genesis-flow 1.0.3__py3-none-any.whl → 1.0.5__py3-none-any.whl

{genesis_flow-1.0.3.dist-info → genesis_flow-1.0.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: genesis-flow
-Version: 1.0.3
+Version: 1.0.5
 Summary: Genesis-Flow: MLflow v3.1.4 compatible fork for Genesis platform
 Maintainer-email: Databricks <mlflow-oss-maintainers@googlegroups.com>
 License: Copyright 2018 Databricks, Inc.  All rights reserved.

{genesis_flow-1.0.3.dist-info → genesis_flow-1.0.5.dist-info}/RECORD

@@ -1,4 +1,4 @@
-genesis_flow-1.0.3.dist-info/licenses/LICENSE.txt,sha256=Y5U1Xebzka__NZlqMPtBsYm0mRpMtUmTrONatpoL-ig,11382
+genesis_flow-1.0.5.dist-info/licenses/LICENSE.txt,sha256=Y5U1Xebzka__NZlqMPtBsYm0mRpMtUmTrONatpoL-ig,11382
 mlflow/__init__.py,sha256=-_r__N5Afed81pLVtr2wKbHQIA0aj9u9n_7kWGxLWi4,11194
 mlflow/__main__.py,sha256=_PcdoxKehR_a2MI6GqBfzYzRCXZhVyDCSdbxDWVlWd4,39
 mlflow/cli.py,sha256=f1ObrWZ03HgRiRoVEE1Gffe-dGcSY7CxJyEFgb5VUMM,26137
@@ -23,10 +23,10 @@ mlflow/autogen/chat.py,sha256=UwuhppwnlSs4fuv5D2uaugrl5lPpyvTkaHzWMnqR5E0,4497
 mlflow/azure/__init__.py,sha256=3B0PXyQj_3CAhvvMU-siUSDr9Qpf5q6s2PMIlyAwzVQ,737
 mlflow/azure/auth_handler.py,sha256=oIlzPdhuZcyg-sKowGLpinP0KJOFfsKrUnEKe0Mj5j8,9171
 mlflow/azure/client.py,sha256=dUaMFj04OLrlyvYSRTHXF4CaLHCGUdSzhjM5u8ucv8g,11509
-mlflow/azure/config.py,sha256=R86GuPP-yFT2UfKJr7VwhBNtx_o2QA-kvdlWQZwqzwM,4259
-mlflow/azure/connection_factory.py,sha256=VGrrtw3TUfpqGCiJGOclG4RcbXUsjBhE9_ybaA2eUjE,11676
+mlflow/azure/config.py,sha256=0DwiEYN3TefmdaGO9KogNNflX_-0wOeHwKt2hMxKEdU,4491
+mlflow/azure/connection_factory.py,sha256=1hcwPmc5xpP_MS1t3CIlzYfJ_mzEn2GBxnz5TJ1sHOY,12391
 mlflow/azure/exceptions.py,sha256=3jQo_kimK4g94LmSCtzfRQqEOl6bDBtwAQ6utXbgw8k,494
-mlflow/azure/stores.py,sha256=dlmdDVZRINgJw2wxzLhEsnAp1W76bR3NhQ0MftH9T74,12732
+mlflow/azure/stores.py,sha256=MnZaPU2eOAerzGfcwSoyuMCkd9ad1cOmsb6fclgxF4Q,12890
 mlflow/azure/utils.py,sha256=uU4OWU9ffz3KhLf0IgGqabZTTiAskLrNGVH5bIcwKUU,5563
 mlflow/bedrock/__init__.py,sha256=LNOczTpqmgbdek-anWMNisPGDcnn-VbWQm5VVxQ7FdA,1846
 mlflow/bedrock/_autolog.py,sha256=7c2mj9pK1aj-IKCySl74g6gGxze2Bldo8bHSIZAQj5M,7800
@@ -527,7 +527,7 @@ mlflow/tracking/_model_registry/utils.py,sha256=0oyWU_iKleLVeEaWLb-glhkJlArKX0U3
 mlflow/tracking/_tracking_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mlflow/tracking/_tracking_service/client.py,sha256=wkFfP8r8vDA0YPGdE8q8DHn0LY-BeeWgxqWBnAqi_ug,36067
 mlflow/tracking/_tracking_service/registry.py,sha256=o_mi4_MN8Cp3WSnqVThZwABAsJJVBneZmxyqqQEQAeI,2419
-mlflow/tracking/_tracking_service/utils.py,sha256=ryY_fChkUrrBLMjGsjZc1IJ7SrKNWYPBDlm3VWHAZQs,9549
+mlflow/tracking/_tracking_service/utils.py,sha256=yHUYcsPoVz2tz0OYeFJ2aKaGw66PTnLh48Yz4voXF0o,10256
 mlflow/tracking/context/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mlflow/tracking/context/abstract_context.py,sha256=OrlpO7gd_y2UP4pEpvwMKtfHI8XjtmPxO_2SujthUnI,1060
 mlflow/tracking/context/databricks_cluster_context.py,sha256=EORKG7JPBCnFv2Dupqd7FYgsTtwh4ZHB05T9W704IFI,520
@@ -641,8 +641,8 @@ mlflow/utils/autologging_utils/metrics_queue.py,sha256=bwpMX7Go6xFxrpYROi6rDBdVt
 mlflow/utils/autologging_utils/safety.py,sha256=IwbTbusyE87Hc4qkhhvMikoaZqX9kpr972FWS2B8goc,51465
 mlflow/utils/autologging_utils/versioning.py,sha256=2hSN4KXFWEJCcopDdLG6BiPeqSoqjETeNMuUBsCCwlI,3762
 mlflow/utils/import_hooks/__init__.py,sha256=werje98Woelkbwrhtlb8wmRdt3RtiL--LqGru7Xh3YU,13589
-genesis_flow-1.0.3.dist-info/METADATA,sha256=aNXjmAeUTG0TkJzMp0BF4CFNJgcpMw8yuMeFQ2Eyh90,33401
-genesis_flow-1.0.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-genesis_flow-1.0.3.dist-info/entry_points.txt,sha256=fwlE6mYWea9uCNIsmXdT5qMIOZ8rYbTvO6XcZR8fBbE,495
-genesis_flow-1.0.3.dist-info/top_level.txt,sha256=wm8UqYyUHI21EvrTDHb3eYICy0dOVDLBhAL-jp5zbuI,7
-genesis_flow-1.0.3.dist-info/RECORD,,
+genesis_flow-1.0.5.dist-info/METADATA,sha256=c2PrO48hnz6iVieC5srClmgBx4MN_61P3W_NvJvFsQE,33401
+genesis_flow-1.0.5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+genesis_flow-1.0.5.dist-info/entry_points.txt,sha256=fwlE6mYWea9uCNIsmXdT5qMIOZ8rYbTvO6XcZR8fBbE,495
+genesis_flow-1.0.5.dist-info/top_level.txt,sha256=wm8UqYyUHI21EvrTDHb3eYICy0dOVDLBhAL-jp5zbuI,7
+genesis_flow-1.0.5.dist-info/RECORD,,

mlflow/azure/config.py

@@ -84,13 +84,19 @@ class AzureAuthConfig:
             or os.getenv("MLFLOW_AZURE_DEBUG", "false").lower() == "true"
         )
 
-        # Additional environment variable checks
-        # Only override auth method if not explicitly set
-        if (os.getenv("MLFLOW_POSTGRES_USE_MANAGED_IDENTITY", "false").lower() == "true" and 
-            auth_method is None and 
-            os.getenv("MLFLOW_AZURE_AUTH_METHOD") is None):
-            self.auth_enabled = True
-            self.auth_method = AuthMethod.MANAGED_IDENTITY
+        # IMPORTANT: Do not automatically enable Managed Identity based on other env vars
+        # The auth_enabled flag should be the single source of truth
+        # This prevents unintended authentication attempts when Helm hasn't enabled it
+        
+        # Log configuration decision for debugging
+        import logging
+        logger = logging.getLogger(__name__)
+        logger.debug(
+            "AzureAuthConfig initialized: auth_enabled=%s, auth_method=%s, source=%s",
+            self.auth_enabled,
+            self.auth_method.value,
+            "explicit" if auth_enabled is not None else "env_var"
+        )
 
         # Validate configuration
         self._validate()

mlflow/azure/connection_factory.py

@@ -33,9 +33,10 @@ class ConnectionFactory:
         )
 
         logger.info(
-            "Initialized connection factory: azure_auth_enabled=%s, auth_method=%s",
+            "Initialized connection factory: azure_auth_enabled=%s, auth_method=%s, auth_flag=%s",
             self.config.should_use_azure_auth,
             self.config.auth_method.value if self.config.should_use_azure_auth else "sql_auth",
+            self.config.auth_enabled,
         )
 
     def create_engine(
@@ -56,11 +57,23 @@ class ConnectionFactory:
             ConnectionError: If connection configuration fails
             ConfigurationError: If the URI is invalid
         """
+        # Check if auth_method is in URI
+        has_auth_method_param = "auth_method=" in database_uri
+        
         logger.info(
-            "Creating database engine: connection_info=%s, azure_auth=%s",
+            "Creating database engine: connection_info=%s, azure_auth=%s, has_auth_param=%s, auth_enabled_env=%s",
             sanitize_connection_string_for_logging(database_uri),
             self.config.should_use_azure_auth,
+            has_auth_method_param,
+            self.config.auth_enabled,
         )
+        
+        # Warn if there's a mismatch between URI parameter and configuration
+        if has_auth_method_param and not self.config.should_use_azure_auth:
+            logger.warning(
+                "Database URI contains auth_method parameter but Azure authentication is not enabled. "
+                "The auth_method parameter will be ignored. Enable Azure authentication in Helm values to use Managed Identity."
+            )
 
         try:
             # Parse and validate the URI

mlflow/azure/stores.py

@@ -8,7 +8,7 @@ from typing import Optional, Any, Dict
 
 from sqlalchemy import Engine
 
-from mlflow.azure.config import AzureAuthConfig
+from mlflow.azure.config import AzureAuthConfig, AuthMethod
 from mlflow.azure.connection_factory import ConnectionFactory
 from mlflow.azure.exceptions import ConnectionError, ConfigurationError
 
@@ -162,25 +162,32 @@ def create_store(store_uri: str, artifact_uri: Optional[str] = None):
     # Check if Azure authentication should be used
     config = AzureAuthConfig()
     
-    # Auto-detect Azure PostgreSQL and enable auth if credentials are available
-    is_azure_postgres = (
+    # IMPORTANT: Do NOT auto-detect Azure PostgreSQL based on hostname
+    # Only use Azure auth if explicitly enabled through configuration
+    # The MLFLOW_AZURE_AUTH_ENABLED flag should be the single source of truth
+    
+    # Check if URI explicitly requests Azure auth (via scheme or parameter)
+    explicit_azure_request = (
         store_uri.startswith("azure-postgres://") or
-        ".postgres.database.azure.com" in store_uri or
         "auth_method=managed_identity" in store_uri
     )
     
-    # For Azure PostgreSQL, enable auth if we have any Azure credentials
-    if is_azure_postgres and not config.auth_enabled:
-        # Enable auth automatically if we have Azure credentials
-        if config.client_id or config.client_secret or os.getenv("AZURE_CLIENT_ID"):
-            config.auth_enabled = True
-            if not config.auth_method or config.auth_method == config.auth_method.SQL_AUTH:
-                # Default to service principal if we have credentials, managed identity otherwise  
-                config.auth_method = (
-                    config.auth_method.SERVICE_PRINCIPAL 
-                    if config.client_secret or os.getenv("AZURE_CLIENT_SECRET") 
-                    else config.auth_method.MANAGED_IDENTITY
-                )
+    # If auth is not enabled via config and not explicitly requested in URI, skip Azure auth
+    if not config.auth_enabled and not explicit_azure_request:
+        # Log for debugging
+        logger.debug(
+            "Azure auth not enabled: config.auth_enabled=%s, explicit_request=%s",
+            config.auth_enabled,
+            explicit_azure_request
+        )
+        return None
+    
+    # If we reach here, Azure auth is either enabled or explicitly requested
+    # Make sure config reflects this
+    if explicit_azure_request and not config.auth_enabled:
+        config.auth_enabled = True
+        if not config.auth_method or config.auth_method == AuthMethod.SQL_AUTH:
+            config.auth_method = AuthMethod.MANAGED_IDENTITY
     
     if config.should_use_azure_auth:
         logger.info("Creating Azure-enabled tracking store via plugin: auth_method=%s", config.auth_method.value)

mlflow/tracking/_tracking_service/utils.py

@@ -138,15 +138,27 @@ def _get_file_store(store_uri, **_):
 def _get_sqlalchemy_store(store_uri, artifact_uri):
     from mlflow.store.tracking.sqlalchemy_store import SqlAlchemyStore
     
-    # Check if this is a PostgreSQL URI that should use Managed Identity
-    if store_uri.startswith("postgresql://") and (
-        "auth_method=managed_identity" in store_uri or
-        os.getenv("MLFLOW_POSTGRES_USE_MANAGED_IDENTITY", "").lower() == "true"
-    ):
+    # Check if Azure authentication is explicitly enabled
+    azure_auth_enabled = os.getenv("MLFLOW_AZURE_AUTH_ENABLED", "false").lower() == "true"
+    
+    # Only use Managed Identity if explicitly enabled through configuration
+    # This prevents automatic authentication attempts based on URI parameters alone
+    if store_uri.startswith("postgresql://") and azure_auth_enabled:
+        _logger.info(
+            "Azure authentication is enabled for PostgreSQL. Using Managed Identity store."
+        )
         from mlflow.store.tracking.postgres_managed_identity import get_postgres_store_with_managed_identity
         if artifact_uri is None:
             artifact_uri = DEFAULT_LOCAL_FILE_AND_ARTIFACT_PATH
         return get_postgres_store_with_managed_identity(store_uri, artifact_uri)
+    
+    # Log if auth_method is in URI but Azure auth is not enabled
+    if store_uri.startswith("postgresql://") and "auth_method=managed_identity" in store_uri:
+        if not azure_auth_enabled:
+            _logger.warning(
+                "URI contains 'auth_method=managed_identity' but MLFLOW_AZURE_AUTH_ENABLED is not 'true'. "
+                "Using standard SQL authentication. To use Managed Identity, enable it in your Helm configuration."
+            )
 
     if artifact_uri is None:
         artifact_uri = DEFAULT_LOCAL_FILE_AND_ARTIFACT_PATH