github/cline
7
0
Fork 0
mirror of https://github.com/cline/cline.git synced 2025-06-03 03:59:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bedrock): resolve AWS credential caching issue with Identity Manager (#3936)

Browse Source 
* fix(bedrock): resolve AWS credential caching issue with Identity Manager

- Add ignoreCache option for profile-based authentication to detect external credential file changes
- Implement smart caching for manual credentials with 5-minute TTL to maintain performance
- Add configuration hash-based cache invalidation for manual credential changes
- Add invalidateCredentialCache() method for error recovery scenarios

Fixes issue where AWS Identity Manager credential updates were not detected,
requiring extension restart. Profile-based authentication now always reads
fresh credentials while manual credentials maintain performance through caching.

Resolves credential refresh issues reported by users using AWS Identity Manager
with role-based authentication workflows.

* Potential fix for code scanning alert no. 66: Use of a broken or weak cryptographic algorithm

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* merge conflict

* updated to fixe the original medrock issue

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Daniel Steigman 2025-05-30 19:11:20 -07:00 committed by GitHub
parent 80f67c3c89
commit 6626124bef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.changeset/fix-bedrock-cache.md Normal file
View File

@ -0,0 +1,7 @@
---
"claude-dev": patch
---
fix(bedrock): Use ignoreCache for profile-based AWS credential loading
Ensures that AWS Bedrock provider always fetches fresh credentials when using IAM profiles by setting `ignoreCache: true` for `fromNodeProviderChain`. This resolves issues where externally updated credentials (e.g., by AWS Identity Manager) were not detected by Cline, requiring an extension restart. Manual credential handling remains unchanged.

13
src/api/providers/bedrock.ts
View File

@ -223,8 +223,19 @@ export class AwsBedrockHandler implements ApiHandler {
secretAccessKey: string
sessionToken?: string
}> {
// Configure provider options
const providerOptions: any = {}
if (this.options.awsUseProfile) {
// For profile-based auth, always use ignoreCache to detect credential file changes
// This solves the AWS Identity Manager issue where credential files change externally
providerOptions.ignoreCache = true
if (this.options.awsProfile) {
providerOptions.profile = this.options.awsProfile
}
}
// Create AWS credentials by executing an AWS provider chain
const providerChain = fromNodeProviderChain()
const providerChain = fromNodeProviderChain(providerOptions)
return await AwsBedrockHandler.withTempEnv(
() => {
AwsBedrockHandler.setEnv("AWS_REGION", this.options.awsRegion)