Update bedrock configuration test case and document

Signed-off-by: Baojun Jiang <[email protected]>

Author: jiangbaojun

auto-configurations/models/spring-ai-autoconfigure-model-bedrock-ai/src/main/java/org/springframework/ai/model/bedrock/autoconfigure/BedrockAwsConnectionConfiguration.java

@@ -87,8 +87,10 @@ else if (properties.getProfile() != null && StringUtils.hasText(properties.getPr
 			}
 			return providerBuilder.profileName(profile.getName()).build();
 		}
-		// IAM Role
-		return DefaultCredentialsProvider.builder().build();
+		else {
+			// Default: IAM Role, System Environment, etc.
+			return DefaultCredentialsProvider.builder().build();
+		}
 	}
 
 	@Bean

auto-configurations/models/spring-ai-autoconfigure-model-bedrock-ai/src/test/java/org/springframework/ai/model/bedrock/autoconfigure/BedrockAwsConnectionConfigurationIT.java

@@ -16,9 +16,15 @@
 
 package org.springframework.ai.model.bedrock.autoconfigure;
 
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
 import org.junit.jupiter.api.Test;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
+import software.amazon.awssdk.profiles.ProfileFile;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.regions.providers.AwsRegionProvider;
 
@@ -63,7 +69,8 @@ public void autoConfigureAWSCredentialAndRegionProvider() {
 	public void autoConfigureWithCustomAWSCredentialAndRegionProvider() {
 		BedrockTestUtils.getContextRunner()
 			.withConfiguration(AutoConfigurations.of(TestAutoConfiguration.class,
-					CustomAwsCredentialsProviderAndAwsRegionProviderAutoConfiguration.class))
+					CustomAwsCredentialsProviderAutoConfiguration.class,
+					CustomAwsRegionProviderAutoConfiguration.class))
 			.run(context -> {
 				var awsCredentialsProvider = context.getBean(AwsCredentialsProvider.class);
 				var awsRegionProvider = context.getBean(AwsRegionProvider.class);
@@ -80,14 +87,73 @@ public void autoConfigureWithCustomAWSCredentialAndRegionProvider() {
 			});
 	}
 
+	@Test
+	public void autoConfigureWithCustomAWSProfileCredentialAndRegionProvider() {
+		BedrockTestUtils.getContextRunner()
+			.withConfiguration(AutoConfigurations.of(TestAutoConfiguration.class,
+					CustomAwsProfileCredentialsProviderAutoConfiguration.class,
+					CustomAwsRegionProviderAutoConfiguration.class))
+			.run(context -> {
+				var awsCredentialsProvider = context.getBean(AwsCredentialsProvider.class);
+				var awsRegionProvider = context.getBean(AwsRegionProvider.class);
+
+				assertThat(awsCredentialsProvider).isNotNull();
+				assertThat(awsRegionProvider).isNotNull();
+
+				assertThat(awsCredentialsProvider).isInstanceOf(ProfileCredentialsProvider.class);
+				// aws sdk2.x does not provide method to get profileName, use reflection
+				// to get
+				Field field = ProfileCredentialsProvider.class.getDeclaredField("profileName");
+				field.setAccessible(true);
+				assertThat(field.get(awsCredentialsProvider)).isEqualTo("CUSTOM_PROFILE_NAME");
+
+				assertThat(awsRegionProvider.getRegion()).isEqualTo(Region.AWS_GLOBAL);
+			});
+	}
+
 	@EnableConfigurationProperties(BedrockAwsConnectionProperties.class)
 	@Import(BedrockAwsConnectionConfiguration.class)
 	static class TestAutoConfiguration {
 
 	}
 
 	@AutoConfiguration
-	static class CustomAwsCredentialsProviderAndAwsRegionProviderAutoConfiguration {
+	static class CustomAwsProfileCredentialsProviderAutoConfiguration {
+
+		@Bean
+		@ConditionalOnMissingBean
+		public AwsCredentialsProvider credentialsProvider() {
+			String credentialsPath = "CUSTOM_CREDENTIALS_PATH";
+			String configurationPath = "CUSTOM_CONFIGURATION_PATH";
+			boolean hasCredentials = Files.exists(Paths.get(credentialsPath));
+			boolean hasConfig = Files.exists(Paths.get(configurationPath));
+			ProfileCredentialsProvider.Builder providerBuilder = ProfileCredentialsProvider.builder();
+			if (hasCredentials || hasConfig) {
+				ProfileFile.Aggregator aggregator = ProfileFile.aggregator();
+				if (hasCredentials) {
+					ProfileFile profileFile = ProfileFile.builder()
+						.content(Paths.get(credentialsPath))
+						.type(ProfileFile.Type.CREDENTIALS)
+						.build();
+					aggregator.addFile(profileFile);
+				}
+				if (hasConfig) {
+					ProfileFile configFile = ProfileFile.builder()
+						.content(Paths.get(configurationPath))
+						.type(ProfileFile.Type.CONFIGURATION)
+						.build();
+					aggregator.addFile(configFile);
+				}
+				ProfileFile aggregatedProfileFile = aggregator.build();
+				providerBuilder.profileFile(aggregatedProfileFile);
+			}
+			return providerBuilder.profileName("CUSTOM_PROFILE_NAME").build();
+		}
+
+	}
+
+	@AutoConfiguration
+	static class CustomAwsCredentialsProviderAutoConfiguration {
 
 		@Bean
 		@ConditionalOnMissingBean
@@ -114,6 +180,11 @@ public String secretAccessKey() {
 			};
 		}
 
+	}
+
+	@AutoConfiguration
+	static class CustomAwsRegionProviderAutoConfiguration {
+
 		@Bean
 		@ConditionalOnMissingBean
 		public AwsRegionProvider regionProvider() {

spring-ai-docs/src/main/antora/modules/ROOT/pages/api/bedrock.adoc

@@ -64,6 +64,10 @@ spring.ai.bedrock.aws.region=us-east-1
 spring.ai.bedrock.aws.access-key=YOUR_ACCESS_KEY
 spring.ai.bedrock.aws.secret-key=YOUR_SECRET_KEY
 
+spring.ai.bedrock.aws.profile.name=YOUR_PROFILE_NAME
+spring.ai.bedrock.aws.profile.credentials-path=YOUR_CREDENTIALS_PATH
+spring.ai.bedrock.aws.profile.configuration-path=YOUR_CONFIGURATION_PATH
+
 spring.ai.bedrock.aws.timeout=10m
 ----
 
@@ -72,12 +76,13 @@ The `region` property is compulsory.
 AWS credentials are resolved in the following order:
 
 1. Spring-AI Bedrock `spring.ai.bedrock.aws.access-key` and `spring.ai.bedrock.aws.secret-key` properties.
-2. Java System Properties - `aws.accessKeyId` and `aws.secretAccessKey`.
-3. Environment Variables - `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
-4. Web Identity Token credentials from system properties or environment variables.
-5. Credential profiles file at the default location (`~/.aws/credentials`) shared by all AWS SDKs and the AWS CLI.
-6. Credentials delivered through the Amazon EC2 container service if the `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` environment variable is set and the security manager has permission to access the variable.
-7. Instance profile credentials delivered through the Amazon EC2 metadata service or set the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables.
+2. Spring-AI Bedrock `spring.ai.bedrock.aws.profile.name`
+3. Java System Properties - `aws.accessKeyId` and `aws.secretAccessKey`.
+4. Environment Variables - `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+5. Web Identity Token credentials from system properties or environment variables.
+6. If `spring.ai.bedrock.aws.profile.credentials-path` and `spring.ai.bedrock.aws.profile.configuration-path` are not specified, Spring AI use the standard AWS shared files: `~/.aws/credentials` for credentials and `~/.aws/config` for configuration, which are used by all AWS SDKs and the AWS CLI.
+7. Credentials delivered through the Amazon EC2 container service if the `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` environment variable is set and the security manager has permission to access the variable.
+8. Instance profile credentials delivered through the Amazon EC2 metadata service or set the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables.
 
 AWS region is resolved in the following order:
 

spring-ai-docs/src/main/antora/modules/ROOT/pages/api/chat/bedrock-converse.adoc

@@ -80,6 +80,9 @@ The prefix `spring.ai.bedrock.aws` is the property prefix to configure the conne
 | spring.ai.bedrock.aws.asyncReadTimeout | Max duration spent reading asynchronous responses | 30s
 | spring.ai.bedrock.aws.access-key | AWS access key  | -
 | spring.ai.bedrock.aws.secret-key | AWS secret key  | -
+| spring.ai.bedrock.aws.profile.name | AWS profile name.  | -
+| spring.ai.bedrock.aws.profile.credentials-path | AWS credentials file path.  | -
+| spring.ai.bedrock.aws.profile.configuration-path | AWS config file path.  | -
 | spring.ai.bedrock.aws.session-token | AWS session token for temporary credentials | -
 |====
 

spring-ai-docs/src/main/antora/modules/ROOT/pages/api/embeddings/bedrock-cohere-embedding.adoc

@@ -90,6 +90,9 @@ The prefix `spring.ai.bedrock.aws` is the property prefix to configure the conne
 | spring.ai.bedrock.aws.region     | AWS region to use. | us-east-1
 | spring.ai.bedrock.aws.access-key | AWS access key.  | -
 | spring.ai.bedrock.aws.secret-key | AWS secret key.  | -
+| spring.ai.bedrock.aws.profile.name | AWS profile name.  | -
+| spring.ai.bedrock.aws.profile.credentials-path | AWS credentials file path.  | -
+| spring.ai.bedrock.aws.profile.configuration-path | AWS config file path.  | -
 |====
 
 [NOTE]

spring-ai-docs/src/main/antora/modules/ROOT/pages/api/embeddings/bedrock-titan-embedding.adoc

@@ -97,6 +97,9 @@ The prefix `spring.ai.bedrock.aws` is the property prefix to configure the conne
 | spring.ai.bedrock.aws.region     | AWS region to use. | us-east-1
 | spring.ai.bedrock.aws.access-key | AWS access key.  | -
 | spring.ai.bedrock.aws.secret-key | AWS secret key.  | -
+| spring.ai.bedrock.aws.profile.name | AWS profile name.  | -
+| spring.ai.bedrock.aws.profile.credentials-path | AWS credentials file path.  | -
+| spring.ai.bedrock.aws.profile.configuration-path | AWS config file path.  | -
 |====
 
 [NOTE]