Bug fix for integrity check using hmac key in serve V2

Author: aviruthen

src/sagemaker/serve/builder/transformers_builder.py

@@ -267,12 +267,6 @@ def _transformers_model_builder_deploy_wrapper(self, *args, **kwargs) -> Type[Pr
             self.env_vars.update(env_vars)
             self.pysdk_model.env.update(self.env_vars)
 
-        if (
-            "SAGEMAKER_SERVE_SECRET_KEY" in self.pysdk_model.env
-            and not self.pysdk_model.env["SAGEMAKER_SERVE_SECRET_KEY"]
-        ):
-            del self.pysdk_model.env["SAGEMAKER_SERVE_SECRET_KEY"]
-
         if "endpoint_logging" not in kwargs:
             kwargs["endpoint_logging"] = True
 

src/sagemaker/serve/model_server/multi_model_server/prepare.py

@@ -25,10 +25,7 @@
 from sagemaker.session import Session
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.remote_function.core.serialization import _MetaData
 
 logger = logging.getLogger(__name__)
@@ -120,11 +117,10 @@ def prepare_for_mms(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
 
-    return secret_key
+    return ""

src/sagemaker/serve/model_server/multi_model_server/server.py

@@ -29,14 +29,12 @@ def _start_serving(
         client: object,
         image: str,
         model_path: str,
-        secret_key: str,
         env_vars: dict,
     ):
         """Initializes the start of the server"""
         env = {
             "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
             "SAGEMAKER_PROGRAM": "inference.py",
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         if env_vars:
@@ -141,15 +139,16 @@ def _upload_server_artifacts(
             else None
         )
 
-        if secret_key:
-            env_vars = {
-                "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
-                "SAGEMAKER_PROGRAM": "inference.py",
-                "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
-                "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
-                "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
-                "LOCAL_PYTHON": platform.python_version(),
-            }
+        if env_vars is None:
+            env_vars = {}
+        
+        env_vars.update({
+            "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
+            "SAGEMAKER_PROGRAM": "inference.py",
+            "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
+            "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
+            "LOCAL_PYTHON": platform.python_version(),
+        })
 
         return model_data, _update_env_vars(env_vars)
 

src/sagemaker/serve/model_server/smd/prepare.py

@@ -11,10 +11,7 @@
 
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.remote_function.core.serialization import _MetaData
 from sagemaker.serve.spec.inference_base import CustomOrchestrator, AsyncCustomOrchestrator
 
@@ -64,11 +61,10 @@ def prepare_for_smd(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
 
-    return secret_key
+    return ""

src/sagemaker/serve/model_server/smd/server.py

@@ -20,7 +20,6 @@ def _upload_smd_artifacts(
         self,
         model_path: str,
         sagemaker_session: Session,
-        secret_key: str,
         s3_model_data_url: str = None,
         image: str = None,
         should_upload_artifacts: bool = False,
@@ -53,7 +52,6 @@ def _upload_smd_artifacts(
             "SAGEMAKER_INFERENCE_CODE_DIRECTORY": "/opt/ml/model/code",
             "SAGEMAKER_INFERENCE_CODE": "inference.handler",
             "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         return s3_upload_path, env_vars

src/sagemaker/serve/model_server/tei/server.py

@@ -28,20 +28,16 @@ class LocalTeiServing:
     """LocalTeiServing class"""
 
     def _start_tei_serving(
-        self, client: object, image: str, model_path: str, secret_key: str, env_vars: dict
+        self, client: object, image: str, model_path: str, env_vars: dict
     ):
         """Starts a local tei serving container.
 
         Args:
             client: Docker client
             image: Image to use
             model_path: Path to the model
-            secret_key: Secret key to use for authentication
             env_vars: Environment variables to set
         """
-        if env_vars and secret_key:
-            env_vars["SAGEMAKER_SERVE_SECRET_KEY"] = secret_key
-
         self.container = client.containers.run(
             image,
             shm_size=_SHM_SIZE,

src/sagemaker/serve/model_server/tensorflow_serving/prepare.py

@@ -10,10 +10,7 @@
     _move_contents,
 )
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.remote_function.core.serialization import _MetaData
 
 
@@ -57,11 +54,10 @@ def prepare_for_tf_serving(
         raise ValueError("SavedModel is not found for Tensorflow or Keras flavor.")
     _move_contents(src_dir=mlflow_saved_model_dir, dest_dir=saved_model_bundle_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
 
-    return secret_key
+    return ""

src/sagemaker/serve/model_server/tensorflow_serving/server.py

@@ -22,15 +22,14 @@ class LocalTensorflowServing:
     """LocalTensorflowServing class."""
 
     def _start_tensorflow_serving(
-        self, client: object, image: str, model_path: str, secret_key: str, env_vars: dict
+        self, client: object, image: str, model_path: str, env_vars: dict
     ):
         """Starts a local tensorflow serving container.
 
         Args:
             client: Docker client
             image: Image to use
             model_path: Path to the model
-            secret_key: Secret key to use for authentication
             env_vars: Environment variables to set
         """
         self.container = client.containers.run(
@@ -48,7 +47,6 @@ def _start_tensorflow_serving(
             environment={
                 "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
                 "SAGEMAKER_PROGRAM": "inference.py",
-                "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
                 "LOCAL_PYTHON": platform.python_version(),
                 **env_vars,
             },
@@ -99,7 +97,6 @@ def _upload_tensorflow_serving_artifacts(
         self,
         model_path: str,
         sagemaker_session: Session,
-        secret_key: str,
         s3_model_data_url: str = None,
         image: str = None,
         should_upload_artifacts: bool = False,
@@ -109,7 +106,6 @@ def _upload_tensorflow_serving_artifacts(
         Args:
             model_path: Path to the model
             sagemaker_session: SageMaker session
-            secret_key: Secret key to use for authentication
             s3_model_data_url: S3 model data URL
             image: Image to use
             model_data_s3_path: S3 model data URI
@@ -142,7 +138,6 @@ def _upload_tensorflow_serving_artifacts(
             "SAGEMAKER_PROGRAM": "inference.py",
             "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
             "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         return s3_upload_path, env_vars

src/sagemaker/serve/model_server/torchserve/prepare.py

@@ -12,10 +12,7 @@
 from sagemaker.session import Session
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.serve.validations.check_image_uri import is_1p_image_uri
 from sagemaker.remote_function.core.serialization import _MetaData
 
@@ -69,11 +66,10 @@ def prepare_for_torchserve(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
 
-    return secret_key
+    return ""

src/sagemaker/serve/model_server/torchserve/server.py

@@ -22,7 +22,7 @@ class LocalTorchServe:
     """Placeholder docstring"""
 
     def _start_torch_serve(
-        self, client: object, image: str, model_path: str, secret_key: str, env_vars: dict
+        self, client: object, image: str, model_path: str, env_vars: dict
     ):
         """Placeholder docstring"""
         self.container = client.containers.run(
@@ -40,7 +40,6 @@ def _start_torch_serve(
             environment={
                 "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
                 "SAGEMAKER_PROGRAM": "inference.py",
-                "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
                 "LOCAL_PYTHON": platform.python_version(),
                 **env_vars,
             },
@@ -82,7 +81,6 @@ def _upload_torchserve_artifacts(
         self,
         model_path: str,
         sagemaker_session: Session,
-        secret_key: str,
         s3_model_data_url: str = None,
         image: str = None,
         should_upload_artifacts: bool = False,
@@ -116,7 +114,6 @@ def _upload_torchserve_artifacts(
             "SAGEMAKER_PROGRAM": "inference.py",
             "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
             "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         return s3_upload_path, env_vars