o ưi@sddlZddlZddlZddlZddlmZddlmZmZm Z m Z m Z m Z m Z mZmZmZddlZddlmZddlmZddlmZddlmZmZmZddlmZdd lmZm Z erkdd l!m"Z"dd l#m$Z$neZ$eZ"Gd d d eZ%Gddde&Z'GdddZ(dS)N)datetime) TYPE_CHECKINGAnyDictListLiteralOptionalTupleUnioncastget_args) BaseModel)verbose_logger) DualCache)#BEDROCK_EMBEDDING_PROVIDERS_LITERAL BEDROCK_INVOKE_PROVIDERS_LITERALBEDROCK_MAX_POLICY_SIZE)tracer) get_secretget_secret_str)AWSPreparedRequest Credentialsc@s*eZdZUeed<eed<eeed<dS)Boto3CredentialsInfo credentialsaws_region_nameaws_bedrock_runtime_endpointN)__name__ __module__ __qualname__r__annotations__strrr"r"X/home/app/Keep/.python/lib/python3.10/site-packages/litellm/llms/bedrock/base_aws_llm.pyr(s rcseZdZfddZZS) AwsAuthErrorcs@||_||_tjddd|_tj||jd|_t|jdS)NPOSTz0https://us-west-2.console.aws.amazon.com/bedrock)methodurl) status_coderequest) r(messagehttpxRequestr)Responseresponsesuper__init__)selfr(r* __class__r"r#r0/szAwsAuthError.__init__)rrrr0 __classcell__r"r"r2r#r$.sr$cseZdZdhfdd ZdideeeeffddZde eeefdefd d Z e           djd eed eed eedeedeedeedeedeedeedeedeeeeffddZ deedeefddZededeefddZededeefddZeded eededefd!d"Zeded#edefd$d%Zed&edefd'd(Zededeefd)d*Z  dkdedeed&eedefd+d,Z dideefd-d.Zed/edeeeeeffd0d1Z didedeeeefdefd2d3Ze  dkdedededeedeedeedeeeefdeeeeffd4d5Z   dld6ededed7ed8edeedeedeeeefdefd9d:Z!   dldeded7edeedeedeeeefdefd;d<Z"d=edeeeeffd>d?Z#e    dmd eed eed eedededeedeedeedeeeefdeeeeffd@dAZ$e dedeeeeffdBdCZ%e d ed ed edeeeeffdDdEZ&e d ed edeedeeeeffdFdGZ'e deeeeffdHdIZ(e defdJdKZ) LdndMeedNeededOee*dPdeeeff dQdRZ+dOee*dPdedefdSdTZ, didedeede-fdUdVZ.e didWededXeedYedZeee/fd[ed\eede0fd]d^Z1d[edefd_d`Z2    dmdae*dbd[ededcedMedeeddeedeeed\eedeeee/ffdfdgZ3Z4S)o BaseAWSLLMreturnNcs t|_tgd|_dS)N) aws_access_key_idaws_secret_access_keyaws_session_tokenraws_session_nameaws_profile_name aws_role_nameaws_web_identity_tokenaws_sts_endpointraws_external_id)r iam_cacher/r0aws_authentication_paramsr1r2r"r#r0<s zBaseAWSLLM.__init__ ssl_verifycCsddlm}||dS)av Get SSL verification setting for boto3 clients. This ensures that custom CA certificates are properly used for all AWS API calls, including STS and Bedrock services. Returns: Union[bool, str]: SSL verification setting - False to disable, True to enable, or a string path to a CA bundle file r)get_ssl_verifyrC)Z&litellm.llms.custom_httpx.http_handlerrD)r1rCrDr"r"r#_get_ssl_verifyMs zBaseAWSLLM._get_ssl_verifycredential_argscCs tj|dd}t|S)zP Generate a unique cache key based on the credential arguments. T) sort_keys)jsondumpshashlibsha256encode hexdigest)r1rGZcredential_strr"r"r# get_cache_key\szBaseAWSLLM.get_cache_keyr7r8r9rr:r;r<r=r>r?c  Cs@||||||||| | g } t| D]6\} }|r-|dr-t|}|dur,t|tr,|| | <q|durF|j| }|tjvrFt || | <q| \ }}}}}}}}} } t d||||||||| | ddt D}||}|j|}|r{|S|dur|dur|dur|j||||| | d\}}n|dur|j|| drt d||\}}nht d |durd tt}|j||||||| | | d \}}nC|dur||\}}n7|dur|dur|dur|j|||d \}}n |dur|dur|dur|j|||d \}}n|\}}|jj|||d|S)z3 Return a boto3.Credentials object z os.environ/Nzin get credentials aws_access_key_id=%s aws_secret_access_key=%s aws_session_token=%s aws_region_name=%s aws_session_name=%s aws_profile_name=%s aws_role_name=%s aws_web_identity_token=%s aws_sts_endpoint=%s aws_external_id=%scSs(i|]\}}|ds|dkr||qS)Zaws_rC) startswith).0kvr"r"r# sz.BaseAWSLLM.get_credentials..)r=r<r:rr>r?rEzr?rCr7r8r9)r7r8r)ttl) enumeraterPr isinstancer!rAupperosenvirongetenvrdebuglocalsitemsrOr@Z get_cache_auth_with_web_identity_token_is_already_running_as_role_auth_with_env_varsintrnow timestamp_auth_with_aws_role_auth_with_aws_profile_auth_with_aws_session_token$_auth_with_access_key_and_secret_keyZ set_cache)r1r7r8r9rr:r;r<r=r>r?rCZparams_to_checkiparam_vkeyargs cache_keyZ_cached_credentialsrZ _cache_ttlr"r"r#get_credentialsds            zBaseAWSLLM.get_credentialsmodelcCsbz&t|tr d|vr WdS|d}t|dkrWdS|d}|s$WdS|WSty0YdSw)Nzarn:aws:bedrock:)rXr!splitlen Exception)r1rqpartsregionr"r"r#_get_aws_region_from_model_arns   z)BaseAWSLLM._get_aws_region_from_model_arn model_pathcCs8|d}t|dkr|d}|ttvrtt|SdS)at Helper function to get the provider from a model path with format: provider/model-name Args: model_path (str): The model path (e.g., 'llama/arn:aws:bedrock:us-east-1:086734376398:imported-model/r4c4kewx2s0n' or 'anthropic/model-name') Returns: Optional[str]: The provider name, or None if no valid provider found /rN)rurvr rr )r{rxproviderr"r"r#_get_provider_from_model_path$s   z(BaseAWSLLM._get_provider_from_model_pathcCs|dr |ddd}d|vrdttvrttdS|dd}|ttvr/tt|St|}|dur:|SttD] }||vrH|Sq>dS)a Helper function to get the bedrock provider from the model handles 3 scenarions: 1. model=invoke/anthropic.claude-3-5-sonnet-20240620-v1:0 -> Returns `anthropic` 2. model=anthropic.claude-3-5-sonnet-20240620-v1:0 -> Returns `anthropic` 3. model=llama/arn:aws:bedrock:us-east-1:086734376398:imported-model/r4c4kewx2s0n -> Returns `llama` 4. model=us.amazon.nova-pro-v1:0 -> Returns `nova` invoke/r}nova.rN) rPreplacelowerr rr rur5r)rqZ _split_modelr~r"r"r#get_bedrock_invoke_provider8s        z&BaseAWSLLM.get_bedrock_invoke_provideroptional_paramsr~cCsV|dd}|durtj|d}n|}|ddd}|dkr+d|vr+tj|dd}|S|d kr|d}t|dkr/|d}|ttvr/tt|S|d}|ttvr>tt|SttD] }||vrOtt|SqBdS)a Helper function to get the bedrock embedding provider from the model Handles scenarios like: 1. model=cohere.embed-english-v3:0 -> Returns `cohere` 2. model=amazon.titan-embed-text-v1 -> Returns `amazon` 3. model=amazon.nova-2-multimodal-embeddings-v1:0 -> Returns `nova` 4. model=us.twelvelabs.marengo-embed-2-7-v1:0 -> Returns `twelvelabs` 5. model=twelvelabs.marengo-embed-2-7-v1:0 -> Returns `twelvelabs` rrr}rN)rr rr rurv)rqrxZpotential_providerr~r"r"r#get_bedrock_embedding_providers*          z)BaseAWSLLM.get_bedrock_embedding_providerc Cs|dd}|durA|dur||}n||}tdd}|dur-|dur-t|tr-|}tdd}|durA|durAt|trA|}|dur~z,ddl}td |}Wdn1s^wY|j } | rm| }W|Sd}W|St y}d}Y|Sw|S)ar Get the AWS region name from the environment variables. Parameters: optional_params (dict): Optional parameters for the model call model (str): The model name model_id (str): The model ID. This is the ARN of the model, if passed in as a separate param. Returns: str: The AWS region name rNAWS_REGION_NAME AWS_REGIONrboto3.Session() us-west-2) getrzrrXr!boto3rtraceSession region_namerw) r1rrqrrlitellm_aws_region_namestandard_aws_region_namersessionZconfigured_regionr"r"r#_get_aws_region_namesD        zBaseAWSLLM._get_aws_region_namecCsX|dur*tdd}|durt|tr|}tdd}|dur$t|tr$|}|dur*d}|S)a Get the AWS region name for non-llm api calls. LLM API calls check the model arn and end up using that as the region name. For non-llm api calls eg. Guardrails, Vector Stores we just need to check the dynamic param or env vars. Nrrr)rrXr!)r1rrrr"r"r#)get_aws_region_name_for_non_llm_api_calls s    z4BaseAWSLLM.get_aws_region_name_for_non_llm_api_callsarncCs|d}t|dks|ddkrdS|d}|d}d|dd}|d r1|d d }n|d rH|d }t|d krF|d}ndSdS|||fS)a? Parse an ARN and return (partition, account_id, role_name). Handles: - arn:aws:iam::123456789012:role/MyRole - arn:aws:iam::123456789012:role/path/to/MyRole - arn:aws:sts::123456789012:assumed-role/MyRole/session-name Returns None if the ARN cannot be parsed. rrrrNr}rszrole/r|z assumed-role/r)rurvjoinrP)rrx partitionZ account_idresourceZ role_nameZ role_partsr"r"r# _parse_arn_account_and_role_name*s       z+BaseAWSLLM._parse_arn_account_and_role_namec Cs4||}|dur dS|\}}}td}td}|r"|r"||kSz\ddl} td| jd||d} | } | d d } Wdn1sKwY|| } | durs| \}}}||krv||kry||kr|t d |Wd SWdSWdSWdSWdSt y}zt d t |WYd}~dSd}~ww)ay Check if the current environment is already running as the target IAM role. This handles multiple AWS environments: - IRSA (EKS): AWS_ROLE_ARN + AWS_WEB_IDENTITY_TOKEN_FILE are set - ECS task roles: Uses sts:GetCallerIdentity to check current role ARN - EC2 instance profiles: Uses sts:GetCallerIdentity to check current role ARN Compares partition, account ID, and role name to avoid cross-account false matches. Returns True if the current identity matches the target role, meaning we can skip sts:AssumeRole and use ambient credentials directly. NF AWS_ROLE_ARNAWS_WEB_IDENTITY_TOKEN_FILErz%boto3.client(sts).get_caller_identitysts)verifyArnrz0Current identity already matches target role: %sTz-Could not determine current role identity: %s)rrZr\rrrclientrFget_caller_identityrrr]rwr!)r1r<rCZ target_parsedZtarget_partitionZtarget_accountZ target_roleZcurrent_role_arnweb_identity_token_filer sts_clientidentityZ caller_arnZ caller_parsedZcaller_partitionZcaller_accountZ caller_roleer"r"r#raPsV         z&BaseAWSLLM._is_already_running_as_rolecCs`ddl}td|d|d||durd|d} n|} t|} | dur-tdd d td |jd || ||d } Wdn1sIwY||| ddd} |dur^|| d<| j di| } | dd| dd| dd|d}| dt krt d| dtd|j di|}Wdn1swY| }||fS)z: Authenticate with AWS Web Identity Token rNzIN Web Identity Token: z | Role Name: z | Session Name: z https://sts..amazonaws.comz6OIDC token could not be retrieved from secret manager.i)r*r(boto3.client(sts)r)r endpoint_urlria{"Version":"2012-10-17","Statement":[{"Sid":"BedrockLiteLLM","Effect":"Allow","Action":["bedrock:InvokeModel","bedrock:InvokeModelWithResponseStream"],"Resource":"*","Condition":{"Bool":{"aws:SecureTransport":"true"},"StringLike":{"aws:UserAgent":"litellm/*"}}}]})RoleArnRoleSessionNameWebIdentityTokenZDurationSecondsPolicy ExternalIdr AccessKeyIdSecretAccessKey SessionToken)r7r8r9rZPackedPolicySizezKThe policy size is greater than 75% of the allowed size, PackedPolicySize: zboto3.Session(**iam_creds_dict)r")rrr]rr$rrrrFassume_role_with_web_identityrwarningrrp&_get_default_ttl_for_boto3_credentials)r1r=r<r:rr>r?rCrZ sts_endpointZ oidc_tokenrassume_role_params sts_responseZiam_creds_dictrZ iam_credsr"r"r#r`sX          z(BaseAWSLLM._auth_with_web_identity_token irsa_role_arnryrc  Csddl} tdt|d} | } Wdn1swY|||d} |dur4|| d<td| j di| } Wdn1sLwYtd |d || j ||| d }|d }td | j d|d|d|dd| }Wdn1swYz| }td| ddWnt y}ztd|WYd}~nd}~wwtd|d|||d}|dur||d<|jdi|S)z.Handle cross-account role assumption for IRSA.rNz&Cross-account role assumption detectedrrrrz!boto3.client(sts) for manual IRSArzManually assuming IRSA role z with session )rrrrz.boto3.client(sts) with manual IRSA credentialsrrrrUz/Current identity after manual IRSA assumption: runknownFailed to get caller identity: z"Attempting to assume target role:  with session: rrrrr")rrr]openreadstriprFrrrrrrrw assume_role)r1rr<r:ryrr?r>rCrfZweb_identity_tokenirsa_sts_kwargsrZ irsa_responseZ irsa_credsZsts_client_with_credscaller_identityrrr"r"r#_handle_irsa_cross_accountsb     z%BaseAWSLLM._handle_irsa_cross_accountc Csddl}|||d}|dur||d<tdtd|jdi|} Wdn1s1wYz| } td| d d Wnt yb} ztd | WYd} ~ nd} ~ wwtd |d |||d} |dur{|| d<| j di| S)z-Handle same-account role assumption for IRSA.rNrrz2Same account role assumption, using automatic IRSAz%boto3.client(sts) with automatic IRSArzCurrent IRSA identity: rrrzAttempting to assume role: rrrrr") rrFrr]rrrrrrwr) r1r<r:ryr?r>rCrrrrrrr"r"r#_handle_irsa_same_account%s4   z$BaseAWSLLM._handle_irsa_same_accountrcCsVddlm}|d}||d|d|dd}|d}t|t|j}||fS) z.Extract credentials and TTL from STS response.rrrrrrZ access_keyZ secret_keytoken Expiration)botocore.credentialsrrcrrdtzinfo total_seconds)r1rrsts_credentialsrZexpiration_timerVr"r"r#_extract_credentials_and_ttlQs z'BaseAWSLLM._extract_credentials_and_ttlc  Csddl} ddlm} td} td} |ptdptd}| r| r|dur|durtd| z'|p8d }|| krK|j| |||| ||| d }n |j|||||| d }| |WSt y}z!td |d t |vrd t |vrt d|d|dd}~wwd| | i}|dur||d<|dur||d<|dur|durtd| jd#i|}Wdn1swYn"td| j d#|||d|}Wdn1swY||d}|dur||d<z |jd$i|}Wn7t y6}z*t |}d |vr1|j|| dr*td|||WYd}~St d||d}~ww|d}| |d|d|dd }|d!}t|j}||d"}||fS)%z, Authenticate with AWS Role rNrrrrZAWS_DEFAULT_REGIONz-IRSA detected: using web identity token from z us-east-1)r>rCz Failed to assume role via IRSA: Z AccessDeniedz,is not authorized to perform: sts:AssumeRolez)Access denied when trying to assume role z$. Please ensure the trust policy of zV allows the current role to assume it. Current identity: check logs with verbose mode.rrrrrrUrrrEzkAssumeRole failed for %s (%s). Caller is already running as this role; falling back to ambient credentials.zUAssumeRole AccessDenied for %s and caller is NOT the same role. Re-raising. Error: %srrrrrr<rr")rrrrZr\rr]rrrrwr!errorrFrrrrrarrbrrdrr)r1r7r8r9r<r:rr>r?rCrrrrryrrZsts_client_kwargsrrZ error_strrrZ sts_expiry current_timeZsts_ttlr"r"r#rfes           zBaseAWSLLM._auth_with_aws_rolecCsNddl}td|j|d}|dfWdS1s wYdS)z/ Authenticate with AWS profile rNz,boto3.Session(profile_name=aws_profile_name))Z profile_namerrrrrp)r1r;rrr"r"r#rgs    $z!BaseAWSLLM._auth_with_aws_profilecCs"ddlm}||||d}|dfS)z5 Authenticate with AWS Session Token rrrN)rr)r1r7r8r9rrr"r"r#rh s z'BaseAWSLLM._auth_with_aws_session_tokencCsVddl}td|j|||d}Wdn1swY|}||fS)zA Authenticate with AWS Access Key and Secret Key rNz|boto3.Session(aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, region_name=aws_region_name))r7r8r)rrrrrpr)r1r7r8rrrrr"r"r#ri"s  z/BaseAWSLLM._auth_with_access_key_and_secret_keycCsNddl}td|}|}|dfWdS1s wYdS)z= Authenticate with AWS Environment Variables rNrr)r1rrrr"r"r#rb;s  $zBaseAWSLLM._auth_with_env_varscCsdS)zj Get the default TTL for boto3 credentials Returns `3600-60` which is 59 minutes i r"rBr"r"r#rGsz1BaseAWSLLM._get_default_ttl_for_boto3_credentialsruntimeapi_baser endpoint_type)ragent agentcorecCstd}|dur |}n|durt|tr|}n|r!t|tr!|}n|j||d}|dur7t|tr7|}||fS|rDt|trD|}||fS|}||fS)NZAWS_BEDROCK_RUNTIME_ENDPOINT)rr)rrXr!_select_default_endpoint_url)r1rrrrZ env_aws_bedrock_runtime_endpointrZproxy_endpoint_urlr"r"r#get_runtime_endpointPs6  zBaseAWSLLM.get_runtime_endpointcCs4|dkr d|dS|dkrd|dSd|dS)z Select the default endpoint url based on the endpoint type Default endpoint url is https://bedrock-runtime.{aws_region_name}.amazonaws.com rzhttps://bedrock-agent-runtime.rrzhttps://bedrock-agentcore.zhttps://bedrock-runtime.r")r1rrr"r"r#rvs    z'BaseAWSLLM._select_default_endpoint_urlc Cszddlm}Wn tytdw|dd}|dd}|dd}|||}|dd|d d}|d d} |d d} |d d} |d d} |dd} |dd}|j||||| | || | |d }t||| dS)z Get boto3 credentials from optional params Args: optional_params (dict): Optional parameters for the model call Returns: Credentials: Boto3 credentials object rr7Missing boto3 to call bedrock. Run 'pip install boto3'.r8Nr7r9rr<r:r;r=r>rr? r7r8r9rr:r;r<r=r>r?)rrr)rr ImportErrorrrrpr)r1rrqrr8r7r9rr<r:r;r=r>rr?rr"r"r#*_get_boto_credentials_from_optional_paramssH              z5BaseAWSLLM._get_boto_credentials_from_optional_paramsr extra_headersrdataheadersapi_keycCs |dur|}ntd}|r1zddlm} Wn ty tdwd||d<| d|||d} nOzdd lm} ddlm} Wn tyJtdw||} | |d |} | d||| d} | | |D] \}}|| j |<qg|durd|vr|d| j d<| }|S) NAWS_BEARER_TOKEN_BEDROCKr AWSRequestrBearer Authorizationr%r&r'rr SigV4Authbedrock) rbotocore.awsrequestrr botocore.authr!_filter_headers_for_aws_signatureadd_authr_rprepare)r1rrrrrrraws_bearer_tokenrr)raws_signature_headerssigv4 header_name header_valueZpreppedr"r"r#get_request_headerssL        zBaseAWSLLM.get_request_headerscCsNi}hd}|D]\}}|}||vs |ds |dr$|||<q |S)z Filter headers to only include those that AWS SigV4 includes in signature calculation. This Fixes forwarded client headers from breaking the signature calculation. > hostz x-amz-datedatezx-amz-signaturezx-amz-signedheaderszx-amz-credentialzx-amz-content-sha256zx-amz-algorithmzx-amz-security-tokenz content-typezx-amz-zx-amzn-)r_rrP)r1rrZ aws_headersrrZ header_lowerr"r"r#rs z,BaseAWSLLM._filter_headers_for_aws_signature service_name)rZ sagemakerzbedrock-agentcoreZ s3vectors request_datastream fake_streamc  Cs| dur| } ntd} | r%|pi}d|d<d| |d<|t|fSzddlm} dd lm} dd lm } Wn t yDt d w| d d}| d d}| dd}| dd}| dd}| dd}| dd}| dd}| dd}|j ||d}|j ||||||||||d }| |||}|durddi|}nddi}||}| d|t||d}||t|j}|D]\}}|||<q|durd|vr|d|d<||jfS)z Sign a request for Bedrock or Sagemaker Returns: Tuple[dict, Optional[str]]: A tuple containing the headers and the json str body of the request Nrzapplication/jsonz Content-Typerrrrrrrr8r7r9r<r:r;r=r>r?)rrqrr%r)rrIrJrMrrrrrrrrrrprrdictrr_body)r1r rrr rrqr r rrrrrr8r7r9r<r:r;r=r>r?rrrrr)Zrequest_headers_dictrrr"r"r# _sign_requestsr                   zBaseAWSLLM._sign_request)r6N)N) NNNNNNNNNNN)NN)NNN)NNNN)r)5rrrr0rr boolr!rFrrOrwraprprz staticmethodrrrr rrrrrrrr rrarrcr`rrrrfrgrhrirbrrrrrrbytesrrrrr4r"r"r2r#r5;s\    +  # 2    / <  ( ? Q  P ,             &   4   ;%   r5))rKrIrZ urllib.parserrtypingrrrrrrr r r r r+Zpydanticr Zlitellm._loggingrZlitellm.caching.cachingrZlitellm.constantsrrrZ%litellm.litellm_core_utils.dd_tracingrZlitellm.secret_managers.mainrrrrrrrrwr$r5r"r"r"r#s* 0