support aws speech by roleArn (#313)

* support aws speech by roleArn * support 3 types of aws credentials * wip * wip * update speech util version
2026-01-25 02:08:24 +00:00 · 2024-05-02 18:57:22 +07:00
parent 3b47162d13
commit ce2fa392a4
6 changed files with 69 additions and 20 deletions
--- a/lib/utils/speech-utils.js
+++ b/lib/utils/speech-utils.js
@@ -165,16 +165,26 @@ const testAwsTts = async(logger, getTtsVoices, credentials) => {
  }
 };

-const testAwsStt = async(logger, credentials) => {
+const testAwsStt = async(logger, getAwsAuthToken, credentials) => {
  try {
-    const {region, accessKeyId, secretAccessKey} = credentials;
-    const client = new TranscribeClient({
-      region,
-      credentials: {
-        accessKeyId,
-        secretAccessKey
-      }
-    });
+    const {region, accessKeyId, secretAccessKey, roleArn} = credentials;
+    let client = null;
+    if (accessKeyId && secretAccessKey) {
+      client = new TranscribeClient({
+        region,
+        credentials: {
+          accessKeyId,
+          secretAccessKey
+        }
+      });
+    } else if (roleArn) {
+      client = new TranscribeClient({
+        region,
+        credentials: await getAwsAuthToken(null, null, region, roleArn),
+      });
+    } else {
+      client = new TranscribeClient({region});
+    }
    const command = new ListVocabulariesCommand({});
    const response =  await client.send(command);
    return response;
@@ -400,6 +410,7 @@ const getSpeechCredential = (credential, logger) => {
      ...credential,
      accessKeyId: credential.access_key_id,
      secretAccessKey: credential.secret_access_key,
+      roleArn: credential.role_arn,
      region: credential.aws_region || 'us-east-1'
    };
  }
@@ -421,6 +432,7 @@ function decryptCredential(obj, credential, logger, isObscureKey = true) {
  else if ('aws' === obj.vendor) {
    const o = JSON.parse(decrypt(credential));
    obj.access_key_id = o.access_key_id;
+    obj.role_arn = o.role_arn;
    obj.secret_access_key = isObscureKey ? obscureKey(o.secret_access_key) : o.secret_access_key;
    obj.aws_region = o.aws_region;
    logger.info({obj, o}, 'retrieving aws speech credential');
@@ -584,6 +596,7 @@ async function getLanguagesVoicesForAws(credential, getTtsVoices, logger) {
        credentials: {
          accessKeyId: credential.access_key_id,
          secretAccessKey: credential.secret_access_key,
+          roleArn: credential.role_arn,
          region: credential.aws_region || process.env.AWS_REGION
        }
      });