From 870bc5936552e4c144c631a4c5fe5860e986ef4e Mon Sep 17 00:00:00 2001 From: VincentLambert Date: Sat, 9 May 2026 04:54:58 +0200 Subject: [PATCH] Fix: Bedrock api_key overridden by existing-key fallback in add_llm (#14707) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Adding a Bedrock model from the frontend fails with `Fail to access model(Bedrock/).Expecting value: line 1 column 1 (char 0)`. - The assembled Bedrock JSON credentials are silently replaced by `"x"` before the connection test, causing `json.loads("x")` to raise a `JSONDecodeError`. ## What problem does this PR solve? Commit `050113482` introduced a fallback in `add_llm()` that reuses the existing DB key when `req.get("api_key") is None`: ```python if req.get("api_key") is None: api_key = existing_api_key if existing_api_key is not None else "x" ``` For Bedrock, credentials are sent as separate fields (`auth_mode`, `bedrock_ak`, `bedrock_sk`, `bedrock_region`, `aws_role_arn`) — the frontend does not send an `api_key` field. The function correctly assembles the JSON key: ```python api_key = apikey_json(["auth_mode", "bedrock_ak", "bedrock_sk", "bedrock_region", "aws_role_arn"]) ``` But since `req.get("api_key")` is `None`, the override immediately replaces `api_key` with `"x"` (or a stale DB value). `LiteLLMBase` then calls `json.loads("x")` for Bedrock auth → `JSONDecodeError`. ## Type of change - [x] Bug Fix (non-breaking change which fixes an issue) ## Changes **`api/apps/llm_app.py`** Write the assembled key into `req["api_key"]` so the `None` check evaluates to `False` and the override is skipped — consistent with how `Tencent Cloud` is already handled. ```python # Before api_key = apikey_json(["auth_mode", "bedrock_ak", "bedrock_sk", "bedrock_region", "aws_role_arn"]) # After req["api_key"] = apikey_json(["auth_mode", "bedrock_ak", "bedrock_sk", "bedrock_region", "aws_role_arn"]) api_key = req["api_key"] ``` ## Test plan - [ ] Configure a Bedrock provider in Model Providers with valid AWS credentials - [ ] Add a Bedrock chat model — verify no `Expecting value` error - [ ] Update the same model — verify the existing key is reused correctly when credentials fields are left empty 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-authored-by: Claude Sonnet 4.6 --- api/apps/llm_app.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/api/apps/llm_app.py b/api/apps/llm_app.py index eaf56628f..583e05af7 100644 --- a/api/apps/llm_app.py +++ b/api/apps/llm_app.py @@ -202,7 +202,9 @@ async def add_llm(): elif factory == "Bedrock": # For Bedrock, due to its special authentication method # Assemble bedrock_ak, bedrock_sk, bedrock_region - api_key = apikey_json(["auth_mode", "bedrock_ak", "bedrock_sk", "bedrock_region", "aws_role_arn"]) + # Write into req["api_key"] to prevent the "existing key" override logic from replacing it + req["api_key"] = apikey_json(["auth_mode", "bedrock_ak", "bedrock_sk", "bedrock_region", "aws_role_arn"]) + api_key = req["api_key"] elif factory == "LocalAI": llm_name += "___LocalAI"