From 9b45d627d51d338cee5954d14ed2aa77ad264d76 Mon Sep 17 00:00:00 2001 From: Ken Jiang Date: Fri, 27 Feb 2026 14:03:05 -0500 Subject: [PATCH 1/2] add asssume role bedrock --- packages/proxy/schema/secrets.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/proxy/schema/secrets.ts b/packages/proxy/schema/secrets.ts index 3733cf35..f1e6a3a7 100644 --- a/packages/proxy/schema/secrets.ts +++ b/packages/proxy/schema/secrets.ts @@ -40,10 +40,11 @@ const BedrockMetadataSchemaBase = BaseMetadataSchema.merge( z.object({ region: z.string().min(1, "Region cannot be empty"), auth_type: z - .enum(["iam_credentials", "api_key"]) + .enum(["iam_credentials", "api_key", "assume_role"]) .default("iam_credentials"), access_key: z.string().nullish(), session_token: z.string().nullish(), + external_id: z.string().nullish(), api_base: z.union([z.string().url(), z.string().length(0)]).nullish(), }), ).strict(); From d09486f4c2df345094556ebf0dcedb54d002cafe Mon Sep 17 00:00:00 2001 From: Ken Jiang Date: Tue, 3 Mar 2026 11:32:18 -0500 Subject: [PATCH 2/2] put role arn in metadata --- packages/proxy/schema/secrets.ts | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/packages/proxy/schema/secrets.ts b/packages/proxy/schema/secrets.ts index f1e6a3a7..808632ce 100644 --- a/packages/proxy/schema/secrets.ts +++ b/packages/proxy/schema/secrets.ts @@ -45,13 +45,15 @@ const BedrockMetadataSchemaBase = BaseMetadataSchema.merge( access_key: z.string().nullish(), session_token: z.string().nullish(), external_id: z.string().nullish(), + role_arn: z.string().nullish(), api_base: z.union([z.string().url(), z.string().length(0)]).nullish(), }), ).strict(); export const BedrockMetadataSchema = BedrockMetadataSchemaBase; export const BedrockMetadataSchemaWithAuth = BedrockMetadataSchemaBase.superRefine((data, ctx) => { - if ((data.auth_type ?? "iam_credentials") === "iam_credentials") { + const authType = data.auth_type ?? "iam_credentials"; + if (authType === "iam_credentials") { if (!data.access_key) { ctx.addIssue({ code: z.ZodIssueCode.custom, @@ -60,6 +62,22 @@ export const BedrockMetadataSchemaWithAuth = }); } } + if (authType === "assume_role") { + if (!data.external_id?.trim()) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "External ID is required for assume role", + path: ["external_id"], + }); + } + if (!data.role_arn?.trim()) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Role ARN is required for assume role", + path: ["role_arn"], + }); + } + } }); export type BedrockMetadata = z.infer;