feature: jumpstart vulnerability and deprecated check #2855
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| vulnerabilities: Optional[List[str]] = None, | ||
| inference: Optional[bool] = None, | ||
| message: Optional[str] = None, | ||
| ): |
|
Question: shall we also add this vulnerability check in the hyperparameters and environments utilities? |
Codecov Report
@@ Coverage Diff @@
## master-jumpstart #2855 +/- ##
====================================================
- Coverage 89.17% 89.15% -0.02%
====================================================
Files 185 186 +1
Lines 16069 16059 -10
====================================================
- Hits 14329 14317 -12
- Misses 1740 1742 +2
Continue to review full report at Codecov.
|
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
evakravi
force-pushed
the
feat/jumpstart-vulnerability-deprecated-check
branch
from
c850dc5 to
878c705
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| vulnerabilities: Optional[List[str]] = None, | ||
| inference: Optional[bool] = None, | ||
| message: Optional[str] = None, | ||
| ): |
…ove default parameter values
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| scope=constants.JumpStartScriptScope.INFERENCE, | ||
| ) | ||
| LOGGER.warning( | ||
| "Using vulnerable JumpStart model '%s' and version '%s' (inference).", model_id, version |
There was a problem hiding this comment.
non-blocking: while I agree that logging a warning is good practice, there is one downside to this approach. The typical use case of our utilities is:
model_id = "pytorch-ic-mobilenet-v2"
version = "1.1.2"
train_image = image_uris.retrieve(model_id=model_id, version=version, tolerate_deprecated_model=True)
train_model = model_uris.retrieve(model_id=model_id, version=version, tolerate_deprecated_model=True)
train_script = script_uris.retrieve(model_id=model_id, version=version, tolerate_deprecated_model=True)
estimator = Estimator(image_uri=train_image, source_dir=train_script, model_uri=train_model)
[...]In that case, we would log 3 times the same warning, correct?
This may be the correct tradeoff, we can discuss. One possibility would be to add another state-holding class like SageMakerSetting to handle such warnings. The class could store some metadata of the warnings (eg model+version) used and associate a time stamp, and de-dup warnings that were raised less than 10 minutes ago, for example.
In any case, this case be addressed in a separate PR.
There was a problem hiding this comment.
I don't think it's worth it right now to engineer a solution to this problem. After all, most people will not be using deprecated/vulnerable models, and no models right now have this flag.
mufaddal-rohawala
changed the title
Issue #, if available:
Description of changes:
This PR adds adds support for the deprecated and vulnerability fields of the JumpStart model specs. If specs for a vulnerable or deprecated model are requested, a new exception type will be surfaced. There is a user option to override these safety checks, so they may use a vulnerable/deprecated model if they wish.
Testing done:
Merge Checklist
Put an
xin the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.General
Tests
unique_name_from_baseto create resource names in integ tests (if appropriate)By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.