feat(client-bedrock-runtime): Add API Key and document citations support for Bedrock Runtime APIs

Author: awstools

clients/client-bedrock-runtime/package.json

@@ -29,6 +29,7 @@
     "@aws-sdk/middleware-recursion-detection": "*",
     "@aws-sdk/middleware-user-agent": "*",
     "@aws-sdk/region-config-resolver": "*",
+    "@aws-sdk/token-providers": "*",
     "@aws-sdk/types": "*",
     "@aws-sdk/util-endpoints": "*",
     "@aws-sdk/util-user-agent-browser": "*",

clients/client-bedrock-runtime/src/BedrockRuntimeClient.ts

@@ -366,6 +366,7 @@ export class BedrockRuntimeClient extends __Client<
         identityProviderConfigProvider: async (config: BedrockRuntimeClientResolvedConfig) =>
           new DefaultIdentityProviderConfig({
             "aws.auth#sigv4": config.credentials,
+            "smithy.api#httpBearerAuth": config.token,
           }),
       })
     );

clients/client-bedrock-runtime/src/auth/httpAuthExtensionConfiguration.ts

@@ -1,5 +1,11 @@
 // smithy-typescript generated code
-import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+import {
+  AwsCredentialIdentity,
+  AwsCredentialIdentityProvider,
+  HttpAuthScheme,
+  TokenIdentity,
+  TokenIdentityProvider,
+} from "@smithy/types";
 
 import { BedrockRuntimeHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
 
@@ -13,6 +19,8 @@ export interface HttpAuthExtensionConfiguration {
   httpAuthSchemeProvider(): BedrockRuntimeHttpAuthSchemeProvider;
   setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
   credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+  setToken(token: TokenIdentity | TokenIdentityProvider): void;
+  token(): TokenIdentity | TokenIdentityProvider | undefined;
 }
 
 /**
@@ -22,6 +30,7 @@ export type HttpAuthRuntimeConfig = Partial<{
   httpAuthSchemes: HttpAuthScheme[];
   httpAuthSchemeProvider: BedrockRuntimeHttpAuthSchemeProvider;
   credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+  token: TokenIdentity | TokenIdentityProvider;
 }>;
 
 /**
@@ -33,6 +42,7 @@ export const getHttpAuthExtensionConfiguration = (
   const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!;
   let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!;
   let _credentials = runtimeConfig.credentials;
+  let _token = runtimeConfig.token;
   return {
     setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void {
       const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId);
@@ -57,6 +67,12 @@ export const getHttpAuthExtensionConfiguration = (
     credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined {
       return _credentials;
     },
+    setToken(token: TokenIdentity | TokenIdentityProvider): void {
+      _token = token;
+    },
+    token(): TokenIdentity | TokenIdentityProvider | undefined {
+      return _token;
+    },
   };
 };
 
@@ -68,5 +84,6 @@ export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfigurat
     httpAuthSchemes: config.httpAuthSchemes(),
     httpAuthSchemeProvider: config.httpAuthSchemeProvider(),
     credentials: config.credentials(),
+    token: config.token(),
   };
 };

clients/client-bedrock-runtime/src/auth/httpAuthSchemeProvider.ts

@@ -5,6 +5,8 @@ import {
   AwsSdkSigV4PreviouslyResolved,
   resolveAwsSdkSigV4Config,
 } from "@aws-sdk/core";
+import { FromSsoInit } from "@aws-sdk/token-providers";
+import { doesIdentityRequireRefresh, isIdentityExpired, memoizeIdentityProvider } from "@smithy/core";
 import {
   HandlerExecutionContext,
   HttpAuthOption,
@@ -13,6 +15,8 @@ import {
   HttpAuthSchemeParametersProvider,
   HttpAuthSchemeProvider,
   Provider,
+  TokenIdentity,
+  TokenIdentityProvider,
 } from "@smithy/types";
 import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware";
 
@@ -73,6 +77,28 @@ function createAwsAuthSigv4HttpAuthOption(authParameters: BedrockRuntimeHttpAuth
   };
 }
 
+function createSmithyApiHttpBearerAuthHttpAuthOption(
+  authParameters: BedrockRuntimeHttpAuthSchemeParameters
+): HttpAuthOption {
+  return {
+    schemeId: "smithy.api#httpBearerAuth",
+    propertiesExtractor: <T>(
+      { profile, filepath, configFilepath, ignoreCache }: T & FromSsoInit,
+      context: HandlerExecutionContext
+    ) => ({
+      /**
+       * @internal
+       */
+      identityProperties: {
+        profile,
+        filepath,
+        configFilepath,
+        ignoreCache,
+      },
+    }),
+  };
+}
+
 /**
  * @internal
  */
@@ -87,6 +113,7 @@ export const defaultBedrockRuntimeHttpAuthSchemeProvider: BedrockRuntimeHttpAuth
   switch (authParameters.operation) {
     default: {
       options.push(createAwsAuthSigv4HttpAuthOption(authParameters));
+      options.push(createSmithyApiHttpBearerAuthHttpAuthOption(authParameters));
     }
   }
   return options;
@@ -115,6 +142,11 @@ export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
    * @internal
    */
   httpAuthSchemeProvider?: BedrockRuntimeHttpAuthSchemeProvider;
+
+  /**
+   * The token used to authenticate requests.
+   */
+  token?: TokenIdentity | TokenIdentityProvider;
 }
 
 /**
@@ -140,6 +172,11 @@ export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedCon
    * @internal
    */
   readonly httpAuthSchemeProvider: BedrockRuntimeHttpAuthSchemeProvider;
+
+  /**
+   * The token used to authenticate requests.
+   */
+  readonly token?: TokenIdentityProvider;
 }
 
 /**
@@ -148,8 +185,10 @@ export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedCon
 export const resolveHttpAuthSchemeConfig = <T>(
   config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved
 ): T & HttpAuthSchemeResolvedConfig => {
+  const token = memoizeIdentityProvider(config.token, isIdentityExpired, doesIdentityRequireRefresh);
   const config_0 = resolveAwsSdkSigV4Config(config);
   return Object.assign(config_0, {
     authSchemePreference: normalizeProvider(config.authSchemePreference ?? []),
+    token,
   }) as T & HttpAuthSchemeResolvedConfig;
 };

clients/client-bedrock-runtime/src/commands/ApplyGuardrailCommand.ts

@@ -32,9 +32,7 @@ export interface ApplyGuardrailCommandInput extends ApplyGuardrailRequest {}
 export interface ApplyGuardrailCommandOutput extends ApplyGuardrailResponse, __MetadataBearer {}
 
 /**
- * <p>The action to apply a guardrail.</p>
- *          <p>For troubleshooting some of the common errors you might encounter when using the <code>ApplyGuardrail</code> API,
- *             see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html">Troubleshooting Amazon Bedrock API Error Codes</a> in the Amazon Bedrock User Guide</p>
+ * <p>The action to apply a guardrail.</p> <p>For troubleshooting some of the common errors you might encounter when using the <code>ApplyGuardrail</code> API, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html">Troubleshooting Amazon Bedrock API Error Codes</a> in the Amazon Bedrock User Guide</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -197,27 +195,22 @@ export interface ApplyGuardrailCommandOutput extends ApplyGuardrailResponse, __M
  * @see {@link BedrockRuntimeClientResolvedConfig | config} for BedrockRuntimeClient's `config` shape.
  *
  * @throws {@link AccessDeniedException} (client fault)
- *  <p>The request is denied because you do not have sufficient permissions to perform the requested action. For troubleshooting this error,
- *          see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-access-denied">AccessDeniedException</a> in the Amazon Bedrock User Guide</p>
+ *  <p>The request is denied because you do not have sufficient permissions to perform the requested action. For troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-access-denied">AccessDeniedException</a> in the Amazon Bedrock User Guide</p>
  *
  * @throws {@link InternalServerException} (server fault)
- *  <p>An internal server error occurred. For troubleshooting this error,
- *          see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-internal-failure">InternalFailure</a> in the Amazon Bedrock User Guide</p>
+ *  <p>An internal server error occurred. For troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-internal-failure">InternalFailure</a> in the Amazon Bedrock User Guide</p>
  *
  * @throws {@link ResourceNotFoundException} (client fault)
- *  <p>The specified resource ARN was not found. For troubleshooting this error,
- *          see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-resource-not-found">ResourceNotFound</a> in the Amazon Bedrock User Guide</p>
+ *  <p>The specified resource ARN was not found. For troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-resource-not-found">ResourceNotFound</a> in the Amazon Bedrock User Guide</p>
  *
  * @throws {@link ServiceQuotaExceededException} (client fault)
  *  <p>Your request exceeds the service quota for your account. You can view your quotas at <a href="https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota.html">Viewing service quotas</a>. You can resubmit your request later.</p>
  *
  * @throws {@link ThrottlingException} (client fault)
- *  <p>Your request was denied due to exceeding the account quotas for <i>Amazon Bedrock</i>. For
- *          troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-throttling-exception">ThrottlingException</a> in the Amazon Bedrock User Guide</p>
+ *  <p>Your request was denied due to exceeding the account quotas for <i>Amazon Bedrock</i>. For troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-throttling-exception">ThrottlingException</a> in the Amazon Bedrock User Guide</p>
  *
  * @throws {@link ValidationException} (client fault)
- *  <p>The input fails to satisfy the constraints specified by <i>Amazon Bedrock</i>. For troubleshooting this error,
- *          see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-validation-error">ValidationError</a> in the Amazon Bedrock User Guide</p>
+ *  <p>The input fails to satisfy the constraints specified by <i>Amazon Bedrock</i>. For troubleshooting this error, see <a href="https://docs.aws.amazon.com/bedrock/latest/userguide/troubleshooting-api-error-codes.html#ts-validation-error">ValidationError</a> in the Amazon Bedrock User Guide</p>
  *
  * @throws {@link BedrockRuntimeServiceException}
  * <p>Base exception class for all service exceptions from BedrockRuntime service.</p>