Change passphrase
This page describes how to protect deployments by managing their passphrases using the H2O MLOps Python client.
- Connect to H2O MLOps.
import h2o_mlops
import time
mlops = h2o_mlops.Client()
- Retrieve a deployment and view its security options.
project = mlops.projects.list()[0]
environment = project.environments.list()[0]
deployment = environment.deployments.list()[0]
print(deployment.security_options)
Output:
passphrase: h2oai
hashed_passphrase: False
- Update the passphrase for a deployment. Note that the same method can be used to add passphrase protection to an unprotected deployment.
deployment.update_security_options(
passphrase="new"
)
print(deployment.security_options)
Output:
passphrase: new
hashed_passphrase: False
- Confirm that the passphrase update is complete by checking if the deployment is "healthy".
while not deployment.is_healthy():
deployment.raise_for_failure()
time.sleep(5)
- For demonstration purposes, try connecting to one of the deployment endpoints using the
get_capabilities
method. This returns an HTTP error because the deployment passphrase has been changed.
try:
deployment.get_capabilities(passphrase="h2oai")
except Exception as e:
print(e)
Output:
Client error '401 Unauthorized' for url 'https://model.internal.dedicated.h2o.ai/>c3bad4d6-265a-4bf7-95ec-81c714d62339/model/capabilities'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
- When using the updated passphrase, the
get_capabilities
method returns successfully.
deployment.get_capabilities(passphrase="new")
Output:
['SCORE_PREDICTION_INTERVAL', 'SCORE']
- Note that once a deployment is protected, the requirement for a passphrase cannot be changed.
deployment.update_security_options(
passphrase=None
)
Output:
---------------------------------------------------------------------------
RuntimeError Traceback (most recent call last)
Cell In[7], line 1
----> 1 deployment.update_security_options(
2 passphrase=None
3 )
File ~/miniconda3/envs/h2o/lib/python3.9/site-packages/h2o_mlops/_deployments.py:319, in >MLOpsScoringDeployment.update_security_options(self, passphrase, hashed_passphrase)
317 raw_info = self._get_raw_info()
318 if not passphrase and raw_info.security.passphrase.hash:
--> 319 raise RuntimeError("Cannot remove passphrase protection from a deployment.")
320 raw_info.security.passphrase.hash = passphrase
321 if hashed_passphrase:
RuntimeError: Cannot remove passphrase protection from a deployment.
Feedback
- Submit and view feedback for this page
- Send feedback about H2O MLOps to cloud-feedback@h2o.ai