[auth] Add support for Bedrock API Keys #30
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
Adds support for Bedrock API Keys by extending authentication, configuration, and client setup, plus corresponding tests
- Introduces
apiKeycase inBedrockAuthenticationwith redacted descriptions and resolver logic - Refactors client creation via a shared
prepareConfigto inject API key headers and unset environment variables - Adds tests to verify that API key authentication sets headers, yields no AWS credential resolver, and redacts the key in descriptions
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| Tests/AuthenticationTests.swift | Tests for apiKey authentication, header injection, resolver behavior, and key redaction |
| Sources/Protocols/BedrockConfigProtocol.swift | Defines BedrockConfigProtocol for shared client configuration |
| Sources/BedrockService.swift | Refactors client setup into prepareConfig; adds API key header handling and unsetenv |
| Sources/BedrockAuthentication.swift | Adds apiKey auth case, updates description and resolver switch, adjusts logging level |
Comments suppressed due to low confidence (3)
Sources/BedrockService.swift:116
- [nitpick] The return type for
createBedrockClientchanged from theBedrockClientProtocolto the concreteBedrockClient. If you rely on abstraction for mocking or future changes, consider returning the protocol to preserve flexibility.
internal static func createBedrockClient(
Tests/AuthenticationTests.swift:84
- [nitpick] This assertion doesn't include a custom failure message, which could make diagnosing test failures harder. Adding an explicit message will clarify the expected region in case of a mismatch.
#expect(config.region == Region.useast1.rawValue) // default region
Sources/BedrockAuthentication.swift:82
- [nitpick] Logging static AWS credential usage at
infomay hide a security risk. Retaining awarninglevel would better highlight non-recommended production usage.
logger.info("Using static AWS credentials. This is not recommended for production.")
| } | ||
|
|
||
| /// Generic function to create client configuration and avoid duplication code. | ||
| internal static func prepareConfig<C: BedrockConfigProtocol>( |
There was a problem hiding this comment.
[nitpick] The prepareConfig function bundles initialization, credential resolver setup, API-key header injection, and environment cleanup. Consider splitting these responsibilities into focused helper methods or adding detailed comments to clarify each step and improve readability and testability.
|
|
||
| //We uncheck AWS_BEARER_TOKEN_BEDROCK to avoid conflict with future AWS SDK version | ||
| //see https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started-api-keys.html | ||
| unsetenv("AWS_BEARER_TOKEN_BEDROCK") |
There was a problem hiding this comment.
[nitpick] Unsetting the environment variable globally may have unintended side effects for other concurrent code. Consider scoping this change or documenting its impact on other AWS SDK behavior.
Suggested change
| unsetenv("AWS_BEARER_TOKEN_BEDROCK") | |
| // Temporarily remove AWS_BEARER_TOKEN_BEDROCK from the environment for this configuration | |
| var environment = ProcessInfo.processInfo.environment | |
| environment["AWS_BEARER_TOKEN_BEDROCK"] = nil | |
| // Pass the modified environment to the relevant configuration or process if needed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for recently added API keys
https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started-api-keys.html