zenml-nightly 0.75.0.dev20250314__py3-none-any.whl → 0.75.0.dev20250316__py3-none-any.whl

zenml/models/v2/core/tag.py

@@ -14,12 +14,12 @@
 """Models representing tags."""
 
 import random
-from typing import Optional
+from typing import TYPE_CHECKING, ClassVar, List, Optional, Type, TypeVar
 
-from pydantic import Field
+from pydantic import Field, field_validator
 
 from zenml.constants import STR_FIELD_MAX_LENGTH
-from zenml.enums import ColorVariants
+from zenml.enums import ColorVariants, TaggableResourceTypes
 from zenml.models.v2.base.base import BaseUpdate
 from zenml.models.v2.base.scoped import (
     UserScopedFilter,
@@ -29,6 +29,14 @@ from zenml.models.v2.base.scoped import (
     UserScopedResponseMetadata,
     UserScopedResponseResources,
 )
+from zenml.utils.uuid_utils import is_valid_uuid
+
+if TYPE_CHECKING:
+    from sqlalchemy.sql.elements import ColumnElement
+
+    from zenml.zen_stores.schemas import BaseSchema
+
+    AnySchema = TypeVar("AnySchema", bound="BaseSchema")
 
 # ------------------ Request Model ------------------
 
@@ -49,6 +57,28 @@ class TagRequest(UserScopedRequest):
         default_factory=lambda: random.choice(list(ColorVariants)),
     )
 
+    @field_validator("name")
+    @classmethod
+    def validate_name_not_uuid(cls, value: str) -> str:
+        """Validates that the tag name is not a UUID.
+
+        Args:
+            value: The tag name to validate.
+
+        Returns:
+            The validated tag name.
+
+        Raises:
+            ValueError: If the tag name can be converted
+                to a UUID.
+        """
+        if is_valid_uuid(value):
+            raise ValueError(
+                "Tag names cannot be UUIDs or strings that "
+                "can be converted to UUIDs."
+            )
+        return value
+
 
 # ------------------ Update Model ------------------
 
@@ -60,6 +90,27 @@ class TagUpdate(BaseUpdate):
     exclusive: Optional[bool] = None
     color: Optional[ColorVariants] = None
 
+    @field_validator("name")
+    @classmethod
+    def validate_name_not_uuid(cls, value: Optional[str]) -> Optional[str]:
+        """Validates that the tag name is not a UUID.
+
+        Args:
+            value: The tag name to validate.
+
+        Returns:
+            The validated tag name.
+
+        Raises:
+            ValueError: If the tag name can be converted to a UUID.
+        """
+        if value is not None and is_valid_uuid(value):
+            raise ValueError(
+                "Tag names cannot be UUIDs or strings that "
+                "can be converted to UUIDs."
+            )
+        return value
+
 
 # ------------------ Response Model ------------------
 
@@ -143,6 +194,11 @@ class TagResponse(
 class TagFilter(UserScopedFilter):
     """Model to enable advanced filtering of all tags."""
 
+    FILTER_EXCLUDE_FIELDS: ClassVar[List[str]] = [
+        *UserScopedFilter.FILTER_EXCLUDE_FIELDS,
+        "resource_type",
+    ]
+
     name: Optional[str] = Field(
         description="The unique title of the tag.", default=None
     )
@@ -153,3 +209,40 @@ class TagFilter(UserScopedFilter):
         description="The flag signifying whether the tag is an exclusive tag.",
         default=None,
     )
+    resource_type: Optional[TaggableResourceTypes] = Field(
+        description="Filter tags associated with a specific resource type.",
+        default=None,
+    )
+
+    def get_custom_filters(
+        self, table: Type["AnySchema"]
+    ) -> List["ColumnElement[bool]"]:
+        """Get custom filters.
+
+        Args:
+            table: The query table.
+
+        Returns:
+            A list of custom filters.
+        """
+        custom_filters = super().get_custom_filters(table)
+
+        from sqlmodel import exists, select
+
+        from zenml.zen_stores.schemas import (
+            TagResourceSchema,
+            TagSchema,
+        )
+
+        if self.resource_type:
+            # Filter for tags that have at least one association with the specified resource type
+            resource_type_filter = exists(
+                select(TagResourceSchema).where(
+                    TagResourceSchema.tag_id == TagSchema.id,
+                    TagResourceSchema.resource_type
+                    == self.resource_type.value,
+                )
+            )
+            custom_filters.append(resource_type_filter)
+
+        return custom_filters

zenml/models/v2/misc/server_models.py

@@ -131,16 +131,16 @@ class ServerModel(BaseModel):
         "connected. Only set if the server is a ZenML Pro server.",
     )
 
-    pro_tenant_id: Optional[UUID] = Field(
+    pro_workspace_id: Optional[UUID] = Field(
         None,
-        title="The ID of the ZenML Pro tenant to which the server is connected. "
-        "Only set if the server is a ZenML Pro server.",
+        title="The ID of the ZenML Pro workspace to which the server is "
+        "connected. Only set if the server is a ZenML Pro server.",
     )
 
-    pro_tenant_name: Optional[str] = Field(
+    pro_workspace_name: Optional[str] = Field(
         None,
-        title="The name of the ZenML Pro tenant to which the server is connected. "
-        "Only set if the server is a ZenML Pro server.",
+        title="The name of the ZenML Pro workspace to which the server is "
+        "connected. Only set if the server is a ZenML Pro server.",
     )
 
     def is_local(self) -> bool:

zenml/orchestrators/step_run_utils.py

@@ -344,7 +344,7 @@ def log_model_version_dashboard_url(
 ) -> None:
     """Log the dashboard URL for a model version.
 
-    If the current server is not a ZenML Pro tenant, a fallback message is
+    If the current server is not a ZenML Pro workspace, a fallback message is
     logged instead.
 
     Args:

zenml/utils/dashboard_utils.py

@@ -33,7 +33,7 @@ logger = get_logger(__name__)
 
 
 def get_cloud_dashboard_url() -> Optional[str]:
-    """Get the base url of the cloud dashboard if the server is a cloud tenant.
+    """Get the base url of the cloud dashboard if the server is a ZenML Pro workspace.
 
     Returns:
         The base url of the cloud dashboard.

zenml/utils/tag_utils.py

@@ -379,18 +379,6 @@ def add_tags(
             else:
                 tag_model = client.create_tag(name=tag)
 
-        if tag_model.exclusive and resource_type not in [
-            TaggableResourceTypes.PIPELINE_RUN,
-            TaggableResourceTypes.ARTIFACT_VERSION,
-            TaggableResourceTypes.RUN_TEMPLATE,
-        ]:
-            logger.warning(
-                "The tag will be added, however, please keep in mind that "
-                "the functionality of having exclusive tags is only "
-                "applicable for pipeline runs, artifact versions and run "
-                f"templates, not {resource_type.value}s."
-            )
-
         if resource_id:
             client.attach_tag(
                 tag_name_or_id=tag_model.name,

zenml/zen_server/cloud_utils.py

@@ -267,6 +267,6 @@ def cloud_connection() -> ZenMLCloudConnection:
     return _cloud_connection
 
 
-def send_pro_tenant_status_update() -> None:
-    """Send a tenant status update to the Cloud API."""
-    cloud_connection().patch("/tenant_status")
+def send_pro_workspace_status_update() -> None:
+    """Send a workspace status update to the Cloud API."""
+    cloud_connection().patch("/workspace_status")

zenml/zen_server/feature_gate/endpoint_utils.py

@@ -20,7 +20,7 @@ from zenml.zen_server.utils import feature_gate, server_config
 
 
 def check_entitlement(resource_type: ResourceType) -> None:
-    """Queries the feature gate to see if the operation falls within the tenants entitlements.
+    """Queries the feature gate to see if the operation falls within the Pro workspaces entitlements.
 
     Raises an exception if the user is not entitled to create an instance of the
     resource. Otherwise, simply returns.

zenml/zen_server/feature_gate/zenml_cloud_feature_gate.py

@@ -110,7 +110,7 @@ class ZenMLCloudFeatureGateInterface(FeatureGateInterface):
             feature=resource,
             total=1 if not is_decrement else -1,
             metadata={
-                "tenant_id": str(server_config.get_external_server_id()),
+                "workspace_id": str(server_config.get_external_server_id()),
                 "resource_id": str(resource_id),
             },
         ).model_dump()

zenml/zen_server/rbac/models.py

@@ -111,11 +111,6 @@ class Resource(BaseModel):
             Resource string representation.
         """
         project_id = self.project_id
-        if self.type == ResourceType.PROJECT and self.id:
-            # TODO: For now, we duplicate the project ID in the string
-            # representation when describing a project instance, because
-            # this is what is expected by the RBAC implementation.
-            project_id = self.id
 
         if project_id:
             representation = f"{project_id}:"
@@ -127,6 +122,36 @@ class Resource(BaseModel):
 
         return representation
 
+    @classmethod
+    def parse(cls, resource: str) -> "Resource":
+        """Parse an RBAC resource string into a Resource object.
+
+        Args:
+            resource: The resource to convert.
+
+        Returns:
+            The converted resource.
+        """
+        project_id: Optional[str] = None
+        if ":" in resource:
+            (
+                project_id,
+                resource_type_and_id,
+            ) = resource.split(":", maxsplit=1)
+        else:
+            project_id = None
+            resource_type_and_id = resource
+
+        resource_id: Optional[str] = None
+        if "/" in resource_type_and_id:
+            resource_type, resource_id = resource_type_and_id.split("/")
+        else:
+            resource_type = resource_type_and_id
+
+        return Resource(
+            type=resource_type, id=resource_id, project_id=project_id
+        )
+
     @model_validator(mode="after")
     def validate_project_id(self) -> "Resource":
         """Validate that project_id is set in combination with project-scoped resource types.

zenml/zen_server/rbac/zenml_cloud_rbac.py

@@ -13,12 +13,11 @@
 #  permissions and limitations under the License.
 """Cloud RBAC implementation."""
 
-from typing import TYPE_CHECKING, Dict, List, Optional, Set, Tuple
+from typing import TYPE_CHECKING, Dict, List, Set, Tuple
 
 from zenml.zen_server.cloud_utils import cloud_connection
-from zenml.zen_server.rbac.models import Action, Resource, ResourceType
+from zenml.zen_server.rbac.models import Action, Resource
 from zenml.zen_server.rbac.rbac_interface import RBACInterface
-from zenml.zen_server.utils import server_config
 
 if TYPE_CHECKING:
     from zenml.models import UserResponse
@@ -29,64 +28,6 @@ ALLOWED_RESOURCE_IDS_ENDPOINT = "/rbac/allowed_resource_ids"
 RESOURCE_MEMBERSHIP_ENDPOINT = "/rbac/resource_members"
 RESOURCES_ENDPOINT = "/rbac/resources"
 
-SERVER_SCOPE_IDENTIFIER = "server"
-
-SERVER_ID = server_config().external_server_id
-
-
-def _convert_to_cloud_resource(resource: Resource) -> str:
-    """Convert a resource to a ZenML Pro Management Plane resource.
-
-    Args:
-        resource: The resource to convert.
-
-    Returns:
-        The converted resource.
-    """
-    return f"{SERVER_ID}@{SERVER_SCOPE_IDENTIFIER}:{resource}"
-
-
-def _convert_from_cloud_resource(cloud_resource: str) -> Resource:
-    """Convert a cloud resource to a ZenML server resource.
-
-    Args:
-        cloud_resource: The cloud resource to convert.
-
-    Raises:
-        ValueError: If the cloud resource is invalid for this server.
-
-    Returns:
-        The converted resource.
-    """
-    scope, project_resource_type_and_id = cloud_resource.split(":", maxsplit=1)
-
-    if scope != f"{SERVER_ID}@{SERVER_SCOPE_IDENTIFIER}":
-        raise ValueError("Invalid scope for server resource.")
-
-    project_id: Optional[str] = None
-    if ":" in project_resource_type_and_id:
-        (
-            project_id,
-            resource_type_and_id,
-        ) = project_resource_type_and_id.split(":", maxsplit=1)
-    else:
-        project_id = None
-        resource_type_and_id = project_resource_type_and_id
-
-    resource_id: Optional[str] = None
-    if "/" in resource_type_and_id:
-        resource_type, resource_id = resource_type_and_id.split("/")
-    else:
-        resource_type = resource_type_and_id
-
-    if resource_type == ResourceType.PROJECT and project_id is not None:
-        # TODO: For now, we duplicate the project ID in the string
-        # representation when describing a project instance, because
-        # this is what is expected by the RBAC implementation.
-        project_id = None
-
-    return Resource(type=resource_type, id=resource_id, project_id=project_id)
-
 
 class ZenMLCloudRBAC(RBACInterface):
     """RBAC implementation that uses the ZenML Pro Management Plane as a backend."""
@@ -123,9 +64,7 @@ class ZenMLCloudRBAC(RBACInterface):
 
         params = {
             "user_id": str(user.external_user_id),
-            "resources": [
-                _convert_to_cloud_resource(resource) for resource in resources
-            ],
+            "resources": resources,
             "action": str(action),
         }
         response = self._connection.get(
@@ -134,7 +73,7 @@ class ZenMLCloudRBAC(RBACInterface):
         value = response.json()
 
         assert isinstance(value, dict)
-        return {_convert_from_cloud_resource(k): v for k, v in value.items()}
+        return {Resource.parse(k): v for k, v in value.items()}
 
     def list_allowed_resource_ids(
         self, user: "UserResponse", resource: Resource, action: Action
@@ -164,7 +103,7 @@ class ZenMLCloudRBAC(RBACInterface):
         assert user.external_user_id
         params = {
             "user_id": str(user.external_user_id),
-            "resource": _convert_to_cloud_resource(resource),
+            "resource": str(resource),
             "action": str(action),
         }
         response = self._connection.get(
@@ -194,7 +133,7 @@ class ZenMLCloudRBAC(RBACInterface):
 
         data = {
             "user_id": str(user.external_user_id),
-            "resource": _convert_to_cloud_resource(resource),
+            "resource": str(resource),
             "actions": [str(action) for action in actions],
         }
         self._connection.post(endpoint=RESOURCE_MEMBERSHIP_ENDPOINT, data=data)
@@ -207,8 +146,6 @@ class ZenMLCloudRBAC(RBACInterface):
                 information.
         """
         params = {
-            "resources": [
-                _convert_to_cloud_resource(resource) for resource in resources
-            ],
+            "resources": [str(resource) for resource in resources],
         }
         self._connection.delete(endpoint=RESOURCES_ENDPOINT, params=params)

zenml/zen_server/routers/server_endpoints.py

@@ -145,8 +145,8 @@ def get_onboarding_state(
 
 
 # We don't have any concrete value that tells us whether a server is a cloud
-# tenant, so we use `external_server_id` as the best proxy option.
-# For cloud tenants, we don't add these endpoints as the server settings don't
+# workspace, so we use `external_server_id` as the best proxy option.
+# For cloud workspaces, we don't add these endpoints as the server settings don't
 # have any effect and even allow users to disable functionality that is
 # necessary for the cloud onboarding to work.
 if server_config().external_server_id is None:

zenml/zen_server/zen_server_api.py

@@ -55,7 +55,7 @@ from zenml.constants import (
 from zenml.enums import AuthScheme, SourceContextTypes
 from zenml.models import ServerDeploymentType
 from zenml.utils.time_utils import utc_now
-from zenml.zen_server.cloud_utils import send_pro_tenant_status_update
+from zenml.zen_server.cloud_utils import send_pro_workspace_status_update
 from zenml.zen_server.exceptions import error_detail
 from zenml.zen_server.routers import (
     actions_endpoints,
@@ -394,9 +394,9 @@ def initialize() -> None:
     initialize_secure_headers()
     initialize_memcache(cfg.memcache_max_capacity, cfg.memcache_default_expiry)
     if cfg.deployment_type == ServerDeploymentType.CLOUD:
-        # Send a tenant status update to the Cloud API to indicate that the
+        # Send a workspace status update to the Cloud API to indicate that the
         # ZenML server is running or to update the version and server URL.
-        send_pro_tenant_status_update()
+        send_pro_workspace_status_update()
 
 
 DASHBOARD_REDIRECT_URL = None

zenml/zen_stores/base_zen_store.py

@@ -405,9 +405,9 @@ class BaseZenStore(
             store_info.pro_api_url = pro_config.api_url
             store_info.pro_dashboard_url = pro_config.dashboard_url
             store_info.pro_organization_id = pro_config.organization_id
-            store_info.pro_tenant_id = pro_config.tenant_id
-            if pro_config.tenant_name:
-                store_info.pro_tenant_name = pro_config.tenant_name
+            store_info.pro_workspace_id = pro_config.workspace_id
+            if pro_config.workspace_name:
+                store_info.pro_workspace_name = pro_config.workspace_name
             if pro_config.organization_name:
                 store_info.pro_organization_name = pro_config.organization_name
 

zenml/zen_stores/rest_zen_store.py

@@ -4098,7 +4098,7 @@ class RestZenStore(BaseZenStore):
                     "password": password,
                 }
             elif self.server_info.is_pro_server():
-                # ZenML Pro tenants use a proprietary authorization grant
+                # ZenML Pro workspaces use a proprietary authorization grant
                 # where the ZenML Pro API session token is exchanged for a
                 # regular ZenML server access token.
 

zenml/zen_stores/sql_zen_store.py

@@ -899,8 +899,8 @@ class SqlZenStore(BaseZenStore):
         server_config = ServerConfiguration.get_server_config()
 
         if server_config.deployment_type == ServerDeploymentType.CLOUD:
-            # Do not send events for cloud tenants where the event comes from
-            # the cloud API
+            # Do not send events for Pro workspaces where the event comes from
+            # the Pro API
             return
 
         query = select(UserSchema).where(
@@ -11296,6 +11296,22 @@ class SqlZenStore(BaseZenStore):
 
         tag_schemas = []
         for tag in tags:
+            # Check if the tag is a string that can be converted to a UUID
+            if isinstance(tag, str):
+                try:
+                    tag_uuid = UUID(tag)
+                except ValueError:
+                    # Not a valid UUID string, proceed normally
+                    pass
+                else:
+                    tag_schema = self._get_schema_by_id(
+                        resource_id=tag_uuid,
+                        schema_class=TagSchema,
+                        session=session,
+                    )
+                    tag_schemas.append(tag_schema)
+                    continue
+
             try:
                 if isinstance(tag, tag_utils.Tag):
                     tag_request = tag.to_request()
@@ -11523,7 +11539,7 @@ class SqlZenStore(BaseZenStore):
             An updated tag.
 
         Raises:
-            IllegalOperationError: If the tag can not be converted to an exclusive tag due
+            ValueError: If the tag can not be converted to an exclusive tag due
                 to it being associated to multiple entities.
         """
         with Session(self.engine) as session:
@@ -11539,6 +11555,41 @@ class SqlZenStore(BaseZenStore):
 
             if tag_update_model.exclusive is True:
                 error_messages = []
+
+                # Define allowed resource types for exclusive tags
+                allowed_resource_types = [
+                    TaggableResourceTypes.PIPELINE_RUN.value,
+                    TaggableResourceTypes.ARTIFACT_VERSION.value,
+                    TaggableResourceTypes.RUN_TEMPLATE.value,
+                ]
+
+                # Check if tag is associated with any non-allowed resource types
+                non_allowed_resources_query = (
+                    select(TagResourceSchema.resource_type)
+                    .where(
+                        TagResourceSchema.tag_id == tag.id,
+                        TagResourceSchema.resource_type.not_in(  # type: ignore[attr-defined]
+                            allowed_resource_types
+                        ),
+                    )
+                    .distinct()
+                )
+
+                non_allowed_resources = session.exec(
+                    non_allowed_resources_query
+                ).all()
+                if non_allowed_resources:
+                    error_message = (
+                        f"The tag `{tag.name}` cannot be made "
+                        "exclusive because it is associated with "
+                        "non-allowed resource types: "
+                        f"{', '.join(non_allowed_resources)}. "
+                        "Exclusive tags can only be applied "
+                        "to pipeline runs, artifact versions, "
+                        "and run templates."
+                    )
+                    error_messages.append(error_message)
+
                 for resource_type, resource_id, scope_id in [
                     (
                         TaggableResourceTypes.PIPELINE_RUN,
@@ -11603,7 +11654,7 @@ class SqlZenStore(BaseZenStore):
                             error_messages.append(error)
 
                 if error_messages:
-                    raise IllegalOperationError(
+                    raise ValueError(
                         "\n".join(error_messages)
                         + "\nYou can only convert a tag into an exclusive tag "
                         "if the conflicts mentioned above are resolved."
@@ -11705,8 +11756,8 @@ class SqlZenStore(BaseZenStore):
             The newly created tag resource relationships.
 
         Raises:
-            ValueError: If an exclusive tag is being attached to multiple resources
-                of the same type within the same scope.
+            ValueError: If an exclusive tag is being attached
+                to multiple resources of the same type within the same scope.
             EntityExistsError: If a tag resource already exists.
         """
         max_retries = 10
@@ -11837,7 +11888,9 @@ class SqlZenStore(BaseZenStore):
                                         )
                                     )
                     else:
-                        logger.debug(
+                        raise ValueError(
+                            "Can not attach exclusive tag to resource of type "
+                            f"{resource_type.value} with ID: `{resource.id}`. "
                             "Exclusive tag functionality only works for "
                             "templates, for pipeline runs (within the scope of "
                             "pipelines) and for artifact versions (within the "

{zenml_nightly-0.75.0.dev20250314.dist-info → zenml_nightly-0.75.0.dev20250316.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: zenml-nightly
-Version: 0.75.0.dev20250314
+Version: 0.75.0.dev20250316
 Summary: ZenML: Write production-ready ML code.
 License: Apache-2.0
 Keywords: machine learning,production,pipeline,mlops,devops