetch");
 	}
 	const { url, accessKey, secretKey, sessionToken, model, region, service } =
 		endpointAwsParametersSchema.parse(input);
-	const aws = new AwsClient({
-		accessKeyId: accessKey,
-		secretAccessKey: secretKey,
-		sessionToken,
 		service,
 		region,
 	});
 	return async ({ messages, preprompt, continueMessage, generateSettings }) => {
@@ -52,7 +65,7 @@ export async function endpointAws(
 			},
 			{
 				use_cache: false,
-				fetch: aws.fetch.bind(aws) as typeof fetch,
 			}
 		);
 	};

 	model: z.any(),
 	type: z.literal("aws"),
 	url: z.string().url(),
+	accessKey: z
+		.string({
+			description:
+				"An AWS Access Key ID. If not provided, the default AWS identity resolution will be used",
+		})
+		.min(1)
+		.optional(),
+	secretKey: z
+		.string({
+			description:
+				"An AWS Access Key Secret. If not provided, the default AWS identity resolution will be used",
+		})
+		.min(1)
+		.optional(),
 	sessionToken: z.string().optional(),
 	service: z.union([z.literal("sagemaker"), z.literal("lambda")]).default("sagemaker"),
 	region: z.string().optional(),
 export async function endpointAws(
 	input: z.input<typeof endpointAwsParametersSchema>
 ): Promise<Endpoint> {
+	let createSignedFetcher;
 	try {
+		createSignedFetcher = (await import("aws-sigv4-fetch")).createSignedFetcher;
 	} catch (e) {
+		throw new Error("Failed to import aws-sigv4-fetch");
 	}
 	const { url, accessKey, secretKey, sessionToken, model, region, service } =
 		endpointAwsParametersSchema.parse(input);
+	const signedFetch = createSignedFetcher({
 		service,
 		region,
+		credentials:
+			accessKey && secretKey
+				? { accessKeyId: accessKey, secretAccessKey: secretKey, sessionToken }
+				: undefined,
 	});
 	return async ({ messages, preprompt, continueMessage, generateSettings }) => {
 			},
 			{
 				use_cache: false,
+				fetch: signedFetch,
 			}
 		);
 	};