|
15 | 15 | from __future__ import absolute_import
|
16 | 16 |
|
17 | 17 | import copy
|
| 18 | +import logging |
18 | 19 | import shutil
|
19 | 20 | import tarfile
|
20 | 21 | from datetime import datetime
|
|
59 | 60 | _validate_new_tags,
|
60 | 61 | remove_tag_with_key,
|
61 | 62 | )
|
| 63 | +from src.sagemaker.config.config_utils import _log_sagemaker_config_single_substitution |
62 | 64 | from tests.unit.sagemaker.workflow.helpers import CustomStep
|
63 | 65 | from sagemaker.workflow.parameters import ParameterString, ParameterInteger
|
64 | 66 |
|
@@ -1279,6 +1281,87 @@ def test_resolve_value_from_config():
|
1279 | 1281 | mock_info_logger.reset_mock()
|
1280 | 1282 |
|
1281 | 1283 |
|
| 1284 | +class TestLogSagemakerConfig(TestCase): |
| 1285 | + |
| 1286 | + def test_sensitive_info_masking(self): |
| 1287 | + logger = logging.getLogger("sagemaker.config") |
| 1288 | + logger.setLevel(logging.DEBUG) |
| 1289 | + |
| 1290 | + stream_handler = logging.StreamHandler() |
| 1291 | + logger.addHandler(stream_handler) |
| 1292 | + |
| 1293 | + # source value is None |
| 1294 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1295 | + _log_sagemaker_config_single_substitution( |
| 1296 | + None, {"apiKey": "topsecretkey"}, "config/path" |
| 1297 | + ) |
| 1298 | + |
| 1299 | + self.assertIn("config value that will be used = {'apiKey': '***'}", log.output[0]) |
| 1300 | + |
| 1301 | + # source value is None and config_value == source_value |
| 1302 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1303 | + _log_sagemaker_config_single_substitution( |
| 1304 | + {"secretword": "topsecretword"}, {"secretword": "topsecretword"}, "config/path" |
| 1305 | + ) |
| 1306 | + |
| 1307 | + self.assertIn("Skipped value", log.output[0]) |
| 1308 | + self.assertIn("source value that will be used = {'secretword': '***'}", log.output[0]) |
| 1309 | + self.assertIn("config value = {'secretword': '***'}", log.output[0]) |
| 1310 | + |
| 1311 | + # source value is not None and config_value != source_value |
| 1312 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1313 | + _log_sagemaker_config_single_substitution( |
| 1314 | + {"password": "supersecretpassword"}, {"apiKey": "topsecretkey"}, "config/path" |
| 1315 | + ) |
| 1316 | + |
| 1317 | + self.assertIn("Skipped value", log.output[0]) |
| 1318 | + self.assertIn("source value that will be used = {'password': '***'}", log.output[0]) |
| 1319 | + self.assertIn("config value = {'apiKey': '***'}", log.output[0]) |
| 1320 | + |
| 1321 | + def test_non_sensitive_info_masking(self): |
| 1322 | + logger = logging.getLogger("sagemaker.config") |
| 1323 | + logger.setLevel(logging.DEBUG) |
| 1324 | + |
| 1325 | + stream_handler = logging.StreamHandler() |
| 1326 | + logger.addHandler(stream_handler) |
| 1327 | + |
| 1328 | + # source value is None |
| 1329 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1330 | + _log_sagemaker_config_single_substitution( |
| 1331 | + None, {"username": "randomvalue"}, "config/path" |
| 1332 | + ) |
| 1333 | + |
| 1334 | + self.assertIn("config value that will be used = {'username': 'randomvalue'}", log.output[0]) |
| 1335 | + |
| 1336 | + # source value is not None and config_value == source_value |
| 1337 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1338 | + _log_sagemaker_config_single_substitution( |
| 1339 | + {"nonsensitivevalue": "randomvalue"}, |
| 1340 | + {"nonsensitivevalue": "randomvalue"}, |
| 1341 | + "config/path", |
| 1342 | + ) |
| 1343 | + |
| 1344 | + self.assertIn("Skipped value", log.output[0]) |
| 1345 | + self.assertIn( |
| 1346 | + "source value that will be used = {'nonsensitivevalue': 'randomvalue'}", log.output[0] |
| 1347 | + ) |
| 1348 | + self.assertIn("config value = {'nonsensitivevalue': 'randomvalue'}", log.output[0]) |
| 1349 | + |
| 1350 | + # source value is not None and config_value != source_value |
| 1351 | + with self.assertLogs(logger, level="DEBUG") as log: |
| 1352 | + _log_sagemaker_config_single_substitution( |
| 1353 | + {"username": "nonsensitiveinfo"}, |
| 1354 | + {"configvalue": "nonsensitivevalue"}, |
| 1355 | + "config/path/non_sensitive", |
| 1356 | + ) |
| 1357 | + |
| 1358 | + self.assertIn("Skipped value", log.output[0]) |
| 1359 | + self.assertIn( |
| 1360 | + "source value that will be used = {'username': 'nonsensitiveinfo'}", log.output[0] |
| 1361 | + ) |
| 1362 | + self.assertIn("config value = {'configvalue': 'nonsensitivevalue'}", log.output[0]) |
| 1363 | + |
| 1364 | + |
1282 | 1365 | def test_get_sagemaker_config_value():
|
1283 | 1366 | mock_config_logger = Mock()
|
1284 | 1367 |
|
|
0 commit comments