mlrun 1.10.0rc18__py3-none-any.whl → 1.11.0rc16__py3-none-any.whl

mlrun/common/schemas/alert.py

@@ -13,9 +13,9 @@
 # limitations under the License.
 
 from collections import defaultdict
-from collections.abc import Iterator
+from collections.abc import Callable, Iterator
 from datetime import datetime
-from typing import Annotated, Any, Callable, Optional, Union
+from typing import Annotated, Any, Optional, Union
 
 import pydantic.v1
 

mlrun/common/schemas/api_gateway.py

@@ -27,6 +27,7 @@ class APIGatewayAuthenticationMode(mlrun.common.types.StrEnum):
     basic = "basicAuth"
     none = "none"
     access_key = "accessKey"
+    iguazio = "iguazio"
 
     @classmethod
     def from_str(cls, authentication_mode: str):
@@ -36,6 +37,8 @@ class APIGatewayAuthenticationMode(mlrun.common.types.StrEnum):
             return cls.basic
         elif authentication_mode == "accessKey":
             return cls.access_key
+        elif authentication_mode == "iguazio":
+            return cls.iguazio
         else:
             raise mlrun.errors.MLRunInvalidArgumentError(
                 f"Authentication mode `{authentication_mode}` is not supported",

mlrun/common/schemas/auth.py

@@ -15,8 +15,6 @@
 import typing
 
 import pydantic.v1
-from nuclio.auth import AuthInfo as NuclioAuthInfo
-from nuclio.auth import AuthKinds as NuclioAuthKinds
 
 import mlrun.common.types
 
@@ -39,8 +37,14 @@ class AuthorizationAction(mlrun.common.types.StrEnum):
     store = "store"
 
 
+class AuthorizationResourceNamespace(mlrun.common.types.StrEnum):
+    resources = "resources"
+    mgmt = "mgmt"
+
+
 class AuthorizationResourceTypes(mlrun.common.types.StrEnum):
     project = "project"
+    project_global = "project-global"
     log = "log"
     runtime_resource = "runtime-resource"
     function = "function"
@@ -55,6 +59,7 @@ class AuthorizationResourceTypes(mlrun.common.types.StrEnum):
     secret = "secret"
     run = "run"
     model_endpoint = "model-endpoint"
+    model_monitoring = "model-monitoring"
     pipeline = "pipeline"
     hub_source = "hub-source"
     workflow = "workflow"
@@ -74,6 +79,7 @@ class AuthorizationResourceTypes(mlrun.common.types.StrEnum):
         return {
             # project is the resource itself, so no need for both resource_name and project_name
             AuthorizationResourceTypes.project: "/projects/{project_name}",
+            AuthorizationResourceTypes.project_global: "/projects",
             AuthorizationResourceTypes.project_summaries: "/projects/{project_name}/project-summaries/{resource_name}",
             AuthorizationResourceTypes.function: "/projects/{project_name}/functions/{resource_name}",
             AuthorizationResourceTypes.artifact: "/projects/{project_name}/artifacts/{resource_name}",
@@ -96,12 +102,11 @@ class AuthorizationResourceTypes(mlrun.common.types.StrEnum):
             # runtime resource doesn't have an identifier, we don't need any auth granularity behind project level
             AuthorizationResourceTypes.runtime_resource: "/projects/{project_name}/runtime-resources",
             AuthorizationResourceTypes.model_endpoint: "/projects/{project_name}/model-endpoints/{resource_name}",
+            AuthorizationResourceTypes.model_monitoring: "/projects/{project_name}/model-monitoring/{resource_name}",
             AuthorizationResourceTypes.pipeline: "/projects/{project_name}/pipelines/{resource_name}",
             AuthorizationResourceTypes.datastore_profile: "/projects/{project_name}/datastore_profiles",
             # Hub sources are not project-scoped, and auth is globally on the sources endpoint.
-            # TODO - this was reverted to /marketplace since MLRun needs to be able to run with old igz versions. Once
-            #  we only have support for igz versions that support /hub (>=3.5.4), change this to "/hub/sources".
-            AuthorizationResourceTypes.hub_source: "/marketplace/sources",
+            AuthorizationResourceTypes.hub_source: "/hub/sources",
             # workflow define how to run a pipeline and can be considered as the specification of a pipeline.
             AuthorizationResourceTypes.workflow: "/projects/{project_name}/workflows/{resource_name}",
             AuthorizationResourceTypes.api_gateway: "/projects/{project_name}/api-gateways/{resource_name}",
@@ -132,15 +137,12 @@ class AuthInfo(pydantic.v1.BaseModel):
     projects_role: typing.Optional[ProjectsRole] = None
     planes: list[str] = []
 
-    def to_nuclio_auth_info(self):
-        if self.session != "":
-            return NuclioAuthInfo(password=self.session, mode=NuclioAuthKinds.iguazio)
-        return None
-
     def get_member_ids(self) -> list[str]:
         member_ids = []
         if self.user_id:
             member_ids.append(self.user_id)
+        if self.username:
+            member_ids.append(self.username)
         if self.user_group_ids:
             member_ids.extend(self.user_group_ids)
         return member_ids

mlrun/common/schemas/client_spec.py

@@ -67,3 +67,7 @@ class ClientSpec(pydantic.v1.BaseModel):
     alerts_mode: typing.Optional[str]
     system_id: typing.Optional[str]
     model_endpoint_monitoring_store_prefixes: typing.Optional[dict[str, str]]
+    authentication_mode: typing.Optional[str]
+    # Iguazio V4 OAuth token provider configuration
+    oauth_internal_token_endpoint: typing.Optional[str]
+    oauth_external_token_endpoint: typing.Optional[str]

mlrun/common/schemas/constants.py

@@ -95,6 +95,21 @@ headers_prefix = "x-mlrun-"
 
 class HeaderNames:
     projects_role = "x-projects-role"
+    remote_user = "x-remote-user"
+    forwarded_host = "x-forwarded-host"
+    data_session_override = "x-data-session-override"
+    user_id = "x-user-id"
+    user_group_ids = "x-user-group-ids"
+    unix_uid = "x-unix-uid"
+    v3io_session_key = "x-v3io-session-key"
+    v3io_access_key = "x-v3io-access-key"
+    v3io_user_id = "x-v3io-user-id"
+    v3io_session_planes = "x-v3io-session-planes"
+    authorization = "authorization"
+    igz_authenticator_kind = "x-igz-authenticator-kind"
+    cookies = "cookies"
+    cookie = "cookie"
+    x_request_id = "x-request-id"
     patch_mode = f"{headers_prefix}patch-mode"
     deletion_strategy = f"{headers_prefix}deletion-strategy"
     secret_store_token = f"{headers_prefix}secret-store-token"
@@ -106,6 +121,16 @@ class HeaderNames:
     ui_clear_cache = f"{headers_prefix}ui-clear-cache"
 
 
+class AuthorizationHeaderPrefixes:
+    basic = "Basic "
+    bearer = "Bearer "
+
+
+class CookieNames:
+    oauth2_proxy = "_oauth2_proxy"
+    iguazio = "session"
+
+
 class FeatureStorePartitionByField(mlrun.common.types.StrEnum):
     name = "name"  # Supported for feature-store objects
 

mlrun/common/schemas/frontend_spec.py

@@ -31,13 +31,6 @@ class PreemptionNodesFeatureFlag(mlrun.common.types.StrEnum):
     disabled = "disabled"
 
 
-class AuthenticationFeatureFlag(mlrun.common.types.StrEnum):
-    none = "none"
-    basic = "basic"
-    bearer = "bearer"
-    iguazio = "iguazio"
-
-
 class NuclioStreamsFeatureFlag(mlrun.common.types.StrEnum):
     enabled = "enabled"
     disabled = "disabled"
@@ -45,7 +38,7 @@ class NuclioStreamsFeatureFlag(mlrun.common.types.StrEnum):
 
 class FeatureFlags(pydantic.v1.BaseModel):
     project_membership: ProjectMembershipFeatureFlag
-    authentication: AuthenticationFeatureFlag
+    authentication: mlrun.common.types.AuthenticationMode
     nuclio_streams: NuclioStreamsFeatureFlag
     preemption_nodes: PreemptionNodesFeatureFlag
 

mlrun/common/schemas/function.py

@@ -114,11 +114,21 @@ class StateThresholds(pydantic.v1.BaseModel):
     default: typing.Optional[dict[str, str]]
 
 
+class Backoff(pydantic.v1.BaseModel):
+    default_base_delay: typing.Optional[str]
+    min_base_delay: typing.Optional[str]
+
+
+class RetrySpec(pydantic.v1.BaseModel):
+    backoff: Backoff
+
+
 class FunctionSpec(pydantic.v1.BaseModel):
     image_pull_secret: typing.Optional[ImagePullSecret]
     security_context: typing.Optional[SecurityContext]
     service_account: typing.Optional[ServiceAccount]
     state_thresholds: typing.Optional[StateThresholds]
+    retry: typing.Optional[RetrySpec]
 
     class Config:
         extra = pydantic.v1.Extra.allow
@@ -130,3 +140,27 @@ class Function(pydantic.v1.BaseModel):
 
     class Config:
         extra = pydantic.v1.Extra.allow
+
+
+class BatchingSpec(pydantic.v1.BaseModel):
+    # Set to True to enable batching
+    enabled: bool
+    # Maximal events to batch together. Default size is 10.
+    batch_size: typing.Optional[int]
+    # The maximum amount of time to wait before processing the batch. Default timeout is 1s.
+    # Once this time passes, the batch is processed even if it hasn’t reached the full batch size.
+    timeout: typing.Optional[str]
+
+    def get_nuclio_batch_config(self):
+        if not self.enabled:
+            return None
+
+        config = {"mode": "enable"}
+
+        if self.batch_size:
+            config["batchSize"] = self.batch_size
+
+        if self.timeout:
+            config["timeout"] = self.timeout
+
+        return config

mlrun/common/schemas/hub.py

@@ -12,9 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from datetime import datetime, timezone
+from datetime import UTC, datetime
 from typing import Optional
 
+import deepdiff
 from pydantic.v1 import BaseModel, Extra, Field
 
 import mlrun.common.types
@@ -36,9 +37,10 @@ class HubObjectMetadata(BaseModel):
         extra = Extra.allow
 
 
-# Currently only functions are supported. Will add more in the future.
 class HubSourceType(mlrun.common.types.StrEnum):
     functions = "functions"
+    modules = "modules"
+    steps = "steps"
 
 
 # Sources-related objects
@@ -46,7 +48,6 @@ class HubSourceSpec(ObjectSpec):
     path: str  # URL to base directory, should include schema (s3://, etc...)
     channel: str
     credentials: Optional[dict] = {}
-    object_type: HubSourceType = Field(HubSourceType.functions, const=True)
 
 
 class HubSource(BaseModel):
@@ -55,18 +56,18 @@ class HubSource(BaseModel):
     spec: HubSourceSpec
     status: Optional[ObjectStatus] = ObjectStatus(state="created")
 
-    def get_full_uri(self, relative_path):
-        return f"{self.spec.path}/{self.spec.object_type}/{self.spec.channel}/{relative_path}"
+    def get_full_uri(self, relative_path, object_type):
+        return f"{self.spec.path}/{object_type}/{self.spec.channel}/{relative_path}"
 
-    def get_catalog_uri(self):
-        return self.get_full_uri(mlrun.mlconf.hub.catalog_filename)
+    def get_catalog_uri(self, object_type):
+        return self.get_full_uri(mlrun.mlconf.hub.catalog_filename, object_type)
 
     @classmethod
     def generate_default_source(cls):
         if not mlrun.mlconf.hub.default_source.create:
             return None
 
-        now = datetime.now(timezone.utc)
+        now = datetime.now(UTC)
         hub_metadata = HubObjectMetadata(
             name=mlrun.mlconf.hub.default_source.name,
             description=mlrun.mlconf.hub.default_source.description,
@@ -78,11 +79,23 @@ class HubSource(BaseModel):
             spec=HubSourceSpec(
                 path=mlrun.mlconf.hub.default_source.url,
                 channel=mlrun.mlconf.hub.default_source.channel,
-                object_type=HubSourceType(mlrun.mlconf.hub.default_source.object_type),
             ),
             status=ObjectStatus(state="created"),
         )
 
+    def diff(self, another_source: "HubSource") -> dict:
+        """
+        Compare this HubSource with another one.
+        Returns a dict of differences (metadata, spec, status).
+        """
+        exclude_paths = [
+            "root['metadata']['updated']",
+            "root['metadata']['created']",
+        ]
+        return deepdiff.DeepDiff(
+            self.dict(), another_source.dict(), exclude_paths=exclude_paths
+        )
+
 
 last_source_index = -1
 
@@ -94,21 +107,16 @@ class IndexedHubSource(BaseModel):
 
 # Item-related objects
 class HubItemMetadata(HubObjectMetadata):
-    source: HubSourceType = Field(HubSourceType.functions, const=True)
+    source: HubSourceType = HubSourceType.functions
     version: str
     tag: Optional[str]
 
     def get_relative_path(self) -> str:
-        if self.source == HubSourceType.functions:
-            # This is needed since the hub deployment script modifies the paths to use _ instead of -.
-            modified_name = self.name.replace("-", "_")
-            # Prefer using the tag if exists. Otherwise, use version.
-            version = self.tag or self.version
-            return f"{modified_name}/{version}/"
-        else:
-            raise mlrun.errors.MLRunInvalidArgumentError(
-                f"Bad source for hub item - {self.source}"
-            )
+        # This is needed since the hub deployment script modifies the paths to use _ instead of -.
+        modified_name = self.name.replace("-", "_")
+        # Prefer using the tag if exists. Otherwise, use version.
+        version = self.tag or self.version
+        return f"{modified_name}/{version}/"
 
 
 class HubItemSpec(ObjectSpec):
@@ -127,3 +135,8 @@ class HubCatalog(BaseModel):
     kind: ObjectKind = Field(ObjectKind.hub_catalog, const=True)
     channel: str
     catalog: list[HubItem]
+
+
+class HubModuleType(mlrun.common.types.StrEnum):
+    generic = "generic"
+    monitoring_app = "monitoring_application"

mlrun/common/schemas/model_monitoring/__init__.py

@@ -30,6 +30,7 @@ from .constants import (
     ModelEndpointMonitoringMetricType,
     ModelEndpointSchema,
     ModelMonitoringAppLabel,
+    ModelMonitoringInfraLabel,
     ModelMonitoringMode,
     MonitoringFunctionNames,
     PredictionsQueryConstants,
@@ -39,7 +40,7 @@ from .constants import (
     ResultStatusApp,
     SpecialApps,
     StreamProcessingEvent,
-    TDEngineSuperTables,
+    TimescaleDBTables,
     TSDBTarget,
     V3IOTSDBTables,
     VersionedModel,

mlrun/common/schemas/model_monitoring/constants.py

@@ -34,6 +34,7 @@ class ModelEndpointSchema(MonitoringStrEnum):
     UID = "uid"
     PROJECT = "project"
     ENDPOINT_TYPE = "endpoint_type"
+    MODE = "mode"
     NAME = "name"
     CREATED = "created"
     UPDATED = "updated"
@@ -195,6 +196,10 @@ class WriterEventKind(MonitoringStrEnum):
     RESULT = "result"
     STATS = "stats"
 
+    @classmethod
+    def user_app_outputs(cls):
+        return [cls.METRIC, cls.RESULT]
+
 
 class ControllerEvent(MonitoringStrEnum):
     KIND = "kind"
@@ -269,7 +274,7 @@ class EventKeyMetrics:
 
 class TSDBTarget(MonitoringStrEnum):
     V3IO_TSDB = "v3io-tsdb"
-    TDEngine = "tdengine"
+    TimescaleDB = "postgresql"
 
 
 class ProjectSecretKeys:
@@ -303,6 +308,7 @@ class FileTargetKind:
     MONITORING_APPLICATION = "monitoring_application"
     ERRORS = "errors"
     STATS = "stats"
+    PARQUET_STATS = "parquet_stats"
     LAST_REQUEST = "last_request"
 
 
@@ -326,18 +332,11 @@ class EndpointType(IntEnum):
     def top_level_list(cls):
         return [cls.NODE_EP, cls.ROUTER, cls.BATCH_EP]
 
-    @classmethod
-    def real_time_list(cls):
-        return [cls.NODE_EP, cls.ROUTER, cls.LEAF_EP]
-
-    @classmethod
-    def batch_list(cls):
-        return [cls.BATCH_EP]
-
 
-class EndpointMode(StrEnum):
-    REAL_TIME = "real_time"
-    BATCH = "batch"
+class EndpointMode(IntEnum):
+    REAL_TIME = 0
+    BATCH = 1
+    BATCH_LEGACY = 2  # legacy batch mode, used for endpoints created through the batch inference job
 
 
 class MonitoringFunctionNames(MonitoringStrEnum):
@@ -354,7 +353,7 @@ class V3IOTSDBTables(MonitoringStrEnum):
     PREDICTIONS = "predictions"
 
 
-class TDEngineSuperTables(MonitoringStrEnum):
+class TimescaleDBTables(MonitoringStrEnum):
     APP_RESULTS = "app_results"
     METRICS = "metrics"
     PREDICTIONS = "predictions"
@@ -487,8 +486,6 @@ class ModelMonitoringLabels:
 
 _RESERVED_FUNCTION_NAMES = MonitoringFunctionNames.list() + [SpecialApps.MLRUN_INFRA]
 
-_RESERVED_EVALUATE_FUNCTION_SUFFIX = "-batch"
-
 
 class ModelEndpointMonitoringMetricType(StrEnum):
     RESULT = "result"

mlrun/common/schemas/model_monitoring/functions.py

@@ -54,12 +54,21 @@ class FunctionSummary(BaseModel):
 
         return cls(
             type=func_type,
-            name=func_dict["metadata"]["name"],
+            name=func_dict["metadata"]["name"]
+            if func_type != FunctionsType.APPLICATION
+            else func_dict["spec"]
+            .get("graph", {})
+            .get("steps", {})
+            .get("PrepareMonitoringEvent", {})
+            .get("class_args", {})
+            .get("application_name"),
             application_class=""
             if func_type != FunctionsType.APPLICATION
-            else func_dict["spec"]["graph"]["steps"]["PushToMonitoringWriter"]["after"][
-                0
-            ],
+            else func_dict["spec"]
+            .get("graph", {})
+            .get("steps", {})
+            .get("PushToMonitoringWriter", {})
+            .get("after", [None])[0],
             project_name=func_dict["metadata"]["project"],
             updated_time=func_dict["metadata"].get("updated"),
             status=func_dict["status"].get("state"),

mlrun/common/schemas/model_monitoring/model_endpoints.py

@@ -28,6 +28,7 @@ from .constants import (
     FQN_REGEX,
     MODEL_ENDPOINT_ID_PATTERN,
     PROJECT_PATTERN,
+    EndpointMode,
     EndpointType,
     ModelEndpointMonitoringMetricType,
     ModelMonitoringMode,
@@ -118,6 +119,7 @@ class ModelEndpointMetadata(ObjectMetadata, ModelEndpointParser):
     project: constr(regex=PROJECT_PATTERN)
     endpoint_type: EndpointType = EndpointType.NODE_EP
     uid: Optional[constr(regex=MODEL_ENDPOINT_ID_PATTERN)]
+    mode: Optional[EndpointMode] = None
 
     @classmethod
     def mutable_fields(cls):
@@ -129,6 +131,15 @@ class ModelEndpointMetadata(ObjectMetadata, ModelEndpointParser):
             return str(v)
         return v
 
+    @validator("mode", pre=True, always=True)
+    def _set_mode_based_on_endpoint_type(cls, v, values):  # noqa: N805
+        if v is None:
+            if values.get("endpoint_type") == EndpointType.BATCH_EP:
+                return EndpointMode.BATCH_LEGACY
+            else:
+                return EndpointMode.REAL_TIME
+        return v
+
 
 class ModelEndpointSpec(ObjectSpec, ModelEndpointParser):
     model_class: Optional[str] = ""

mlrun/common/schemas/pipeline.py

@@ -18,7 +18,7 @@ import pydantic.v1
 
 
 class PipelinesPagination(str):
-    default_page_size = 20
+    default_page_size = 200
     # https://github.com/kubeflow/pipelines/blob/master/backend/src/apiserver/list/list.go#L363
     max_page_size = 200
 

mlrun/common/schemas/secret.py

@@ -49,5 +49,20 @@ class SecretKeysData(BaseModel):
     secret_keys: Optional[list] = []
 
 
-class UserSecretCreationRequest(SecretsData):
-    user: str
+class SecretToken(BaseModel):
+    name: str
+    token: str
+
+
+class StoreSecretTokensResponse(BaseModel):
+    created_tokens: list[str] = []
+    updated_tokens: list[str] = []
+
+
+class SecretTokenInfo(BaseModel):
+    name: str
+    expiration: int
+
+
+class ListSecretTokensResponse(BaseModel):
+    secret_tokens: list[SecretTokenInfo]

mlrun/common/secrets.py

@@ -11,10 +11,32 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import re
+import typing
 from abc import ABC, abstractmethod
 
 import mlrun.common.schemas
+from mlrun.config import config as mlconf
+
+_AUTH_SECRET_NAME_TEMPLATE = re.escape(
+    mlconf.secret_stores.kubernetes.auth_secret_name.format(
+        hashed_access_key="",
+    )
+)
+AUTH_SECRET_PATTERN = re.compile(f"^{_AUTH_SECRET_NAME_TEMPLATE}.*")
+
+
+def validate_not_forbidden_secret(secret_name: str) -> None:
+    """
+    Forbid client-supplied references to internal MLRun auth/project secrets.
+    No-op when running inside the API server (API enrichments are allowed).
+    """
+    if not secret_name or mlrun.config.is_running_as_api():
+        return
+    if AUTH_SECRET_PATTERN.match(secret_name):
+        raise mlrun.errors.MLRunInvalidArgumentError(
+            f"Forbidden secret '{secret_name}' matches MLRun auth-secret pattern."
+        )
 
 
 class SecretProviderInterface(ABC):
@@ -54,6 +76,44 @@ class SecretProviderInterface(ABC):
     def get_secret_data(self, secret_name, namespace=""):
         pass
 
+    @abstractmethod
+    def store_user_token_secret(
+        self,
+        username: str,
+        token_name: str,
+        token: str,
+        expiration: int,
+        force: bool = False,
+        namespace: typing.Optional[str] = None,
+    ) -> typing.Optional[mlrun.common.schemas.SecretEventActions]:
+        pass
+
+    @abstractmethod
+    def get_user_token_secret_value(
+        self,
+        username: str,
+        token_name: str,
+        namespace: typing.Optional[str] = None,
+    ) -> str:
+        pass
+
+    @abstractmethod
+    def list_user_token_secrets(
+        self,
+        username: str,
+        namespace: typing.Optional[str] = None,
+    ) -> list[mlrun.common.schemas.SecretTokenInfo]:
+        pass
+
+    @abstractmethod
+    def delete_user_token_secret(
+        self,
+        username: str,
+        token_name: str,
+        namespace: typing.Optional[str] = None,
+    ) -> None:
+        pass
+
 
 class InMemorySecretProvider(SecretProviderInterface):
     def __init__(self):
@@ -130,6 +190,40 @@ class InMemorySecretProvider(SecretProviderInterface):
     def get_secret_data(self, secret_name, namespace=""):
         return self.secrets_map[secret_name]
 
+    def store_user_token_secret(
+        self,
+        username: str,
+        token_name: str,
+        token: str,
+        expiration: int,
+        force: bool = False,
+        namespace: typing.Optional[str] = None,
+    ) -> typing.Optional[mlrun.common.schemas.SecretEventActions]:
+        raise NotImplementedError()
+
+    def get_user_token_secret_value(
+        self,
+        username: str,
+        token_name: str,
+        namespace: typing.Optional[str] = None,
+    ) -> str:
+        raise NotImplementedError()
+
+    def list_user_token_secrets(
+        self,
+        username: str,
+        namespace: typing.Optional[str] = None,
+    ) -> list[mlrun.common.schemas.SecretTokenInfo]:
+        raise NotImplementedError()
+
+    def delete_user_token_secret(
+        self,
+        username: str,
+        token_name: str,
+        namespace: typing.Optional[str] = None,
+    ) -> None:
+        raise NotImplementedError()
+
     @staticmethod
     def _generate_auth_secret_data(username: str, access_key: str):
         return {

mlrun/common/types.py

@@ -14,18 +14,10 @@
 
 import enum
 
+# Alias to Python's built-in StrEnum (Python 3.11+)
+StrEnum = enum.StrEnum
 
-# TODO: From python 3.11 StrEnum is built-in and this will not be needed
-class StrEnum(str, enum.Enum):
-    def __str__(self):
-        return self.value
 
-    def __repr__(self):
-        return self.value
-
-
-# Partial backport from Python 3.11
-# https://docs.python.org/3/library/http.html#http.HTTPMethod
 class HTTPMethod(StrEnum):
     GET = "GET"
     POST = "POST"
@@ -37,3 +29,11 @@ class HTTPMethod(StrEnum):
 class Operation(StrEnum):
     ADD = "add"
     REMOVE = "remove"
+
+
+class AuthenticationMode(StrEnum):
+    NONE = "none"
+    BASIC = "basic"
+    BEARER = "bearer"
+    IGUAZIO = "iguazio"
+    IGUAZIO_V4 = "iguazio-v4"