zenml-nightly 0.80.2.dev20250414__py3-none-any.whl → 0.80.2.dev20250415__py3-none-any.whl

zenml/VERSION

@@ -1 +1 @@
-0.80.2.dev20250414
+0.80.2.dev20250415

zenml/artifacts/utils.py

@@ -35,7 +35,9 @@ from zenml.artifacts.preexisting_data_materializer import (
     PreexistingDataMaterializer,
 )
 from zenml.client import Client
-from zenml.constants import MODEL_METADATA_YAML_FILE_NAME
+from zenml.constants import (
+    MODEL_METADATA_YAML_FILE_NAME,
+)
 from zenml.enums import (
     ArtifactSaveType,
     ArtifactType,
@@ -43,7 +45,10 @@ from zenml.enums import (
     StackComponentType,
     VisualizationType,
 )
-from zenml.exceptions import DoesNotExistException, StepContextError
+from zenml.exceptions import (
+    DoesNotExistException,
+    StepContextError,
+)
 from zenml.io import fileio
 from zenml.logger import get_logger
 from zenml.metadata.metadata_types import validate_metadata

zenml/config/server_config.py

@@ -34,6 +34,7 @@ from zenml.constants import (
     DEFAULT_ZENML_JWT_TOKEN_LEEWAY,
     DEFAULT_ZENML_SERVER_DEVICE_AUTH_POLLING,
     DEFAULT_ZENML_SERVER_DEVICE_AUTH_TIMEOUT,
+    DEFAULT_ZENML_SERVER_FILE_DOWNLOAD_SIZE_LIMIT,
     DEFAULT_ZENML_SERVER_GENERIC_API_TOKEN_LIFETIME,
     DEFAULT_ZENML_SERVER_GENERIC_API_TOKEN_MAX_LIFETIME,
     DEFAULT_ZENML_SERVER_LOGIN_RATE_LIMIT_DAY,
@@ -245,6 +246,8 @@ class ServerConfiguration(BaseModel):
         memcache_default_expiry: The default expiry time in seconds for cache
             entries. If not specified, the default value of 30 seconds will be
             used.
+        file_download_size_limit: The maximum size of the file download in
+            bytes. If not specified, the default value of 2GB will be used.
     """
 
     deployment_type: ServerDeploymentType = ServerDeploymentType.OTHER
@@ -346,6 +349,10 @@ class ServerConfiguration(BaseModel):
     memcache_max_capacity: int = 1000
     memcache_default_expiry: int = 30
 
+    file_download_size_limit: int = (
+        DEFAULT_ZENML_SERVER_FILE_DOWNLOAD_SIZE_LIMIT
+    )
+
     _deployment_id: Optional[UUID] = None
 
     @model_validator(mode="before")

zenml/constants.py

@@ -192,12 +192,14 @@ ENV_ZENML_SERVER_PRO_PREFIX = "ZENML_SERVER_PRO_"
 ENV_ZENML_SERVER_DEPLOYMENT_TYPE = f"{ENV_ZENML_SERVER_PREFIX}DEPLOYMENT_TYPE"
 ENV_ZENML_SERVER_AUTH_SCHEME = f"{ENV_ZENML_SERVER_PREFIX}AUTH_SCHEME"
 ENV_ZENML_SERVER_AUTO_ACTIVATE = f"{ENV_ZENML_SERVER_PREFIX}AUTO_ACTIVATE"
+
 ENV_ZENML_RUN_SINGLE_STEPS_WITHOUT_STACK = (
     "ZENML_RUN_SINGLE_STEPS_WITHOUT_STACK"
 )
 ENV_ZENML_PREVENT_CLIENT_SIDE_CACHING = "ZENML_PREVENT_CLIENT_SIDE_CACHING"
 ENV_ZENML_DISABLE_CREDENTIALS_DISK_CACHING = "DISABLE_CREDENTIALS_DISK_CACHING"
 ENV_ZENML_RUNNER_IMAGE_DISABLE_UV = "ZENML_RUNNER_IMAGE_DISABLE_UV"
+
 # Logging variables
 IS_DEBUG_ENV: bool = handle_bool_env_var(ENV_ZENML_DEBUG, default=False)
 
@@ -284,6 +286,7 @@ DEFAULT_ZENML_SERVER_GENERIC_API_TOKEN_LIFETIME = 60 * 60  # 1 hour
 DEFAULT_ZENML_SERVER_GENERIC_API_TOKEN_MAX_LIFETIME = (
     60 * 60 * 24 * 7
 )  # 7 days
+DEFAULT_ZENML_SERVER_FILE_DOWNLOAD_SIZE_LIMIT = 2 * 1024 * 1024 * 1024  # 20 GB
 
 DEFAULT_ZENML_SERVER_SECURE_HEADERS_HSTS = (
     "max-age=63072000; includeSubdomains"
@@ -350,10 +353,12 @@ CODE_REPOSITORIES = "/code_repositories"
 COMPONENT_TYPES = "/component-types"
 CONFIG = "/config"
 CURRENT_USER = "/current-user"
+DATA = "/data"
 DEACTIVATE = "/deactivate"
 DEVICES = "/devices"
 DEVICE_AUTHORIZATION = "/device_authorization"
 DEVICE_VERIFY = "/verify"
+DOWNLOAD_TOKEN = "/download-token"
 EMAIL_ANALYTICS = "/email-opt-in"
 EVENT_FLAVORS = "/event-flavors"
 EVENT_SOURCES = "/event-sources"

zenml/integrations/kubernetes/flavors/kubernetes_step_operator_flavor.py

@@ -35,11 +35,23 @@ class KubernetesStepOperatorSettings(BaseSettings):
         pod_settings: Pod settings to apply to pods executing the steps.
         service_account_name: Name of the service account to use for the pod.
         privileged: If the container should be run in privileged mode.
+        pod_startup_timeout: The maximum time to wait for a pending step pod to
+            start (in seconds).
+        pod_failure_max_retries: The maximum number of times to retry a step
+            pod if the step Kubernetes pod fails to start
+        pod_failure_retry_delay: The delay in seconds between pod
+            failure retries and pod startup retries (in seconds)
+        pod_failure_backoff: The backoff factor for pod failure retries and
+            pod startup retries.
     """
 
     pod_settings: Optional[KubernetesPodSettings] = None
     service_account_name: Optional[str] = None
     privileged: bool = False
+    pod_startup_timeout: int = 60 * 10  # Default 10 minutes
+    pod_failure_max_retries: int = 3
+    pod_failure_retry_delay: int = 10
+    pod_failure_backoff: float = 1.0
 
 
 class KubernetesStepOperatorConfig(

zenml/integrations/kubernetes/orchestrators/kube_utils.py

@@ -462,3 +462,95 @@ def delete_secret(
         name=secret_name,
         namespace=namespace,
     )
+
+
+def create_and_wait_for_pod_to_start(
+    core_api: k8s_client.CoreV1Api,
+    pod_display_name: str,
+    pod_name: str,
+    pod_manifest: k8s_client.V1Pod,
+    namespace: str,
+    startup_max_retries: int,
+    startup_failure_delay: float,
+    startup_failure_backoff: float,
+    startup_timeout: float,
+) -> None:
+    """Create a pod and wait for it to reach a desired state.
+
+    Args:
+        core_api: Client of Core V1 API of Kubernetes API.
+        pod_display_name: The display name of the pod to use in logs.
+        pod_name: The name of the pod to create.
+        pod_manifest: The manifest of the pod to create.
+        namespace: The namespace in which to create the pod.
+        startup_max_retries: The maximum number of retries for the pod startup.
+        startup_failure_delay: The delay between retries for the pod startup.
+        startup_failure_backoff: The backoff factor for the pod startup.
+        startup_timeout: The maximum time to wait for the pod to start.
+
+    Raises:
+        TimeoutError: If the pod is still in a pending state after the maximum
+            wait time has elapsed.
+        Exception: If the pod fails to start after the maximum number of
+            retries.
+    """
+    retries = 0
+
+    while retries < startup_max_retries:
+        try:
+            # Create and run pod.
+            core_api.create_namespaced_pod(
+                namespace=namespace,
+                body=pod_manifest,
+            )
+            break
+        except Exception as e:
+            retries += 1
+            if retries < startup_max_retries:
+                logger.debug(f"The {pod_display_name} failed to start: {e}")
+                logger.error(
+                    f"Failed to create {pod_display_name}. "
+                    f"Retrying in {startup_failure_delay} seconds..."
+                )
+                time.sleep(startup_failure_delay)
+                startup_failure_delay *= startup_failure_backoff
+            else:
+                logger.error(
+                    f"Failed to create {pod_display_name} after "
+                    f"{startup_max_retries} retries. Exiting."
+                )
+                raise
+
+    # Wait for pod to start
+    logger.info(f"Waiting for {pod_display_name} to start...")
+    max_wait = startup_timeout
+    total_wait: float = 0
+    delay = startup_failure_delay
+    while True:
+        pod = get_pod(
+            core_api=core_api,
+            pod_name=pod_name,
+            namespace=namespace,
+        )
+        if not pod or pod_is_not_pending(pod):
+            break
+        if total_wait >= max_wait:
+            # Have to delete the pending pod so it doesn't start running
+            # later on.
+            try:
+                core_api.delete_namespaced_pod(
+                    name=pod_name,
+                    namespace=namespace,
+                )
+            except Exception:
+                pass
+            raise TimeoutError(
+                f"The {pod_display_name} is still in a pending state "
+                f"after {total_wait} seconds. Exiting."
+            )
+
+        if total_wait + delay > max_wait:
+            delay = max_wait - total_wait
+        total_wait += delay
+        time.sleep(delay)
+        delay *= startup_failure_backoff

zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator.py

@@ -543,14 +543,24 @@ class KubernetesOrchestrator(ContainerizedOrchestrator):
                 mount_local_stores=self.config.is_local,
             )
 
-            self._k8s_core_api.create_namespaced_pod(
+            logger.info("Waiting for Kubernetes orchestrator pod to start...")
+            kube_utils.create_and_wait_for_pod_to_start(
+                core_api=self._k8s_core_api,
+                pod_display_name="Kubernetes orchestrator pod",
+                pod_name=pod_name,
+                pod_manifest=pod_manifest,
                 namespace=self.config.kubernetes_namespace,
-                body=pod_manifest,
+                startup_max_retries=settings.pod_failure_max_retries,
+                startup_failure_delay=settings.pod_failure_retry_delay,
+                startup_failure_backoff=settings.pod_failure_backoff,
+                startup_timeout=settings.pod_startup_timeout,
             )
 
             # Wait for the orchestrator pod to finish and stream logs.
             if settings.synchronous:
-                logger.info("Waiting for Kubernetes orchestrator pod...")
+                logger.info(
+                    "Waiting for Kubernetes orchestrator pod to finish..."
+                )
                 kube_utils.wait_pod(
                     kube_client_fn=self.get_kube_client,
                     pod_name=pod_name,

zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator_entrypoint.py

@@ -15,7 +15,6 @@
 
 import argparse
 import socket
-import time
 from typing import Any, Dict
 from uuid import UUID
 
@@ -103,8 +102,6 @@ def main() -> None:
 
         Raises:
             Exception: If the pod fails to start.
-            TimeoutError: If the pod is still in a pending state after the
-                maximum wait time has elapsed.
         """
         # Define Kubernetes pod name.
         pod_name = f"{orchestrator_run_id}-{step_name}"
@@ -176,68 +173,18 @@ def main() -> None:
             mount_local_stores=mount_local_stores,
         )
 
-        retries = 0
-        max_retries = settings.pod_failure_max_retries
-        delay: float = settings.pod_failure_retry_delay
-        backoff = settings.pod_failure_backoff
-
-        while retries < max_retries:
-            try:
-                # Create and run pod.
-                core_api.create_namespaced_pod(
-                    namespace=args.kubernetes_namespace,
-                    body=pod_manifest,
-                )
-                break
-            except Exception as e:
-                retries += 1
-                if retries < max_retries:
-                    logger.debug(
-                        f"Pod for step `{step_name}` failed to start: {e}"
-                    )
-                    logger.error(
-                        f"Failed to create pod for step `{step_name}`. "
-                        f"Retrying in {delay} seconds..."
-                    )
-                    time.sleep(delay)
-                    delay *= backoff
-                else:
-                    logger.error(
-                        f"Failed to create pod for step `{step_name}` after "
-                        f"{max_retries} retries. Exiting."
-                    )
-                    raise
-
-        # Wait for pod to start
-        max_wait = settings.pod_startup_timeout
-        total_wait: float = 0
-        delay = settings.pod_failure_retry_delay
-        while True:
-            pod = kube_utils.get_pod(
-                core_api, pod_name, args.kubernetes_namespace
-            )
-            if not pod or kube_utils.pod_is_not_pending(pod):
-                break
-            if total_wait >= max_wait:
-                # Have to delete the pending pod so it doesn't start running
-                # later on.
-                try:
-                    core_api.delete_namespaced_pod(
-                        name=pod_name,
-                        namespace=args.kubernetes_namespace,
-                    )
-                except Exception:
-                    pass
-                raise TimeoutError(
-                    f"Pod for step `{step_name}` is still in a pending state "
-                    f"after {total_wait} seconds. Exiting."
-                )
-
-            if total_wait + delay > max_wait:
-                delay = max_wait - total_wait
-            total_wait += delay
-            time.sleep(delay)
-            delay *= backoff
+        logger.info(f"Waiting for pod of step `{step_name}` to start...")
+        kube_utils.create_and_wait_for_pod_to_start(
+            core_api=core_api,
+            pod_display_name=f"pod for step `{step_name}`",
+            pod_name=pod_name,
+            pod_manifest=pod_manifest,
+            namespace=args.kubernetes_namespace,
+            startup_max_retries=settings.pod_failure_max_retries,
+            startup_failure_delay=settings.pod_failure_retry_delay,
+            startup_failure_backoff=settings.pod_failure_backoff,
+            startup_timeout=settings.pod_startup_timeout,
+        )
 
         # Wait for pod to finish.
         logger.info(f"Waiting for pod of step `{step_name}` to finish...")

zenml/integrations/kubernetes/step_operators/kubernetes_step_operator.py

@@ -218,13 +218,24 @@ class KubernetesStepOperator(BaseStepOperator):
             mount_local_stores=False,
         )
 
-        self._k8s_core_api.create_namespaced_pod(
+        logger.info(
+            "Waiting for pod of step `%s` to start...", info.pipeline_step_name
+        )
+        kube_utils.create_and_wait_for_pod_to_start(
+            core_api=self._k8s_core_api,
+            pod_display_name=f"pod of step `{info.pipeline_step_name}`",
+            pod_name=pod_name,
+            pod_manifest=pod_manifest,
             namespace=self.config.kubernetes_namespace,
-            body=pod_manifest,
+            startup_max_retries=settings.pod_failure_max_retries,
+            startup_failure_delay=settings.pod_failure_retry_delay,
+            startup_failure_backoff=settings.pod_failure_backoff,
+            startup_timeout=settings.pod_startup_timeout,
         )
 
         logger.info(
-            "Waiting for pod of step `%s` to start...", info.pipeline_step_name
+            "Waiting for pod of step `%s` to finish...",
+            info.pipeline_step_name,
         )
         kube_utils.wait_pod(
             kube_client_fn=self.get_kube_client,

zenml/materializers/path_materializer.py

@@ -26,6 +26,7 @@ from zenml.constants import (
 from zenml.enums import ArtifactType
 from zenml.io import fileio
 from zenml.materializers.base_materializer import BaseMaterializer
+from zenml.utils.io_utils import is_path_within_directory
 
 
 class PathMaterializer(BaseMaterializer):
@@ -71,7 +72,15 @@ class PathMaterializer(BaseMaterializer):
 
                 # Extract the archive to the temporary directory
                 with tarfile.open(archive_path_local, "r:gz") as tar:
-                    tar.extractall(path=directory)
+                    # Validate archive members to prevent path traversal attacks
+                    # Filter members to only those with safe paths
+                    safe_members = []
+                    for member in tar.getmembers():
+                        if is_path_within_directory(member.name, directory):
+                            safe_members.append(member)
+
+                    # Extract only safe members
+                    tar.extractall(path=directory, members=safe_members)  # nosec B202 - members are filtered through is_path_within_directory
 
                 # Clean up the archive file
                 os.remove(archive_path_local)
@@ -93,8 +102,14 @@ class PathMaterializer(BaseMaterializer):
 
         Args:
             data: Path to a local directory or file to store. Must be a Path object.
+
+        Raises:
+            TypeError: If data is not a Path object.
         """
-        assert isinstance(data, Path)
+        if not isinstance(data, Path):
+            raise TypeError(
+                f"Expected a Path object, got {type(data).__name__}"
+            )
 
         if data.is_dir():
             # Handle directory artifact

zenml/utils/io_utils.py

@@ -205,6 +205,29 @@ def resolve_relative_path(path: str) -> str:
     return str(Path(path).resolve())
 
 
+def is_path_within_directory(path: str, directory: str) -> bool:
+    """Checks if a path is contained within a given directory.
+
+    This utility function verifies that a path (absolute or relative) resolves
+    to a location that is within the specified directory. This is useful for
+    security checks such as preventing path traversal attacks when extracting
+    archives (CVE-2007-4559) or whenever path containment needs to be verified.
+
+    Args:
+        path: The path to check (can be relative or absolute).
+        directory: The directory that should contain the path.
+
+    Returns:
+        Boolean indicating whether the path is contained within the directory (True)
+        or not (False).
+    """
+    # Convert to absolute path, ensuring it's normalized
+    abs_path = os.path.abspath(os.path.join(directory, path))
+    # Check if the path is within the target directory
+    dir_abs = os.path.abspath(directory)
+    return abs_path.startswith(dir_abs + os.sep) or abs_path == dir_abs
+
+
 def move(source: str, destination: str, overwrite: bool = False) -> None:
     """Moves dir or file from source to destination. Can be used to rename.
 

zenml/zen_server/auth.py

@@ -983,6 +983,58 @@ def generate_access_token(
     )
 
 
+def generate_artifact_download_token(artifact_version_id: UUID) -> str:
+    """Generate a JWT token for artifact download.
+
+    Args:
+        artifact_version_id: The ID of the artifact version to download.
+
+    Returns:
+        The JWT token for the artifact download.
+    """
+    import jwt
+
+    config = server_config()
+
+    return jwt.encode(
+        {
+            "exp": utc_now() + timedelta(seconds=30),
+            "artifact_version_id": str(artifact_version_id),
+        },
+        key=config.jwt_secret_key,
+        algorithm=config.jwt_token_algorithm,
+    )
+
+
+def verify_artifact_download_token(
+    token: str, artifact_version_id: UUID
+) -> None:
+    """Verify a JWT token for artifact download.
+
+    Args:
+        token: The JWT token to verify.
+        artifact_version_id: The ID of the artifact version to download.
+
+    Raises:
+        CredentialsNotValid: If the token is invalid or the artifact version
+            ID does not match.
+    """
+    import jwt
+
+    config = server_config()
+    try:
+        claims = jwt.decode(
+            token,
+            config.jwt_secret_key,
+            algorithms=[config.jwt_token_algorithm],
+        )
+    except jwt.PyJWTError as e:
+        raise CredentialsNotValid(f"Invalid JWT token: {e}") from e
+
+    if claims["artifact_version_id"] != str(artifact_version_id):
+        raise CredentialsNotValid("Invalid artifact version ID")
+
+
 def http_authentication(
     credentials: HTTPBasicCredentials = Depends(HTTPBasic()),
 ) -> AuthContext:

zenml/zen_server/cloud_utils.py

@@ -7,7 +7,10 @@ import requests
 from requests.adapters import HTTPAdapter, Retry
 
 from zenml.config.server_config import ServerProConfiguration
-from zenml.exceptions import SubscriptionUpgradeRequiredError
+from zenml.exceptions import (
+    IllegalOperationError,
+    SubscriptionUpgradeRequiredError,
+)
 from zenml.utils.time_utils import utc_now
 from zenml.zen_server.utils import get_zenml_headers, server_config
 
@@ -43,6 +46,7 @@ class ZenMLCloudConnection:
         Raises:
             SubscriptionUpgradeRequiredError: If the current subscription tier
                 is insufficient for the attempted operation.
+            IllegalOperationError: If the request failed with a 403 status code.
             RuntimeError: If the request failed.
 
         Returns:
@@ -65,6 +69,8 @@ class ZenMLCloudConnection:
         except requests.HTTPError as e:
             if response.status_code == 402:
                 raise SubscriptionUpgradeRequiredError(response.json())
+            elif response.status_code == 403:
+                raise IllegalOperationError(response.json())
             else:
                 raise RuntimeError(
                     f"Failed while trying to contact the central zenml pro "

zenml/zen_server/download_utils.py

@@ -0,0 +1,126 @@
+#  Copyright (c) ZenML GmbH 2025. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at:
+#
+#       https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+#  or implied. See the License for the specific language governing
+#  permissions and limitations under the License.
+"""Utility functions for downloading artifacts."""
+
+import os
+import tarfile
+import tempfile
+from typing import (
+    TYPE_CHECKING,
+    Optional,
+)
+
+from zenml.artifacts.utils import _load_artifact_store
+from zenml.exceptions import (
+    IllegalOperationError,
+)
+from zenml.models import (
+    ArtifactVersionResponse,
+)
+from zenml.zen_server.utils import server_config, zen_store
+
+if TYPE_CHECKING:
+    from zenml.artifact_stores.base_artifact_store import BaseArtifactStore
+
+
+def verify_artifact_is_downloadable(
+    artifact: "ArtifactVersionResponse",
+) -> "BaseArtifactStore":
+    """Verify that the given artifact is downloadable.
+
+    Args:
+        artifact: The artifact to verify.
+
+    Raises:
+        IllegalOperationError: If the artifact is too large to be archived.
+        KeyError: If the artifact store is not found or the artifact URI does
+            not exist.
+
+    Returns:
+        The artifact store.
+    """
+    if not artifact.artifact_store_id:
+        raise KeyError(
+            f"Artifact '{artifact.id}' cannot be downloaded because the "
+            "underlying artifact store was deleted."
+        )
+
+    artifact_store = _load_artifact_store(
+        artifact_store_id=artifact.artifact_store_id, zen_store=zen_store()
+    )
+
+    if not artifact_store.exists(artifact.uri):
+        raise KeyError(f"The artifact URI '{artifact.uri}' does not exist.")
+
+    size = artifact_store.size(artifact.uri)
+    max_download_size = server_config().file_download_size_limit
+
+    if size and size > max_download_size:
+        raise IllegalOperationError(
+            f"The artifact '{artifact.id}' is too large to be downloaded. "
+            f"The maximum download size allowed by your ZenML server is "
+            f"{max_download_size} bytes."
+        )
+
+    return artifact_store
+
+
+def create_artifact_archive(
+    artifact: "ArtifactVersionResponse",
+    archive_path: Optional[str] = None,
+) -> str:
+    """Create an archive of the given artifact.
+
+    Args:
+        artifact: The artifact to archive.
+        archive_path: The path to which to save the archive.
+
+    Returns:
+        The path to the created archive.
+    """
+    if archive_path is None:
+        archive_path = tempfile.mktemp()
+
+    artifact_store = verify_artifact_is_downloadable(artifact)
+
+    def _prepare_tarinfo(path: str) -> tarfile.TarInfo:
+        archive_path = os.path.relpath(path, artifact.uri)
+        tarinfo = tarfile.TarInfo(name=archive_path)
+        if size := artifact_store.size(path):
+            tarinfo.size = size
+        return tarinfo
+
+    with tarfile.open(name=archive_path, mode="w:gz") as tar:
+        if artifact_store.isdir(artifact.uri):
+            for dir, _, files in artifact_store.walk(artifact.uri):
+                dir = dir.decode() if isinstance(dir, bytes) else dir
+                dir_info = tarfile.TarInfo(
+                    name=os.path.relpath(dir, artifact.uri)
+                )
+                dir_info.type = tarfile.DIRTYPE
+                dir_info.mode = 0o755
+                tar.addfile(dir_info)
+
+                for file in files:
+                    file = file.decode() if isinstance(file, bytes) else file
+                    path = os.path.join(dir, file)
+                    tarinfo = _prepare_tarinfo(path)
+                    with artifact_store.open(path, "rb") as f:
+                        tar.addfile(tarinfo, fileobj=f)
+        else:
+            tarinfo = _prepare_tarinfo(artifact.uri)
+            with artifact_store.open(artifact.uri, "rb") as f:
+                tar.addfile(tarinfo, fileobj=f)
+
+    return archive_path

zenml/zen_server/rbac/rbac_interface.py

@@ -14,7 +14,7 @@
 """RBAC interface definition."""
 
 from abc import ABC, abstractmethod
-from typing import TYPE_CHECKING, Dict, List, Set, Tuple
+from typing import TYPE_CHECKING, Dict, List, Optional, Set, Tuple
 
 from zenml.zen_server.rbac.models import Action, Resource
 
@@ -63,15 +63,22 @@ class RBACInterface(ABC):
 
     @abstractmethod
     def update_resource_membership(
-        self, user: "UserResponse", resource: Resource, actions: List[Action]
+        self,
+        sharing_user: "UserResponse",
+        resource: Resource,
+        actions: List[Action],
+        user_id: Optional[str] = None,
+        team_id: Optional[str] = None,
     ) -> None:
         """Update the resource membership of a user.
 
         Args:
-            user: User for which the resource membership should be updated.
+            sharing_user: User that is sharing the resource.
             resource: The resource.
             actions: The actions that the user should be able to perform on the
                 resource.
+            user_id: ID of the user for which to update the membership.
+            team_id: ID of the team for which to update the membership.
         """
 
     @abstractmethod

zenml/zen_server/rbac/utils.py

@@ -688,21 +688,31 @@ def get_schema_for_resource_type(
 
 
 def update_resource_membership(
-    user: UserResponse, resource: Resource, actions: List[Action]
+    sharing_user: "UserResponse",
+    resource: Resource,
+    actions: List[Action],
+    user_id: Optional[str] = None,
+    team_id: Optional[str] = None,
 ) -> None:
     """Update the resource membership of a user.
 
     Args:
-        user: User for which the resource membership should be updated.
+        sharing_user: User that is sharing the resource.
         resource: The resource.
         actions: The actions that the user should be able to perform on the
             resource.
+        user_id: ID of the user for which to update the membership.
+        team_id: ID of the team for which to update the membership.
     """
     if not server_config().rbac_enabled:
         return
 
     rbac().update_resource_membership(
-        user=user, resource=resource, actions=actions
+        sharing_user=sharing_user,
+        resource=resource,
+        actions=actions,
+        user_id=user_id,
+        team_id=team_id,
     )
 
 

zenml/zen_server/rbac/zenml_cloud_rbac.py

@@ -13,7 +13,7 @@
 #  permissions and limitations under the License.
 """Cloud RBAC implementation."""
 
-from typing import TYPE_CHECKING, Dict, List, Set, Tuple
+from typing import TYPE_CHECKING, Dict, List, Optional, Set, Tuple
 
 from zenml.zen_server.cloud_utils import cloud_connection
 from zenml.zen_server.rbac.models import Action, Resource
@@ -117,22 +117,28 @@ class ZenMLCloudRBAC(RBACInterface):
         return full_resource_access, allowed_ids
 
     def update_resource_membership(
-        self, user: "UserResponse", resource: Resource, actions: List[Action]
+        self,
+        sharing_user: "UserResponse",
+        resource: Resource,
+        actions: List[Action],
+        user_id: Optional[str] = None,
+        team_id: Optional[str] = None,
     ) -> None:
         """Update the resource membership of a user.
 
         Args:
-            user: User for which the resource membership should be updated.
+            sharing_user: User that is sharing the resource.
             resource: The resource.
             actions: The actions that the user should be able to perform on the
                 resource.
+            user_id: ID of the user for which to update the membership.
+            team_id: ID of the team for which to update the membership.
         """
-        if user.is_service_account:
-            # Service accounts have full permissions for now
-            return
-
+        assert sharing_user.external_user_id
         data = {
-            "user_id": str(user.external_user_id),
+            "user_id": user_id,
+            "team_id": team_id,
+            "sharing_user_id": str(sharing_user.external_user_id),
             "resource": str(resource),
             "actions": [str(action) for action in actions],
         }

zenml/zen_server/routers/artifact_version_endpoints.py

@@ -13,13 +13,26 @@
 #  permissions and limitations under the License.
 """Endpoint definitions for artifact versions."""
 
+import os
 from typing import List, Union
 from uuid import UUID
 
 from fastapi import APIRouter, Depends, Security
+from fastapi.responses import FileResponse
+from starlette.background import BackgroundTask
 
-from zenml.artifacts.utils import load_artifact_visualization
-from zenml.constants import API, ARTIFACT_VERSIONS, BATCH, VERSION_1, VISUALIZE
+from zenml.artifacts.utils import (
+    load_artifact_visualization,
+)
+from zenml.constants import (
+    API,
+    ARTIFACT_VERSIONS,
+    BATCH,
+    DATA,
+    DOWNLOAD_TOKEN,
+    VERSION_1,
+    VISUALIZE,
+)
 from zenml.models import (
     ArtifactVersionFilter,
     ArtifactVersionRequest,
@@ -28,7 +41,16 @@ from zenml.models import (
     LoadedVisualization,
     Page,
 )
-from zenml.zen_server.auth import AuthContext, authorize
+from zenml.zen_server.auth import (
+    AuthContext,
+    authorize,
+    generate_artifact_download_token,
+    verify_artifact_download_token,
+)
+from zenml.zen_server.download_utils import (
+    create_artifact_archive,
+    verify_artifact_is_downloadable,
+)
 from zenml.zen_server.exceptions import error_response
 from zenml.zen_server.rbac.endpoint_utils import (
     verify_permissions_and_batch_create_entity,
@@ -275,3 +297,64 @@ def get_artifact_visualization(
     return load_artifact_visualization(
         artifact=artifact, index=index, zen_store=store, encode_image=True
     )
+
+
+@artifact_version_router.get(
+    "/{artifact_version_id}" + DOWNLOAD_TOKEN,
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def get_artifact_download_token(
+    artifact_version_id: UUID,
+    _: AuthContext = Security(authorize),
+) -> str:
+    """Get a download token for the artifact data.
+
+    Args:
+        artifact_version_id: ID of the artifact version for which to get the data.
+
+    Returns:
+        The download token for the artifact data.
+    """
+    artifact = verify_permissions_and_get_entity(
+        id=artifact_version_id, get_method=zen_store().get_artifact_version
+    )
+    verify_artifact_is_downloadable(artifact)
+
+    # The artifact download is handled in a separate tab by the browser. In this
+    # tab, we do not have the ability to set any headers and therefore cannot
+    # include the CSRF token in the request. To handle this, we instead generate
+    # a JWT token in this endpoint (which includes CSRF and RBAC checks) and
+    # then use that token to download the artifact data in a separate endpoint
+    # which only verifies this short-lived token.
+    return generate_artifact_download_token(artifact_version_id)
+
+
+@artifact_version_router.get(
+    "/{artifact_version_id}" + DATA,
+    responses={401: error_response, 404: error_response, 422: error_response},
+)
+@handle_exceptions
+def download_artifact_data(
+    artifact_version_id: UUID, token: str
+) -> FileResponse:
+    """Download the artifact data.
+
+    Args:
+        artifact_version_id: ID of the artifact version for which to get the data.
+        token: The token to authenticate the artifact download.
+
+    Returns:
+        The artifact data.
+    """
+    verify_artifact_download_token(token, artifact_version_id)
+
+    artifact = zen_store().get_artifact_version(artifact_version_id)
+    archive_path = create_artifact_archive(artifact)
+
+    return FileResponse(
+        archive_path,
+        media_type="application/gzip",
+        filename=f"{artifact.name}-{artifact.version}.tar.gz",
+        background=BackgroundTask(os.remove, archive_path),
+    )

zenml/zen_server/routers/users_endpoints.py

@@ -698,7 +698,7 @@ if server_config().auth_scheme != AuthScheme.EXTERNAL:
 if server_config().rbac_enabled:
 
     @router.post(
-        "/{user_name_or_id}/resource_membership",
+        "/resource_membership",
         responses={
             401: error_response,
             404: error_response,
@@ -707,16 +707,16 @@ if server_config().rbac_enabled:
     )
     @handle_exceptions
     def update_user_resource_membership(
-        user_name_or_id: Union[str, UUID],
         resource_type: str,
         resource_id: UUID,
         actions: List[str],
+        user_id: Optional[str] = None,
+        team_id: Optional[str] = None,
         auth_context: AuthContext = Security(authorize),
     ) -> None:
         """Updates resource memberships of a user.
 
         Args:
-            user_name_or_id: Name or ID of the user.
             resource_type: Type of the resource for which to update the
                 membership.
             resource_id: ID of the resource for which to update the membership.
@@ -724,16 +724,19 @@ if server_config().rbac_enabled:
                 the resource. If the user currently has permissions to perform
                 actions which are not passed in this list, the permissions will
                 be removed.
+            user_id: ID of the user for which to update the membership.
+            team_id: ID of the team for which to update the membership.
             auth_context: Authentication context.
 
         Raises:
             ValueError: If a user tries to update their own membership.
             KeyError: If no resource with the given type and ID exists.
         """
-        user = zen_store().get_user(user_name_or_id)
-        # verify_permission_for_model(user, action=Action.READ)
-
-        if user.id == auth_context.user.id:
+        if (
+            user_id
+            and auth_context.user.external_user_id
+            and user_id == str(auth_context.user.external_user_id)
+        ):
             raise ValueError(
                 "Not allowed to call endpoint with the authenticated user."
             )
@@ -765,7 +768,9 @@ if server_config().rbac_enabled:
             verify_permission_for_model(model=model, action=Action(action))
 
         update_resource_membership(
-            user=user,
+            sharing_user=auth_context.user,
             resource=resource,
             actions=[Action(action) for action in actions],
+            user_id=user_id,
+            team_id=team_id,
         )

zenml/zen_server/template_execution/utils.py

@@ -411,14 +411,14 @@ def deployment_request_from_template(
         if unknown_parameters:
             raise ValueError(
                 "Run configuration contains the following unknown "
-                f"parameters for step {step.config.name}: {unknown_parameters}."
+                f"parameters for step {invocation_id}: {unknown_parameters}."
             )
 
         missing_parameters = required_parameters - configured_parameters
         if missing_parameters:
             raise ValueError(
                 "Run configuration is missing the following required "
-                f"parameters for step {step.config.name}: {missing_parameters}."
+                f"parameters for step {invocation_id}: {missing_parameters}."
             )
 
         step_config = StepConfiguration.model_validate(step_config_dict)

zenml/zen_stores/migrations/versions/ff538a321a92_migrate_onboarding_state.py

@@ -0,0 +1,123 @@
+"""Migrate onboarding state [ff538a321a92].
+
+Revision ID: ff538a321a92
+Revises: 0.80.2
+Create Date: 2025-04-11 09:30:03.324310
+
+"""
+
+import json
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "ff538a321a92"
+down_revision = "0.80.2"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    """Upgrade database schema and/or data, creating a new revision."""
+    with op.batch_alter_table("server_settings", schema=None) as batch_op:
+        batch_op.alter_column(
+            "onboarding_state",
+            existing_type=sa.VARCHAR(),
+            type_=sa.TEXT(),
+            existing_nullable=True,
+        )
+
+    connection = op.get_bind()
+
+    meta = sa.MetaData()
+    meta.reflect(only=("server_settings",), bind=connection)
+
+    server_settings_table = sa.Table("server_settings", meta)
+
+    existing_onboarding_state = connection.execute(
+        sa.select(server_settings_table.c.onboarding_state)
+    ).scalar_one_or_none()
+
+    if not existing_onboarding_state:
+        return
+
+    state = json.loads(existing_onboarding_state)
+
+    meta = sa.MetaData()
+    meta.reflect(
+        only=(
+            "pipeline_run",
+            "stack_component",
+            "stack",
+            "stack_composition",
+            "pipeline_deployment",
+        ),
+        bind=connection,
+    )
+
+    pipeline_run_table = sa.Table("pipeline_run", meta)
+    stack_component_table = sa.Table("stack_component", meta)
+    stack_table = sa.Table("stack", meta)
+    stack_composition_table = sa.Table("stack_composition", meta)
+    pipeline_deployment_table = sa.Table("pipeline_deployment", meta)
+
+    stack_with_remote_artifact_store_count = connection.execute(
+        sa.select(sa.func.count(stack_table.c.id))
+        .where(stack_composition_table.c.stack_id == stack_table.c.id)
+        .where(
+            stack_composition_table.c.component_id
+            == stack_component_table.c.id
+        )
+        .where(stack_component_table.c.flavor != "local")
+        .where(stack_component_table.c.type == "artifact_store")
+    ).scalar()
+    if (
+        stack_with_remote_artifact_store_count
+        and stack_with_remote_artifact_store_count > 0
+    ):
+        state.append("stack_with_remote_artifact_store_created")
+
+    pipeline_run_with_remote_artifact_store_count = connection.execute(
+        sa.select(sa.func.count(pipeline_run_table.c.id))
+        .where(
+            pipeline_run_table.c.deployment_id
+            == pipeline_deployment_table.c.id
+        )
+        .where(pipeline_deployment_table.c.stack_id == stack_table.c.id)
+        .where(stack_composition_table.c.stack_id == stack_table.c.id)
+        .where(
+            stack_composition_table.c.component_id
+            == stack_component_table.c.id
+        )
+        .where(stack_component_table.c.flavor != "local")
+        .where(stack_component_table.c.type == "artifact_store")
+    ).scalar()
+    if (
+        pipeline_run_with_remote_artifact_store_count
+        and pipeline_run_with_remote_artifact_store_count > 0
+    ):
+        state.append("pipeline_run_with_remote_artifact_store")
+        state.append("production_setup_completed")
+
+    # Remove duplicate keys
+    state = list(set(state))
+
+    connection.execute(
+        sa.update(server_settings_table).values(
+            onboarding_state=json.dumps(state)
+        )
+    )
+
+
+def downgrade() -> None:
+    """Downgrade database schema and/or data back to the previous revision."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("server_settings", schema=None) as batch_op:
+        batch_op.alter_column(
+            "onboarding_state",
+            existing_type=sa.TEXT(),
+            type_=sa.VARCHAR(),
+            existing_nullable=True,
+        )
+    # ### end Alembic commands ###

zenml/zen_stores/schemas/server_settings_schemas.py

@@ -18,6 +18,7 @@ from datetime import datetime
 from typing import Any, Optional, Set
 from uuid import UUID
 
+from sqlalchemy import TEXT, Column
 from sqlmodel import Field, SQLModel
 
 from zenml.models import (
@@ -42,7 +43,9 @@ class ServerSettingsSchema(SQLModel, table=True):
     enable_analytics: bool = Field(default=False)
     display_announcements: Optional[bool] = Field(nullable=True)
     display_updates: Optional[bool] = Field(nullable=True)
-    onboarding_state: Optional[str] = Field(nullable=True)
+    onboarding_state: Optional[str] = Field(
+        sa_column=Column(TEXT, nullable=True)
+    )
     last_user_activity: datetime = Field(default_factory=utc_now)
     updated: datetime = Field(default_factory=utc_now)
 

{zenml_nightly-0.80.2.dev20250414.dist-info → zenml_nightly-0.80.2.dev20250415.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: zenml-nightly
-Version: 0.80.2.dev20250414
+Version: 0.80.2.dev20250415
 Summary: ZenML: Write production-ready ML code.
 License: Apache-2.0
 Keywords: machine learning,production,pipeline,mlops,devops

{zenml_nightly-0.80.2.dev20250414.dist-info → zenml_nightly-0.80.2.dev20250415.dist-info}/RECORD

@@ -1,5 +1,5 @@
 zenml/README.md,sha256=827dekbOWAs1BpW7VF1a4d7EbwPbjwccX-2zdXBENZo,1777
-zenml/VERSION,sha256=-znhXr-geHTEJvYv6JS7hVfvU3lMKgRzfVE1e7Sn5v4,19
+zenml/VERSION,sha256=aDZfR_uYsDKOeb5E9YyMbuM_1askN25eU7qAjXmYltU,19
 zenml/__init__.py,sha256=CKEyepFK-7akXYiMrNVh92Nb01Cjs23w4_YyI6sgdc8,2242
 zenml/actions/__init__.py,sha256=mrt6wPo73iKRxK754_NqsGyJ3buW7RnVeIGXr1xEw8Y,681
 zenml/actions/base_action.py,sha256=UcaHev6BTuLDwuswnyaPjdA8AgUqB5xPZ-lRtuvf2FU,25553
@@ -25,7 +25,7 @@ zenml/artifacts/external_artifact.py,sha256=7nLANV0vsGC36H1s_B_awX4hnZgXHCGIscQ2
 zenml/artifacts/external_artifact_config.py,sha256=P172p0JOu8Xx1F8RCQut1dnRpt5lpWXGNqMbY-V90sI,3323
 zenml/artifacts/preexisting_data_materializer.py,sha256=dcahDcHUD3Lvn0-6zE2BG84bkyo_ydAgzBWxtbyJJZQ,3325
 zenml/artifacts/unmaterialized_artifact.py,sha256=JNPKq_sNifQx5wP8jEw7TGBEi26zwKirPGlWX9uxbJI,1300
-zenml/artifacts/utils.py,sha256=yAtKLzbVrd9de82oVL3utifpk0ixz14RvPnUeh1QsMc,35233
+zenml/artifacts/utils.py,sha256=G7V0L3Pii1b3eKznhCfGt7CJzBuhHoYwQr8Jx5VSLAI,35255
 zenml/cli/__init__.py,sha256=nxq4ifwLV5qT7Qghb42h02XUOcOihBkZp2xBqgiykM8,75670
 zenml/cli/annotator.py,sha256=JRR7_TJOWKyiKGv1kwSjG1Ay6RBWPVgm0X-D0uSBlyE,6976
 zenml/cli/artifact.py,sha256=7lsAS52DroBTFkFWxkyb-lIDOGP5jPL_Se_RDG_2jgg,9564
@@ -77,7 +77,7 @@ zenml/config/retry_config.py,sha256=4UH1xqw0G6fSEbXSNKfmiFEkwadxQef9BGMe3JBm6NI,
 zenml/config/schedule.py,sha256=qtMWa-mEo7jIKvDzQUstMwe57gdbvyWAQ7ggsoddbCA,5349
 zenml/config/secret_reference_mixin.py,sha256=YvY68MTd1gE23IVprf0BLkNn62hoxcvb5nqGgc8jMkU,5871
 zenml/config/secrets_store_config.py,sha256=y05zqyQhr_DGrs3IfBGa_FRoZ043hSYRT5wzrx-zHTU,2818
-zenml/config/server_config.py,sha256=x95kLkAMVb06NrF-Zu3PtNz96RvF1arhtcN7hiKDVOA,31186
+zenml/config/server_config.py,sha256=Kns2ul12Zt4Y4ByKDJ4tgBrmUMvSrnxrc3bXRr5iQnw,31487
 zenml/config/settings_resolver.py,sha256=PR9BRm_x1dy7nVKa9UqpeFdck8IEATSW6aWT8FKd-DI,4278
 zenml/config/source.py,sha256=RzUw8lin8QztUjz-AdoCzVM5Om_cSSPuroaPx-qAO4w,8226
 zenml/config/step_configurations.py,sha256=mngjobhHRj88f3klMdz6iw2mOj9wzYUPIV8Rp_2hV3g,10433
@@ -85,7 +85,7 @@ zenml/config/step_run_info.py,sha256=KiVRSTtKmZ1GbvseDTap2imr7XwMHD3jSFVpyLNEK1I
 zenml/config/store_config.py,sha256=Cla5p5dTB6nNlo8_OZDs9hod5hspi64vxwtZj882XgU,3559
 zenml/config/strict_base_model.py,sha256=iHnO9qOmLUP_eiy9IjRr3JjIs1l1I_CsRQ76EyAneYU,860
 zenml/console.py,sha256=hj_KerPQKwnyKACj0ehSqUQX0mGVCJBKE1QvCt6ik3A,1160
-zenml/constants.py,sha256=998CPa9_XWM00TVjyAVADnLuBYc8EgI0MVQE2URyVvg,16068
+zenml/constants.py,sha256=8_tNwBZkajdKjE9jttomUSLuQCsFGNTuYIsA1M7AkCA,16200
 zenml/container_registries/__init__.py,sha256=ZSPbBIOnzhg88kQSpYgKe_POLuru14m629665-kAVAA,2200
 zenml/container_registries/azure_container_registry.py,sha256=t1sfDa94Vzbyqtb1iPFNutJ2EXV5_p9CUNITasoiQ70,2667
 zenml/container_registries/base_container_registry.py,sha256=6c2e32wuqxYHJXm5OV2LY1MtX9yopB7WZtes9fmTAz0,7625
@@ -335,11 +335,11 @@ zenml/integrations/kubeflow/orchestrators/local_deployment_utils.py,sha256=qszoO
 zenml/integrations/kubernetes/__init__.py,sha256=k1bfrdI1u5RBnAh7yT4w-m-4SWgZ7b4L5uu7dPRc0SI,1809
 zenml/integrations/kubernetes/flavors/__init__.py,sha256=a5gU45qCj3FkLwl_uVjlIkL_2F5DHk-w1gdcZrvVjBI,1266
 zenml/integrations/kubernetes/flavors/kubernetes_orchestrator_flavor.py,sha256=VOfb5yOXGpQ8gcKP0nt4bYO48LqG8ZjzGhpw8XGXAzk,9253
-zenml/integrations/kubernetes/flavors/kubernetes_step_operator_flavor.py,sha256=ILN-H4cl7z3i4ltb4UBs55wbtIo871b4ib28pYkQoyQ,5605
+zenml/integrations/kubernetes/flavors/kubernetes_step_operator_flavor.py,sha256=xFO7cSusji-mgbRrt4mU29gdyC9iEjEHKtomdFLp9mM,6265
 zenml/integrations/kubernetes/orchestrators/__init__.py,sha256=TJID3OTieZBox36WpQpzD0jdVRA_aZVcs_bNtfXS8ik,811
-zenml/integrations/kubernetes/orchestrators/kube_utils.py,sha256=MRLfLETrM4dTtxl4a3tU5FcIso6Gz2V5R0QWbCKl3GA,14860
-zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator.py,sha256=DaiJDiZlsypvXwBzzaq4CsHOyoHNiF1TM9sF-TR3ViI,25041
-zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator_entrypoint.py,sha256=CFB4TRZHizbvnXTdR2Xzu-j9DwCUOWK7BUJAlorrmG8,13450
+zenml/integrations/kubernetes/orchestrators/kube_utils.py,sha256=oU0EYP-x35oG7PAy7NZKeFA8_89Eckgq6hibwc9v5l0,18108
+zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator.py,sha256=v4LY2v81cWX9z-fwbSctjR1yZi8vkUckjj7TIrAqxps,25597
+zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator_entrypoint.py,sha256=Wm_qw9oeCrJXAabTVmhpJeDWG2Jcmc2PZ8lZW68ScdI,11573
 zenml/integrations/kubernetes/orchestrators/kubernetes_orchestrator_entrypoint_configuration.py,sha256=KjHfQK9VQEQkkkM2i9w51AzqolgIU01M5dgb2YGamvY,2754
 zenml/integrations/kubernetes/orchestrators/manifest_utils.py,sha256=Owyuz5Iix-QvCnKObC6xhcuQtNG_ik-8Vbdmk13eWfc,12557
 zenml/integrations/kubernetes/pod_settings.py,sha256=fP2NeHf1XxT__D4g_6oHQf8pkiiamFUFYmfNor2OoP8,6386
@@ -347,7 +347,7 @@ zenml/integrations/kubernetes/serialization_utils.py,sha256=cPSe4szdBLzDnUZT9nQc
 zenml/integrations/kubernetes/service_connectors/__init__.py,sha256=Uf6zlHIapYrRDl3xOPWQ2jA7jt85SXx1U7DmSxzxTvQ,818
 zenml/integrations/kubernetes/service_connectors/kubernetes_service_connector.py,sha256=Cv4tiVxoQOz9ex0lf3JdJrooEkgMwfDfwt5GOeNRpQU,19669
 zenml/integrations/kubernetes/step_operators/__init__.py,sha256=40utDPYAezxHsFgO0UUIT_6XpCDzDapje6OH951XsTs,806
-zenml/integrations/kubernetes/step_operators/kubernetes_step_operator.py,sha256=3d3_gkn1LeAwiZ3XZlhKSd3Cqs3LOL38DNpTGx9qu30,8320
+zenml/integrations/kubernetes/step_operators/kubernetes_step_operator.py,sha256=m8bSHskP-wS77tt1DEBoKt11pV4L6OtN0QN1AZ5Tp1g,8859
 zenml/integrations/label_studio/__init__.py,sha256=sF2c9FxTDRlbcu95OxaUNKNtIhC1LgfmBRKY4jBME38,1475
 zenml/integrations/label_studio/annotators/__init__.py,sha256=YtOtSfS1_NBoLoXIygEerElBP1-B98UU0HOAEfzdRY0,821
 zenml/integrations/label_studio/annotators/label_studio_annotator.py,sha256=VkuW4zsZhHz8__P9WTTLRTF-FOmoYB-_cFqBdu-PUyA,30498
@@ -601,7 +601,7 @@ zenml/materializers/cloudpickle_materializer.py,sha256=x8a6jEMTky6N2YVHiwrnGWSfV
 zenml/materializers/materializer_registry.py,sha256=ic-aWhJ2Ex9F_rml2dDVAxhRfW3nd71QMxzfTPP6BIM,4002
 zenml/materializers/numpy_materializer.py,sha256=OLcHF9Z0tAqQ_U8TraA0vGmZjHoT7eT_XevncIutt0M,1715
 zenml/materializers/pandas_materializer.py,sha256=c4B-ly04504gysA66iCYcmEdeh0ClePRTxRCkmHqIgE,1725
-zenml/materializers/path_materializer.py,sha256=L6XwjRXz9Sgiy8t7PhOKiG3l3ILMeLT2reB-yWZZqb0,4669
+zenml/materializers/path_materializer.py,sha256=kY37mVwlfQndp3M7--g81dRt2qT81MJ1aURnl4uX29I,5422
 zenml/materializers/pydantic_materializer.py,sha256=eDp3eOR-X7FOHlpwALOJtVUtJti75Dsa7r0lzSjeQ-Q,2271
 zenml/materializers/service_materializer.py,sha256=OV5HFUuIc8UF8vE5y_FTWn4_mpCz0AtJPnNA2YFAjZE,2992
 zenml/materializers/structured_string_materializer.py,sha256=8LIvSH3JQn_QRAWGXK5_NhPQ4NgCt5zzz6f8GnGG9q4,4442
@@ -776,7 +776,7 @@ zenml/utils/filesync_model.py,sha256=9ibsIr2HJfkEQ41upQd4uJ79ZhzB0MHS85GOGOAQ19Y
 zenml/utils/function_utils.py,sha256=bznRrCrQIJ3Joc-QQ8ynDyn9AvyIcR61bzLnaXQV3tc,8109
 zenml/utils/git_utils.py,sha256=O2f6PUpDuMQrcmkcGXIhbJQpTzLM7p8PyiKWjcIuWqM,1831
 zenml/utils/integration_utils.py,sha256=jQVTnOjB9AQUerU7UiIXtDfcHnUrkMJDJKx5JZaPTAQ,1186
-zenml/utils/io_utils.py,sha256=fogsvnCODy-aAia7GLZiKL_Ts9J_KJEXzSKN_ukcmXo,6728
+zenml/utils/io_utils.py,sha256=S-5dpeOCgEMV7R5y2gZxuWdAwRBunx9sBZi_WwY13Hw,7728
 zenml/utils/json_utils.py,sha256=mzZnzq5TAjZQLRPOHjRqAUTHqMfw5-lNptWSvrBICic,3668
 zenml/utils/materializer_utils.py,sha256=DNlO113FXjZ0Y67KpvDB5NiWen1tRZ0E-A_vTjE-BME,1815
 zenml/utils/metadata_utils.py,sha256=aLDLW25RKzS_uQCjfMKpqbUi4YRd85ioCPfRKsgnADc,11723
@@ -803,9 +803,9 @@ zenml/utils/uuid_utils.py,sha256=aOGQ2SdREexcVQICPU2jUAgjvAJxTmh4ESdM52PEhck,204
 zenml/utils/visualization_utils.py,sha256=ZGAnmE4s_rBSyz2FBu9FOIu054blfXuxLEz8wWqv-3s,4739
 zenml/utils/yaml_utils.py,sha256=747M_BTf3lcHFgJDF8RJxnnGIbCU8e9YxBBMmoQ5O_U,5834
 zenml/zen_server/__init__.py,sha256=WyltI9TzFW2mEHZVOs6alLWMCQrrZaFALtrQXs83STA,1355
-zenml/zen_server/auth.py,sha256=xr9OI0AMHo7Y7nIBO7Tg_xj0GvW8wT-XYJ1Kd2iLj78,39249
+zenml/zen_server/auth.py,sha256=DxDEifWvV-mGWgyavTv6In0rypreh0qmxRLXsRLQ5oI,40646
 zenml/zen_server/cache.py,sha256=Tc4TSugmsU1bhThxlYfE8rv0KmltIX1CcVHgzrJ0Eus,6633
-zenml/zen_server/cloud_utils.py,sha256=2gSGSf-0zKX9m2sWCuRCbXfWgr-mjnjnrS8B-EM3JSc,9083
+zenml/zen_server/cloud_utils.py,sha256=nHCJjO4jRaiZiVIMbN339xG5_uLKzkRPk-FoId0hhx8,9307
 zenml/zen_server/csrf.py,sha256=Jsbi_IKriWCOuquSYTOEWqSXiGORJATIhR5Wrkm4XzQ,2684
 zenml/zen_server/dashboard/assets/404-CYPi9d8E.js,sha256=2zavfhLSXLfKcj5vrItcAWat8SxQ2iGByKTuA5KOQE8,1033
 zenml/zen_server/dashboard/assets/@radix-C7hRs6Kx.js,sha256=cNA9UX8LGrKUQubGrls3E3Wq1fCrlK51W14yh22FE_U,296700
@@ -1010,6 +1010,7 @@ zenml/zen_server/deploy/docker/__init__.py,sha256=lNGI-Pl3PVMqR4BVajZXwe3moVNXPx
 zenml/zen_server/deploy/docker/docker_provider.py,sha256=18pNpxvP8xqbxS_KxvYTEIuad8Ky5mVtk5TaKVVrzcY,8371
 zenml/zen_server/deploy/docker/docker_zen_server.py,sha256=83-bjRmtlE-WDCavbvL9uTXOn5fMJ4yPDDb2ewSr4Do,7480
 zenml/zen_server/deploy/exceptions.py,sha256=tX0GNnLB_GMkeN7zGNlJRwtlrpZ5Slvyj_unVYVmGxk,1396
+zenml/zen_server/download_utils.py,sha256=zh6Hrs1E3BbzVwyvTpZyOLrZfkqCAxLm8wDcDpXFEIE,4203
 zenml/zen_server/exceptions.py,sha256=H4F9SbbwCiVLnJTdzpWN016Knt6zvoOVmOWxTgXEAsA,9686
 zenml/zen_server/feature_gate/__init__.py,sha256=yabe4fBY6NSusn-QlKQDLOvXVLERNpcAQgigsyWQIbQ,612
 zenml/zen_server/feature_gate/endpoint_utils.py,sha256=o6sBVlqqlc9KokMaEsRTYeMra7f2a6kCt3FrB-oHhCw,2227
@@ -1020,14 +1021,14 @@ zenml/zen_server/rate_limit.py,sha256=rOg5H_6rOGQ_qiSCtMKPREmL1LL3bZyn4czKILtImJ
 zenml/zen_server/rbac/__init__.py,sha256=nACbn_G7nZt_AWM3zeFL0FCmELvQnvaOFMwvTG3-6ZE,637
 zenml/zen_server/rbac/endpoint_utils.py,sha256=l6V6DwsPGmT6dLJmY4MHMRfRXdc0lZVibD-Aea5UAHc,11604
 zenml/zen_server/rbac/models.py,sha256=Xhz0XqmVqg3ji9uTwjlhQ4IuQ2ivrT4gVdHi5ZkjFC4,4933
-zenml/zen_server/rbac/rbac_interface.py,sha256=APsP5qd8iT3pg6lvvuDDyWkifnXHSg2sbgNfuV8wlg0,3181
+zenml/zen_server/rbac/rbac_interface.py,sha256=VPMNnUIPcqJWDngITX6cfaPlM6zJwzCApXAnT_oaxSQ,3431
 zenml/zen_server/rbac/rbac_sql_zen_store.py,sha256=djGycBkciChk48q8oL7mHM0c-cHJM-S7inv5f3gcDgg,5942
-zenml/zen_server/rbac/utils.py,sha256=FBaduqwErT9gDqwKOjN9zvtBdWm7dkrArGyBS0uUjIY,24036
-zenml/zen_server/rbac/zenml_cloud_rbac.py,sha256=mDI6eeTksKvOi3lgwyMgEMTgUHP0OJ8GjSUFqnqqcy8,5797
+zenml/zen_server/rbac/utils.py,sha256=8hBvCGWnz517hL5gn53dcjcrKePE2OGqZV_ojJ8XZEw,24329
+zenml/zen_server/rbac/zenml_cloud_rbac.py,sha256=L1Tio4IcNNxNWnVpAqBWYgdVfrqR20ddvdhWAo1i3f4,6055
 zenml/zen_server/routers/__init__.py,sha256=ViyAhWL-ogHxE9wBvB_iMcur5H1NRVrzXkpogVY7FBA,641
 zenml/zen_server/routers/actions_endpoints.py,sha256=MFausi27i5QBB5s4vbjQQTVqFiRlk5jF5lRM6vsRM2o,9422
 zenml/zen_server/routers/artifact_endpoint.py,sha256=huFufMN-hHzBUKqYmn1WeWVaJic1ypvqSpTWFxklUDQ,4976
-zenml/zen_server/routers/artifact_version_endpoints.py,sha256=WkZ3C4kxZXJ6zvUdbqYDR3nNtgOV96r7IZxVFfVkmN8,8784
+zenml/zen_server/routers/artifact_version_endpoints.py,sha256=zda_iINad3VnKcyGgCW2ZveblEzZa5YjwrCAsuEN13s,11254
 zenml/zen_server/routers/auth_endpoints.py,sha256=CZB5ZeuWy1lhP7-O7Be5dGzlr51YUR0Mtf4kMkj96Rw,23634
 zenml/zen_server/routers/code_repositories_endpoints.py,sha256=_D1896lrEgYD516y69iiFrPn5b62MxlrTcmDt1AyqBA,6476
 zenml/zen_server/routers/devices_endpoints.py,sha256=GluKziLikUn_IoflcBwV5wB8ui71STjDsg2Mjgn43MU,10551
@@ -1057,12 +1058,12 @@ zenml/zen_server/routers/steps_endpoints.py,sha256=By-9_VKrJeSo6UUqrggDhGKtrnhxi
 zenml/zen_server/routers/tag_resource_endpoints.py,sha256=AdmbujrwKK6arnSx2VHpJWbZXnlviGlay7LCov4x9Fc,3203
 zenml/zen_server/routers/tags_endpoints.py,sha256=lRjnMaJOdTnooMHoQYIViKfgu32cMq7rI3Lyeaxq4QI,4467
 zenml/zen_server/routers/triggers_endpoints.py,sha256=5fb0EITa3bs--AtKQRQZ5QswHu4pb37OrG5y0OlnGXE,9983
-zenml/zen_server/routers/users_endpoints.py,sha256=b1zZRbVJF8MT3XjwAwj7FJ0scplnQuNT4AzmbCU8PcU,24344
+zenml/zen_server/routers/users_endpoints.py,sha256=2SfqHutGp0OqwYVytx3WeIwF51nZ3f874uCiCc_m_7g,24531
 zenml/zen_server/routers/webhook_endpoints.py,sha256=KOJsuykv_TMjL3oEItpC4OWWP75p-OEvVjRSUBd5Mro,3983
 zenml/zen_server/secure_headers.py,sha256=glh6QujnjyeoH1_FK-tAS-105G-qKS_34AqSzqJ6TRc,4182
 zenml/zen_server/template_execution/__init__.py,sha256=79knXLKfegsvVSVSWecpqrepq6iAavTUA4hKuiDk-WE,613
 zenml/zen_server/template_execution/runner_entrypoint_configuration.py,sha256=Y8aYJhqqs8Kv8I1q-dM1WemS5VBIfyoaaYH_YkzC7iY,1541
-zenml/zen_server/template_execution/utils.py,sha256=r85hjV_W3ToFLjyTwBrf4hJIAGOM2GpvadgIKnuo2U4,17336
+zenml/zen_server/template_execution/utils.py,sha256=qL62UDH4FwXhpLYwGp-VxF3mttOEr8HO8O7utvyHRfM,17330
 zenml/zen_server/template_execution/workload_manager_interface.py,sha256=CL9c7z8ajuZE01DaHmdCDCZmsroDcTarvN-nE8jv6qQ,2590
 zenml/zen_server/utils.py,sha256=Jc2Q4UBaYG2ruHdsN9JmbOWfWU_eWD9wTBBEgcGAbqg,17439
 zenml/zen_server/zen_server_api.py,sha256=ALyv5096frXXRNySegEtsmkDbHLLqHd402bbQI7RnII,17941
@@ -1267,6 +1268,7 @@ zenml/zen_stores/migrations/versions/f3b3964e3a0f_add_oauth_devices.py,sha256=2C
 zenml/zen_stores/migrations/versions/f49904a80aa7_increase_length_of_artifact_table_sources.py,sha256=kLgfDUnQdAb5_SyFx3VKXDLC0YbuBKf9iXRDNeBin7Q,1618
 zenml/zen_stores/migrations/versions/f76a368a25a5_add_stack_description.py,sha256=u8fRomaasFeGhxvM2zU-Ab-AEpVsWm5zRcixxKFXdRw,904
 zenml/zen_stores/migrations/versions/fbd7f18ced1e_increase_step_run_field_lengths.py,sha256=kn-ng5EHe_mmLfffIFbz7T59z-to3oMx8III_4wOsz4,1956
+zenml/zen_stores/migrations/versions/ff538a321a92_migrate_onboarding_state.py,sha256=gsUFLJQ32_o9U35JCVqkqJVVk-zfq3yel25hXhzVFm4,3829
 zenml/zen_stores/rest_zen_store.py,sha256=zo0OnNZuiC8EWR-P9-oz7VdEFYPimnikERtvpEJjEgs,158091
 zenml/zen_stores/schemas/__init__.py,sha256=4EXqExiVyxdnGxhQ_Hz79mOdRuMD0LsGlw0PaP2Ef6o,4333
 zenml/zen_stores/schemas/action_schemas.py,sha256=2OiUiskFSg5qXGxA6AFq71bWzUczxA563LGFokLZmac,6456
@@ -1292,7 +1294,7 @@ zenml/zen_stores/schemas/run_template_schemas.py,sha256=sM3pcegx7qOs5tlwqVnFvc7J
 zenml/zen_stores/schemas/schedule_schema.py,sha256=E9hmq8-PBRHxEH5UYEpD_Oc2cHkNp4FG0sTvhiLZ6D4,7653
 zenml/zen_stores/schemas/schema_utils.py,sha256=Xahifq2fJ5szXCM00ZZ6461Div9Suatzl6sy9hVhPkk,3612
 zenml/zen_stores/schemas/secret_schemas.py,sha256=HrihLSUPJKmWbQHogGmi6e0lYPoQHUGWGRl69sLnZMk,9430
-zenml/zen_stores/schemas/server_settings_schemas.py,sha256=jhvc-WYmKUlHU4SDdPjm1BLbm2D_Rug-rgXuyY4kzeo,4201
+zenml/zen_stores/schemas/server_settings_schemas.py,sha256=usBE-idRrmK-LeLN0zDtCRCGP51YTnyKfIx5GZ0_ATg,4275
 zenml/zen_stores/schemas/service_connector_schemas.py,sha256=kNJ6TmM2RA16wc73zusosHxWUm6gVpyowlY_OJv-Oww,9709
 zenml/zen_stores/schemas/service_schemas.py,sha256=yg9OJ2QWa1qQy_gqraGvN3JQrOJDLjhkSL-UVSFJy-s,9517
 zenml/zen_stores/schemas/stack_schemas.py,sha256=SkMspxsnR420KU4mZlulPbEOR4DMSRyrcspe3HSYjHc,5393
@@ -1313,8 +1315,8 @@ zenml/zen_stores/secrets_stores/sql_secrets_store.py,sha256=nEO0bAPlULBLxLVk-UTR
 zenml/zen_stores/sql_zen_store.py,sha256=ndfeiZSIsilv6aEmTsYVEIYL9eMRUKVQTVYXDTt9xXI,441016
 zenml/zen_stores/template_utils.py,sha256=GWBP5QEOyvhzndS_MLPmvh28sQaOPpPoZFXCIX9CRL4,9065
 zenml/zen_stores/zen_store_interface.py,sha256=fF_uL_FplnvGvM5o3jOQ8i1zHXhuhKLL2n4nvIKSR7E,92090
-zenml_nightly-0.80.2.dev20250414.dist-info/LICENSE,sha256=wbnfEnXnafPbqwANHkV6LUsPKOtdpsd-SNw37rogLtc,11359
-zenml_nightly-0.80.2.dev20250414.dist-info/METADATA,sha256=y0D8vRfzPVSqxhsYe2AVGg4Ti0F027IHgo7cNrSERLM,24233
-zenml_nightly-0.80.2.dev20250414.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
-zenml_nightly-0.80.2.dev20250414.dist-info/entry_points.txt,sha256=QK3ETQE0YswAM2mWypNMOv8TLtr7EjnqAFq1br_jEFE,43
-zenml_nightly-0.80.2.dev20250414.dist-info/RECORD,,
+zenml_nightly-0.80.2.dev20250415.dist-info/LICENSE,sha256=wbnfEnXnafPbqwANHkV6LUsPKOtdpsd-SNw37rogLtc,11359
+zenml_nightly-0.80.2.dev20250415.dist-info/METADATA,sha256=uqsecSjp8pzIGZ_ho7pXxHqjQB4M--7DaJ5IpPOD6_g,24233
+zenml_nightly-0.80.2.dev20250415.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
+zenml_nightly-0.80.2.dev20250415.dist-info/entry_points.txt,sha256=QK3ETQE0YswAM2mWypNMOv8TLtr7EjnqAFq1br_jEFE,43
+zenml_nightly-0.80.2.dev20250415.dist-info/RECORD,,