Skip to content

Commit a6f4065

Browse files
committed
update integ tests
1 parent 4ef9451 commit a6f4065

File tree

1 file changed

+28
-34
lines changed

1 file changed

+28
-34
lines changed

sagemaker-mlops/tests/integ/test_featureStore_lakeformation.py

Lines changed: 28 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
Run with: pytest tests/integ/test_featureStore_lakeformation.py -v -m integ
1010
"""
1111

12+
import logging
1213
import uuid
1314

1415
import boto3
@@ -447,8 +448,9 @@ def test_enable_lake_formation_fails_with_nonexistent_role(
447448
"""
448449
fg = shared_feature_group_for_negative_tests
449450

450-
# Generate a nonexistent role ARN by appending a random string to the current role
451-
nonexistent_role = f"{role}-nonexistent-{uuid.uuid4().hex[:8]}"
451+
# Build a short nonexistent role ARN using the account ID from the real role
452+
account_id = role.split(":")[4]
453+
nonexistent_role = f"arn:aws:iam::{account_id}:role/non-existent-role"
452454

453455
with pytest.raises(RuntimeError) as exc_info:
454456
fg.enable_lake_formation(
@@ -470,15 +472,15 @@ def test_enable_lake_formation_fails_with_nonexistent_role(
470472

471473
@pytest.mark.serial
472474
@pytest.mark.slow_test
473-
def test_enable_lake_formation_full_flow_with_policy_output(s3_uri, role, region, capsys):
475+
def test_enable_lake_formation_full_flow_with_policy_output(s3_uri, role, region, caplog):
474476
"""
475477
Test the full Lake Formation flow with S3 deny policy output.
476478
477479
This test verifies:
478480
1. Creates a FeatureGroup with offline store
479481
2. Enables Lake Formation with show_s3_policy=True
480482
3. Verifies all Lake Formation phases complete successfully
481-
4. Verifies the S3 deny policy is printed to the console
483+
4. Verifies the S3 deny policy is logged
482484
5. Verifies the policy structure contains expected elements
483485
484486
This validates Requirements 6.1-6.9 from the design document.
@@ -496,25 +498,19 @@ def test_enable_lake_formation_full_flow_with_policy_output(s3_uri, role, region
496498
assert fg.feature_group_status == "Created"
497499

498500
# Enable Lake Formation governance with policy output
499-
result = fg.enable_lake_formation(show_s3_policy=True)
501+
with caplog.at_level(logging.INFO, logger="sagemaker.mlops.feature_store.feature_group"):
502+
result = fg.enable_lake_formation(show_s3_policy=True)
500503

501504
# Verify all phases completed successfully
502505
assert result["s3_registration"] is True
503506
assert result["permissions_granted"] is True
504507
assert result["iam_principal_revoked"] is True
505508

506-
# Capture the printed output
507-
captured = capsys.readouterr()
508-
output = captured.out
509+
output = caplog.text
509510

510-
# Re-print the output so it's visible in terminal with -s flag
511-
print(output)
512-
513-
# Verify the policy header is printed
511+
# Verify the policy header is logged
514512
assert "S3 Bucket Policy Update recommended" in output
515-
assert "=" * 80 in output
516-
517-
# Verify bucket information is printed
513+
# Verify bucket information is logged
518514
# Extract bucket name from s3_uri (s3://bucket/path -> bucket)
519515
expected_bucket = s3_uri.replace("s3://", "").split("/")[0]
520516
assert f"Bucket: {expected_bucket}" in output
@@ -541,7 +537,7 @@ def test_enable_lake_formation_full_flow_with_policy_output(s3_uri, role, region
541537
# Verify the service-linked role pattern is present (default use_service_linked_role=True)
542538
assert "aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess" in output
543539

544-
# Verify instructions are printed
540+
# Verify instructions are logged
545541
assert "Merge this with your existing bucket policy" in output
546542

547543
finally:
@@ -552,15 +548,15 @@ def test_enable_lake_formation_full_flow_with_policy_output(s3_uri, role, region
552548

553549
@pytest.mark.serial
554550
@pytest.mark.slow_test
555-
def test_enable_lake_formation_no_policy_output_by_default(s3_uri, role, region, capsys):
551+
def test_enable_lake_formation_no_policy_output_by_default(s3_uri, role, region, caplog):
556552
"""
557-
Test that S3 deny policy is NOT printed when show_s3_policy=False (default).
553+
Test that S3 deny policy is NOT logged when show_s3_policy=False (default).
558554
559555
This test verifies:
560556
1. Creates a FeatureGroup with offline store
561557
2. Enables Lake Formation without show_s3_policy (defaults to False)
562558
3. Verifies all Lake Formation phases complete successfully
563-
4. Verifies the S3 deny policy is NOT printed to the console
559+
4. Verifies the S3 deny policy is NOT logged
564560
565561
This validates Requirement 6.2 from the design document.
566562
"""
@@ -577,18 +573,17 @@ def test_enable_lake_formation_no_policy_output_by_default(s3_uri, role, region,
577573
assert fg.feature_group_status == "Created"
578574

579575
# Enable Lake Formation governance WITHOUT policy output (default)
580-
result = fg.enable_lake_formation()
576+
with caplog.at_level(logging.INFO, logger="sagemaker.mlops.feature_store.feature_group"):
577+
result = fg.enable_lake_formation()
581578

582579
# Verify all phases completed successfully
583580
assert result["s3_registration"] is True
584581
assert result["permissions_granted"] is True
585582
assert result["iam_principal_revoked"] is True
586583

587-
# Capture the printed output
588-
captured = capsys.readouterr()
589-
output = captured.out
584+
output = caplog.text
590585

591-
# Verify the policy is NOT printed
586+
# Verify the policy is NOT logged
592587
assert "S3 Bucket Policy Update recommended" not in output
593588
assert '"Version": "2012-10-17"' not in output
594589
assert "s3:GetObject" not in output
@@ -601,7 +596,7 @@ def test_enable_lake_formation_no_policy_output_by_default(s3_uri, role, region,
601596

602597
@pytest.mark.serial
603598
@pytest.mark.slow_test
604-
def test_enable_lake_formation_with_custom_role_policy_output(s3_uri, role, region, capsys):
599+
def test_enable_lake_formation_with_custom_role_policy_output(s3_uri, role, region, caplog):
605600
"""
606601
Test the full Lake Formation flow with custom registration role and policy output.
607602
@@ -629,22 +624,21 @@ def test_enable_lake_formation_with_custom_role_policy_output(s3_uri, role, regi
629624

630625
# Enable Lake Formation with custom registration role and policy output
631626
# Using the same role for both execution and registration for test simplicity
632-
result = fg.enable_lake_formation(
633-
use_service_linked_role=False,
634-
registration_role_arn=role,
635-
show_s3_policy=True,
636-
)
627+
with caplog.at_level(logging.INFO, logger="sagemaker.mlops.feature_store.feature_group"):
628+
result = fg.enable_lake_formation(
629+
use_service_linked_role=False,
630+
registration_role_arn=role,
631+
show_s3_policy=True,
632+
)
637633

638634
# Verify all phases completed successfully
639635
assert result["s3_registration"] is True
640636
assert result["permissions_granted"] is True
641637
assert result["iam_principal_revoked"] is True
642638

643-
# Capture the printed output
644-
captured = capsys.readouterr()
645-
output = captured.out
639+
output = caplog.text
646640

647-
# Verify the policy header is printed
641+
# Verify the policy header is logged
648642
assert "S3 Bucket Policy Update recommended" in output
649643

650644
# Verify the custom role ARN is used in the policy (appears twice - once for each principal)

0 commit comments

Comments
 (0)