-
Notifications
You must be signed in to change notification settings - Fork 52
feat: relax requestHeaderAllowlist to broader X-Amzn-Bedrock-AgentCore- namespace (#1151) #1159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -125,19 +125,51 @@ export type NetworkConfig = z.infer<typeof NetworkConfigSchema>; | |
|
|
||
| /** | ||
| * Allowed request headers for the runtime. | ||
| * Each header must be 'Authorization' or start with 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-'. | ||
| * | ||
| * Per AWS Bedrock AgentCore runtime header allowlist documentation | ||
| * (https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html), | ||
| * each header must be either: | ||
| * - 'Authorization' (case-sensitive canonical form), or | ||
| * - any header beginning with the AgentCore runtime namespace prefix | ||
| * 'X-Amzn-Bedrock-AgentCore-' (case-insensitive), e.g. | ||
| * * 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-<Suffix>' | ||
| * * 'X-Amzn-Bedrock-AgentCore-Runtime-User-Id' | ||
| * * 'X-Amzn-Bedrock-AgentCore-Runtime-Session-Id' | ||
| * * other documented headers under the same namespace | ||
| * | ||
| * Maximum 20 headers. | ||
| * | ||
| * NOTE: This file is duplicated in agentcore-l3-cdk-constructs/src/schema/schemas/agent-env.ts. | ||
| * Keep both copies in sync. | ||
| */ | ||
| export const HEADER_ALLOWLIST_PREFIX = 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-'; | ||
| export const HEADER_ALLOWLIST_NAMESPACE_PREFIX = 'X-Amzn-Bedrock-AgentCore-'; | ||
| export const MAX_HEADER_ALLOWLIST_SIZE = 20; | ||
|
|
||
| /** | ||
| * Pattern matching any header name that is an acceptable entry in the | ||
| * request header allowlist. Matches case-insensitively for the namespace | ||
| * prefix to accommodate user-supplied casing variations; the runtime | ||
| * itself is HTTP-header-case-insensitive. | ||
| */ | ||
| export const REQUEST_HEADER_ALLOWLIST_PATTERN = /^(Authorization|X-Amzn-Bedrock-AgentCore-[A-Za-z0-9-]+)$/i; | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Minor behavior-change check: the This is fine for the CLI entry points that flow through Could you confirm the service accepts any casing of |
||
|
|
||
| /** | ||
| * Returns true when the given header name is allowed in the runtime | ||
| * request header allowlist (Authorization or any header under the | ||
| * AgentCore runtime namespace prefix). | ||
| */ | ||
| export function isAllowedRequestHeader(name: string): boolean { | ||
| return REQUEST_HEADER_ALLOWLIST_PATTERN.test(name); | ||
| } | ||
|
|
||
| export const RequestHeaderAllowlistSchema = z | ||
| .array( | ||
| z | ||
| .string() | ||
| .refine( | ||
| val => val === 'Authorization' || val.startsWith(HEADER_ALLOWLIST_PREFIX), | ||
| `Must be "Authorization" or start with "${HEADER_ALLOWLIST_PREFIX}"` | ||
| isAllowedRequestHeader, | ||
| `Must be "Authorization" or start with "${HEADER_ALLOWLIST_NAMESPACE_PREFIX}". See https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html` | ||
| ) | ||
| ) | ||
| .max(MAX_HEADER_ALLOWLIST_SIZE, `Maximum ${MAX_HEADER_ALLOWLIST_SIZE} headers allowed`); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Release coordination concern (not a code change request, but worth confirming before merge):
This schema is duplicated in
agentcore-l3-cdk-constructs, and the generated CDK project consumes the L3 constructs' copy ofRequestHeaderAllowlistSchema— not this one — atcdk synth/deploy time. If a CLI release containing this change ships before the companion L3 constructs release (branchfix/1151-6ed1535c) is merged and published to the registry, the flow breaks for users:agentcore create/agentcore addwith e.g.X-Amzn-Bedrock-AgentCore-Runtime-User-Idagent-env.yamlA few ways to de-risk this:
@aws/agentcore-cdkversion pinned in the vended CDK project templates /package.jsonso older constructs can't be resolved.bundled-agentcore-cdk.tgzpath (src/cli/templates/CDKRenderer.ts) in the same release.Could you confirm which path you're taking? Happy to approve once the ordering/versioning is spelled out.