zenml-nightly 0.75.0.dev20250312__py3-none-any.whl → 0.75.0.dev20250314__py3-none-any.whl

zenml/zen_server/routers/schedule_endpoints.py

@@ -13,6 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for pipeline run schedules."""
 
+from typing import Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
@@ -21,11 +22,16 @@ from zenml.constants import API, SCHEDULES, VERSION_1
 from zenml.models import (
     Page,
     ScheduleFilter,
+    ScheduleRequest,
     ScheduleResponse,
     ScheduleUpdate,
 )
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
+from zenml.zen_server.rbac.endpoint_utils import (
+    verify_permissions_and_create_entity,
+)
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -39,16 +45,64 @@ router = APIRouter(
 )
 
 
+@router.post(
+    "",
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{project_name_or_id}" + SCHEDULES,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["schedules"],
+)
+@handle_exceptions
+def create_schedule(
+    schedule: ScheduleRequest,
+    project_name_or_id: Optional[Union[str, UUID]] = None,
+    auth_context: AuthContext = Security(authorize),
+) -> ScheduleResponse:
+    """Creates a schedule.
+
+    Args:
+        schedule: Schedule to create.
+        project_name_or_id: Optional name or ID of the project.
+        auth_context: Authentication context.
+
+    Returns:
+        The created schedule.
+    """
+    if project_name_or_id:
+        project = zen_store().get_project(project_name_or_id)
+        schedule.project = project.id
+
+    # NOTE: no RBAC is enforced currently for schedules, but we're
+    # keeping the RBAC checks here for consistency
+    return verify_permissions_and_create_entity(
+        request_model=schedule,
+        create_method=zen_store().create_schedule,
+    )
+
+
 @router.get(
     "",
-    response_model=Page[ScheduleResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.get(
+    "/{project_name_or_id}" + SCHEDULES,
+    responses={401: error_response, 404: error_response, 422: error_response},
+    deprecated=True,
+    tags=["schedules"],
+)
 @handle_exceptions
 def list_schedules(
     schedule_filter_model: ScheduleFilter = Depends(
         make_dependable(ScheduleFilter)
     ),
+    project_name_or_id: Optional[Union[str, UUID]] = None,
     hydrate: bool = False,
     _: AuthContext = Security(authorize),
 ) -> Page[ScheduleResponse]:
@@ -57,20 +111,24 @@ def list_schedules(
     Args:
         schedule_filter_model: Filter model used for pagination, sorting,
             filtering
+        project_name_or_id: Optional name or ID of the project.
         hydrate: Flag deciding whether to hydrate the output model(s)
             by including metadata fields in the response.
 
     Returns:
         List of schedule objects.
     """
+    if project_name_or_id:
+        schedule_filter_model.project = project_name_or_id
+
     return zen_store().list_schedules(
-        schedule_filter_model=schedule_filter_model, hydrate=hydrate
+        schedule_filter_model=schedule_filter_model,
+        hydrate=hydrate,
     )
 
 
 @router.get(
     "/{schedule_id}",
-    response_model=ScheduleResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -89,12 +147,14 @@ def get_schedule(
     Returns:
         A specific schedule object.
     """
-    return zen_store().get_schedule(schedule_id=schedule_id, hydrate=hydrate)
+    return zen_store().get_schedule(
+        schedule_id=schedule_id,
+        hydrate=hydrate,
+    )
 
 
 @router.put(
     "/{schedule_id}",
-    response_model=ScheduleResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -113,7 +173,8 @@ def update_schedule(
         The updated schedule object.
     """
     return zen_store().update_schedule(
-        schedule_id=schedule_id, schedule_update=schedule_update
+        schedule_id=schedule_id,
+        schedule_update=schedule_update,
     )
 
 

zenml/zen_server/routers/secrets_endpoints.py

@@ -13,7 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for pipeline run secrets."""
 
-from typing import Optional
+from typing import Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
@@ -29,12 +29,14 @@ from zenml.constants import (
 from zenml.models import (
     Page,
     SecretFilter,
+    SecretRequest,
     SecretResponse,
     SecretUpdate,
 )
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
+    verify_permissions_and_create_entity,
     verify_permissions_and_delete_entity,
     verify_permissions_and_get_entity,
     verify_permissions_and_list_entities,
@@ -47,6 +49,7 @@ from zenml.zen_server.rbac.utils import (
     is_owned_by_authenticated_user,
     verify_permission,
 )
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -66,9 +69,41 @@ op_router = APIRouter(
 )
 
 
+@router.post(
+    "",
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{workspace_name_or_id}" + SECRETS,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["secrets"],
+)
+@handle_exceptions
+def create_secret(
+    secret: SecretRequest,
+    workspace_name_or_id: Optional[Union[str, UUID]] = None,
+    _: AuthContext = Security(authorize),
+) -> SecretResponse:
+    """Creates a secret.
+
+    Args:
+        secret: Secret to create.
+        workspace_name_or_id: Optional name or ID of the workspace.
+
+    Returns:
+        The created secret.
+    """
+    return verify_permissions_and_create_entity(
+        request_model=secret,
+        create_method=zen_store().create_secret,
+    )
+
+
 @router.get(
     "",
-    response_model=Page[SecretResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -116,7 +151,6 @@ def list_secrets(
 
 @router.get(
     "/{secret_id}",
-    response_model=SecretResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -140,6 +174,7 @@ def get_secret(
         get_method=zen_store().get_secret,
         hydrate=hydrate,
     )
+
     if not has_permissions_for_model(secret, action=Action.READ_SECRET_VALUE):
         secret.remove_secrets()
 
@@ -148,7 +183,6 @@ def get_secret(
 
 @router.put(
     "/{secret_id}",
-    response_model=SecretResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/server_endpoints.py

@@ -25,20 +25,27 @@ from zenml.constants import (
     LOAD_INFO,
     ONBOARDING_STATE,
     SERVER_SETTINGS,
+    STATISTICS,
     VERSION_1,
 )
 from zenml.enums import AuthScheme
 from zenml.exceptions import IllegalOperationError
 from zenml.models import (
+    ComponentFilter,
+    ProjectFilter,
     ServerActivationRequest,
     ServerLoadInfo,
     ServerModel,
     ServerSettingsResponse,
     ServerSettingsUpdate,
+    ServerStatistics,
+    StackFilter,
     UserResponse,
 )
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
+from zenml.zen_server.rbac.models import ResourceType
+from zenml.zen_server.rbac.utils import get_allowed_resource_ids
 from zenml.zen_server.utils import handle_exceptions, server_config, zen_store
 
 router = APIRouter(
@@ -60,7 +67,6 @@ def version() -> str:
 
 @router.get(
     INFO,
-    response_model=ServerModel,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -234,3 +240,49 @@ if server_config().auth_scheme != AuthScheme.EXTERNAL:
             The default admin user that was created during activation, if any.
         """
         return zen_store().activate_server(activate_request)
+
+
+@router.get(
+    STATISTICS,
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def get_server_statistics(
+    auth_context: AuthContext = Security(authorize),
+) -> ServerStatistics:
+    """Gets server statistics.
+
+    Args:
+        auth_context: Authentication context.
+
+    Returns:
+        Statistics of the server.
+    """
+    user_id = auth_context.user.id
+    component_filter = ComponentFilter()
+    component_filter.configure_rbac(
+        authenticated_user_id=user_id,
+        id=get_allowed_resource_ids(
+            resource_type=ResourceType.STACK_COMPONENT
+        ),
+    )
+
+    project_filter = ProjectFilter()
+    project_filter.configure_rbac(
+        authenticated_user_id=user_id,
+        id=get_allowed_resource_ids(resource_type=ResourceType.PROJECT),
+    )
+
+    stack_filter = StackFilter()
+    stack_filter.configure_rbac(
+        authenticated_user_id=user_id,
+        id=get_allowed_resource_ids(resource_type=ResourceType.STACK),
+    )
+
+    return ServerStatistics(
+        stacks=zen_store().count_stacks(filter_model=stack_filter),
+        components=zen_store().count_stack_components(
+            filter_model=component_filter
+        ),
+        projects=zen_store().count_projects(filter_model=project_filter),
+    )

zenml/zen_server/routers/service_accounts_endpoints.py

@@ -67,7 +67,6 @@ router = APIRouter(
 
 @router.post(
     "",
-    response_model=ServiceAccountResponse,
     responses={
         401: error_response,
         409: error_response,
@@ -89,14 +88,12 @@ def create_service_account(
     """
     return verify_permissions_and_create_entity(
         request_model=service_account,
-        resource_type=ResourceType.SERVICE_ACCOUNT,
         create_method=zen_store().create_service_account,
     )
 
 
 @router.get(
     "/{service_account_name_or_id}",
-    response_model=ServiceAccountResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -124,7 +121,6 @@ def get_service_account(
 
 @router.get(
     "",
-    response_model=Page[ServiceAccountResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -156,7 +152,6 @@ def list_service_accounts(
 
 @router.put(
     "/{service_account_name_or_id}",
-    response_model=ServiceAccountResponse,
     responses={
         401: error_response,
         404: error_response,
@@ -214,7 +209,6 @@ def delete_service_account(
 
 @router.post(
     "/{service_account_id}" + API_KEYS,
-    response_model=APIKeyResponse,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -233,18 +227,26 @@ def create_api_key(
     Returns:
         The created API key.
     """
+
+    def create_api_key_wrapper(
+        api_key: APIKeyRequest,
+    ) -> APIKeyResponse:
+        return zen_store().create_api_key(
+            service_account_id=service_account_id,
+            api_key=api_key,
+        )
+
     service_account = zen_store().get_service_account(service_account_id)
-    verify_permission_for_model(service_account, action=Action.UPDATE)
-    created_api_key = zen_store().create_api_key(
-        service_account_id=service_account_id,
-        api_key=api_key,
+
+    return verify_permissions_and_create_entity(
+        request_model=api_key,
+        create_method=create_api_key_wrapper,
+        surrogate_models=[service_account],
     )
-    return created_api_key
 
 
 @router.get(
     "/{service_account_id}" + API_KEYS + "/{api_key_name_or_id}",
-    response_model=APIKeyResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -278,7 +280,6 @@ def get_api_key(
 
 @router.get(
     "/{service_account_id}" + API_KEYS,
-    response_model=Page[APIKeyResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -313,7 +314,6 @@ def list_api_keys(
 
 @router.put(
     "/{service_account_id}" + API_KEYS + "/{api_key_name_or_id}",
-    response_model=APIKeyResponse,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -348,7 +348,6 @@ def update_api_key(
     + API_KEYS
     + "/{api_key_name_or_id}"
     + API_KEY_ROTATE,
-    response_model=APIKeyResponse,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/service_connectors_endpoints.py

@@ -13,7 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for service connectors."""
 
-from typing import List, Optional
+from typing import List, Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
@@ -22,6 +22,7 @@ from zenml.constants import (
     API,
     SERVICE_CONNECTOR_CLIENT,
     SERVICE_CONNECTOR_FULL_STACK,
+    SERVICE_CONNECTOR_RESOURCES,
     SERVICE_CONNECTOR_TYPES,
     SERVICE_CONNECTOR_VERIFY,
     SERVICE_CONNECTORS,
@@ -44,6 +45,7 @@ from zenml.service_connectors.service_connector_utils import (
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
+    verify_permissions_and_create_entity,
     verify_permissions_and_delete_entity,
     verify_permissions_and_list_entities,
     verify_permissions_and_update_entity,
@@ -57,6 +59,7 @@ from zenml.zen_server.rbac.utils import (
     verify_permission,
     verify_permission_for_model,
 )
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -76,31 +79,73 @@ types_router = APIRouter(
 )
 
 
+@router.post(
+    "",
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{project_name_or_id}" + SERVICE_CONNECTORS,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["service_connectors"],
+)
+@handle_exceptions
+def create_service_connector(
+    connector: ServiceConnectorRequest,
+    project_name_or_id: Optional[Union[str, UUID]] = None,
+    _: AuthContext = Security(authorize),
+) -> ServiceConnectorResponse:
+    """Creates a service connector.
+
+    Args:
+        connector: Service connector to register.
+        project_name_or_id: Optional name or ID of the project.
+
+    Returns:
+        The created service connector.
+    """
+    return verify_permissions_and_create_entity(
+        request_model=connector,
+        create_method=zen_store().create_service_connector,
+    )
+
+
 @router.get(
     "",
-    response_model=Page[ServiceConnectorResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.get(
+    "/{project_name_or_id}" + SERVICE_CONNECTORS,
+    responses={401: error_response, 404: error_response, 422: error_response},
+    deprecated=True,
+    tags=["service_connectors"],
+)
 @handle_exceptions
 def list_service_connectors(
     connector_filter_model: ServiceConnectorFilter = Depends(
         make_dependable(ServiceConnectorFilter)
     ),
+    project_name_or_id: Optional[Union[str, UUID]] = None,
     expand_secrets: bool = True,
     hydrate: bool = False,
     _: AuthContext = Security(authorize),
 ) -> Page[ServiceConnectorResponse]:
-    """Get a list of all service connectors for a specific type.
+    """Get a list of all service connectors.
 
     Args:
         connector_filter_model: Filter model used for pagination, sorting,
             filtering
+        project_name_or_id: Optional name or ID of the project to filter by.
         expand_secrets: Whether to expand secrets or not.
         hydrate: Flag deciding whether to hydrate the output model(s)
             by including metadata fields in the response.
 
     Returns:
-        Page with list of service connectors for a specific type.
+        Page with list of service connectors matching the filter criteria.
     """
     connectors = verify_permissions_and_list_entities(
         filter_model=connector_filter_model,
@@ -143,7 +188,6 @@ def list_service_connectors(
 
 @router.get(
     "/{connector_id}",
-    response_model=ServiceConnectorResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -186,7 +230,6 @@ def get_service_connector(
 
 @router.put(
     "/{connector_id}",
-    response_model=ServiceConnectorResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -235,7 +278,6 @@ def delete_service_connector(
 
 @router.post(
     SERVICE_CONNECTOR_VERIFY,
-    response_model=ServiceConnectorResourcesModel,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -259,9 +301,7 @@ def validate_and_verify_service_connector_config(
         The list of resources that the service connector configuration has
         access to.
     """
-    verify_permission(
-        resource_type=ResourceType.SERVICE_CONNECTOR, action=Action.CREATE
-    )
+    verify_permission_for_model(model=connector, action=Action.CREATE)
 
     return zen_store().verify_service_connector_config(
         service_connector=connector,
@@ -269,9 +309,52 @@ def validate_and_verify_service_connector_config(
     )
 
 
+@router.get(
+    SERVICE_CONNECTOR_RESOURCES,
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.get(
+    "/{project_name_or_id}" + SERVICE_CONNECTOR_RESOURCES,
+    responses={401: error_response, 404: error_response, 422: error_response},
+    deprecated=True,
+    tags=["service_connectors"],
+)
+@handle_exceptions
+def list_service_connector_resources(
+    filter_model: ServiceConnectorFilter = Depends(
+        make_dependable(ServiceConnectorFilter)
+    ),
+    project_name_or_id: Optional[Union[str, UUID]] = None,
+    auth_context: AuthContext = Security(authorize),
+) -> List[ServiceConnectorResourcesModel]:
+    """List resources that can be accessed by service connectors.
+
+    Args:
+        filter_model: The filter model to use when fetching service
+            connectors.
+        project_name_or_id: Optional name or ID of the project.
+        auth_context: Authentication context.
+
+    Returns:
+        The matching list of resources that available service
+        connectors have access to.
+    """
+    allowed_ids = get_allowed_resource_ids(
+        resource_type=ResourceType.SERVICE_CONNECTOR
+    )
+    filter_model.configure_rbac(
+        authenticated_user_id=auth_context.user.id, id=allowed_ids
+    )
+
+    return zen_store().list_service_connector_resources(
+        filter_model=filter_model,
+    )
+
+
 @router.put(
     "/{connector_id}" + SERVICE_CONNECTOR_VERIFY,
-    response_model=ServiceConnectorResourcesModel,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -313,7 +396,6 @@ def validate_and_verify_service_connector(
 
 @router.get(
     "/{connector_id}" + SERVICE_CONNECTOR_CLIENT,
-    response_model=ServiceConnectorResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -351,7 +433,6 @@ def get_service_connector_client(
 
 @types_router.get(
     "",
-    response_model=List[ServiceConnectorTypeModel],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -382,7 +463,6 @@ def list_service_connector_types(
 
 @types_router.get(
     "/{connector_type}",
-    response_model=ServiceConnectorTypeModel,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions