-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle AWS encryption details #12495
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Arthur Jenoudet <arthur.jenoudet@databricks.com>
@mlflow-automation autoformat |
@mlflow-automation autoformat |
Signed-off-by: mlflow-automation <mlflow-automation@users.noreply.github.com>
Signed-off-by: Arthur Jenoudet <arthur.jenoudet@databricks.com>
Documentation preview for 32f1594 will be available when this CircleCI job More info
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know we synced offline about manually testing this, maybe @BenWilson2 knows someone from the field side who has access to an AWS instance for encryption testing. Otherwise, probably file an IT ticket to try this out
@@ -190,6 +192,26 @@ enum StorageMode { | |||
DEFAULT_STORAGE = 2; | |||
} | |||
|
|||
message EncryptionDetails { | |||
oneof encryption_details_type { | |||
// Details for CLOUD_MANAGED_SSE_KEYS: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oneof
just one option? I assume we're trying to match some passed in format exactly, so if this is necessary, let's add a comment explaining why
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to match the UCMR proto, derived from the UC proto. We're only exposing the information we need.
|
||
enum SseEncryptionAlgorithm { | ||
SSE_ENCRYPTION_ALGORITHM_UNSPECIFIED = 0; | ||
AWS_SSE_KMS = 2; // "aws:kms" in x-amz-server-side-encryption' header |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS_SSE_KMS = 2; // "aws:kms" in x-amz-server-side-encryption' header | |
AWS_SSE_KMS = 1; // "aws:kms" in x-amz-server-side-encryption' header |
Unless there's a reason why this needs to start at 2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to match the UCMR proto, derived from the UC proto. We're only exposing the information we need.
@michael-berk would you have access to an AWS account that would make testing this simple? It's a bit challenging for us. |
@BenWilson2 @michael-berk Any guidance on how to test this manually? |
🛠 DevTools 🛠
Install mlflow from this PR
Checkout with GitHub CLI
Related Issues/PRs
#xxxWhat changes are proposed in this pull request?
Enable MLflow to use AWS server-side encryption details when uploading files.
How is this PR tested?
Does this PR require documentation update?
Release Notes
Is this a user-facing change?
What component(s), interfaces, languages, and integrations does this PR affect?
Components
area/artifacts
: Artifact stores and artifact loggingarea/build
: Build and test infrastructure for MLflowarea/deployments
: MLflow Deployments client APIs, server, and third-party Deployments integrationsarea/docs
: MLflow documentation pagesarea/examples
: Example codearea/model-registry
: Model Registry service, APIs, and the fluent client calls for Model Registryarea/models
: MLmodel format, model serialization/deserialization, flavorsarea/recipes
: Recipes, Recipe APIs, Recipe configs, Recipe Templatesarea/projects
: MLproject format, project running backendsarea/scoring
: MLflow Model server, model deployment tools, Spark UDFsarea/server-infra
: MLflow Tracking server backendarea/tracking
: Tracking Service, tracking client APIs, autologgingInterface
area/uiux
: Front-end, user experience, plotting, JavaScript, JavaScript dev serverarea/docker
: Docker use across MLflow's components, such as MLflow Projects and MLflow Modelsarea/sqlalchemy
: Use of SQLAlchemy in the Tracking Service or Model Registryarea/windows
: Windows supportLanguage
language/r
: R APIs and clientslanguage/java
: Java APIs and clientslanguage/new
: Proposals for new client languagesIntegrations
integrations/azure
: Azure and Azure ML integrationsintegrations/sagemaker
: SageMaker integrationsintegrations/databricks
: Databricks integrationsHow should the PR be classified in the release notes? Choose one:
rn/none
- No description will be included. The PR will be mentioned only by the PR number in the "Small Bugfixes and Documentation Updates" sectionrn/breaking-change
- The PR will be mentioned in the "Breaking Changes" sectionrn/feature
- A new user-facing feature worth mentioning in the release notesrn/bug-fix
- A user-facing bug fix worth mentioning in the release notesrn/documentation
- A user-facing documentation change worth mentioning in the release notesShould this PR be included in the next patch release?
Yes
should be selected for bug fixes, documentation updates, and other small changes.No
should be selected for new features and larger changes. If you're unsure about the release classification of this PR, leave this unchecked to let the maintainers decide.What is a minor/patch release?
Bug fixes, doc updates and new features usually go into minor releases.
Bug fixes and doc updates usually go into patch releases.