Skip to content

Execlude trusted connector check for hidden model #3838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 7, 2025
Merged

Execlude trusted connector check for hidden model #3838

merged 2 commits into from
May 7, 2025
+112 −21

Conversation

dhrubo-os
Copy link
Collaborator

Description

[Execlude trusted connector check for hidden model]

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:35 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:35 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:35 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:35 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 7, 2025 00:38 — with GitHub Actions Error
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:38 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 7, 2025 00:38 — with GitHub Actions Failure
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 00:38 — with GitHub Actions Inactive
@jngz-es
Copy link
Collaborator

jngz-es commented May 7, 2025

This pr is only to skip url validation for inline connectors, correct?

@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 01:41 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 01:41 — with GitHub Actions Inactive
@codecov Codecov
Copy link

codecov bot commented May 7, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.00%. Comparing base (0cba0ed) to head (5c88105).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #3838   +/-   ##
=========================================
  Coverage     77.99%   78.00%           
- Complexity     7316     7318    +2     
=========================================
  Files           655      655           
  Lines         33032    33035    +3     
  Branches       3706     3707    +1     
=========================================
+ Hits          25764    25768    +4     
  Misses         5681     5681           
+ Partials       1587     1586    -1
Flag Coverage Δ
ml-commons 78.00% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dhrubo-os
Copy link
Collaborator Author

This pr is only to skip url validation for inline connectors, correct?

Yeah. We support hidden model with inline connector. So I'm putting the validation only here for simplicity. Do you see any concern?

@jngz-es
Copy link
Collaborator

jngz-es commented May 7, 2025

No, it's OK to me. Thanks for confirming.

ylwu-amzn
ylwu-amzn reviewed May 7, 2025
View reviewed changes
plugin/src/main/java/org/opensearch/ml/action/register/TransportRegisterModelAction.java
@@ -171,7 +172,8 @@ protected void doExecute(Task task, ActionRequest request, ActionListener<MLRegi
"To upload custom model user needs to enable allow_registering_model_via_url settings. Otherwise please use OpenSearch pre-trained models."
);
}
registerModelInput.setIsHidden(RestActionUtils.isSuperAdminUser(clusterService, client));
boolean isSuperAdmin = isSuperAdminUserWrapper(clusterService, client);
registerModelInput.setIsHidden(isSuperAdmin);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check hidden field in model configuration?
Is it possible super admin create non-hidden model?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In current design this is not possible for super admin to create non-hidden model.

@dhrubo-os dhrubo-os merged commit dd887bc into opensearch-project:main May 7, 2025
11 of 13 checks passed
Zhangxunmt
Zhangxunmt reviewed May 7, 2025
View reviewed changes
plugin/src/main/java/org/opensearch/ml/action/register/TransportRegisterModelAction.java
@@ -171,7 +172,8 @@ protected void doExecute(Task task, ActionRequest request, ActionListener<MLRegi
"To upload custom model user needs to enable allow_registering_model_via_url settings. Otherwise please use OpenSearch pre-trained models."
);
}
registerModelInput.setIsHidden(RestActionUtils.isSuperAdminUser(clusterService, client));
boolean isSuperAdmin = isSuperAdminUserWrapper(clusterService, client);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method for a single line adds complexity, additional method maintenance and reduced readability. this isn't typically considered best practice unless there's a specific testing requirement, but this static method is not covered in the UT at all.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you notice, I have mocked the behavior in both of the tests:

        // Mock super admin check
        doReturn(false).when(transportRegisterModelAction).isSuperAdminUserWrapper(any(), any());

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zhangxunmt Zhangxunmt Zhangxunmt left review comments

@ylwu-amzn ylwu-amzn ylwu-amzn left review comments

@jngz-es jngz-es jngz-es approved these changes

@rbhavna rbhavna rbhavna approved these changes

@b4sjoo b4sjoo Awaiting requested review from b4sjoo b4sjoo is a code owner

@mingshl mingshl Awaiting requested review from mingshl mingshl is a code owner

@model-collapse model-collapse Awaiting requested review from model-collapse model-collapse is a code owner

@zane-neo zane-neo Awaiting requested review from zane-neo zane-neo is a code owner

@austintlee austintlee Awaiting requested review from austintlee austintlee is a code owner

@HenryL27 HenryL27 Awaiting requested review from HenryL27 HenryL27 is a code owner

@xinyual xinyual Awaiting requested review from xinyual xinyual is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dhrubo-os @jngz-es @Zhangxunmt @ylwu-amzn @rbhavna