Skip to content

mlops.workflow Pipeline's .definition() fails due to regression bug after security fix #5708 #5787

Open
Open
mlops.workflow Pipeline's .definition() fails due to regression bug after security fix #5708#5787
Labels
component: pipelinesRelates to the SageMaker Pipeline Platform
@skilaren

Description

@skilaren
skilaren
opened on Apr 22, 2026

PySDK Version

  • PySDK V2 (2.x)
  • PySDK V3 (3.x)

Describe the bug
mlops.workflow Pipeline's .definition() fails due to HMAC fix

sagemaker/core/remote_function/job.py:955 in compile            │
│                                                                              │
│    952 │   │   else:                                                         │
│    953 │   │   │   private_key = step_compilation_context.function_step_secr │
│    954 │   │   │   public_key_pem = (                                        │
│ ❱  955 │   │   │   │   private_key.public_key()                              │
│    956 │   │   │   │   .public_bytes(                                        │
│    957 │   │   │   │   │   crypto_serialization.Encoding.PEM,                │
│    958 │   │   │   │   │   crypto_serialization.PublicFormat.SubjectPublicKe │
╰──────────────────────────────────────────────────────────────────────────────╯
AttributeError: 'str' object has no attribute 'public_key'

To reproduce
code snippet:

from sagemaker.mlops.workflow import Pipeline
from sagemaker.mlops.workflow.function_step import step


def get_pipeline() -> Pipeline:
    @step(image_uri="python:3.14-trixie", instance_type="ml.m5.large", instance_count=1)
    def step_test() -> None:
        print("Hello world")

    new_pipeline = Pipeline(
        name="TestPipeline",
        steps=[step_test()],
    )
    return new_pipeline


if __name__ == "__main__":
    pipeline = get_pipeline()
    definition = pipeline.definition()
    print(definition)

Expected behavior
Steps are compiled and pipeline definition is returned

System information

  • SageMaker Python SDK version: 3.8.0
  • Framework name (eg. PyTorch) or algorithm (eg. KMeans): -
  • Framework version: -
  • Python version: 3.14
  • CPU or GPU: CPU
  • Custom Docker image (Y/N): N

Additional context
During steps compilation in StepsCompiler._build_step step_compilation_context_manager is used with self._function_step_secret_token = secrets.token_hex(32) defined in StepsCompiler init function.
It later causes the sagemaker/core/remote_function/job:941-961 to fail because step_compilation_context is not None but function_step_secret_token is set to string token

Metadata

Metadata

Assignees

No one assigned

    Labels

    component: pipelinesRelates to the SageMaker Pipeline Platform

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions