[AQUA] CLI to verify policies to perform operations related to AQUA. #1218
Conversation
amitkrprajapati
requested review from
darenr,
mayoor,
mrDzurb,
VipulMascarenhas,
qiuosier and
ahosler
as code owners
oracle-contributor-agreement
bot
added
the
OCA Verified
|
|
📌 Cov diff with main: 📌 Overall coverage: |
mrDzurb
changed the title
|
Could you add description to this PR? |
|
|
📌 Cov diff with main: 📌 Overall coverage: |
|
|
📌 Cov diff with main: 📌 Overall coverage: |
|
| UNVERIFIED = "UNVERIFIED" | ||
|
|
||
|
|
||
| @dataclass(repr=False) |
There was a problem hiding this comment.
NIT: We are trying to move everything to pydantic classes instead.
There was a problem hiding this comment.
These classes are inheriting from DataClassSerializable. Do we have something similar with Pydantic.
There was a problem hiding this comment.
Yeap we do have
https://github.com/oracle/accelerated-data-science/blob/main/ads/aqua/config/utils/serializer.py
| utils.list_compartments.__name__: { | ||
| "name": "List Compartments", | ||
| "error": "Unable to retrieve the list of compartments. Please verify that you have the required permissions to list compartments in your tenancy. ", | ||
| "policy_hint": "Allow dynamic-group aqua-dynamic-group to inspect compartments in tenancy" |
There was a problem hiding this comment.
As we discussed during the syncup, let's also try to add a link to the GH docs, where the policies can be setup.
There was a problem hiding this comment.
Added a log: logger.info(f"Refer to: {POLICY_HELP_LINK}")
This log will be printed everytime when a operation fails.
POLICY_HELP_LINK: https://github.com/oracle-samples/oci-data-science-ai-samples/blob/main/ai-quick-actions/policies/README.md
| subnet_id = kwargs.pop("subnet_id", None) | ||
| job_infrastructure_type = "STANDALONE" if subnet_id is not None else "ME_STANDALONE" | ||
|
|
||
| response = self.aqua_model.ds_client.create_job( |
There was a problem hiding this comment.
NIT: This could be done using ADS Jobs implementation.
https://accelerated-data-science.readthedocs.io/en/latest/user_guide/jobs/run_python.html
There was a problem hiding this comment.
In current implementation, I am creating Job with shell environment and running a simple "echo" command. I am directly uploading the artifact data without saving the file locally.
In job run: I am waiting for run to complete, by constantly monitoring lifecycle state.
I found ads.job little untidy to achieve the same.
|
Will the |
|
📌 Cov diff with main: 📌 Overall coverage: |
| using Oracle Accelerated Data Science (ADS) SDK. | ||
| """ | ||
| def __init__(self): | ||
| self.aqua_model = AquaModelApp() |
There was a problem hiding this comment.
nit: to keep it better readable/maintainable, might be good to load most the below clients directly from AquaApp class, and use aqua_model for testing individual functions. ideally, clients should have been reused in the child classes in aqua, but we've done it on few instances and not all.
There was a problem hiding this comment.
Some of the list operations use limit=3, so they fetch data directly from the OCI client. If I change the implementation to ads specific, it tries to list all resources even if it has multiple pages. For policy verification, a list operation with a limit is enough.
ads/aqua/verify_policies/utils.py
Outdated
| model_id = self.aqua_model.ds_client.create_model(create_model_details=create_model_details).data.id | ||
| self.aqua_model.ds_client.create_model_artifact( | ||
| model_id=model_id, | ||
| model_artifact=b"7IV6cktUGcHIhur4bXTv" |
There was a problem hiding this comment.
nit: use a constant for this, also add comment on what this string means.
There was a problem hiding this comment.
Moved to CONSTANT variable. This is dummy model_artifact bytes.
| self.job_id = None | ||
| self.limit = 3 | ||
|
|
||
| def list_compartments(self, **kwargs): |
There was a problem hiding this comment.
add docstrings for all functions.
log.txt
Outdated
| @@ -0,0 +1,24 @@ | |||
| 👋 Waiting, Amit! | |||
There was a problem hiding this comment.
does this file need to be included?
…celerated-data-science into ODSC-72417/Policy_Verification
|
|
📌 Cov diff with main: 📌 Overall coverage: |
|
|
📌 Cov diff with main: 📌 Overall coverage: |
|
|
📌 Cov diff with main: 📌 Overall coverage: |
This utility is designed to help users verify whether they have the necessary permissions to perform common AQUA workflows, such as model registration, deployment, evaluation, and fine-tuning.
Common Methods:
ads aqua verify_policies common_policiesads aqua verify_policies model_registerads aqua verify_policies model_deploymentads aqua verify_policies evaluationads aqua verify_policies finetuneHelp:
ads aqua verify_policies -- --helpUsage: 'ads aqua' verify_policies <command|value>
available commands: common_policies | evaluation | finetune |
model_deployment | model_register
available values: model_id