Module: OpenAI::Providers::Bedrock Private
- Defined in:
- lib/openai/providers/bedrock.rb
This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.
Defined Under Namespace
Classes: BearerAuth, CustomCredentialsProvider, DefaultCredentialsProvider, Definition, ProfileCredentialsProvider, SigV4Auth
Constant Summary collapse
- SERVICE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"bedrock-mantle"- CANONICAL_HOST =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
/\Abedrock-mantle\.([a-z0-9-]+)\.api\.aws\z/i- SIGNING_HEADERS =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
%w[authorization x-amz-content-sha256 x-amz-date x-amz-security-token].freeze
- BEARER_AUTH_MARKER =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
:openai_bedrock_bearer- SIGV4_AUTH_MARKER =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
:openai_bedrock_sigv4- MISSING_REGION_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Bedrock requires an AWS region. Pass `region` to `bedrock(...)`, or set `AWS_REGION` " \ "or `AWS_DEFAULT_REGION`."
- MISSING_CREDENTIALS_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Could not find credentials for Bedrock. Pass a bearer credential or AWS credentials " \ "to `bedrock(...)`, set `AWS_BEARER_TOKEN_BEDROCK`, or configure the default AWS credential chain."
- CREDENTIAL_RESOLUTION_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Failed to resolve AWS credentials for Bedrock. Verify your AWS profile, environment " \ "variables, or runtime identity configuration and try again."
- NON_REPLAYABLE_BODY_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Bedrock SigV4 authentication requires a replayable request body. Buffer the body " \ "before sending or use bearer authentication."
- MISSING_DEPENDENCY_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Bedrock AWS authentication requires optional AWS dependencies. Add `gem \"aws-sdk-core\"` " \ "to your Gemfile, run `bundle install`, and try again."
- PARTIAL_STATIC_CREDENTIALS_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Static AWS credentials require both `access_key_id` and `secret_access_key`. " \ "A `session_token` may only be used with both."
- AMBIGUOUS_AWS_AUTH_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Bedrock authentication is ambiguous. Configure exactly one explicit AWS mode: " \ "static credentials, profile, or credential provider."
- AMBIGUOUS_AUTH_MESSAGE =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"Bedrock authentication is ambiguous. Configure exactly one explicit mode: bearer " \ "credential, static AWS credentials, profile, or credential provider."
Class Method Summary collapse
- .load_aws! ⇒ Object private
- .normalize_base_url(base_url) ⇒ Object private
- .normalize_optional_string(value) ⇒ Object private
- .profile_region(profile) ⇒ Object private
- .provider_headers(request, marker:) ⇒ Object private
- .resolve_base_url(base_url, region) ⇒ Object private
- .validate_credentials!(credentials) ⇒ Object private
- .validate_endpoint_region!(url, region) ⇒ Object private
- .validate_origin!(url, base_url, action:) ⇒ Object private
Class Method Details
.load_aws! ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
257 258 259 260 261 262 |
# File 'lib/openai/providers/bedrock.rb', line 257 def load_aws! require("aws-sdk-core") require("aws-sigv4") rescue LoadError => e raise OpenAI::Errors::Error.new(MISSING_DEPENDENCY_MESSAGE), cause: e end |
.normalize_base_url(base_url) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
270 271 272 273 274 275 276 277 278 279 280 281 |
# File 'lib/openai/providers/bedrock.rb', line 270 def normalize_base_url(base_url) uri = URI(base_url) unless uri.is_a?(URI::HTTP) && uri.host raise ArgumentError, "The Bedrock `base_url` must be an absolute HTTP or HTTPS URL." end uri.path = uri.path.sub(%r{/responses(?:/.*)?\z}, "") uri.path = "" if uri.path == "/" uri.to_s.sub(%r{/\z}, "") rescue URI::InvalidURIError => e = "The Bedrock `base_url` must be an absolute HTTP or HTTPS URL." raise ArgumentError.new(), cause: e end |
.normalize_optional_string(value) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
333 334 335 336 337 338 |
# File 'lib/openai/providers/bedrock.rb', line 333 def normalize_optional_string(value) return nil if value.nil? return nil unless value.is_a?(String) normalized = value.strip normalized unless normalized.empty? end |
.profile_region(profile) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
283 284 285 286 287 288 289 |
# File 'lib/openai/providers/bedrock.rb', line 283 def profile_region(profile) configured_profile = profile || ENV["AWS_PROFILE"] || ENV["AWS_DEFAULT_PROFILE"] || "default" region = Aws.shared_config.region(profile: configured_profile) normalize_optional_string(region) rescue StandardError => e raise OpenAI::Errors::Error.new(CREDENTIAL_RESOLUTION_MESSAGE), cause: e end |
.provider_headers(request, marker:) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
291 292 293 294 295 296 297 298 299 300 |
# File 'lib/openai/providers/bedrock.rb', line 291 def provider_headers(request, marker:) headers = request.fetch(:headers).dup if request[:provider_auth] == marker headers.delete("authorization") elsif headers.key?("authorization") raise OpenAI::Errors::Error, "Bedrock provider authentication cannot be combined with a custom `Authorization` header." end headers end |
.resolve_base_url(base_url, region) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
264 265 266 267 268 |
# File 'lib/openai/providers/bedrock.rb', line 264 def resolve_base_url(base_url, region) return base_url if base_url raise ArgumentError, MISSING_REGION_MESSAGE if region.nil? "https://bedrock-mantle.#{region}.api.aws/v1" end |
.validate_credentials!(credentials) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
321 322 323 324 325 326 327 328 329 330 331 |
# File 'lib/openai/providers/bedrock.rb', line 321 def validate_credentials!(credentials) access_key_id = credentials&.access_key_id secret_access_key = credentials&.secret_access_key session_token = credentials&.session_token if credentials.respond_to?(:session_token) valid = access_key_id.is_a?(String) && !access_key_id.strip.empty? && secret_access_key.is_a?(String) && !secret_access_key.strip.empty? && (session_token.nil? || (session_token.is_a?(String) && !session_token.strip.empty?)) return credentials if valid raise OpenAI::Errors::Error, CREDENTIAL_RESOLUTION_MESSAGE end |
.validate_endpoint_region!(url, region) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
311 312 313 314 315 316 317 318 319 |
# File 'lib/openai/providers/bedrock.rb', line 311 def validate_endpoint_region!(url, region) endpoint_region = CANONICAL_HOST.match(url.host)&.[](1) return if endpoint_region.nil? || endpoint_region == region = "The Bedrock endpoint region `#{endpoint_region}` does not match the SigV4 " \ "region `#{region}`." raise OpenAI::Errors::Error, end |
.validate_origin!(url, base_url, action:) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
302 303 304 305 306 307 308 309 |
# File 'lib/openai/providers/bedrock.rb', line 302 def validate_origin!(url, base_url, action:) return if OpenAI::Internal::Util.uri_origin(url) == OpenAI::Internal::Util.uri_origin(base_url) = "Refusing to #{action} a Bedrock request for an origin other than the configured " \ "provider URL." raise OpenAI::Errors::Error, end |