fix: enable kms support for repack_model #1061
Conversation
Currently repack_model doesn't accept a kms key. This change added a kms_key argument to the fucntion. In addition repack_model will always use the output_kms_key inside the Estimator if it's set.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| @@ -162,6 +162,7 @@ def create_model( | |||
| entry_point=None, | |||
| source_dir=None, | |||
| dependencies=None, | |||
| **kwargs | |||
There was a problem hiding this comment.
is there something here that should actually get used?
There was a problem hiding this comment.
I am only fixing TensorFlow and SKLearn for now. I think all other frameworks needs more fixes than this one(similar to the fixes I added to sklearn). That work should be properly scheduled and we should add integ tests as well.
src/sagemaker/estimator.py
Outdated
| @@ -547,6 +547,7 @@ def deploy( | |||
| ) | |||
| model = self._compiled_models[family] | |||
| else: | |||
| kwargs["output_kms_key"] = self.output_kms_key | |||
There was a problem hiding this comment.
I realize that I'm probably the source of this problem (with one of my recent code changes), but should we distinguish more between output_kms_key and kms_key? also, is there a case where someone might want to specify output_kms_key in deploy?
There was a problem hiding this comment.
When we repack the model the new model tar ball is uploaded to the same bucket. we need to use the same output_kms_key in the estimator, otherwise uploading the repacked tar ball will fail.
I can't really think of any use case where you would want a different kms key since we don't allow user to specify a new bucket when deploy is called.
There was a problem hiding this comment.
maybe let's rename the Model's output_kms_key to something like model_data_kms_key? (model_kms_key?)
There was a problem hiding this comment.
i will do model_kms_key
src/sagemaker/model.py
Outdated
| @@ -79,6 +79,7 @@ def __init__( | |||
| vpc_config=None, | |||
| sagemaker_session=None, | |||
| enable_network_isolation=False, | |||
| output_kms_key=None, | |||
There was a problem hiding this comment.
docstring? (same for the rest)
There was a problem hiding this comment.
**kwargs also need docstring entries - if possible, include a link to where the **kwargs are eventually sent to
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
src/sagemaker/estimator.py
Outdated
| @@ -547,6 +547,7 @@ def deploy( | |||
| ) | |||
| model = self._compiled_models[family] | |||
| else: | |||
| kwargs["output_kms_key"] = self.output_kms_key | |||
There was a problem hiding this comment.
maybe let's rename the Model's output_kms_key to something like model_data_kms_key? (model_kms_key?)
src/sagemaker/model.py
Outdated
| @@ -114,6 +115,8 @@ def __init__( | |||
| network isolation in the endpoint, isolating the model | |||
| container. No inbound or outbound network calls can be made to | |||
| or from the model container. | |||
| output_kms_key (str): KMS key ARN, it's only used to encrypt the | |||
| repacked model archive file. | |||
There was a problem hiding this comment.
"KMS key ARN used to encrypt the repacked model archive file if the model is repacked"
src/sagemaker/model.py
Outdated
| @@ -79,6 +79,7 @@ def __init__( | |||
| vpc_config=None, | |||
| sagemaker_session=None, | |||
| enable_network_isolation=False, | |||
| output_kms_key=None, | |||
There was a problem hiding this comment.
**kwargs also need docstring entries - if possible, include a link to where the **kwargs are eventually sent to
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Currently repack_model doesn't accept a kms key. This change
added a kms_key argument to the fucntion. In addition repack_model
will always use the output_kms_key inside the Estimator if it's set.
Issue #, if available:
Description of changes:
Merge Checklist
Put an
xin the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.