
    g(                         d Z ddlZddlZddlZddlZddlmZmZmZ ddl	Z	ddl
mZ d Zdee   fdZ G d d	      Z	 d
eeef   fdZy)z
This is a file for the AWS Secret Manager Integration

Relevant issue: https://github.com/BerriAI/litellm/issues/1883

Requires:
* `os.environ["AWS_REGION_NAME"], 
* `pip install boto3>=1.28.57`
    N)AnyDictOptional)KeyManagementSystemc                  >    dt         j                  vrt        d      y )NAWS_REGION_NAME7Missing required environment variable - AWS_REGION_NAME)osenviron
ValueError     _/var/www/openai/venv/lib/python3.12/site-packages/litellm/secret_managers/aws_secret_manager.pyvalidate_environmentr      s    

*RSS +r   use_aws_kmsc                     | | du ry 	 dd l }t                |j                  dt        j                  d            }|t
        _        t        j                  t
        _	        y # t        $ r}|d }~ww xY wNFr   kmsr   )region_name)boto3r   clientr
   getenvlitellmsecret_manager_clientr   AWS_KMS_key_management_system	Exception)r   r   
kms_clientes       r   load_aws_kmsr       si    kU2 \\%RYY?P5Q\R
(2%)<)D)D& s   AA" "	A2+A--A2c                   @    e Zd ZdZd
dZd Zdee   fdZde	de
fd	Zy)AWSKeyManagementService_V2zJ
    V2 Clean Class for decrypting keys from AWS KeyManagementService
    returnNc                 R    | j                          | j                  d      | _        y )NT)r   )r   r    r   )selfs    r   __init__z#AWSKeyManagementService_V2.__init__1   s#    !!#+++=r   c                     dt         j                  vrt        d      d}t        j                  dd       d}nt        j                  dd       d}|du rt        d      y )Nr   r	   FLITELLM_LICENSET&LITELLM_SECRET_AWS_KMS_LITELLM_LICENSEzkAWSKeyManagementService V2 is an Enterprise Feature. Please add a valid LITELLM_LICENSE to your envionment.)r
   r   r   r   )r%   is_litellm_license_in_envs     r   r   z/AWSKeyManagementService_V2.validate_environment5   sq     BJJ.VWW +0!99&-9(,%YY?FR(,%$-}  .r   r   c                     ||du ry 	 dd l }t                |j                  dt        j                  d            }|S # t
        $ r}|d }~ww xY wr   )r   r   r   r
   r   r   )r%   r   r   r   r   s        r   r    z'AWSKeyManagementService_V2.load_aws_kmsG   sY    +"6
	 " eCT9UVJ 	G	s   5? 	AA

Asecret_namec                 F   | j                   t        d      t        j                  |d       }|t	        dj                  |            t        |t              r#|j                  d      r|j                  dd      }t        j                  |      }d|i} | j                   j                  di |}|d   }|j                  d      }t        |t              r|j                         }	 t        j                   |      }t        |t"              r|S 	 |S # t        $ r Y |S w xY w)	Nzkms_client is Nonez+AWS KMS - Encrypted Value of Key={} is Noneaws_kms/ CiphertextBlob	Plaintextzutf-8r   )r   r   r
   r   r   format
isinstancestr
startswithreplacebase64	b64decodedecryptdecodestripastliteral_evalbool)	r%   r,   encrypted_valueciphertext_blobparamsresponse	plaintextsecretsecret_value_as_bools	            r   decrypt_valuez(AWSKeyManagementService_V2.decrypt_valueV   s(   ??"122))K6"=DD[Q  os+0J0J:0V-55j"EO !**?; #O4*4??**4V4 [)	!!'*fc"\\^F	#&#3#3F#; .5++ 6
   		s   )&D 	D D )r#   N)__name__
__module____qualname____doc__r&   r   r   r>   r    r4   r   rF   r   r   r   r"   r"   ,   s4    >$   r   r"   r#   c                     t               } i }t        j                  j                         D ]  \  }}|/t	        |t
              r|j                         j                  d      s&|:t	        |t
              sK|j                  d      s]| j                  |      }t        j                  dd|t        j                        }|||<    |S )Nlitellm_secret_aws_kmsr.   )r,   litellm_secret_aws_kms_r/   )flags)r"   r
   r   itemsr3   r4   lowerr5   rF   resub
IGNORECASE)aws_kms
new_valueskvdecrypted_values        r   decrypt_env_varrY      s    (*GJ

  "1M1c"	$$%=>m
1c 2q||J7O%333BO0"ar}}MA+JqM # r   )rJ   r<   r7   r
   rQ   typingr   r   r   r   litellm.proxy._typesr   r   r>   r    r"   r4   rY   r   r   r   <module>r\      s`      	 	 & &  4T
htn $I IXc3h r   