mirror of https://github.com/openclaw/openclaw.git
019a25e35c
* fix(bedrock): stop injecting fake apiKey marker for aws-sdk auth when no env vars exist When the Bedrock provider uses auth: "aws-sdk" and no AWS environment variables are set (EC2 instance roles, ECS task roles, etc.), resolveAwsSdkApiKeyVarName() fell back to "AWS_PROFILE" unconditionally. This string was injected as apiKey in the provider config during normalisation, which poisoned the downstream auth resolver — it treated the marker as a literal key and failed with "No API key found". The fix: - resolveAwsSdkApiKeyVarName() now returns undefined (not "AWS_PROFILE") when no AWS env vars are present - resolveBedrockConfigApiKey() (extension) gets the same fix - resolveMissingProviderApiKey() guards both the providerApiKeyResolver and direct aws-sdk branches: if the resolver returns nothing, the provider config is returned unchanged (no apiKey injected) - The aws-sdk credential chain then resolves credentials at request time via IMDS/ECS task role/etc. as intended When AWS env vars ARE present (AWS_ACCESS_KEY_ID, AWS_PROFILE, AWS_BEARER_TOKEN_BEDROCK), the marker is still injected correctly. Closes #49891 Closes #50699 Fixes #54274 * test(bedrock): update resolveBedrockConfigApiKey test for undefined return on empty env The test previously expected "AWS_PROFILE" when no env vars are set. Now expects undefined (matching the fix), and adds a separate assertion that AWS_PROFILE is returned when the env var is actually present. * fix(bedrock): lock aws-sdk env marker behavior --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> |
||
|---|---|---|
| .. | ||
| api.ts | ||
| discovery.test.ts | ||
| discovery.ts | ||
| index.test.ts | ||
| index.ts | ||
| openclaw.plugin.json | ||
| package.json | ||
| register.sync.runtime.ts | ||