zenml-nightly 0.80.2.dev20250415__py3-none-any.whl → 0.80.2.dev20250416__py3-none-any.whl

zenml/zen_server/routers/auth_endpoints.py

@@ -477,7 +477,6 @@ def api_token(
     expires_in: Optional[int] = None,
     schedule_id: Optional[UUID] = None,
     pipeline_run_id: Optional[UUID] = None,
-    step_run_id: Optional[UUID] = None,
     auth_context: AuthContext = Security(authorize),
 ) -> str:
     """Generate an API token for the current user.
@@ -506,7 +505,6 @@ def api_token(
         schedule_id: The ID of the schedule to scope the workload API token to.
         pipeline_run_id: The ID of the pipeline run to scope the workload API
             token to.
-        step_run_id: The ID of the step run to scope the workload API token to.
         auth_context: The authentication context.
 
     Returns:
@@ -522,10 +520,10 @@ def api_token(
         raise AuthorizationException("Not authenticated.")
 
     if token_type == APITokenType.GENERIC:
-        if schedule_id or pipeline_run_id or step_run_id:
+        if schedule_id or pipeline_run_id:
             raise ValueError(
-                "Generic API tokens cannot be scoped to a schedule, pipeline "
-                "run or step run."
+                "Generic API tokens cannot be scoped to a schedule or pipeline "
+                "run."
             )
 
         config = server_config()
@@ -549,12 +547,10 @@ def api_token(
 
     schedule_id = schedule_id or token.schedule_id
     pipeline_run_id = pipeline_run_id or token.pipeline_run_id
-    step_run_id = step_run_id or token.step_run_id
 
-    if not pipeline_run_id and not schedule_id and not step_run_id:
+    if not pipeline_run_id and not schedule_id:
         raise ValueError(
-            "Workload API tokens must be scoped to a schedule, pipeline run "
-            "or step run."
+            "Workload API tokens must be scoped to a schedule or pipeline run."
         )
 
     if schedule_id and token.schedule_id and schedule_id != token.schedule_id:
@@ -575,13 +571,6 @@ def api_token(
             f"pipeline run {token.pipeline_run_id}."
         )
 
-    if step_run_id and token.step_run_id and step_run_id != token.step_run_id:
-        raise AuthorizationException(
-            f"Unable to scope API token to step run {step_run_id}. The "
-            f"token used to authorize this request is already scoped to "
-            f"step run {token.step_run_id}."
-        )
-
     project_id: Optional[UUID] = None
 
     if schedule_id:
@@ -623,25 +612,6 @@ def api_token(
                 "for security reasons."
             )
 
-    if step_run_id:
-        # The step run must exist and the step must not be concluded
-        try:
-            step_run = zen_store().get_run_step(step_run_id, hydrate=False)
-        except KeyError:
-            raise ValueError(
-                f"Step run {step_run_id} does not exist and API tokens cannot "
-                "be generated for non-existent step runs for security reasons."
-            )
-
-        project_id = step_run.project.id
-
-        if step_run.status.is_finished:
-            raise ValueError(
-                f"The execution of step run {step_run_id} has already "
-                "concluded and API tokens can no longer be generated for it "
-                "for security reasons."
-            )
-
     assert project_id is not None
     verify_permission(
         resource_type=ResourceType.PIPELINE_RUN,
@@ -656,7 +626,6 @@ def api_token(
         device=auth_context.device,
         schedule_id=schedule_id,
         pipeline_run_id=pipeline_run_id,
-        step_run_id=step_run_id,
         # Don't include the access token as a cookie in the response
         response=None,
         # Never expire the token

zenml/zen_server/routers/pipeline_deployments_endpoints.py

@@ -19,11 +19,13 @@ from uuid import UUID
 from fastapi import APIRouter, Depends, Security
 
 from zenml.constants import API, PIPELINE_DEPLOYMENTS, VERSION_1
+from zenml.logging.step_logging import fetch_logs
 from zenml.models import (
     Page,
     PipelineDeploymentFilter,
     PipelineDeploymentRequest,
     PipelineDeploymentResponse,
+    PipelineRunFilter,
 )
 from zenml.zen_server.auth import AuthContext, authorize
 from zenml.zen_server.exceptions import error_response
@@ -179,33 +181,68 @@ def delete_deployment(
     )
 
 
-if server_config().workload_manager_enabled:
+@router.get(
+    "/{deployment_id}/logs",
+    responses={
+        401: error_response,
+        404: error_response,
+        422: error_response,
+    },
+)
+@handle_exceptions
+def deployment_logs(
+    deployment_id: UUID,
+    offset: int = 0,
+    length: int = 1024 * 1024 * 16,  # Default to 16MiB of data
+    _: AuthContext = Security(authorize),
+) -> str:
+    """Get deployment logs.
+
+    Args:
+        deployment_id: ID of the deployment.
+        offset: The offset from which to start reading.
+        length: The amount of bytes that should be read.
+
+    Returns:
+        The deployment logs.
+
+    Raises:
+        KeyError: If no logs are available for the deployment.
+    """
+    store = zen_store()
 
-    @router.get(
-        "/{deployment_id}/logs",
-        responses={
-            401: error_response,
-            404: error_response,
-            422: error_response,
-        },
+    deployment = verify_permissions_and_get_entity(
+        id=deployment_id,
+        get_method=store.get_deployment,
+        hydrate=True,
     )
-    @handle_exceptions
-    def deployment_logs(
-        deployment_id: UUID,
-        _: AuthContext = Security(authorize),
-    ) -> str:
-        """Get deployment logs.
-
-        Args:
-            deployment_id: ID of the deployment.
-
-        Returns:
-            The deployment logs.
-        """
-        deployment = verify_permissions_and_get_entity(
-            id=deployment_id,
-            get_method=zen_store().get_deployment,
-            hydrate=True,
-        )
 
+    if deployment.template_id and server_config().workload_manager_enabled:
         return workload_manager().get_logs(workload_id=deployment.id)
+
+    # Get the last pipeline run for this deployment
+    pipeline_runs = store.list_runs(
+        runs_filter_model=PipelineRunFilter(
+            project=deployment.project.id,
+            sort_by="asc:created",
+            size=1,
+            deployment_id=deployment.id,
+        )
+    )
+
+    if len(pipeline_runs.items) == 0:
+        return ""
+
+    run = pipeline_runs.items[0]
+
+    logs = run.logs
+    if logs is None:
+        raise KeyError("No logs available for this deployment")
+
+    return fetch_logs(
+        zen_store=store,
+        artifact_store_id=logs.artifact_store_id,
+        logs_uri=logs.uri,
+        offset=offset,
+        length=length,
+    )

zenml/zen_server/routers/runs_endpoints.py

@@ -29,6 +29,7 @@ from zenml.constants import (
 )
 from zenml.enums import ExecutionStatus, StackComponentType
 from zenml.logger import get_logger
+from zenml.logging.step_logging import fetch_logs
 from zenml.models import (
     Page,
     PipelineRunFilter,
@@ -55,6 +56,8 @@ from zenml.zen_server.routers.projects_endpoints import workspace_router
 from zenml.zen_server.utils import (
     handle_exceptions,
     make_dependable,
+    server_config,
+    workload_manager,
     zen_store,
 )
 
@@ -375,3 +378,57 @@ def refresh_run_status(
             f"The stack, the run '{run.id}' was executed on, is deleted."
         )
     run.refresh_run_status()
+
+
+@router.get(
+    "/{run_id}/logs",
+    responses={
+        401: error_response,
+        404: error_response,
+        422: error_response,
+    },
+)
+@handle_exceptions
+def run_logs(
+    run_id: UUID,
+    offset: int = 0,
+    length: int = 1024 * 1024 * 16,  # Default to 16MiB of data
+    _: AuthContext = Security(authorize),
+) -> str:
+    """Get pipeline run logs.
+
+    Args:
+        run_id: ID of the pipeline run.
+        offset: The offset from which to start reading.
+        length: The amount of bytes that should be read.
+
+    Returns:
+        The pipeline run logs.
+
+    Raises:
+        KeyError: If no logs are available for the pipeline run.
+    """
+    store = zen_store()
+
+    run = verify_permissions_and_get_entity(
+        id=run_id,
+        get_method=store.get_run,
+        hydrate=True,
+    )
+
+    if run.deployment_id:
+        deployment = store.get_deployment(run.deployment_id)
+        if deployment.template_id and server_config().workload_manager_enabled:
+            return workload_manager().get_logs(workload_id=deployment.id)
+
+    logs = run.logs
+    if logs is None:
+        raise KeyError("No logs available for this pipeline run")
+
+    return fetch_logs(
+        zen_store=store,
+        artifact_store_id=logs.artifact_store_id,
+        logs_uri=logs.uri,
+        offset=offset,
+        length=length,
+    )

zenml/zen_server/template_execution/utils.py

@@ -373,7 +373,7 @@ def deployment_request_from_template(
     )
 
     step_config_dict_base = pipeline_configuration.model_dump(
-        exclude={"name", "parameters", "tags"}
+        exclude={"name", "parameters", "tags", "enable_pipeline_logs"}
     )
     steps = {}
     for invocation_id, step in deployment.step_configurations.items():

zenml/zen_stores/rest_zen_store.py

@@ -4074,15 +4074,6 @@ class RestZenStore(BaseZenStore):
             # Check if username and password are configured
             username, password = credentials_store.get_password(self.url)
 
-            api_key_hint = (
-                "\nHint: If you're getting this error in an automated, "
-                "non-interactive workload like a pipeline run or a CI/CD job, "
-                "you should use a service account API key to authenticate to "
-                "the server instead of temporary CLI login credentials. For "
-                "more information, see "
-                "https://docs.zenml.io/how-to/project-setup-and-management/connecting-to-zenml/connect-with-a-service-account"
-            )
-
             if api_key is not None:
                 # An API key is configured. Use it as a password to
                 # authenticate.
@@ -4119,14 +4110,12 @@ class RestZenStore(BaseZenStore):
                         "You need to be logged in to ZenML Pro in order to "
                         f"access the ZenML Pro server '{self.url}'. Please run "
                         "'zenml login' to log in or choose a different server."
-                        + api_key_hint
                     )
 
                 elif pro_token.expired:
                     raise CredentialsNotValid(
                         "Your ZenML Pro login session has expired. "
                         "Please log in again using 'zenml login'."
-                        + api_key_hint
                     )
 
                 data = {
@@ -4140,13 +4129,12 @@ class RestZenStore(BaseZenStore):
                     raise CredentialsNotValid(
                         "No valid credentials found. Please run 'zenml login "
                         f"--url {self.url}' to connect to the current server."
-                        + api_key_hint
                     )
                 elif token.expired:
                     raise CredentialsNotValid(
                         "Your authentication to the current server has expired. "
                         "Please log in again using 'zenml login --url "
-                        f"{self.url}'." + api_key_hint
+                        f"{self.url}'."
                     )
 
             response = self._handle_response(
@@ -4405,6 +4393,7 @@ class RestZenStore(BaseZenStore):
                 # explicitly indicates that the credentials are not valid and
                 # they can be thrown away or when the request is not
                 # authenticated at all.
+                credentials_store = get_credentials_store()
 
                 if self._api_token is None:
                     # The last request was not authenticated with an API
@@ -4416,6 +4405,20 @@ class RestZenStore(BaseZenStore):
                         "Re-authenticating and retrying..."
                     )
                     self.authenticate()
+                elif not credentials_store.can_login(self.url):
+                    # The request failed either because we're not
+                    # authenticated or our current credentials are not valid
+                    # anymore.
+                    logger.error(
+                        "The current token is no longer valid, and "
+                        "it is not possible to generate a new token using the "
+                        "configured credentials. Please run "
+                        f"`zenml login --url {self.url}` to re-authenticate to "
+                        "the server or authenticate using an API key. See "
+                        "https://docs.zenml.io/how-to/project-setup-and-management/connecting-to-zenml/connect-with-a-service-account "
+                        "for more information."
+                    )
+                    raise e
                 elif not re_authenticated:
                     # The last request was authenticated with an API token
                     # that was rejected by the server. We attempt a

zenml/zen_stores/schemas/pipeline_run_schemas.py

@@ -412,6 +412,7 @@ class PipelineRunSchema(NamedSchema, RunMetadataInterface, table=True):
             resources = PipelineRunResponseResources(
                 model_version=model_version,
                 tags=[tag.to_model() for tag in self.tags],
+                logs=self.logs.to_model() if self.logs else None,
             )
 
         return PipelineRunResponse(

zenml/zen_stores/sql_zen_store.py

@@ -5022,6 +5022,24 @@ class SqlZenStore(BaseZenStore):
         new_run = PipelineRunSchema.from_request(pipeline_run)
 
         session.add(new_run)
+
+        # Add logs entry for the run if exists
+        if pipeline_run.logs is not None:
+            self._get_reference_schema_by_id(
+                resource=pipeline_run,
+                reference_schema=StackComponentSchema,
+                reference_id=pipeline_run.logs.artifact_store_id,
+                session=session,
+                reference_type="logs artifact store",
+            )
+
+            log_entry = LogsSchema(
+                uri=pipeline_run.logs.uri,
+                pipeline_run_id=new_run.id,
+                artifact_store_id=pipeline_run.logs.artifact_store_id,
+            )
+            session.add(log_entry)
+
         try:
             session.commit()
         except IntegrityError:

{zenml_nightly-0.80.2.dev20250415.dist-info → zenml_nightly-0.80.2.dev20250416.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: zenml-nightly
-Version: 0.80.2.dev20250415
+Version: 0.80.2.dev20250416
 Summary: ZenML: Write production-ready ML code.
 License: Apache-2.0
 Keywords: machine learning,production,pipeline,mlops,devops
@@ -67,6 +67,7 @@ Requires-Dist: gitpython (>=3.1.18,<4.0.0)
 Requires-Dist: google-cloud-aiplatform (>=1.34.0) ; extra == "vertex"
 Requires-Dist: google-cloud-artifact-registry (>=1.11.3) ; extra == "connectors-gcp"
 Requires-Dist: google-cloud-container (>=2.21.0) ; extra == "connectors-gcp"
+Requires-Dist: google-cloud-pipeline-components (>=2.19.0) ; extra == "vertex"
 Requires-Dist: google-cloud-secret-manager (>=2.12.5) ; extra == "secrets-gcp"
 Requires-Dist: google-cloud-storage (>=2.9.0) ; extra == "connectors-gcp"
 Requires-Dist: hvac (>=0.11.2) ; extra == "secrets-hashicorp"