Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security solution] Update default Bedrock api url #176090

Merged
merged 4 commits into from
Feb 2, 2024
Merged

[Security solution] Update default Bedrock api url #176090

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cf83fac
fix and test
stephmilovic Feb 1, 2024
c6810bc
fix message
stephmilovic Feb 1, 2024
d9f9fca
Merge branch 'main' into bedrock_runtime
kibanamachine Feb 2, 2024
19e36bf
Merge branch 'main' into bedrock_runtime
kibanamachine Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/management/connectors/pre-configured-connectors.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ xpack.actions.preconfigured:
name: preconfigured-bedrock-connector-type
actionTypeId: .bedrock
config:
apiUrl: https://bedrock.us-east-1.amazonaws.com <1>
apiUrl: https://bedrock-runtime.us-east-1.amazonaws.com <1>
defaultModel: anthropic.claude-v2 <2>
secrets:
accessKey: key-value <3>
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/stack_connectors/common/bedrock/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,4 @@ export enum SUB_ACTION {
export const DEFAULT_TOKEN_LIMIT = 8191;
export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-v2';

export const DEFAULT_BEDROCK_URL = `https://bedrock.us-east-1.amazonaws.com` as const;
export const DEFAULT_BEDROCK_URL = `https://bedrock-runtime.us-east-1.amazonaws.com` as const;
2 changes: 1 addition & 1 deletion x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ export const bedrockConfig: ConfigFieldSchema[] = [
bedrockAPIUrlDocs: (
<EuiLink
data-test-subj="bedrock-api-doc"
href="https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html"
href="https://docs.aws.amazon.com/general/latest/gr/bedrock.html"
target="_blank"
>
{`${i18n.BEDROCK} ${i18n.DOCUMENTATION}`}
Expand Down
28 changes: 24 additions & 4 deletions x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ describe('BedrockConnector', () => {
Accept: '*/*',
'Content-Type': 'application/json',
},
host: 'bedrock.us-east-1.amazonaws.com',
host: 'bedrock-runtime.us-east-1.amazonaws.com',
path: '/model/anthropic.claude-v2/invoke',
service: 'bedrock',
},
Expand Down Expand Up @@ -136,7 +136,7 @@ describe('BedrockConnector', () => {
'Content-Type': 'application/json',
'x-amzn-bedrock-accept': '*/*',
},
host: 'bedrock.us-east-1.amazonaws.com',
host: 'bedrock-runtime.us-east-1.amazonaws.com',
path: '/model/anthropic.claude-v2/invoke-with-response-stream',
service: 'bedrock',
},
Expand Down Expand Up @@ -319,7 +319,7 @@ describe('BedrockConnector', () => {
).toEqual(`API Error: Resource Not Found - Resource not found`);
});

it('returns auhtorization error', () => {
it('returns authorization error', () => {
const err = {
response: {
headers: {},
Expand All @@ -333,7 +333,27 @@ describe('BedrockConnector', () => {

// @ts-expect-error expects an axios error as the parameter
expect(connector.getResponseErrorMessage(err)).toEqual(
`Unauthorized API Error - The api key was invalid.`
`Unauthorized API Error: The api key was invalid.`
);
});

it('returns endpoint error', () => {
const err = {
response: {
headers: {},
status: 400,
statusText: 'Bad Request',
data: {
message: 'The requested operation is not recognized by the service.',
},
},
} as AxiosError<{ message?: string }>;

// @ts-expect-error expects an axios error as the parameter
expect(connector.getResponseErrorMessage(err)).toEqual(
`API Error: The requested operation is not recognized by the service.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems slightly weird to have an multi-line error message - or at least non-standard. I would guess that in some environments (writing to the Kibana log) these will get removed/replaced - for instance, in the server log connector, we replace "\n" with "; ".

Does it need to be multi-line?

Copy link
Contributor Author

@stephmilovic stephmilovic Feb 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't need to, it just looks nicer in the assistant. If you look at the screenshots in the description, you can see it puts it all in one line anyways on the Test connector err message and it looks fine when that happens, so it shouldn't matter. I have a comment about it in the code. Is this ok?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect it will be fine, but as it's not what we typically do (AFAIK), there could be some unintended side effects - I would guess in UX's. Have you checked what this looks like in the Kibana logs as displayed in cloud log viewers? I don't >think< it will split this into multiple log documents ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so either, but will deploy this branch to double check

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One document, keeps the space:

Screenshot 2024-02-02 at 10 11 24 AM


The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.`
);
});
});
Expand Down
11 changes: 10 additions & 1 deletion x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,18 @@ export class BedrockConnector extends SubActionConnector<Config, Secrets> {
if (!error.response?.status) {
return `Unexpected API Error: ${error.code ?? ''} - ${error.message ?? 'Unknown error'}`;
}
if (
error.response.status === 400 &&
error.response?.data?.message === 'The requested operation is not recognized by the service.'
) {
// Leave space in the string below, \n is not being rendered in the UI
return `API Error: ${error.response.data.message}

The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.`;
}
if (error.response.status === 401) {
return `Unauthorized API Error${
error.response?.data?.message ? ` - ${error.response.data.message}` : ''
error.response?.data?.message ? `: ${error.response.data.message}` : ''
}`;
}
return `API Error: ${error.response?.statusText}${
Expand Down