ToothFairyAI_Public/tf_code
1
0
Fork 0
mirror of https://gitea.toothfairyai.com/ToothFairyAI/tf_code.git synced 2026-04-06 16:59:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(opencode): add AWS Web Identity Token File support for Bedrock (#8461)

Browse Source
This commit is contained in:
Jacopo Binosi
2026-01-14 17:20:47 +01:00
committed by GitHub
parent 9d92ae7530
commit 3a9e6b558c
4 changed files with 97 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/opencode/src/cli/cmd/auth.ts
View File

@@ -338,9 +338,9 @@ export const AuthLoginCommand = cmd({
prompts.log.info(
"Amazon Bedrock authentication priority:\n" +
" 1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
" 2. AWS credential chain (profile, access keys, IAM roles)\n\n" +
" 2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
"Configure via opencode.json options (profile, region, endpoint) or\n" +
"AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID).",
"AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_WEB_IDENTITY_TOKEN_FILE).",
)
}

19
packages/opencode/src/provider/provider.ts
View File

@@ -197,16 +197,23 @@ export namespace Provider {
return undefined
})
if (!profile && !awsAccessKeyId && !awsBearerToken) return { autoload: false }
const awsWebIdentityTokenFile = Env.get("AWS_WEB_IDENTITY_TOKEN_FILE")
const { fromNodeProviderChain } = await import(await BunProc.install("@aws-sdk/credential-providers"))
// Build credential provider options (only pass profile if specified)
const credentialProviderOptions = profile ? { profile } : {}
if (!profile && !awsAccessKeyId && !awsBearerToken && !awsWebIdentityTokenFile) return { autoload: false }
const providerOptions: AmazonBedrockProviderSettings = {
region: defaultRegion,
credentialProvider: fromNodeProviderChain(credentialProviderOptions),
}
// Only use credential chain if no bearer token exists
// Bearer token takes precedence over credential chain (profiles, access keys, IAM roles, web identity tokens)
if (!awsBearerToken) {
const { fromNodeProviderChain } = await import(await BunProc.install("@aws-sdk/credential-providers"))
// Build credential provider options (only pass profile if specified)
const credentialProviderOptions = profile ? { profile } : {}
providerOptions.credentialProvider = fromNodeProviderChain(credentialProviderOptions)
}
// Add custom endpoint if specified (endpoint takes precedence over baseURL)