zenml-nightly 0.75.0.dev20250312__py3-none-any.whl → 0.75.0.dev20250314__py3-none-any.whl

zenml/zen_server/routers/service_endpoints.py

@@ -13,6 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for services."""
 
+from typing import Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
@@ -35,6 +36,7 @@ from zenml.zen_server.rbac.endpoint_utils import (
     verify_permissions_and_update_entity,
 )
 from zenml.zen_server.rbac.models import ResourceType
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -50,32 +52,43 @@ router = APIRouter(
 
 @router.post(
     "",
-    response_model=ServiceResponse,
     responses={401: error_response, 422: error_response},
 )
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{project_name_or_id}" + SERVICES,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["services"],
+)
 @handle_exceptions
 def create_service(
     service: ServiceRequest,
+    project_name_or_id: Optional[Union[str, UUID]] = None,
     _: AuthContext = Security(authorize),
 ) -> ServiceResponse:
     """Creates a new service.
 
     Args:
-        service: The model containing the attributes of the new service.
+        service: The service to create.
+        project_name_or_id: Optional name or ID of the project.
 
     Returns:
-        The created service object.
+        The created service.
     """
+    if project_name_or_id:
+        project = zen_store().get_project(project_name_or_id)
+        service.project = project.id
+
     return verify_permissions_and_create_entity(
         request_model=service,
         create_method=zen_store().create_service,
-        resource_type=ResourceType.SERVICE,
     )
 
 
 @router.get(
     "",
-    response_model=Page[ServiceResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -105,7 +118,6 @@ def list_services(
 
 @router.get(
     "/{service_id}",
-    response_model=ServiceResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -133,7 +145,6 @@ def get_service(
 
 @router.put(
     "/{service_id}",
-    response_model=ServiceResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/stack_components_endpoints.py

@@ -13,7 +13,7 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for stack components."""
 
-from typing import List
+from typing import List, Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
@@ -22,6 +22,7 @@ from zenml.constants import API, COMPONENT_TYPES, STACK_COMPONENTS, VERSION_1
 from zenml.enums import StackComponentType
 from zenml.models import (
     ComponentFilter,
+    ComponentRequest,
     ComponentResponse,
     ComponentUpdate,
     Page,
@@ -29,6 +30,7 @@ from zenml.models import (
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
+    verify_permissions_and_create_entity,
     verify_permissions_and_delete_entity,
     verify_permissions_and_get_entity,
     verify_permissions_and_list_entities,
@@ -36,6 +38,7 @@ from zenml.zen_server.rbac.endpoint_utils import (
 )
 from zenml.zen_server.rbac.models import Action, ResourceType
 from zenml.zen_server.rbac.utils import verify_permission_for_model
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -55,29 +58,88 @@ types_router = APIRouter(
 )
 
 
+@router.post(
+    "",
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{project_name_or_id}" + STACK_COMPONENTS,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["stack_components"],
+)
+@handle_exceptions
+def create_stack_component(
+    component: ComponentRequest,
+    project_name_or_id: Optional[Union[str, UUID]] = None,
+    _: AuthContext = Security(authorize),
+) -> ComponentResponse:
+    """Creates a stack component.
+
+    Args:
+        component: Stack component to register.
+        project_name_or_id: Optional name or ID of the project.
+
+    Returns:
+        The created stack component.
+    """
+    if component.connector:
+        service_connector = zen_store().get_service_connector(
+            component.connector
+        )
+        verify_permission_for_model(service_connector, action=Action.READ)
+
+    from zenml.stack.utils import validate_stack_component_config
+
+    validate_stack_component_config(
+        configuration_dict=component.configuration,
+        flavor=component.flavor,
+        component_type=component.type,
+        zen_store=zen_store(),
+        # We allow custom flavors to fail import on the server side.
+        validate_custom_flavors=False,
+    )
+
+    return verify_permissions_and_create_entity(
+        request_model=component,
+        create_method=zen_store().create_stack_component,
+    )
+
+
 @router.get(
     "",
-    response_model=Page[ComponentResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.get(
+    "/{project_name_or_id}" + STACK_COMPONENTS,
+    responses={401: error_response, 404: error_response, 422: error_response},
+    deprecated=True,
+    tags=["stack_components"],
+)
 @handle_exceptions
 def list_stack_components(
     component_filter_model: ComponentFilter = Depends(
         make_dependable(ComponentFilter)
     ),
+    project_name_or_id: Optional[Union[str, UUID]] = None,
     hydrate: bool = False,
     _: AuthContext = Security(authorize),
 ) -> Page[ComponentResponse]:
-    """Get a list of all stack components for a specific type.
+    """Get a list of all stack components.
 
     Args:
         component_filter_model: Filter model used for pagination, sorting,
             filtering.
+        project_name_or_id: Optional name or ID of the project to filter by.
         hydrate: Flag deciding whether to hydrate the output model(s)
             by including metadata fields in the response.
 
     Returns:
-        List of stack components for a specific type.
+        List of stack components matching the filter criteria.
     """
     return verify_permissions_and_list_entities(
         filter_model=component_filter_model,
@@ -89,7 +151,6 @@ def list_stack_components(
 
 @router.get(
     "/{component_id}",
-    response_model=ComponentResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -117,7 +178,6 @@ def get_stack_component(
 
 @router.put(
     "/{component_id}",
-    response_model=ComponentResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -185,7 +245,6 @@ def deregister_stack_component(
 
 @types_router.get(
     "",
-    response_model=List[str],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/stacks_endpoints.py

@@ -13,12 +13,19 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for stacks."""
 
+from typing import Optional, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
 
 from zenml.constants import API, STACKS, VERSION_1
-from zenml.models import Page, StackFilter, StackResponse, StackUpdate
+from zenml.models import (
+    Page,
+    StackFilter,
+    StackRequest,
+    StackResponse,
+    StackUpdate,
+)
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
@@ -28,7 +35,12 @@ from zenml.zen_server.rbac.endpoint_utils import (
     verify_permissions_and_update_entity,
 )
 from zenml.zen_server.rbac.models import Action, ResourceType
-from zenml.zen_server.rbac.utils import batch_verify_permissions_for_models
+from zenml.zen_server.rbac.utils import (
+    batch_verify_permissions_for_models,
+    verify_permission,
+    verify_permission_for_model,
+)
+from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -42,13 +54,91 @@ router = APIRouter(
 )
 
 
+@router.post(
+    "",
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.post(
+    "/{project_name_or_id}" + STACKS,
+    responses={401: error_response, 409: error_response, 422: error_response},
+    deprecated=True,
+    tags=["stacks"],
+)
+@handle_exceptions
+def create_stack(
+    stack: StackRequest,
+    project_name_or_id: Optional[Union[str, UUID]] = None,
+    auth_context: AuthContext = Security(authorize),
+) -> StackResponse:
+    """Creates a stack.
+
+    Args:
+        stack: Stack to register.
+        project_name_or_id: Optional name or ID of the project.
+        auth_context: Authentication context.
+
+    Returns:
+        The created stack.
+    """
+    # Check the service connector creation
+    is_connector_create_needed = False
+    for connector_id_or_info in stack.service_connectors:
+        if isinstance(connector_id_or_info, UUID):
+            service_connector = zen_store().get_service_connector(
+                connector_id_or_info, hydrate=False
+            )
+            verify_permission_for_model(
+                model=service_connector, action=Action.READ
+            )
+        else:
+            is_connector_create_needed = True
+
+    # Check the component creation
+    if is_connector_create_needed:
+        verify_permission(
+            resource_type=ResourceType.SERVICE_CONNECTOR, action=Action.CREATE
+        )
+    is_component_create_needed = False
+    for components in stack.components.values():
+        for component_id_or_info in components:
+            if isinstance(component_id_or_info, UUID):
+                component = zen_store().get_stack_component(
+                    component_id_or_info, hydrate=False
+                )
+                verify_permission_for_model(
+                    model=component, action=Action.READ
+                )
+            else:
+                is_component_create_needed = True
+    if is_component_create_needed:
+        verify_permission(
+            resource_type=ResourceType.STACK_COMPONENT,
+            action=Action.CREATE,
+        )
+
+    # Check the stack creation
+    verify_permission_for_model(model=stack, action=Action.CREATE)
+
+    return zen_store().create_stack(stack)
+
+
 @router.get(
     "",
-    response_model=Page[StackResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
+# TODO: the workspace scoped endpoint is only kept for dashboard compatibility
+# and can be removed after the migration
+@workspace_router.get(
+    "/{project_name_or_id}" + STACKS,
+    responses={401: error_response, 404: error_response, 422: error_response},
+    deprecated=True,
+    tags=["stacks"],
+)
 @handle_exceptions
 def list_stacks(
+    project_name_or_id: Optional[Union[str, UUID]] = None,
     stack_filter_model: StackFilter = Depends(make_dependable(StackFilter)),
     hydrate: bool = False,
     _: AuthContext = Security(authorize),
@@ -56,13 +146,14 @@ def list_stacks(
     """Returns all stacks.
 
     Args:
+        project_name_or_id: Optional name or ID of the project to filter by.
         stack_filter_model: Filter model used for pagination, sorting,
             filtering.
         hydrate: Flag deciding whether to hydrate the output model(s)
             by including metadata fields in the response.
 
     Returns:
-        All stacks.
+        All stacks matching the filter criteria.
     """
     return verify_permissions_and_list_entities(
         filter_model=stack_filter_model,
@@ -74,7 +165,6 @@ def list_stacks(
 
 @router.get(
     "/{stack_id}",
-    response_model=StackResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -100,7 +190,6 @@ def get_stack(
 
 @router.put(
     "/{stack_id}",
-    response_model=StackResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/steps_endpoints.py

@@ -37,6 +37,9 @@ from zenml.models import (
 )
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
+from zenml.zen_server.rbac.endpoint_utils import (
+    verify_permissions_and_create_entity,
+)
 from zenml.zen_server.rbac.models import Action, ResourceType
 from zenml.zen_server.rbac.utils import (
     dehydrate_page,
@@ -47,6 +50,7 @@ from zenml.zen_server.rbac.utils import (
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
+    set_filter_project_scope,
     zen_store,
 )
 
@@ -59,7 +63,6 @@ router = APIRouter(
 
 @router.get(
     "",
-    response_model=Page[StepRunResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -82,8 +85,14 @@ def list_run_steps(
     Returns:
         The run steps according to query filters.
     """
+    # A project scoped request must always be scoped to a specific
+    # project. This is required for the RBAC check to work.
+    set_filter_project_scope(step_run_filter_model)
+    assert isinstance(step_run_filter_model.project, UUID)
+
     allowed_pipeline_run_ids = get_allowed_resource_ids(
-        resource_type=ResourceType.PIPELINE_RUN
+        resource_type=ResourceType.PIPELINE_RUN,
+        project_id=step_run_filter_model.project,
     )
     step_run_filter_model.configure_rbac(
         authenticated_user_id=auth_context.user.id,
@@ -98,7 +107,6 @@ def list_run_steps(
 
 @router.post(
     "",
-    response_model=StepRunResponse,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -110,20 +118,22 @@ def create_run_step(
 
     Args:
         step: The run step to create.
+        _: Authentication context.
 
     Returns:
         The created run step.
     """
     pipeline_run = zen_store().get_run(step.pipeline_run_id)
-    verify_permission_for_model(pipeline_run, action=Action.UPDATE)
 
-    step_response = zen_store().create_run_step(step_run=step)
-    return dehydrate_response_model(step_response)
+    return verify_permissions_and_create_entity(
+        request_model=step,
+        create_method=zen_store().create_run_step,
+        surrogate_models=[pipeline_run],
+    )
 
 
 @router.get(
     "/{step_id}",
-    response_model=StepRunResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -157,7 +167,6 @@ def get_step(
 
 @router.put(
     "/{step_id}",
-    response_model=StepRunResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -187,7 +196,6 @@ def update_step(
 
 @router.get(
     "/{step_id}" + STEP_CONFIGURATION,
-    response_model=Dict[str, Any],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -212,7 +220,6 @@ def get_step_configuration(
 
 @router.get(
     "/{step_id}" + STATUS,
-    response_model=ExecutionStatus,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -237,7 +244,6 @@ def get_step_status(
 
 @router.get(
     "/{step_id}" + LOGS,
-    response_model=str,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions

zenml/zen_server/routers/tag_resource_endpoints.py

@@ -0,0 +1,115 @@
+#  Copyright (c) ZenML GmbH 2023. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at:
+#
+#       https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+#  or implied. See the License for the specific language governing
+#  permissions and limitations under the License.
+"""Endpoint definitions for the link between tags and resources."""
+
+from typing import List
+
+from fastapi import APIRouter, Security
+
+from zenml.constants import (
+    API,
+    BATCH,
+    TAG_RESOURCES,
+    VERSION_1,
+)
+from zenml.models import TagResourceRequest, TagResourceResponse
+from zenml.zen_server.auth import AuthContext, authorize
+from zenml.zen_server.exceptions import error_response
+from zenml.zen_server.utils import (
+    handle_exceptions,
+    zen_store,
+)
+
+router = APIRouter(
+    prefix=API + VERSION_1 + TAG_RESOURCES,
+    tags=["tag_resources"],
+    responses={401: error_response, 403: error_response},
+)
+
+
+@router.post(
+    "",
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def create_tag_resource(
+    tag_resource: TagResourceRequest,
+    _: AuthContext = Security(authorize),
+) -> TagResourceResponse:
+    """Attach different tags to different resources.
+
+    Args:
+        tag_resource: A tag resource request.
+
+    Returns:
+        A tag resource response.
+    """
+    return zen_store().create_tag_resource(tag_resource=tag_resource)
+
+
+@router.post(
+    BATCH,
+    responses={401: error_response, 409: error_response, 422: error_response},
+)
+@handle_exceptions
+def batch_create_tag_resource(
+    tag_resources: List[TagResourceRequest],
+    _: AuthContext = Security(authorize),
+) -> List[TagResourceResponse]:
+    """Attach different tags to different resources.
+
+    Args:
+        tag_resources: A list of tag resource requests.
+
+    Returns:
+        A list of tag resource responses.
+    """
+    return [
+        zen_store().create_tag_resource(tag_resource=tag_resource)
+        for tag_resource in tag_resources
+    ]
+
+
+@router.delete(
+    "",
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def delete_tag_resource(
+    tag_resource: TagResourceRequest,
+    _: AuthContext = Security(authorize),
+) -> None:
+    """Detach a tag from a resource.
+
+    Args:
+        tag_resource: The tag resource relationship to delete.
+    """
+    zen_store().delete_tag_resource(tag_resource=tag_resource)
+
+
+@router.delete(
+    BATCH,
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def batch_delete_tag_resource(
+    tag_resources: List[TagResourceRequest],
+    _: AuthContext = Security(authorize),
+) -> None:
+    """Detach different tags from different resources.
+
+    Args:
+        tag_resources: A list of tag resource requests.
+    """
+    zen_store().batch_delete_tag_resource(tag_resources=tag_resources)

zenml/zen_server/routers/tags_endpoints.py

@@ -33,13 +33,10 @@ from zenml.models import (
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
-    verify_permissions_and_create_entity,
     verify_permissions_and_delete_entity,
     verify_permissions_and_get_entity,
-    verify_permissions_and_list_entities,
     verify_permissions_and_update_entity,
 )
-from zenml.zen_server.rbac.models import ResourceType
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
@@ -59,7 +56,6 @@ router = APIRouter(
 
 @router.post(
     "",
-    response_model=TagResponse,
     responses={401: error_response, 409: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -75,16 +71,11 @@ def create_tag(
     Returns:
         The created tag.
     """
-    return verify_permissions_and_create_entity(
-        request_model=tag,
-        resource_type=ResourceType.TAG,
-        create_method=zen_store().create_tag,
-    )
+    return zen_store().create_tag(tag=tag)
 
 
 @router.get(
     "",
-    response_model=Page[TagResponse],
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -104,17 +95,14 @@ def list_tags(
     Returns:
         The tags according to query filters.
     """
-    return verify_permissions_and_list_entities(
-        filter_model=tag_filter_model,
-        resource_type=ResourceType.TAG,
-        list_method=zen_store().list_tags,
+    return zen_store().list_tags(
+        tag_filter_model=tag_filter_model,
         hydrate=hydrate,
     )
 
 
 @router.get(
     "/{tag_name_or_id}",
-    response_model=TagResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions
@@ -134,13 +122,14 @@ def get_tag(
         The tag with the given name or ID.
     """
     return verify_permissions_and_get_entity(
-        id=tag_name_or_id, get_method=zen_store().get_tag, hydrate=hydrate
+        id=tag_name_or_id,
+        get_method=zen_store().get_tag,
+        hydrate=hydrate,
     )
 
 
 @router.put(
     "/{tag_id}",
-    response_model=TagResponse,
     responses={401: error_response, 404: error_response, 422: error_response},
 )
 @handle_exceptions