Add IAM cred caching for OIDC flow

[Manouchehri]

Title

This should improve the perf, as this allows avoiding making an extra call to STS on every invocation of Bedrock.

Should be merged after #3688. Doing this as a separate PR in case you don't like my caching method; I don't want this PR to slow down #3688 from being merged.

Type

🆕 New Feature

Changes

Just uses DualCache to speed things up!

[REQUIRED] Testing - Attach a screenshot of any new tests passing locall

If UI changes, send a screenshot/GIF of working UI fixes

I ran the same request multiple times, and could see the cache being used in LiteLLM's logs. (It's kinda difficult to post a screenshot without including a lot of PII.)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
litellm	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 11, 2024 5:02pm

[krrishdholakia]

#3858 blocks this pr

since the refactoring to make the call async will require a refactor here

[krrishdholakia]

@Manouchehri please can we add some testing for this? couple users use the sts flow and i want to make sure there's no regressions

[Manouchehri]

@Manouchehri please can we add some testing for this? couple users use the sts flow and i want to make sure there's no regressions

Definitely, that's a good idea, I'll do. We sorta ish already test it, but it's more by luck and not intentional.

Two questions:

1. How can I validate that the cache is actually working and not just issuing a new token?
2. How can I allow LiteLLM to only do one STS call at once? There's no point in getting multiple tokens in parallel (it will be the same speed), it's just wasteful on resources and adds noise.

[Manouchehri]

This shaves a lot of time off the current setup, between like 0.25 to 1 second per Bedrock call. :)

The STS fix is also needed.

Ready for merging!

[Manouchehri]

Bump on this? It's becoming a bit of a burden to maintain out-of-tree patches for weeks.

[krrishdholakia]

hey @Manouchehri missed this - sorry for the delay on my end.

Saw you made a couple changes - could you walk me through it?

[krrishdholakia]

i'm also happy to hop on a call and help get all the oidc pr's done

https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

[Manouchehri]

i'm also happy to hop on a call and help get all the oidc pr's done

Gimme a moment to finish testing this and #3861. =)

[Manouchehri]

You free now?

[krrishdholakia]

switch to in memory cache

[krrishdholakia]

InMemoryCache -

litellm/litellm/caching.py

Line 59 in fb96f07

class InMemoryCache(BaseCache):

[krrishdholakia]

can we have ttl be an enum at the top of the file, so it's easier to know

[krrishdholakia]

can you add a comment explaining when you'd enter this flow

[Manouchehri]

Self note: I can confirm that this is indeed working, I now only see one AssumeRoleWithWebIdentity event before multiple Bedrock calls. =)

Previously (before this PR was merged), I had multiple AssumeRoleWithWebIdentity calls (one for each Bedrock invocation, which is waaaay too high of an overhead).