Model access control dev rebase #928
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Backport changes to model-access-control feature branch (opensearch-project#837) * rename model meta/chunk API (opensearch-project#827) Signed-off-by: Yaliang Wu <[email protected]> * Change the ziputil dependency to fix a potential security concern (opensearch-project#824) Signed-off-by: Yaliang Wu <[email protected]> * add text docs ML input (opensearch-project#830) Signed-off-by: Yaliang Wu <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> Co-authored-by: Sicheng Song <[email protected]> * add model group (opensearch-project#840) * add model group Signed-off-by: Yaliang Wu <[email protected]> * rename create model group as register model group Signed-off-by: Yaliang Wu <[email protected]> * fix class name in build.gradle Signed-off-by: Yaliang Wu <[email protected]> * remove unused code; stash thread context Signed-off-by: Yaliang Wu <[email protected]> * exclude class for low coverage Signed-off-by: Yaliang Wu <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> * access validation for register/update model-group, register/get/delete/deploy/predict model Signed-off-by: Bhavana Ramaram <[email protected]> * changes to security utils and register/search model group Signed-off-by: Bhavana Ramaram <[email protected]> * update last_updated_time in model group when new version added Signed-off-by: Bhavana Ramaram <[email protected]> * fix undeploy model action Signed-off-by: Bhavana Ramaram <[email protected]> * fix format violations Signed-off-by: Bhavana Ramaram <[email protected]> * rebased to 2.x and prediction/search API fix Signed-off-by: Bhavana Ramaram <[email protected]> * fix rebase conflicts Signed-off-by: Bhavana Ramaram <[email protected]> * new delete model group API Signed-off-by: Bhavana Ramaram <[email protected]> * fix formal violations Signed-off-by: Bhavana Ramaram <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> Signed-off-by: Bhavana Ramaram <[email protected]> Co-authored-by: Yaliang Wu <[email protected]> Co-authored-by: Sicheng Song <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* Add model group & model search access control Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* fix undeploy model API Signed-off-by: Yaliang Wu <[email protected]> * add model group id when upload pre-trained model; support undeploy one model when filter by backend role enabled Signed-off-by: Yaliang Wu <[email protected]> * refactor code Signed-off-by: Yaliang Wu <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* fix some bugs Signed-off-by: Yaliang Wu <[email protected]> * add stash context try block Signed-off-by: Yaliang Wu <[email protected]> * fix anyone can update description of private model group Signed-off-by: Yaliang Wu <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
Signed-off-by: Yaliang Wu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…earch-project#909) * Fix no corresponding backend roles user can update model issue Signed-off-by: Zan Niu <[email protected]> * Remove private model check and merge this case into has backend role check Signed-off-by: Zan Niu <[email protected]> * Add admin check for access control change to make admin pass Signed-off-by: Zan Niu <[email protected]> * Change model access mode not mandatory in registering, rename model access identifier to model access mode Signed-off-by: Zan Niu <[email protected]> --------- Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…n issue; 3.fix failure UTs (opensearch-project#910) Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…roject#912) * remove tags and add unit tests for register model group Signed-off-by: Bhavana Ramaram <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…opensearch-project#913) Signed-off-by: Bhavana Ramaram <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…ch-project#914) Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…bugs (opensearch-project#916) * Minor refactor for search model group transport action Signed-off-by: Zan Niu <[email protected]> * Add ITs and UTs and refactor model group search code and fixed minor bugs Signed-off-by: Zan Niu <[email protected]> --------- Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* fix metric correlation Signed-off-by: Yaliang Wu <[email protected]> * fix upload model via local file bug Signed-off-by: Yaliang Wu <[email protected]> --------- Signed-off-by: Yaliang Wu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
…#918) * fix model meta API and add update model group UTs Signed-off-by: Bhavana Ramaram <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* Fix model search IT bugs Signed-off-by: Zan Niu <[email protected]> * Remove Ignore flag on test method Signed-off-by: Zan Niu <[email protected]> * Fix model search IT issues and removed the query type limitation Signed-off-by: Zan Niu <[email protected]> * Remove not suitable UT Signed-off-by: Zan Niu <[email protected]> * format code Signed-off-by: Zan Niu <[email protected]> --------- Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* Add undeploy models UTs Signed-off-by: Zan Niu <[email protected]> * format code Signed-off-by: Zan Niu <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
Signed-off-by: Bhavana Ramaram <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
* bump 2.8 Signed-off-by: Jing Zhang <[email protected]> * disable codecov patch Signed-off-by: Jing Zhang <[email protected]> * address comments Signed-off-by: Jing Zhang <[email protected]> --------- Signed-off-by: Jing Zhang <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
b4sjoo
force-pushed
the
model-access-control-dev-rebase
branch
from
8560347 to
4cbd86f
Compare
Signed-off-by: Sicheng Song <[email protected]>
Codecov Report
@@ Coverage Diff @@
## 2.x #928 +/- ##
============================================
- Coverage 84.11% 81.42% -2.69%
- Complexity 1762 1894 +132
============================================
Files 139 149 +10
Lines 6779 7490 +711
Branches 676 742 +66
============================================
+ Hits 5702 6099 +397
- Misses 778 1059 +281
- Partials 299 332 +33
Flags with carried forward coverage won't be shown. Click here to find out more.
|
rbhavna
previously approved these changes
May 30, 2023
ylwu-amzn
reviewed
May 30, 2023
| " \"schema_version\": "+ML_MODEL_GROUP_INDEX_SCHEMA_VERSION+"\n" + | ||
| " },\n" + | ||
| " \"properties\": {\n" + | ||
| " \""+MLModelGroup.MODEL_GROUP_NAME_FIELD+"\": {\n" + |
There was a problem hiding this comment.
Missed backend_roles field
"backend_roles": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
There was a problem hiding this comment.
Thanks for the catch. I forgot adding it, I guess
ylwu-amzn
reviewed
May 30, 2023
| @Getter | ||
| public class MLModelGroup implements ToXContentObject { | ||
| public static final String MODEL_GROUP_NAME_FIELD = "name"; //name of the model group | ||
| // We use int type for version in first release 1.3. In 2.4, we changed to |
There was a problem hiding this comment.
Seems this comment is not for model group, model group is something new in 2.8, not released in 1.3
ylwu-amzn
reviewed
May 30, 2023
| public static final String BACKEND_ROLES_FIELD = "backend_roles"; //back_end roles as specified by the owner/admin | ||
| public static final String OWNER = "owner"; //user who creates/owns the model group | ||
|
|
||
| public static final String ACCESS = "access"; //assigned to public, private, or null when model group created |
There was a problem hiding this comment.
It's ok to use String here, but better to use the enum class ModelAccessMode.
There was a problem hiding this comment.
yeah makes sense. Will change it later
ylwu-amzn
reviewed
May 30, 2023
| } | ||
| access = input.readOptionalString(); | ||
| modelGroupId = input.readOptionalString(); | ||
| createdTime = input.readOptionalInstant(); |
There was a problem hiding this comment.
Not a bug, but is access, createdTime and lastUpdatedTime optional?
There was a problem hiding this comment.
access was optional previously. Its mandatory now. And the times are optional in model. So just used a similar type here. We can actually make them all mandatory later
…arch-project#929) Signed-off-by: Bhavana Ramaram <[email protected]> Signed-off-by: Sicheng Song <[email protected]>
ylwu-amzn
reviewed
May 30, 2023
| @@ -75,7 +153,7 @@ public static <T> ActionListener<T> wrapRestActionListener(ActionListener<T> act | |||
| String errorMessage = generalErrorMessage; | |||
| if (isBadRequest(e) || e instanceof MLException) { | |||
| errorMessage = e.getMessage(); | |||
| } else if (cause != null && (isBadRequest(cause) || cause instanceof MLException)) { | |||
| } else if (isBadRequest(cause) || cause instanceof MLException) { | |||
There was a problem hiding this comment.
Why remove cause != null && ?
There was a problem hiding this comment.
Throwables.getRootCause(e) never returns null, removing this won't cause any issue.
ylwu-amzn
reviewed
May 30, 2023
| final User userInfo = user; | ||
|
|
||
| try (ThreadContext.StoredContext context = client.threadPool().getThreadContext().stashContext()) { | ||
| mlModelManager.getModel(modelId, ActionListener.wrap(mlModel -> { |
There was a problem hiding this comment.
Not all users prefer to enable backend role filtering. If we always check access querying model and model group index, that may add overhead to the request.
User may concern about the latency overhead, especially for predict API. How about we skip access checking if user don't enable backend role filtering, at least for predict API?
There was a problem hiding this comment.
This is some performance enhancement. We can do this later.
There was a problem hiding this comment.
Yeah agreed, this can improve performance
dhrubo-os
reviewed
May 30, 2023
| public static final String MODEL_GROUP_ID_FIELD = "model_group_id"; //unique ID assigned to each model group | ||
| public static final String CREATED_TIME_FIELD = "created_time"; //model group created time stamp | ||
| public static final String LAST_UPDATED_TIME_FIELD = "last_updated_time"; //updated whenever a new model version is created | ||
| //SHA256 hash value of model content. |
There was a problem hiding this comment.
This comment seems oddly placed here?
There was a problem hiding this comment.
Good catch. This should be removed
| @Getter | ||
| @FieldDefaults(makeFinal = true, level = AccessLevel.PRIVATE) | ||
| @ToString | ||
| public class MLUndeployModelsRequest extends MLTaskRequest { |
There was a problem hiding this comment.
Don't we need user information as input to see if user has permission to unload this model?
There was a problem hiding this comment.
No actually, we get user information from the current context. Not required as input.
rbhavna
previously approved these changes
May 31, 2023
Signed-off-by: Sicheng Song <[email protected]>
rbhavna
approved these changes
May 31, 2023
ylwu-amzn
approved these changes
May 31, 2023
ylwu-amzn
approved these changes
May 31, 2023
ylwu-amzn
approved these changes
May 31, 2023
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
May 31, 2023
(cherry picked from commit 6e1541a)
rbhavna
pushed a commit
to rbhavna/ml-commons
that referenced
this pull request
May 31, 2023
(cherry picked from commit 6e1541a) Signed-off-by: Bhavana Ramaram <[email protected]>
rbhavna
added a commit
that referenced
this pull request
May 31, 2023
(cherry picked from commit 6e1541a) Signed-off-by: Bhavana Ramaram <[email protected]> Co-authored-by: Sicheng Song <[email protected]>
2 tasks
zane-neo
pushed a commit
to zane-neo/ml-commons
that referenced
this pull request
Aug 24, 2023
5 tasks
zane-neo
added a commit
that referenced
this pull request
Aug 24, 2023
* Model access control dev rebase (#928) * Fix breaking changes from opensearch core Signed-off-by: zane-neo <[email protected]> * Decrease code coverage to pass github build Signed-off-by: zane-neo <[email protected]> * fix format issue Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]> Co-authored-by: Sicheng Song <[email protected]>
zane-neo
pushed a commit
to zane-neo/ml-commons
that referenced
this pull request
Aug 24, 2023
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Rebase the model-access-control-dev branch to 2.x
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.