Add possibility to use client cert. with tracking API. #2843
Conversation
|
@dbczumar Disregarding the missing documentation and tests: Is this implementation ok or do you see more needed changes on other places? |
|
@PhilipMay Sorry for the delay here. This implementation looks great! Let me know if you can add some tests and documentation - more than happy to get this merged once those have been added! Thank you for your contribution! |
Codecov Report
@@ Coverage Diff @@
## master #2843 +/- ##
=======================================
Coverage 85.04% 85.04%
=======================================
Files 20 20
Lines 1050 1050
=======================================
Hits 893 893
Misses 157 157 Continue to review full report at Codecov.
|
|
I am finished with this PR.
CI Tests are all green... @dbczumar Thanks, |
|
Hi. Any comments on this PR? |
mlflow/utils/rest_utils.py
Outdated
| if not host: | ||
| raise MlflowException("host is a required parameter for MlflowHostCreds") | ||
| if ignore_tls_verification and (server_cert_path is not None): | ||
| raise MlflowException("if 'MLFLOW_TRACKING_INSECURE_TLS' is set to true " |
There was a problem hiding this comment.
@PhilipMay This is a really minor point of feedback, but can we start this error message by indicating that ignore_tls_verification=True and server_cert_path should not both be specified and include the environment variable part afterwards as a hint? Users or some other piece of backend code may try to construct this object directly, without the use of environment variables.
Also, can we specify an error code of INVALID_PARAMETER_VALUE here? See https://github.com/mlflow/mlflow/blob/master/mlflow/utils/uri.py#L55 for an example.
There was a problem hiding this comment.
@PhilipMay Sorry for the delay again - this looks awesome! I left one small comment about the error message behavior. I'm going to give this a manual test tomorrow and should be ready to approve / merge it by EOD tomorrow!
|
The exception message has been improved. The error code is still missing. 2 lines above my exception is an other @dbczumar What do you think? |
If you have problems with the manual test I can provide an howto. I start the server with this command:
Here is the demo client code: import mlflow
import os
os.environ["MLFLOW_TRACKING_CLIENT_CERT_PATH"] = "/<some_dir>/client.pem"
os.environ["MLFLOW_TRACKING_SERVER_CERT_PATH"] = "/<some_dir>/server.crt"
mlflow.set_tracking_uri("https://<URL>:5000")
mlflow.set_experiment("cert-test-01")
for i in range(4):
with mlflow.start_run():
mlflow.log_metric('x', 2*i)
mlflow.log_metric('y', 100/((i+1)*2))
mlflow.set_tag('t1', 'tag:{}'.format(i))
mlflow.log_param('p1', 'param:{}'.format(i)) |
|
@PhilipMay I've pushed the tweaks you mentioned for the |
* client and server cert from env var * doc * python docstring of MlflowHostCreds * test_ignore_tls_verification_not_server_cert_path * tests for client & server cert path * client and server path env. var doc * improved client and server path env. var doc * improved python docstring of MlflowHostCreds * improved client and server path env. var doc * exception text improvement * linter line too long fix * Docs fixes * Fix typo Co-authored-by: Corey Zumar <corey.zumar@databricks.com>
see #2574
TODO
MlflowHostCreds