fix awslabs/aws-sdk-swift#1967 (#28)

sebsto · web-flow · commit e3feb8e70cf1 · 2025-06-26T22:39:33.000+02:00
* fix awslabs/aws-sdk-swift#1967 * fix warnings * fix compile on linux
diff --git a/Sources/BedrockAuthentication+JWT.swift b/Sources/BedrockAuthentication+JWT.swift
@@ -16,6 +16,13 @@
 import AWSSDKIdentity
 import Logging
 
+// for setenv and unsetenv functions
+#if os(Linux)
+import Glibc
+#else
+import Darwin.C
+#endif
+
 #if canImport(FoundationEssentials)
 import FoundationEssentials
 #else
@@ -60,18 +67,22 @@ extension BedrockAuthentication {
         // to create AWS credentials
         do {
             logger.trace("Creating identity resolver using web identity token")
-            let identityResolver = try STSWebIdentityAWSCredentialIdentityResolver(
-                region: region.rawValue,
-                roleArn: roleARN,
-                roleSessionName: "SwiftBedrockService-\(UUID().uuidString)",
-                tokenFilePath: tokenFilePath
-            )
+            setenv("AWS_REGION", region.rawValue, 1)
+            setenv("AWS_ROLE_ARN", roleARN, 1)
+            setenv("AWS_ROLE_SESSION_NAME", "SwiftBedrockService-\(UUID().uuidString)", 1)
+            setenv("AWS_WEB_IDENTITY_TOKEN_FILE", tokenFilePath, 1)
+            let identityResolver = STSWebIdentityAWSCredentialIdentityResolver(source: .env)
 
             // Test the resolver by retrieving credentials to ensure it works
             logger.trace("Retrieving credentials using web identity token")
-            _ = try await identityResolver.crtAWSCredentialIdentityResolver.getCredentials()
+            _ = try await identityResolver.getIdentity(identityProperties: nil)
             logger.trace("Successfully retrieved credentials using web identity token")
 
+            unsetenv("AWS_REGION")
+            unsetenv("AWS_ROLE_ARN")
+            unsetenv("AWS_ROLE_SESSION_NAME")
+            unsetenv("AWS_WEB_IDENTITY_TOKEN_FILE")
+
             // Notify observers, if any
             logger.trace("Notifying observers of credentials update")
             await MainActor.run {
diff --git a/Sources/BedrockAuthentication.swift b/Sources/BedrockAuthentication.swift
@@ -76,7 +76,7 @@ public enum BedrockAuthentication: Sendable, CustomStringConvertible {
         case .static(let accessKey, let secretKey, let sessionToken):
             logger.warning("Using static AWS credentials. This is not recommended for production.")
             let creds = AWSCredentialIdentity(accessKey: accessKey, secret: secretKey, sessionToken: sessionToken)
-            return try StaticAWSCredentialIdentityResolver(creds)
+            return StaticAWSCredentialIdentityResolver(creds)
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ public enum BedrockAuthentication: Sendable, CustomStringConvertible {`
`76`	`76`	`case .static(let accessKey, let secretKey, let sessionToken):`
`77`	`77`	`logger.warning("Using static AWS credentials. This is not recommended for production.")`
`78`	`78`	`let creds = AWSCredentialIdentity(accessKey: accessKey, secret: secretKey, sessionToken: sessionToken)`
`79`		`- return try StaticAWSCredentialIdentityResolver(creds)`
	`79`	`+ return StaticAWSCredentialIdentityResolver(creds)`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`	`}`