zenml-nightly 0.58.0.dev20240529__py3-none-any.whl → 0.58.1.dev20240608__py3-none-any.whl

zenml/zen_server/deploy/helm/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: zenml
-version: "0.58.0"
+version: "0.58.1"
 description: Open source MLOps framework for portable production ready ML pipelines
 keywords:
 - mlops

zenml/zen_server/deploy/helm/README.md

@@ -20,8 +20,8 @@ ZenML is an open-source MLOps framework designed to help you create robust, main
 To install the ZenML chart directly from Amazon ECR, use the following command:
 
 ```bash
-# example command for version 0.58.0
-helm install my-zenml oci://public.ecr.aws/zenml/zenml --version 0.58.0
+# example command for version 0.58.1
+helm install my-zenml oci://public.ecr.aws/zenml/zenml --version 0.58.1
 ```
 
 Note: Ensure you have OCI support enabled in your Helm client and that you are authenticated with Amazon ECR.
@@ -30,7 +30,7 @@ Note: Ensure you have OCI support enabled in your Helm client and that you are a
 
 This chart offers a multitude of configuration options. For detailed
 information, check the default [`values.yaml`](values.yaml) file. For full
-details of the configuration options, refer to the [ZenML documentation](https://docs.zenml.io/deploying-zenml/zenml-self-hosted/deploy-with-helm).
+details of the configuration options, refer to the [ZenML documentation](https://docs.zenml.io/getting-started/deploying-zenml/deploy-with-helm).
 
 ## Telemetry
 

zenml/zen_server/deploy/helm/values.yaml

@@ -201,7 +201,7 @@ zenml:
     # ZenML supports backing up the database before DB migrations are performed
     # and restoring it in case of a DB migration failure. For more information,
     # see the following documentation:
-    # https://docs.zenml.io/deploying-zenml/zenml-self-hosted/deploy-with-helm#database-backup-and-recovery
+    # https://docs.zenml.io/getting-started/deploying-zenml/deploy-with-helm#database-backup-and-recovery
     #
     # Several backup strategies are supported:
     #
@@ -301,7 +301,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/aws-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/aws-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:
@@ -374,7 +374,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/gcp-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/gcp-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:
@@ -446,7 +446,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/azure-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/azure-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:
@@ -598,7 +598,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/aws-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/aws-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:
@@ -652,7 +652,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/gcp-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/gcp-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:
@@ -717,7 +717,7 @@ zenml:
     # 
     # For a list of supported authentication methods and their configuration
     # options, see the following documentation:
-    # https://docs.zenml.io/stacks-and-components/auth-management/azure-service-connector#authentication-methods
+    # https://docs.zenml.io/how-to/auth-management/azure-service-connector#authentication-methods
     # 
     # You can also use the ZenML CLI to get the list of supported authentication
     # methods and their configuration options, e.g.:

zenml/zen_server/jwt.py

@@ -89,7 +89,7 @@ class JWTToken(BaseModel):
         except jwt.PyJWTError as e:
             raise AuthorizationException(f"Invalid JWT token: {e}") from e
 
-        subject: str = claims.get("sub", "")
+        subject: str = claims.pop("sub", "")
         if not subject:
             raise AuthorizationException(
                 "Invalid JWT token: the subject claim is missing"
@@ -105,7 +105,7 @@ class JWTToken(BaseModel):
         device_id: Optional[UUID] = None
         if "device_id" in claims:
             try:
-                device_id = UUID(claims["device_id"])
+                device_id = UUID(claims.pop("device_id"))
             except ValueError:
                 raise AuthorizationException(
                     "Invalid JWT token: the device_id claim is not a valid "
@@ -115,7 +115,7 @@ class JWTToken(BaseModel):
         api_key_id: Optional[UUID] = None
         if "api_key_id" in claims:
             try:
-                api_key_id = UUID(claims["api_key_id"])
+                api_key_id = UUID(claims.pop("api_key_id"))
             except ValueError:
                 raise AuthorizationException(
                     "Invalid JWT token: the api_key_id claim is not a valid "
@@ -125,7 +125,7 @@ class JWTToken(BaseModel):
         pipeline_id: Optional[UUID] = None
         if "pipeline_id" in claims:
             try:
-                pipeline_id = UUID(claims["pipeline_id"])
+                pipeline_id = UUID(claims.pop("pipeline_id"))
             except ValueError:
                 raise AuthorizationException(
                     "Invalid JWT token: the pipeline_id claim is not a valid "
@@ -135,7 +135,7 @@ class JWTToken(BaseModel):
         schedule_id: Optional[UUID] = None
         if "schedule_id" in claims:
             try:
-                schedule_id = UUID(claims["schedule_id"])
+                schedule_id = UUID(claims.pop("schedule_id"))
             except ValueError:
                 raise AuthorizationException(
                     "Invalid JWT token: the schedule_id claim is not a valid "
@@ -165,14 +165,17 @@ class JWTToken(BaseModel):
         """
         config = server_config()
 
-        claims: Dict[str, Any] = dict(
-            sub=str(self.user_id),
-        )
+        claims: Dict[str, Any] = self.claims.copy()
+
+        claims["sub"] = str(self.user_id)
         claims["iss"] = config.get_jwt_token_issuer()
         claims["aud"] = config.get_jwt_token_audience()
 
         if expires:
             claims["exp"] = expires
+        else:
+            claims.pop("exp", None)
+
         if self.device_id:
             claims["device_id"] = str(self.device_id)
         if self.api_key_id:
@@ -182,9 +185,6 @@ class JWTToken(BaseModel):
         if self.schedule_id:
             claims["schedule_id"] = str(self.schedule_id)
 
-        # Apply custom claims
-        claims.update(self.claims)
-
         return jwt.encode(
             claims,
             config.jwt_secret_key,

zenml/zen_server/routers/auth_endpoints.py

@@ -44,6 +44,7 @@ from zenml.enums import (
     OAuthDeviceStatus,
     OAuthGrantTypes,
 )
+from zenml.exceptions import AuthorizationException
 from zenml.logger import get_logger
 from zenml.models import (
     APIKeyInternalResponse,
@@ -510,6 +511,8 @@ def api_token(
 
     Raises:
         HTTPException: If the user is not authenticated.
+        AuthorizationException: If trying to scope the API token to a different
+            pipeline/schedule than the token used to authorize this request.
     """
     token = auth_context.access_token
     if not token or not auth_context.encoded_access_token:
@@ -523,6 +526,20 @@ def api_token(
         resource_type=ResourceType.PIPELINE_RUN, action=Action.CREATE
     )
 
+    if pipeline_id and token.pipeline_id and pipeline_id != token.pipeline_id:
+        raise AuthorizationException(
+            f"Unable to scope API token to pipeline {pipeline_id}. The "
+            f"token used to authorize this request is already scoped to "
+            f"pipeline {token.pipeline_id}."
+        )
+
+    if schedule_id and token.schedule_id and schedule_id != token.schedule_id:
+        raise AuthorizationException(
+            f"Unable to scope API token to schedule {schedule_id}. The "
+            f"token used to authorize this request is already scoped to "
+            f"schedule {token.schedule_id}."
+        )
+
     if not token.device_id and not token.api_key_id:
         # If not authenticated with a device or a service account, the current
         # API token is returned as is, without any modifications. Issuing

zenml/zen_server/routers/steps_endpoints.py

@@ -13,7 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for steps (and artifacts) of pipeline runs."""
 
-from typing import Any, Dict
+from typing import Any, Dict, Optional
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, HTTPException, Security
@@ -239,12 +239,16 @@ def get_step_status(
 @handle_exceptions
 def get_step_logs(
     step_id: UUID,
+    offset: int = 0,
+    length: Optional[int] = 1024 * 1024 * 16,  # Default to 16MiB of data
     _: AuthContext = Security(authorize),
 ) -> str:
     """Get the logs of a specific step.
 
     Args:
         step_id: ID of the step for which to get the logs.
+        offset: The offset from which to start reading.
+        length: The amount of bytes that should be read.
 
     Returns:
         The logs of the step.
@@ -265,6 +269,10 @@ def get_step_logs(
     artifact_store = _load_artifact_store(logs.artifact_store_id, store)
     return str(
         _load_file_from_artifact_store(
-            logs.uri, artifact_store=artifact_store, mode="r"
-        )
+            logs.uri,
+            artifact_store=artifact_store,
+            mode="rb",
+            offset=offset,
+            length=length,
+        ).decode()
     )

zenml/zen_stores/migrations/versions/0.58.1_release.py

@@ -0,0 +1,23 @@
+"""Release [0.58.1].
+
+Revision ID: 0.58.1
+Revises: 0.58.0
+Create Date: 2024-06-06 12:49:10.783249
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "0.58.1"
+down_revision = "0.58.0"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    """Upgrade database schema and/or data, creating a new revision."""
+    pass
+
+
+def downgrade() -> None:
+    """Downgrade database schema and/or data back to the previous revision."""
+    pass

zenml/zen_stores/rest_zen_store.py

@@ -3730,7 +3730,13 @@ class RestZenStore(BaseZenStore):
         return self._session
 
     def clear_session(self) -> None:
-        """Clear the authentication session and any cached API tokens."""
+        """Clear the authentication session and any cached API tokens.
+
+        Raises:
+            AuthorizationException: If the API token can't be reset because
+                the store configuration does not contain username and password
+                or an API key to fetch a new token.
+        """
         self._session = None
         self._api_token = None
         # Clear the configured API token only if it's possible to fetch a new
@@ -3742,6 +3748,16 @@ class RestZenStore(BaseZenStore):
             or self.config.api_key is not None
         ):
             self.config.api_token = None
+        elif self.config.api_token:
+            raise AuthorizationException(
+                "Unable to refresh invalid API token. This is probably "
+                "because you're connected to your ZenML server with device "
+                "authentication. Rerunning `zenml connect --url "
+                f"{self.config.url}` should solve this issue. "
+                "If you're seeing this error from an automated workload, "
+                "you should probably use a service account to start that "
+                "workload to prevent this error."
+            )
 
     @staticmethod
     def _handle_response(response: requests.Response) -> Json:

{zenml_nightly-0.58.0.dev20240529.dist-info → zenml_nightly-0.58.1.dev20240608.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: zenml-nightly
-Version: 0.58.0.dev20240529
+Version: 0.58.1.dev20240608
 Summary: ZenML: Write production-ready ML code.
 Home-page: https://zenml.io
 License: Apache-2.0
@@ -348,7 +348,7 @@ you can make use of a control plane to create ZenML servers, also known as tenan
 These tenants are managed and maintained by ZenML’s dedicated team, alleviating
 the burden of server management from your end.
 - **Self-hosted deployment**: Alternatively, you have the flexibility to [deploy
-ZenML on your own self-hosted environment](https://docs.zenml.io/deploying-zenml/zenml-self-hosted).
+ZenML on your own self-hosted environment](https://docs.zenml.io/getting-started/deploying-zenml#deploying-a-zenml-server).
 This can be achieved through various methods, including using our CLI, Docker,
 Helm, or HuggingFace Spaces.
 
@@ -426,10 +426,11 @@ the Apache License Version 2.0.
     <a href="https://github.com/zenml-io/zenml-projects">Projects Showcase</a>
     <br />
     <br />
-    🎉 Version 0.58.0 is out. Check out the release notes
+    🎉 Version 0.58.1 is out. Check out the release notes
     <a href="https://github.com/zenml-io/zenml/releases">here</a>.
     <br />
     🖥️ Download our VS Code Extension <a href="https://marketplace.visualstudio.com/items?itemName=ZenML.zenml-vscode">here</a>.
     <br />
   </p>
 </div>
+