Skip to content

Add STS session token support for temporary Volcengine credentials#148

Open
richarddancin wants to merge 1 commit into
volcengine:mainfrom
richarddancin:fix/sts-session-token-support
Open

Add STS session token support for temporary Volcengine credentials#148
richarddancin wants to merge 1 commit into
volcengine:mainfrom
richarddancin:fix/sts-session-token-support

Conversation

@richarddancin

Copy link
Copy Markdown

Add end-to-end support for VOLCENGINE_SESSION_TOKEN (with legacy VOLC_SESSIONTOKEN fallback) so that temporary/STS credentials — intern temp AK/SK, CI roles, SSO logins, VeFaaS IAM — are accepted and included in SigV4 signed requests.

Changes:

  • resolve_credentials(): add explicit_session_token param; the explicit-AK/SK fast path now falls back to env for session_token instead of dropping it
  • base_service_client: forward explicit_session_token into resolve_credentials
  • deploy_harness(): accept session_token parameter; mirror to legacy VOLC_SESSIONTOKEN env name for the Volcengine SDK; pass to runtime client
  • CLI: add --volcengine-session-token flag to agentkit deploy
  • _openapi.py / admin.py: add VOLC_SESSIONTOKEN legacy env fallback
  • VolcengineCredentials dataclass + global config file: add session_token field for persistence in ~/.agentkit/config.yaml

All changes are backward-compatible (session_token defaults to None).

Add end-to-end support for VOLCENGINE_SESSION_TOKEN (with legacy
VOLC_SESSIONTOKEN fallback) so that temporary/STS credentials —
intern temp AK/SK, CI roles, SSO logins, VeFaaS IAM — are accepted
and included in SigV4 signed requests.

Changes:
- resolve_credentials(): add explicit_session_token param; the
  explicit-AK/SK fast path now falls back to env for session_token
  instead of dropping it
- base_service_client: forward explicit_session_token into resolve_credentials
- deploy_harness(): accept session_token parameter; mirror to legacy
  VOLC_SESSIONTOKEN env name for the Volcengine SDK; pass to runtime client
- CLI: add --volcengine-session-token flag to `agentkit deploy`
- _openapi.py / admin.py: add VOLC_SESSIONTOKEN legacy env fallback
- VolcengineCredentials dataclass + global config file: add session_token
  field for persistence in ~/.agentkit/config.yaml

All changes are backward-compatible (session_token defaults to None).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant