continuedev / continue

⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
https://docs.continue.dev/
Apache License 2.0
19.72k stars 1.73k forks source link

AWS Bedrock with custom credential process #2186

Open Will-So opened 2 months ago

Will-So commented 2 months ago

Before submitting your bug report

Relevant environment info

- OS: MacOS 14.6
- Continue: 0.0.64
- IDE: Pycharm 2024.2
- Model:Bedrock Sonnet
- config.json:

Description

Big fan of the project! Looks just like what I've been looking for.

When accessing a model via Bedrock using a credential process:

[default]
region=us-west-2
output=json
credential_process = cust_process get 555555555 Admin --json

Results in the following error:

[2024-09-05T04:46:13] CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json /bin/sh: cust_process: command not found

when cust_process is in /usr/local/bin.

If I open PyCharm via the CLI open -a "PyCharm" everything works without problem. Also, the cust_process command works in terminal and various AWS plugins (Q Developer, AWS Toolkit). I tried to do some research how to source Intellij's terminal environment from plugins but didn't have success.

To reproduce

  1. Create a Dummy Credential Process Script:

Create a simple script (e.g., dummy_credential_process.sh) that will act as the external process to provide AWS credentials. This script should output JSON in the format expected by AWS CLI. Make the following in /usr/local/bin/dummy_credential_process.sh


#!/bin/bash

cat <<EOF
{
  "Version": 1,
  "AccessKeyId": "DUMMY_ACCESS_KEY_ID",
  "SecretAccessKey": "DUMMY_SECRET_ACCESS_KEY",
  "SessionToken": "DUMMY_SESSION_TOKEN",
  "Expiration": "$(date -u -d '+15 minutes' +'%Y-%m-%dT%H:%M:%SZ')"
}
EOF

Ensure the script is executable:

chmod +x dummy_credential_process.sh

  1. Configure AWS CLI to Use credential_process:
    [profile dummy]
    region = us-east-1
    credential_process = /path/to/dummy_credential_process.sh
    Replace /path/to/dummy_credential_process.sh with the actual path to your script.
  2. Refer to that in .continue/config.json
  3. Try to ask a question (it will fail)
  4. Open from the terminal that has a PATH set that can execute it and open PyCharm via open -a "PyCharm". This time it should succeed if your AWS credentials are good.

Log output

[2024-09-05T04:46:13] Error running handler for "llm/streamChat":  CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json
/bin/sh: cust_process: command not found

[2024-09-05T04:46:13] CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json
/bin/sh: cust_process: command not found
Patrick-Erichsen commented 2 months ago

Hi @Will-So , thanks for the great writeup here!

cc @sestinj - curious if you've come across other issues of executables in JetBrains not being found.

Open from the terminal that has a PATH set that can execute it and open PyCharm via open -a "PyCharm". This time it should succeed if your AWS credentials are good.

sestinj commented 2 months ago

@Will-So Seems like a potential PATH issue, does using the absolute path in your AWS config file work?

[default]
region=us-west-2
output=json
credential_process = /usr/local/bin/cust_process get 555555555 Admin --json
Will-So commented 2 months ago

Yea that works. Should have thought of that! It's better workaround than opening PyCharm from the terminal so this solves my problem.

I suspect this is still worthwhile fixing though as other plugins I am using have access to my PATH and i imagine it will be the cause of other unexpected behavior.