MCPcopy Create free account
hub / github.com/coder/coder / withAWSBedrockOptions

Method withAWSBedrockOptions

aibridge/intercept/messages/base.go:283–346  ·  view source on GitHub ↗

withAWSBedrockOptions returns request options for authenticating with AWS Bedrock. When both AccessKey and AccessKeySecret are set in the aibridge config, they are used directly as static credentials. Otherwise, the AWS SDK default credential chain resolves credentials (environment variables, share

(ctx context.Context, cfg *aibconfig.AWSBedrock)

Source from the content-addressed store, hash-verified

281// resolves credentials (environment variables, shared config/credentials files, IAM
282// roles, IRSA, SSO, IMDS, etc.).
283func (*interceptionBase) withAWSBedrockOptions(ctx context.Context, cfg *aibconfig.AWSBedrock) ([]option.RequestOption, error) {
284 if cfg == nil {
285 return nil, xerrors.New("nil config given")
286 }
287 if cfg.Region == "" && cfg.BaseURL == "" {
288 return nil, xerrors.New("region or base url required")
289 }
290 if cfg.Model == "" {
291 return nil, xerrors.New("model required")
292 }
293 if cfg.SmallFastModel == "" {
294 return nil, xerrors.New("small fast model required")
295 }
296
297 loadOpts := []func(*config.LoadOptions) error{
298 config.WithRegion(cfg.Region),
299 }
300
301 // Use static credentials when explicitly provided, otherwise fall back to the SDK default credential chain.
302 switch {
303 // Both set: use static credentials directly.
304 case cfg.AccessKey != "" && cfg.AccessKeySecret != "":
305 loadOpts = append(loadOpts, config.WithCredentialsProvider(
306 credentials.NewStaticCredentialsProvider(
307 cfg.AccessKey,
308 cfg.AccessKeySecret,
309 "",
310 ),
311 ))
312 // Only one set: misconfiguration.
313 case cfg.AccessKey != "" || cfg.AccessKeySecret != "":
314 return nil, xerrors.New("both access key and access key secret must be provided together")
315 // Neither set: SDK default credential chain resolves credentials.
316 default:
317 }
318
319 awsCfg, err := config.LoadDefaultConfig(ctx, loadOpts...)
320 if err != nil {
321 return nil, xerrors.Errorf("failed to load AWS Bedrock config: %w", err)
322 }
323
324 // Fail fast: ensure credentials can be resolved before making any requests.
325 // awsCfg already carries the credentials provider, and the Bedrock middleware
326 // will call Retrieve on it when signing each request.
327 if _, err := awsCfg.Credentials.Retrieve(ctx); err != nil {
328 return nil, xerrors.Errorf("no AWS credentials found: %w", err)
329 }
330
331 var out []option.RequestOption
332 out = append(out, option.WithMiddleware(func(req *http.Request, next option.MiddlewareNext) (*http.Response, error) {
333 if ua := req.Header.Get("User-Agent"); ua != "" {
334 req.Header.Set("User-Agent", ua+" sdk-ua-app-id/APN_1.1%2Fpc_cdfmjwn8i6u8l9fwz8h82e4w3%24")
335 }
336 return next(req)
337 }))
338 out = append(out, bedrock.WithConfig(awsCfg))
339
340 // If a custom base URL is set, override the default endpoint constructed by the bedrock middleware.

Callers 3

TestAWSBedrockValidationFunction · 0.95
newMessagesServiceMethod · 0.95

Calls 4

NewMethod · 0.65
GetMethod · 0.65
SetMethod · 0.65
ErrorfMethod · 0.45

Tested by 2

TestAWSBedrockValidationFunction · 0.76