From 3a4ad7725a28429f25acd3ce630fb43f45ecde1e Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Fri, 2 Feb 2024 10:43:33 -0700 Subject: [PATCH] [Security solution] Update default Bedrock api url (#176090) --- .../pre-configured-connectors.asciidoc | 2 +- .../common/bedrock/constants.ts | 2 +- .../connector_types/bedrock/constants.tsx | 2 +- .../connector_types/bedrock/bedrock.test.ts | 28 ++++++++++++++++--- .../server/connector_types/bedrock/bedrock.ts | 11 +++++++- 5 files changed, 37 insertions(+), 8 deletions(-) diff --git a/docs/management/connectors/pre-configured-connectors.asciidoc b/docs/management/connectors/pre-configured-connectors.asciidoc index 74f18d0283643..b7293b6232190 100644 --- a/docs/management/connectors/pre-configured-connectors.asciidoc +++ b/docs/management/connectors/pre-configured-connectors.asciidoc @@ -147,7 +147,7 @@ xpack.actions.preconfigured: name: preconfigured-bedrock-connector-type actionTypeId: .bedrock config: - apiUrl: https://bedrock.us-east-1.amazonaws.com <1> + apiUrl: https://bedrock-runtime.us-east-1.amazonaws.com <1> defaultModel: anthropic.claude-v2 <2> secrets: accessKey: key-value <3> diff --git a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts index cf0f758a4b066..242447d505218 100644 --- a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts +++ b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts @@ -25,4 +25,4 @@ export enum SUB_ACTION { export const DEFAULT_TOKEN_LIMIT = 8191; export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-v2'; -export const DEFAULT_BEDROCK_URL = `https://bedrock.us-east-1.amazonaws.com` as const; +export const DEFAULT_BEDROCK_URL = `https://bedrock-runtime.us-east-1.amazonaws.com` as const; diff --git a/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx b/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx index 88fc42e004bf8..485394e3d899e 100644 --- a/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx +++ b/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx @@ -39,7 +39,7 @@ export const bedrockConfig: ConfigFieldSchema[] = [ bedrockAPIUrlDocs: ( {`${i18n.BEDROCK} ${i18n.DOCUMENTATION}`} diff --git a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts index a3fd59e0ccc0e..3cd2ad2061ffd 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts @@ -72,7 +72,7 @@ describe('BedrockConnector', () => { Accept: '*/*', 'Content-Type': 'application/json', }, - host: 'bedrock.us-east-1.amazonaws.com', + host: 'bedrock-runtime.us-east-1.amazonaws.com', path: '/model/anthropic.claude-v2/invoke', service: 'bedrock', }, @@ -136,7 +136,7 @@ describe('BedrockConnector', () => { 'Content-Type': 'application/json', 'x-amzn-bedrock-accept': '*/*', }, - host: 'bedrock.us-east-1.amazonaws.com', + host: 'bedrock-runtime.us-east-1.amazonaws.com', path: '/model/anthropic.claude-v2/invoke-with-response-stream', service: 'bedrock', }, @@ -319,7 +319,7 @@ describe('BedrockConnector', () => { ).toEqual(`API Error: Resource Not Found - Resource not found`); }); - it('returns auhtorization error', () => { + it('returns authorization error', () => { const err = { response: { headers: {}, @@ -333,7 +333,27 @@ describe('BedrockConnector', () => { // @ts-expect-error expects an axios error as the parameter expect(connector.getResponseErrorMessage(err)).toEqual( - `Unauthorized API Error - The api key was invalid.` + `Unauthorized API Error: The api key was invalid.` + ); + }); + + it('returns endpoint error', () => { + const err = { + response: { + headers: {}, + status: 400, + statusText: 'Bad Request', + data: { + message: 'The requested operation is not recognized by the service.', + }, + }, + } as AxiosError<{ message?: string }>; + + // @ts-expect-error expects an axios error as the parameter + expect(connector.getResponseErrorMessage(err)).toEqual( + `API Error: The requested operation is not recognized by the service. + +The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.` ); }); }); diff --git a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts index a5fda6a05afa6..f70a592509776 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts @@ -89,9 +89,18 @@ export class BedrockConnector extends SubActionConnector { if (!error.response?.status) { return `Unexpected API Error: ${error.code ?? ''} - ${error.message ?? 'Unknown error'}`; } + if ( + error.response.status === 400 && + error.response?.data?.message === 'The requested operation is not recognized by the service.' + ) { + // Leave space in the string below, \n is not being rendered in the UI + return `API Error: ${error.response.data.message} + +The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.`; + } if (error.response.status === 401) { return `Unauthorized API Error${ - error.response?.data?.message ? ` - ${error.response.data.message}` : '' + error.response?.data?.message ? `: ${error.response.data.message}` : '' }`; } return `API Error: ${error.response?.statusText}${