h>1dZddlZddlZddlmZmZmZddlZddlZddl m Z ddl m Z ddl mZmZddlmZddlmZd d lmZGd d e eZy) a This is a file for the AWS Secret Manager Integration Handles Async Operations for: - Read Secret - Write Secret - Delete Secret Relevant issue: https://github.com/BerriAI/litellm/issues/1883 Requires: * `os.environ["AWS_REGION_NAME"], * `pip install boto3>=1.28.57` N)AnyOptionalUnion)verbose_logger) BaseAWSLLM)_get_httpx_clientget_async_httpx_client)KeyManagementSystem)httpxSpecialProvider)BaseSecretManagerc.eZdZdZedZedeefdZ dde dee dee e e jfd ee d ee f d Z dde dee dee e e jfd ee d ee f d Zd ee d e fdZde d e d ee fdZde d e d ee fdZ dde de dee dee dee e e jfd e f dZ dde deedee dee e e jfd e f dZ dde de dee dee dee d ee eeff dZy)AWSSecretsManagerV2c \tj|fi|tj|fi|y)N)r __init__r)selfkwargss i/var/www/Befach/backend/env/lib/python3.12/site-packages/litellm/secret_managers/aws_secret_manager_v2.pyrzAWSSecretsManagerV2.__init__$s(""4262D+F+c>dtjvr tdy)NAWS_REGION_NAMEz7Missing required environment variable - AWS_REGION_NAME)osenviron ValueError)clss rvalidate_environmentz(AWSSecretsManagerV2.validate_environment(s BJJ .VW W /ruse_aws_secret_managerc||dury |j|t_tjt_y#t $r}|d}~wwxYw)z Initialize AWSSecretsManagerV2 and sets litellm.secret_manager_client = AWSSecretsManagerV2() and litellm._key_management_system = KeyManagementSystem.AWS_SECRET_MANAGER NF)rlitellmsecret_manager_clientr AWS_SECRET_MANAGER_key_management_system Exception)rres rload_aws_secret_managerz+AWSSecretsManagerV2.load_aws_secret_manager-sS " )-Cu-L    $ $ &,/EG )-@-S-SG * G s9A A AAN secret_nameoptional_paramstimeoutprimary_secret_namereturncK|r|j||d{S|jd||\}}}ttjd|i} |j |||j dd{} | j| jd S77)#tj$r td t$r*} tjd |t| Yd} ~ yd} ~ wwxYww) z Async function to read a secret from AWS Secrets Manager Returns: str: Secret value Raises: ValueError: If the secret is not found or an HTTP error occurs r&r)NGetSecretValueactionr&r'r( llm_providerparamsutf-8urlheadersdata SecretStringTimeout error occurred6Error reading secret='%s' from AWS Secrets Manager: %s)%async_read_secret_from_primary_secret_prepare_requestr r SecretManagerpostdecoderaise_for_statusjsonhttpxTimeoutExceptionrr#r exceptionstr) rr&r'r(r) endpoint_urlr6body async_clientresponser$s rasync_read_secretz%AWSSecretsManagerV2.async_read_secret<s CC'=PD '+&;&;##+'<' # gt .-;;w' ).. ' G8L/H  % % '==?>2 2)  %% 756 6   $ $HA     sKC;B$9C;&B(<B&=&B(#C;&B((&C8 C3.C;3C88C;c |dvrtj|S|r|j||S|jd||\}}}t d|i} |j |||j d} | jd S#tj$r td tj$r\} tjd |t| jj t| jj"Yd } ~ y d } ~ wt$$r*} tjd |t| Yd } ~ y d } ~ wwxYw)z Sync function to read a secret from AWS Secrets Manager Done for backwards compatibility with existing codebase, since get_secret is a sync function )AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYr AWS_REGIONAWS_BEDROCK_RUNTIME_ENDPOINTr,r-r.r()r2r3r4r8r9z:Error reading secret='%s' from AWS Secrets Manager: %s, %sNr:)rgetenv$sync_read_secret_from_primary_secretr<rr>r?rArBrCrHTTPStatusErrorrrDrErItext status_coder#) rr&r'r(r)rFr6rG sync_clientrIr$s rsync_read_secretz$AWSSecretsManagerV2.sync_read_secretks[   99[) ) <<'=P= '+&;&;##+'<' # gt (w'  "'' ' G8L(H==?>2 2%% 756 6$$   $ $LAJJOO$AJJ**+       $ $HA     s%5B 0E (>+)?) # #'"<"<=T"U&**;77 # sA?'A secret_value descriptionc Kddl}||d}|r||d<t|j|d<|jd||||\}} } t t j d|i } | j|| | jd  d{} | j| jS7$#tj$r'} td | jjd} ~ wtj $r td wxYww)a] Async function to write a secret to AWS Secrets Manager Args: secret_name: Name of the secret secret_value: Value to store (can be a JSON string) description: Optional description for the secret optional_params: Additional AWS parameters timeout: Request timeout rN)Namer8 DescriptionClientRequestToken CreateSecret)r/r&rbr' request_datar(r0r3r4HTTP error occurred: r9)uuidrEuuid4r<r r r=r>r?r@rArBrRrrIrSrC)rr&rbrcr'r(rkr7rFr6rGrHrIerrs rasync_write_secretz&AWSSecretsManagerV2.async_write_secrets $ $\B "-D %(%6 !"&*&;&;!#%+ '<' # gt.-;;w' 7).. ' G8L/H  % % '==? "  $$ J4S\\5F5F4GHI I%% 756 6 7s<A$D'&B4 B2#B41D2B44D "C))"D  Drecovery_window_in_dayscK||d}|jd|||\}}}ttjd|i} | j |||j dd{} | j | jS7$#tj$r'} td | jjd} ~ wtj$r td wxYww) a Async function to delete a secret from AWS Secrets Manager Args: secret_name: Name of the secret to delete recovery_window_in_days: Number of days before permanent deletion (default: 7) optional_params: Additional AWS parameters timeout: Request timeout Returns: dict: Response from AWS Secrets Manager containing deletion details )SecretIdRecoveryWindowInDays DeleteSecret)r/r&r'rir(r0r3r4Nrjr9)r<r r r=r>r?r@rArBrRrrIrSrC) rr&ror'r(r7rFr6rGrHrIrms rasync_delete_secretz'AWSSecretsManagerV2.async_delete_secrets*$$;  '+&;&;!#+ '<' # gt.-;;w' 7).. ' G8L/H  % % '==? "  $$ J4S\\5F5F4GHI I%% 756 6 7s:rsE  '' +85?2|3*&7|3r