Skip to content

fix: bucket exists check for session.default_bucket #3165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2022
Merged

fix: bucket exists check for session.default_bucket #3165

merged 1 commit into from
Jun 10, 2022

Conversation

mufaddal-rohawala
Copy link
Member

@mufaddal-rohawala mufaddal-rohawala commented Jun 9, 2022
edited
Loading

Issue #, if available:
#2910
#1990

Description of changes:
Current check for bucket existence in session.py requires s3:ListAllMyBuckets. This permission shouldn't be necessary and is often not allowed in environments following the least privileges principle. Also Without s3:ListAllMyBuckets permissions the case of bucket existence, still requires s3:CreateBucket perms otherwise the check doesn't work properly.

Expected behavior
Users should be able to create a Sagemaker jobs without having to assign s3:ListAllMyBuckets or s3:CreateBucket to the IAM role.

With this change users can now use a s3:ListBucket on a specific bucket, which can support the case of same or cross account specific bucket access.

Testing done:
For backwards compatibility the creation_date check for s3:ListAllMyBuckets would also be supported.
Added units

Merge Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.

General

  • I have read the CONTRIBUTING doc
  • I certify that the changes I am introducing will be backword compatible, and I have discussed concerns about this, if any, with the Python SDK team
  • I used the commit message format described in CONTRIBUTING
  • I have passed the region in to all S3 and STS clients that I've initialized as part of this change.
  • I have updated any necessary documentation, including READMEs and API docs (if appropriate)

Tests

  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added unit and/or integration tests as appropriate to ensure backward compatibility of the changes
  • I have checked that my tests are not configured for a specific region or account (if appropriate)
  • I have used unique_name_from_base to create resource names in integ tests (if appropriate)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-unit-tests
  • Commit ID: 0bb67c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@codecov-commenter
Copy link

codecov-commenter commented Jun 9, 2022
edited
Loading

Codecov Report

Merging #3165 (0bb67c6) into master (90ede1b) will decrease coverage by 0.00%.
The diff coverage is 87.50%.

@@            Coverage Diff             @@
##           master    #3165      +/-   ##
==========================================
- Coverage   89.63%   89.63%   -0.01%     
==========================================
  Files         200      200              
  Lines       17391    17399       +8     
==========================================
+ Hits        15588    15595       +7     
- Misses       1803     1804       +1
Impacted Files Coverage Δ
src/sagemaker/session.py 70.99% <87.50%> (+0.10%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 90ede1b...0bb67c6. Read the comment docs.

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-pr
  • Commit ID: 0bb67c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-local-mode-tests
  • Commit ID: 0bb67c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-notebook-tests
  • Commit ID: 0bb67c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-slow-tests
  • Commit ID: 0bb67c6
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@sagemaker-bot
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: sagemaker-python-sdk-slow-tests
  • Commit ID: 0bb67c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@BasilBeirouti
Copy link
Contributor

Thank you @mufaddal-rohawala for writing such a clear description of the problem and for linking the PR issue

@mufaddal-rohawala mufaddal-rohawala merged commit 3f2214b into aws:master Jun 10, 2022
@mufaddal-rohawala mufaddal-rohawala deleted the bucket-check-fix branch June 10, 2022 21:36
jerrypeng7773 pushed a commit to jerrypeng7773/sagemaker-python-sdk that referenced this pull request Aug 8, 2022
@mufaddal-rohawala @jerrypeng7773
fix: bucket exists check for session.default_bucket (aws#3165)
ec7cf62
@mufaddal-rohawala mufaddal-rohawala mentioned this pull request Nov 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shreyapandit shreyapandit shreyapandit approved these changes

@BasilBeirouti BasilBeirouti BasilBeirouti approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mufaddal-rohawala @sagemaker-bot @codecov-commenter @BasilBeirouti @shreyapandit