Bug fix for integrity check using hmac key in serve

Author: aviruthen

sagemaker-serve/src/sagemaker/serve/model_builder_servers.py

@@ -705,12 +705,6 @@ def _build_for_transformers(self) -> Model:
                 self.s3_model_data_url, _ = self._prepare_for_mode()
 
 
-        # Clean up empty secret key
-        if (
-            "SAGEMAKER_SERVE_SECRET_KEY" in self.env_vars
-            and not self.env_vars["SAGEMAKER_SERVE_SECRET_KEY"]
-        ):
-            del self.env_vars["SAGEMAKER_SERVE_SECRET_KEY"]
 
         # Instance type validation for SAGEMAKER_ENDPOINT mode
         if self.mode == Mode.SAGEMAKER_ENDPOINT and not self.instance_type:

sagemaker-serve/src/sagemaker/serve/model_builder_utils.py

@@ -130,10 +130,7 @@ def build(self):
 from sagemaker.core.deserializers import JSONDeserializer
 from sagemaker.serve.detector.pickler import save_pkl
 from sagemaker.serve.builder.requirements_manager import RequirementsManager
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.core.remote_function.core.serialization import _MetaData
 from sagemaker.serve.model_server.triton.config_template import CONFIG_TEMPLATE
 
@@ -2882,20 +2879,6 @@ def _save_inference_spec(self) -> None:
             pkl_path = Path(self.model_path).joinpath("model_repository").joinpath("model")
             save_pkl(pkl_path, (self.inference_spec, self.schema_builder))
 
-    def _hmac_signing(self):
-        """Perform HMAC signing on picke file for integrity check"""
-        secret_key = generate_secret_key()
-        pkl_path = Path(self.model_path).joinpath("model_repository").joinpath("model")
-
-        with open(str(pkl_path.joinpath("serve.pkl")), "rb") as f:
-            buffer = f.read()
-        hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
-
-        with open(str(pkl_path.joinpath("metadata.json")), "wb") as metadata:
-            metadata.write(_MetaData(hash_value).to_json())
-
-        self.secret_key = secret_key
-
     def _generate_config_pbtxt(self, pkl_path: Path):
         """Generate Triton config.pbtxt file."""
         config_path = pkl_path.joinpath("config.pbtxt")
@@ -3097,7 +3080,12 @@ def _prepare_for_triton(self):
 
             self._pack_conda_env(pkl_path=pkl_path)
 
-            self._hmac_signing()
+            # Compute SHA256 hash for integrity check
+            with open(str(pkl_path.joinpath("serve.pkl")), "rb") as f:
+                buffer = f.read()
+            hash_value = compute_hash(buffer=buffer)
+            with open(str(pkl_path.joinpath("metadata.json")), "wb") as metadata:
+                metadata.write(_MetaData(hash_value).to_json())
 
             return
 

sagemaker-serve/src/sagemaker/serve/model_server/multi_model_server/prepare.py

@@ -25,10 +25,7 @@
 from sagemaker.core.helper.session_helper import Session
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.core.remote_function.core.serialization import _MetaData
 
 logger = logging.getLogger(__name__)
@@ -119,11 +116,8 @@ def prepare_for_mms(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
-
-    return secret_key

sagemaker-serve/src/sagemaker/serve/model_server/multi_model_server/server.py

@@ -28,14 +28,12 @@ def _start_serving(
         client: object,
         image: str,
         model_path: str,
-        secret_key: str,
         env_vars: dict,
     ):
         """Initializes the start of the server"""
         env = {
             "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
             "SAGEMAKER_PROGRAM": "inference.py",
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         if env_vars:
@@ -80,7 +78,6 @@ class SageMakerMultiModelServer:
     def _upload_server_artifacts(
         self,
         model_path: str,
-        secret_key: str,
         sagemaker_session: Session,
         s3_model_data_url: str = None,
         image: str = None,
@@ -127,15 +124,16 @@ def _upload_server_artifacts(
             else None
         )
 
-        if secret_key:
-            env_vars = {
-                "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
-                "SAGEMAKER_PROGRAM": "inference.py",
-                "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
-                "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
-                "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
-                "LOCAL_PYTHON": platform.python_version(),
-            }
+        if env_vars is None:
+            env_vars = {}
+        
+        env_vars.update({
+            "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
+            "SAGEMAKER_PROGRAM": "inference.py",
+            "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
+            "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
+            "LOCAL_PYTHON": platform.python_version(),
+        })
 
         return model_data, _update_env_vars(env_vars)
 

sagemaker-serve/src/sagemaker/serve/model_server/smd/prepare.py

@@ -11,10 +11,7 @@
 
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.core.remote_function.core.serialization import _MetaData
 from sagemaker.serve.spec.inference_base import CustomOrchestrator, AsyncCustomOrchestrator
 
@@ -64,11 +61,8 @@ def prepare_for_smd(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
-
-    return secret_key

sagemaker-serve/src/sagemaker/serve/model_server/smd/server.py

@@ -20,7 +20,6 @@ def _upload_smd_artifacts(
         self,
         model_path: str,
         sagemaker_session: Session,
-        secret_key: str,
         s3_model_data_url: str = None,
         image: str = None,
         should_upload_artifacts: bool = False,
@@ -53,7 +52,6 @@ def _upload_smd_artifacts(
             "SAGEMAKER_INFERENCE_CODE_DIRECTORY": "/opt/ml/model/code",
             "SAGEMAKER_INFERENCE_CODE": "inference.handler",
             "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         return s3_upload_path, env_vars

sagemaker-serve/src/sagemaker/serve/model_server/tei/server.py

@@ -27,20 +27,16 @@ class LocalTeiServing:
     """LocalTeiServing class"""
 
     def _start_tei_serving(
-        self, client: object, image: str, model_path: str, secret_key: str, env_vars: dict
+        self, client: object, image: str, model_path: str, env_vars: dict
     ):
         """Starts a local tei serving container.
 
         Args:
             client: Docker client
             image: Image to use
             model_path: Path to the model
-            secret_key: Secret key to use for authentication
             env_vars: Environment variables to set
         """
-        if env_vars and secret_key:
-            env_vars["SAGEMAKER_SERVE_SECRET_KEY"] = secret_key
-
         self.container = client.containers.run(
             image,
             shm_size=_SHM_SIZE,

sagemaker-serve/src/sagemaker/serve/model_server/tensorflow_serving/prepare.py

@@ -10,10 +10,7 @@
     _move_contents,
 )
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.core.remote_function.core.serialization import _MetaData
 
 
@@ -57,11 +54,8 @@ def prepare_for_tf_serving(
         raise ValueError("SavedModel is not found for Tensorflow or Keras flavor.")
     _move_contents(src_dir=mlflow_saved_model_dir, dest_dir=saved_model_bundle_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
         metadata.write(_MetaData(hash_value).to_json())
-
-    return secret_key

sagemaker-serve/src/sagemaker/serve/model_server/tensorflow_serving/server.py

@@ -20,15 +20,14 @@ class LocalTensorflowServing:
     """LocalTensorflowServing class."""
 
     def _start_tensorflow_serving(
-        self, client: object, image: str, model_path: str, secret_key: str, env_vars: dict
+        self, client: object, image: str, model_path: str, env_vars: dict
     ):
         """Starts a local tensorflow serving container.
 
         Args:
             client: Docker client
             image: Image to use
             model_path: Path to the model
-            secret_key: Secret key to use for authentication
             env_vars: Environment variables to set
         """
         self.container = client.containers.run(
@@ -47,7 +46,6 @@ def _start_tensorflow_serving(
             environment={
                 "SAGEMAKER_SUBMIT_DIRECTORY": "/opt/ml/model/code",
                 "SAGEMAKER_PROGRAM": "inference.py",
-                "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
                 "LOCAL_PYTHON": platform.python_version(),
                 **env_vars,
             },
@@ -81,7 +79,6 @@ def _upload_tensorflow_serving_artifacts(
         self,
         model_path: str,
         sagemaker_session: Session,
-        secret_key: str,
         s3_model_data_url: str = None,
         image: str = None,
         should_upload_artifacts: bool = False,
@@ -91,7 +88,6 @@ def _upload_tensorflow_serving_artifacts(
         Args:
             model_path: Path to the model
             sagemaker_session: SageMaker session
-            secret_key: Secret key to use for authentication
             s3_model_data_url: S3 model data URL
             image: Image to use
             model_data_s3_path: S3 model data URI
@@ -124,7 +120,6 @@ def _upload_tensorflow_serving_artifacts(
             "SAGEMAKER_PROGRAM": "inference.py",
             "SAGEMAKER_REGION": sagemaker_session.boto_region_name,
             "SAGEMAKER_CONTAINER_LOG_LEVEL": "10",
-            "SAGEMAKER_SERVE_SECRET_KEY": secret_key,
             "LOCAL_PYTHON": platform.python_version(),
         }
         return s3_upload_path, env_vars

sagemaker-serve/src/sagemaker/serve/model_server/torchserve/prepare.py

@@ -12,10 +12,7 @@
 from sagemaker.core.helper.session_helper import Session
 from sagemaker.serve.spec.inference_spec import InferenceSpec
 from sagemaker.serve.detector.dependency_manager import capture_dependencies
-from sagemaker.serve.validations.check_integrity import (
-    generate_secret_key,
-    compute_hash,
-)
+from sagemaker.serve.validations.check_integrity import compute_hash
 from sagemaker.serve.validations.check_image_uri import is_1p_image_uri
 from sagemaker.core.remote_function.core.serialization import _MetaData
 
@@ -67,11 +64,8 @@ def prepare_for_torchserve(
 
     capture_dependencies(dependencies=dependencies, work_dir=code_dir)
 
-    secret_key = generate_secret_key()
     with open(str(code_dir.joinpath("serve.pkl")), "rb") as f:
         buffer = f.read()
-    hash_value = compute_hash(buffer=buffer, secret_key=secret_key)
+    hash_value = compute_hash(buffer=buffer)
     with open(str(code_dir.joinpath("metadata.json")), "wb") as metadata:
-        metadata.write(_MetaData(hash_value).to_json())
-
-    return secret_key
+        metadata.write(_MetaData(hash_value).to_json())