[RemoteRuntime] Secret token mounting for RemoteRuntime (#9050)

elbamit · liranbg · web-flow · commit e7798880c6ee · 2025-12-17T13:33:37.000+02:00
### 📝 Description   Add secret token mounting for RemoteRuntime functions. Save `auth` as part of the function's spec. Use it to mount the secret into the runtime during function config compilation. --- ### 🛠️ Changes Made  - Added `auth` as part of `NuclioSpec`, `ApplicationSpec` and `ServingSpec` - Enrich auth token name on the function during deployment, then mount secret to runtime during function config compilation. - Refactor `mount_secret_token_to_runtime` to remove existing auth secret volumes/mounts - Refactor `_enrich_and_validate_auth_token_name` to `enrich_and_validate_auth_token_name_on_object` to support both `runObject` and `remoteRuntime` --- ### ✅ Checklist - [ ] I updated the documentation (if applicable) - [x] I have tested the changes in this PR - [ ] I confirmed whether my changes are covered by system tests - [ ] If yes, I ran all relevant system tests and ensured they passed before submitting this PR - [ ] I updated existing system tests and/or added new ones if needed to cover my changes - [ ] If I introduced a deprecation: - [ ] I followed the [Deprecation Guidelines](./DEPRECATION.md) - [ ] I updated the relevant Jira ticket for documentation --- ### 🧪 Testing   Unit tests + manual tests of deployment of nuclio/application/serving --- ### 🔗 References - Ticket link: https://iguazio.atlassian.net/browse/ML-11584 - Design docs links: - External links: --- ### 🚨 Breaking Changes? - [ ] Yes (explain below) - [x] No  --- ### 🔍️ Additional Notes   As part of https://iguazio.atlassian.net/browse/ML-11599, need to handle redeployment of a function with a different auth token name. --------- Co-authored-by: Liran BG <liranbg@users.noreply.github.com>
diff --git a/mlrun/common/constants.py b/mlrun/common/constants.py
@@ -40,6 +40,7 @@
 
 MLRUN_JOB_AUTH_SECRET_PATH = "/var/mlrun-secrets/auth"
 MLRUN_JOB_AUTH_SECRET_FILE = ".igz.yml"
+MLRUN_JOB_AUTH_DEFAULT_TOKEN_NAME = "default"
 
 
 class MLRunInternalLabels:
diff --git a/mlrun/projects/operations.py b/mlrun/projects/operations.py
@@ -405,6 +405,7 @@ def deploy_function(
     :param project_object:  override the project object to use, will default to the project set in the runtime context.
     """
     engine, function = _get_engine_and_function(function, project_object)
+    # TODO in ML-11599 need to handle redeployment with different auth token name
     if function.kind not in mlrun.runtimes.RuntimeKinds.nuclio_runtimes():
         raise mlrun.errors.MLRunInvalidArgumentError(
             "deploy is used with real-time functions, for other kinds use build_function()"
diff --git a/mlrun/runtimes/base.py b/mlrun/runtimes/base.py
@@ -955,5 +955,34 @@ def doc(self):
                             line += f", default={p['default']}"
                         print("    " + line)
 
+    def remove_auth_secret_volumes(self):
+        secret_name_prefix = (
+            mlrun.mlconf.secret_stores.kubernetes.auth_secret_name.format(
+                hashed_access_key=""
+            )
+        )
+        volumes = self.spec.volumes or []
+        mounts = self.spec.volume_mounts or []
+
+        volumes_to_remove = set()
+
+        # Identify volumes to remove
+        for vol in volumes:
+            secret_name = mlrun.utils.get_in(vol, "secret.secretName", "")
+
+            # Pattern of auth secret volumes
+            if secret_name.startswith(secret_name_prefix):
+                volumes_to_remove.add(vol["name"])
+
+        # Filter out only the matched volumes
+        self.spec.volumes = [
+            volume for volume in volumes if volume["name"] not in volumes_to_remove
+        ]
+
+        # Filter out matching mounts
+        self.spec.volume_mounts = [
+            mount for mount in mounts if mount["name"] not in volumes_to_remove
+        ]
+
     def skip_image_enrichment(self):
         return False
diff --git a/mlrun/runtimes/nuclio/application/application.py b/mlrun/runtimes/nuclio/application/application.py
@@ -88,6 +88,7 @@ def __init__(
         track_models=None,
         internal_application_port=None,
         application_ports=None,
+        auth=None,
     ):
         super().__init__(
             command=command,
@@ -133,6 +134,7 @@ def __init__(
             track_models=track_models,
             state_thresholds=state_thresholds,
             disable_default_http_trigger=disable_default_http_trigger,
+            auth=auth,
         )
 
         # Override default min/max replicas (don't assume application is stateless)
diff --git a/mlrun/runtimes/nuclio/function.py b/mlrun/runtimes/nuclio/function.py
@@ -114,6 +114,7 @@ class NuclioSpec(KubeResourceSpec):
         "service_type",
         "add_templated_ingress_host_mode",
         "disable_default_http_trigger",
+        "auth",
     ]
 
     def __init__(
@@ -161,6 +162,7 @@ def __init__(
         graph=None,
         parameters=None,
         track_models=None,
+        auth=None,
     ):
         super().__init__(
             command=command,
@@ -217,6 +219,7 @@ def __init__(
         # When True it will set Nuclio spec.noBaseImagesPull to False (negative logic)
         # indicate that the base image should be pulled from the container registry (not cached)
         self.base_image_pull = False
+        self.auth = auth or {}
 
     def generate_nuclio_volumes(self):
         nuclio_volumes = []
diff --git a/mlrun/runtimes/nuclio/serving.py b/mlrun/runtimes/nuclio/serving.py
@@ -155,6 +155,7 @@ def __init__(
         disable_default_http_trigger=None,
         model_endpoint_creation_task_name=None,
         serving_spec=None,
+        auth=None,
     ):
         super().__init__(
             command=command,
@@ -196,6 +197,7 @@ def __init__(
             add_templated_ingress_host_mode=add_templated_ingress_host_mode,
             disable_default_http_trigger=disable_default_http_trigger,
             serving_spec=serving_spec,
+            auth=auth,
         )
 
         self.models = models or {}
diff --git a/server/py/services/api/api/endpoints/nuclio.py b/server/py/services/api/api/endpoints/nuclio.py
@@ -476,6 +476,10 @@ def _deploy_function(
         # which later in Nuclio will be masked and saved to secrets
         raw_config = fn.mask_sensitive_data_in_config()
 
+        # Add auth token name in function spec
+        # TODO in ML-11600/ML-11599 need to handle redeployment with different auth token name
+        launcher.enrich_and_validate_auth_token_name(fn)
+
         # save the function to DB
         fn.save(versioned=False)
 
diff --git a/server/py/services/api/crud/runtimes/nuclio/function.py b/server/py/services/api/crud/runtimes/nuclio/function.py
@@ -16,6 +16,7 @@
 import base64
 import shlex
 import typing
+from typing import Optional
 
 import nuclio
 import nuclio.utils
@@ -249,9 +250,9 @@ def _compile_function_config(
 
     :return: function name, project name, nuclio function config
     """
-
+    _enrich_config_spec(function, auth_info=auth_info)
     # resolve env vars before compiling the nuclio spec, as we need to set them in the spec
-    env_dict, external_source_env_dict = _resolve_env_vars(function, auth_info)
+    env_dict, external_source_env_dict = _resolve_env_vars(function)
 
     project = function.metadata.project
     tag = function.metadata.tag
@@ -362,15 +363,20 @@ def _apply_escaped_config(config, parent_key, items: dict):
         mlrun.utils.update_in(config, f"{parent_key}.\\{key}\\", value)
 
 
-def _resolve_env_vars(function, auth_info=None):
+def _enrich_config_spec(
+    function, auth_info: Optional[mlrun.common.schemas.AuthInfo] = None
+):
     # Add secret configurations to function's pod spec, if secret sources were added.
     # Needs to be here, since it adds env params, which are handled in the next lines.
     # This only needs to run if we're running within k8s context. If running in Docker, for example, skip.
     if framework.utils.singletons.k8s.get_k8s_helper(
         silent=True
     ).is_running_inside_kubernetes_cluster():
-        _add_secrets_config_to_function_spec(function)
+        token_name = mlrun.utils.get_in(function.spec, "auth.token_name", None)
+        _add_secrets_config_to_function_spec(function, token_name, auth_info)
+
 
+def _resolve_env_vars(function):
     env_dict, external_source_env_dict = function._get_nuclio_config_spec_env()
     mlrun.auth.utils.enrich_auth_env(env_dict)
 
@@ -675,6 +681,8 @@ def _set_function_name(function, config, project, tag):
 
 def _add_secrets_config_to_function_spec(
     function: mlrun.runtimes.nuclio.function.RemoteRuntime,
+    token_name: str,
+    auth_info: Optional[mlrun.common.schemas.AuthInfo] = None,
 ):
     handler = services.api.runtime_handlers.BaseRuntimeHandler
     if function.kind in [
@@ -690,6 +698,8 @@ def _add_secrets_config_to_function_spec(
             function,
             project_name=function.metadata.project,
             encode_key_names=False,
+            token_name=token_name,
+            auth_info=auth_info,
         )
 
     elif function.kind == mlrun.runtimes.RuntimeKinds.serving:
@@ -710,10 +720,16 @@ def _add_secrets_config_to_function_spec(
                 function._secrets.get_k8s_secrets(),
                 function,
                 project_name=function.metadata.project,
+                token_name=token_name,
+                auth_info=auth_info,
             )
         else:
             handler.add_k8s_secrets_to_spec(
-                None, function, project_name=function.metadata.project
+                None,
+                function,
+                project_name=function.metadata.project,
+                token_name=token_name,
+                auth_info=auth_info,
             )
 
     else:
diff --git a/server/py/services/api/crud/secrets.py b/server/py/services/api/crud/secrets.py
@@ -814,31 +814,6 @@ def _is_key_map_project_secret_key(self, key: str) -> bool:
     def _generate_uuid() -> str:
         return str(uuid.uuid4())
 
-    @staticmethod
-    def mount_secret_token_to_runtime(
-        runtime: mlrun.runtimes.base.BaseRuntime, token_name: str, username: str
-    ):
-        # Validation that the secret exists is done in the ServerSideLauncher
-        secret = framework.utils.singletons.k8s.get_k8s_helper()._get_user_token_secret(
-            username=username, token_name=token_name
-        )
-
-        # In case the secret was not found (which should not happen because of the prior validation), we do not mount it
-        if secret:
-            runtime.apply(
-                mlrun.mounts.mount_secret(
-                    secret.metadata.name,
-                    mount_path=mlrun.common.constants.MLRUN_JOB_AUTH_SECRET_PATH,
-                    items=[
-                        {
-                            "key": "tokensFile",
-                            "path": mlrun.common.constants.MLRUN_JOB_AUTH_SECRET_FILE,
-                        }
-                    ],
-                )
-            )
-        return runtime
-
 
 def get_project_secret_provider(project: str) -> typing.Callable:
     """Implement secret provider for handle the related project secret on the API side.
diff --git a/server/py/services/api/launcher.py b/server/py/services/api/launcher.py
@@ -310,7 +310,7 @@ def _enrich_run(
 
         self._handle_retry(run)
         run = self._pre_run_image_pull_secret_enrichment(run)
-        self._enrich_and_validate_auth_token_name(run)
+        self.enrich_and_validate_auth_token_name(run)
         return self._pre_run_scheduling_constraints_enrichment(runtime, run)
 
     @staticmethod
@@ -697,20 +697,34 @@ def _validate_retry(runtime_kind: str, retry: Optional["mlrun.model.Retry"]):
                 )
 
     # TODO In ML-11600, implement token name resolution and validation + tests
-    def _enrich_and_validate_auth_token_name(self, run: mlrun.run.RunObject):
-        auth = run.spec.auth or {}
-
-        if auth.get("token_name"):
+    def enrich_and_validate_auth_token_name(
+        self, object: Union[mlrun.run.RunObject, mlrun.runtimes.RemoteRuntime]
+    ):
+        if mlrun.mlconf.is_iguazio_v4_mode():
+            if object.spec.auth is None:
+                object.spec.auth = {}
+
+            # Get the provided token name, if any
+            provided_token_name = object.spec.auth.get("token_name")
+
+            # Resolve token name and raise error only if token is explicitly provided by the user
+            # in ML-11600, we will implement a proper resolution logic that checks all secret tokens
+            # of the user and finds a valid one if no token name is provided
+            raise_error_on_failure = bool(provided_token_name)
+            token_name = (
+                provided_token_name
+                or mlrun.common.constants.MLRUN_JOB_AUTH_DEFAULT_TOKEN_NAME
+            )
             self._validate_token_name(
-                auth["token_name"],
-                explicit=True,
+                token_name, raise_error_on_failure=raise_error_on_failure
             )
-            return
 
-        run.spec.auth["token_name"] = "default"
+            object.spec.auth["token_name"] = token_name
 
     # TODO implement validation in ML-11600
-    def _validate_token_name(self, token_name: str, explicit: bool = False):
+    def _validate_token_name(
+        self, token_name: str, raise_error_on_failure: bool = False
+    ):
         pass
 
 
diff --git a/server/py/services/api/runtime_handlers/base.py b/server/py/services/api/runtime_handlers/base.py
@@ -299,6 +299,8 @@ def add_secrets_to_spec_before_running(
         self,
         runtime: mlrun.runtimes.pod.KubeResource,
         project_name: Optional[str] = None,
+        token_name: Optional[str] = None,
+        auth_info: Optional[mlrun.common.schemas.AuthInfo] = None,
     ):
         if runtime._secrets:
             if runtime._secrets.has_vault_source():
@@ -313,9 +315,17 @@ def add_secrets_to_spec_before_running(
                 runtime._secrets.get_k8s_secrets(),
                 runtime,
                 project_name=project_name,
+                token_name=token_name,
+                auth_info=auth_info,
             )
         else:
-            self.add_k8s_secrets_to_spec(None, runtime, project_name=project_name)
+            self.add_k8s_secrets_to_spec(
+                None,
+                runtime,
+                project_name=project_name,
+                token_name=token_name,
+                auth_info=auth_info,
+            )
 
     @staticmethod
     def add_vault_params_to_spec(
@@ -402,7 +412,14 @@ def add_k8s_secrets_to_spec(
         runtime: mlrun.runtimes.pod.KubeResource,
         project_name: Optional[str] = None,
         encode_key_names: bool = True,
+        token_name: Optional[str] = None,
+        auth_info: Optional[mlrun.common.schemas.AuthInfo] = None,
     ):
+        # In IG4, we add auth token secret as volumes and volumes mounts
+        BaseRuntimeHandler._mount_secret_token_to_runtime(
+            runtime, token_name, auth_info
+        )
+
         # Check if we need to add the keys of a global secret. Global secrets are intentionally added before
         # project secrets, to allow project secret keys to override them
         global_secret_name = (
@@ -465,6 +482,39 @@ def add_k8s_secrets_to_spec(
         if not encode_key_names and secrets.keys():
             runtime.set_env("MLRUN_PROJECT_SECRETS_LIST", ",".join(secrets.keys()))
 
+    @staticmethod
+    def _mount_secret_token_to_runtime(
+        runtime: mlrun.runtimes.base.BaseRuntime,
+        token_name: str,
+        auth_info: Optional[mlrun.common.schemas.AuthInfo] = None,
+    ):
+        if not mlrun.mlconf.is_iguazio_v4_mode():
+            return
+
+        username = auth_info.username if auth_info else None
+
+        # Validation that the secret exists is done in the ServerSideLauncher
+        secret = framework.utils.singletons.k8s.get_k8s_helper()._get_user_token_secret(
+            username=username, token_name=token_name
+        )
+
+        # In case the secret was not found (such as in IG3), we do not mount it
+        if secret:
+            # Remove any existing auth secret volumes/mounts
+            runtime.remove_auth_secret_volumes()
+            runtime.apply(
+                mlrun.mounts.mount_secret(
+                    secret.metadata.name,
+                    mount_path=mlrun.common.constants.MLRUN_JOB_AUTH_SECRET_PATH,
+                    items=[
+                        {
+                            "key": "tokensFile",
+                            "path": mlrun.common.constants.MLRUN_JOB_AUTH_SECRET_FILE,
+                        }
+                    ],
+                )
+            )
+
     @staticmethod
     def are_resources_coupled_to_run_object() -> bool:
         """
diff --git a/server/py/services/api/runtime_handlers/kubejob.py b/server/py/services/api/runtime_handlers/kubejob.py
@@ -28,7 +28,6 @@
 
 import framework.db.base as api_db_base
 import framework.utils.singletons.k8s
-import services.api.crud.secrets
 from services.api.runtime_handlers import BaseRuntimeHandler
 
 
@@ -60,16 +59,11 @@ def run(
         if run.metadata.iteration:
             runtime.store_run(run)
         new_meta = self._get_meta(runtime, run)
-
-        if mlrun.mlconf.is_iguazio_v4_mode():
-            runtime = services.api.crud.secrets.Secrets.mount_secret_token_to_runtime(
-                runtime,
-                token_name=run.spec.auth.get("token_name"),
-                username=auth_info.username,
-            )
-
         self.add_secrets_to_spec_before_running(
-            runtime, project_name=run.metadata.project
+            runtime,
+            project_name=run.metadata.project,
+            token_name=(run.spec.auth or {}).get("token_name"),
+            auth_info=auth_info,
         )
         workdir = self._resolve_workdir(runtime)
 
diff --git a/server/py/services/api/tests/unit/crud/test_secrets.py b/server/py/services/api/tests/unit/crud/test_secrets.py
diff --git a/server/py/services/api/tests/unit/runtime_handlers/test_kubejob.py b/server/py/services/api/tests/unit/runtime_handlers/test_kubejob.py
diff --git a/server/py/services/api/tests/unit/runtimes/test_nuclio.py b/server/py/services/api/tests/unit/runtimes/test_nuclio.py
diff --git a/tests/runtimes/test_base.py b/tests/runtimes/test_base.py
