mlrun 1.10.0rc18__py3-none-any.whl → 1.11.0rc16__py3-none-any.whl

mlrun/runtimes/nuclio/function.py

@@ -16,8 +16,11 @@ import asyncio
 import copy
 import json
 import typing
+import warnings
+from dataclasses import dataclass
 from datetime import datetime
 from time import sleep
+from urllib.parse import urlparse, urlunparse
 
 import inflection
 import nuclio
@@ -29,12 +32,14 @@ from kubernetes import client
 from nuclio.deploy import find_dashboard_url, get_deploy_status
 from nuclio.triggers import V3IOStreamTrigger
 
+import mlrun.auth.nuclio
+import mlrun.common.constants
 import mlrun.db
 import mlrun.errors
 import mlrun.k8s_utils
 import mlrun.utils
 import mlrun.utils.helpers
-from mlrun.common.schemas import AuthInfo
+from mlrun.common.schemas import AuthInfo, BatchingSpec
 from mlrun.config import config as mlconf
 from mlrun.errors import err_to_str
 from mlrun.lists import RunList
@@ -94,6 +99,13 @@ def min_nuclio_versions(*versions):
     return decorator
 
 
+@dataclass
+class AsyncSpec:
+    enabled: bool = True
+    max_connections: typing.Optional[int] = None
+    connection_availability_timeout: typing.Optional[int] = None
+
+
 class NuclioSpec(KubeResourceSpec):
     _dict_fields = KubeResourceSpec._dict_fields + [
         "min_replicas",
@@ -111,6 +123,7 @@ class NuclioSpec(KubeResourceSpec):
         "service_type",
         "add_templated_ingress_host_mode",
         "disable_default_http_trigger",
+        "auth",
     ]
 
     def __init__(
@@ -158,6 +171,7 @@ class NuclioSpec(KubeResourceSpec):
         graph=None,
         parameters=None,
         track_models=None,
+        auth=None,
     ):
         super().__init__(
             command=command,
@@ -214,6 +228,7 @@ class NuclioSpec(KubeResourceSpec):
         # When True it will set Nuclio spec.noBaseImagesPull to False (negative logic)
         # indicate that the base image should be pulled from the container registry (not cached)
         self.base_image_pull = False
+        self.auth = auth or {}
 
     def generate_nuclio_volumes(self):
         nuclio_volumes = []
@@ -298,29 +313,16 @@ class RemoteRuntime(KubeResource):
             return {}
 
         raw_config = copy.deepcopy(self.spec.config)
-
         for key, value in self.spec.config.items():
             if key.startswith("spec.triggers"):
-                trigger_name = key.split(".")[-1]
-
-                for path in SENSITIVE_PATHS_IN_TRIGGER_CONFIG:
-                    # Handle nested keys
-                    nested_keys = path.split("/")
-                    target = value
-                    for sub_key in nested_keys[:-1]:
-                        target = target.get(sub_key, {})
-
-                    last_key = nested_keys[-1]
-                    if last_key in target:
-                        sensitive_field = target[last_key]
-                        if sensitive_field.startswith(
-                            mlrun.model.Credentials.secret_reference_prefix
-                        ):
-                            # already masked
-                            continue
-                        target[last_key] = (
-                            f"{mlrun.model.Credentials.secret_reference_prefix}/spec/triggers/{trigger_name}/{path}"
-                        )
+                # support both types depending on the way how it was set
+                # sometimes trigger name is in the same key, sometimes it's nested in the value dict
+                if key == "spec.triggers":
+                    for trigger_name, trigger_config in value.items():
+                        self._mask_trigger_config(trigger_name, trigger_config)
+                else:
+                    trigger_name = key.split(".")[-1]
+                    self._mask_trigger_config(trigger_name, value)
 
         return raw_config
 
@@ -422,6 +424,18 @@ class RemoteRuntime(KubeResource):
                 )
         """
         self.spec.build.source = source
+
+        code = (
+            self.spec.build.functionSourceCode if hasattr(self.spec, "build") else None
+        )
+        if code:
+            # Warn and clear any inline code so the archive is actually used
+            logger.warning(
+                "Cannot specify both code and source archive. Removing the code so the provided "
+                "source archive will be used instead."
+            )
+            self.spec.build.functionSourceCode = None
+
         # update handler in function_handler if needed
         if handler:
             self.spec.function_handler = handler
@@ -450,7 +464,7 @@ class RemoteRuntime(KubeResource):
 
     def with_http(
         self,
-        workers: typing.Optional[int] = 8,
+        workers: typing.Optional[int] = None,
         port: typing.Optional[int] = None,
         host: typing.Optional[str] = None,
         paths: typing.Optional[list[str]] = None,
@@ -461,6 +475,8 @@ class RemoteRuntime(KubeResource):
         trigger_name: typing.Optional[str] = None,
         annotations: typing.Optional[typing.Mapping[str, str]] = None,
         extra_attributes: typing.Optional[typing.Mapping[str, str]] = None,
+        batching_spec: typing.Optional[BatchingSpec] = None,
+        async_spec: typing.Optional[AsyncSpec] = None,
     ):
         """update/add nuclio HTTP trigger settings
 
@@ -468,7 +484,8 @@ class RemoteRuntime(KubeResource):
         if the max time a request will wait for until it will start processing, gateway_timeout must be greater than
         the worker_timeout.
 
-        :param workers:    number of worker processes (default=8). set 0 to use Nuclio's default workers count
+        :param workers: Number of worker processes. Defaults to 8 in synchronous mode and
+                        1 in asynchronous mode. Set to 0 to use Nuclio’s default worker count.
         :param port:       TCP port to listen on. by default, nuclio will choose a random port as long as
                            the function service is NodePort. if the function service is ClusterIP, the port
                            is ignored.
@@ -482,6 +499,12 @@ class RemoteRuntime(KubeResource):
         :param trigger_name:    alternative nuclio trigger name
         :param annotations:     key/value dict of ingress annotations
         :param extra_attributes: key/value dict of extra nuclio trigger attributes
+        :param batching_spec: BatchingSpec object that defines batching configuration.
+            By default, batching is disabled.
+
+        :param async_spec: AsyncSpec object defines async configuration. If number of max connections
+            won't be set, the default value will be set to 1000 according to nuclio default.
+
         :return: function object (self)
         """
         if self.disable_default_http_trigger:
@@ -489,11 +512,15 @@ class RemoteRuntime(KubeResource):
                 "Adding HTTP trigger despite the default HTTP trigger creation being disabled"
             )
 
+        if async_spec and async_spec.enabled:
+            workers = 1 if workers is None else workers
+        else:
+            workers = 8 if workers is None else workers
+
         annotations = annotations or {}
         if worker_timeout:
             gateway_timeout = gateway_timeout or (worker_timeout + 60)
-        if workers is None:
-            workers = 0
+
         if gateway_timeout:
             if worker_timeout and worker_timeout >= gateway_timeout:
                 raise ValueError(
@@ -517,6 +544,28 @@ class RemoteRuntime(KubeResource):
             trigger._struct["workerAvailabilityTimeoutMilliseconds"] = (
                 worker_timeout
             ) * 1000
+
+        if batching_spec and (
+            batching_config := batching_spec.get_nuclio_batch_config()
+        ):
+            if not validate_nuclio_version_compatibility("1.14.0"):
+                raise mlrun.errors.MLRunValueError(
+                    "Batching is only supported on Nuclio 1.14.0 and higher"
+                )
+            trigger._struct["batch"] = batching_config
+
+        if async_spec:
+            if not validate_nuclio_version_compatibility("1.15.3"):
+                raise mlrun.errors.MLRunValueError(
+                    "Async spec is only supported on Nuclio 1.15.3 and higher"
+                )
+            if async_spec.enabled:
+                trigger._struct["mode"] = "async"
+                trigger._struct["async"] = {
+                    "maxConnectionsNumber": async_spec.max_connections,
+                    "connectionAvailabilityTimeout": async_spec.connection_availability_timeout,
+                }
+
         self.add_trigger(trigger_name or "http", trigger)
         return self
 
@@ -827,21 +876,6 @@ class RemoteRuntime(KubeResource):
             raise ValueError("function or deploy process not found")
         return self.status.state, text, last_log_timestamp
 
-    def _get_runtime_env(self):
-        # for runtime specific env var enrichment (before deploy)
-        runtime_env = {
-            "MLRUN_ACTIVE_PROJECT": self.metadata.project or mlconf.active_project,
-        }
-        if mlconf.httpdb.api_url:
-            runtime_env["MLRUN_DBPATH"] = mlconf.httpdb.api_url
-        if mlconf.namespace:
-            runtime_env["MLRUN_NAMESPACE"] = mlconf.namespace
-        if self.metadata.credentials.access_key:
-            runtime_env[
-                mlrun.common.runtimes.constants.FunctionEnvironmentVariables.auth_session
-            ] = self.metadata.credentials.access_key
-        return runtime_env
-
     def _get_serving_spec(self):
         return None
 
@@ -866,8 +900,9 @@ class RemoteRuntime(KubeResource):
             if value_from is not None:
                 external_source_env_dict[sanitized_env_var.get("name")] = value_from
 
-        for key, value in self._get_runtime_env().items():
-            env_dict[key] = value
+        envs, external_source_envs = self._generate_runtime_env()
+        env_dict.update(envs)
+        external_source_env_dict.update(external_source_envs)
 
         return env_dict, external_source_env_dict
 
@@ -924,7 +959,7 @@ class RemoteRuntime(KubeResource):
     def invoke(
         self,
         path: str,
-        body: typing.Optional[typing.Union[str, bytes, dict]] = None,
+        body: typing.Optional[typing.Union[str, bytes, dict, list]] = None,
         method: typing.Optional[str] = None,
         headers: typing.Optional[dict] = None,
         force_external_address: bool = False,
@@ -966,24 +1001,6 @@ class RemoteRuntime(KubeResource):
         self._mock_server = None
 
         if "://" not in path:
-            if not self.status.address:
-                # here we check that if default http trigger is disabled, function contains a custom http trigger
-                # Otherwise, the function is not invokable, so we raise an error
-                if (
-                    not self._trigger_of_kind_exists(kind="http")
-                    and self.spec.disable_default_http_trigger
-                ):
-                    raise mlrun.errors.MLRunPreconditionFailedError(
-                        "Default http trigger creation is disabled and there is no any other custom http trigger, "
-                        "so function can not be invoked via http. Either enable default http trigger creation or "
-                        "create custom http trigger"
-                    )
-                state, _, _ = self._get_state()
-                if state not in ["ready", "scaledToZero"]:
-                    logger.warning(f"Function is in the {state} state")
-                if not self.status.address:
-                    raise ValueError("no function address first run .deploy()")
-
             path = self._resolve_invocation_url(path, force_external_address)
 
         if headers is None:
@@ -997,7 +1014,7 @@ class RemoteRuntime(KubeResource):
         if not http_client_kwargs:
             http_client_kwargs = {}
         if body:
-            if isinstance(body, (str, bytes)):
+            if isinstance(body, str | bytes):
                 http_client_kwargs["data"] = body
             else:
                 http_client_kwargs["json"] = body
@@ -1043,6 +1060,9 @@ class RemoteRuntime(KubeResource):
             sidecar["image"] = image
 
         ports = mlrun.utils.helpers.as_list(ports)
+        if len(ports) > 1:
+            mlrun.runtimes.nuclio.multiple_port_sidecar_is_supported()
+
         # according to RFC-6335, port name should be less than 15 characters,
         # so we truncate it if needed and leave room for the index
         port_name = name[:13].rstrip("-_") if len(name) > 13 else name
@@ -1068,6 +1088,20 @@ class RemoteRuntime(KubeResource):
             sidecar["resources"] = self.spec.resources
             self.spec.resources = None
 
+    def set_probe(self, *args, **kwargs):
+        """Set a Kubernetes probe configuration for the sidecar container
+
+        This method is only available for ApplicationRuntime.
+        """
+        raise ValueError("set_probe() is only supported for ApplicationRuntime. ")
+
+    def delete_probe(self, *args, **kwargs):
+        """Delete a Kubernetes probe configuration from the sidecar container
+
+        This method is only available for ApplicationRuntime.
+        """
+        raise ValueError("delete_probe() is only supported for ApplicationRuntime.")
+
     def _set_sidecar(self, name: str) -> dict:
         self.spec.config.setdefault("spec.sidecars", [])
         sidecars = self.spec.config["spec.sidecars"]
@@ -1078,6 +1112,79 @@ class RemoteRuntime(KubeResource):
         sidecars.append({"name": name})
         return sidecars[-1]
 
+    def _mask_trigger_config(self, trigger_name, trigger_config):
+        self._mask_rabbitmq_url(trigger=trigger_config)
+        for path in SENSITIVE_PATHS_IN_TRIGGER_CONFIG:
+            # Handle nested keys
+            nested_keys = path.split("/")
+            target = trigger_config
+            for sub_key in nested_keys[:-1]:
+                target = target.get(sub_key, {})
+
+            last_key = nested_keys[-1]
+            if last_key in target:
+                sensitive_field = target[last_key]
+                if sensitive_field.startswith(
+                    mlrun.model.Credentials.secret_reference_prefix
+                ):
+                    # already masked
+                    continue
+                target[last_key] = (
+                    f"{mlrun.model.Credentials.secret_reference_prefix}/spec/triggers/{trigger_name}/{path}"
+                )
+
+    @staticmethod
+    def _mask_rabbitmq_url(trigger):
+        """
+        Extract credentials from RabbitMQ URL and move them to attributes dict.
+        This ensures credentials are not exposed in the URL.
+        """
+
+        # supported only for nuclio higher than 1.14.15
+        if not validate_nuclio_version_compatibility("1.14.15"):
+            return
+        if not isinstance(trigger, dict):
+            return
+
+        if trigger.get("kind") != "rabbit-mq":
+            return
+
+        url = trigger.get("url")
+        if not url or not isinstance(url, str):
+            return
+
+        try:
+            parsed = urlparse(url)
+        except Exception:
+            raise mlrun.errors.MLRunValueError("invalid URL format")
+
+        # Only process if credentials are present in the URL
+        if not (parsed.username or parsed.password):
+            return
+
+        # Extract credentials
+        username = parsed.username or ""
+        password = parsed.password or ""
+
+        # Reconstruct clean URL
+        hostname = parsed.hostname or ""
+        netloc = f"{hostname}:{parsed.port}" if parsed.port else hostname
+
+        clean_url = urlunparse(
+            (
+                parsed.scheme,
+                netloc,
+                parsed.path,
+                parsed.params,
+                parsed.query,
+                parsed.fragment,
+            )
+        )
+
+        # Update trigger safely
+        trigger["url"] = clean_url
+        trigger.update({"username": username, "password": password})
+
     def _trigger_of_kind_exists(self, kind: str) -> bool:
         if not self.spec.config:
             return False
@@ -1223,19 +1330,54 @@ class RemoteRuntime(KubeResource):
         # internal / external invocation urls is a nuclio >= 1.6.x feature
         # try to infer the invocation url from the internal and if not exists, use external.
         # $$$$ we do not want to use the external invocation url (e.g.: ingress, nodePort, etc.)
+
+        # if none of urls is set, function was deployed with watch=False
+        # and status wasn't fetched with Nuclio
+        # _get_state fetches the state and updates url
+        if (
+            not self.status.address
+            and not self.status.internal_invocation_urls
+            and not self.status.external_invocation_urls
+        ):
+            state, _, _ = self._get_state()
+            if state not in ["ready", "scaledToZero"]:
+                logger.warning(f"Function is in the {state} state")
+
+        # prefer internal invocation url if running inside k8s cluster
         if (
             not force_external_address
             and self.status.internal_invocation_urls
             and mlrun.k8s_utils.is_running_inside_kubernetes_cluster()
         ):
-            return mlrun.utils.helpers.join_urls(
+            url = mlrun.utils.helpers.join_urls(
                 f"http://{self.status.internal_invocation_urls[0]}", path
             )
+            logger.debug(
+                f"Using internal invocation url {url}. Make sure you have network access to the k8s cluster. "
+                f"Otherwise, set force_external_address to True"
+            )
+            return url
 
         if self.status.external_invocation_urls:
             return mlrun.utils.helpers.join_urls(
                 f"http://{self.status.external_invocation_urls[0]}", path
             )
+
+        if not self.status.address:
+            # if there is no address
+            # here we check that if default http trigger is disabled, function contains a custom http trigger
+            # Otherwise, the function is not invokable, so we raise an error
+            if (
+                not self._trigger_of_kind_exists(kind="http")
+                and self.spec.disable_default_http_trigger
+            ):
+                raise mlrun.errors.MLRunPreconditionFailedError(
+                    "Default http trigger creation is disabled and there is no any other custom http trigger, "
+                    "so function can not be invoked via http. Either enable default http trigger creation or "
+                    "create custom http trigger"
+                )
+            else:
+                raise ValueError("no function address first run .deploy()")
         else:
             return mlrun.utils.helpers.join_urls(f"http://{self.status.address}", path)
 
@@ -1289,6 +1431,8 @@ class RemoteRuntime(KubeResource):
     def get_url(
         self,
         force_external_address: bool = False,
+        # leaving auth_info for BC
+        # TODO: remove in 1.12.0
         auth_info: AuthInfo = None,
     ):
         """
@@ -1299,13 +1443,12 @@ class RemoteRuntime(KubeResource):
 
         :return: returns function's url
         """
-        if not self.status.address:
-            state, _, _ = self._get_state(auth_info=auth_info)
-            if state != "ready" or not self.status.address:
-                raise ValueError(
-                    "no function address or not ready, first run .deploy()"
-                )
-
+        if auth_info:
+            warnings.warn(
+                "'auth_info' is deprecated in 1.10.0 and will be removed in 1.12.0.",
+                # TODO: Remove this in 1.12.0
+                FutureWarning,
+            )
         return self._resolve_invocation_url("", force_external_address)
 
     @staticmethod
@@ -1418,7 +1561,7 @@ def get_nuclio_deploy_status(
             verbose,
             resolve_address,
             return_function_status=True,
-            auth_info=auth_info.to_nuclio_auth_info() if auth_info else None,
+            auth_info=mlrun.auth.nuclio.NuclioAuthInfo.from_auth_info(auth_info),
         )
     except requests.exceptions.ConnectionError as exc:
         mlrun.errors.raise_for_status(
@@ -1456,3 +1599,10 @@ def enrich_nuclio_function_from_headers(
         else []
     )
     func.status.container_image = headers.get("x-mlrun-container-image", "")
+
+
+@min_nuclio_versions("1.14.14")
+def multiple_port_sidecar_is_supported():
+    # multiple ports are supported from nuclio version 1.14.14
+    # this method exists only for running the min_nuclio_versions decorator
+    return True