Add flask routes to auth validators

[BenWilson2]

🛠 DevTools 🛠

Install mlflow from this PR

# mlflow
pip install git+https://github.com/mlflow/mlflow.git@refs/pull/18486/merge
# mlflow-skinny
pip install git+https://github.com/mlflow/mlflow.git@refs/pull/18486/merge#subdirectory=libs/skinny

For Databricks, use the following command:

%sh curl -LsSf https://raw.githubusercontent.com/mlflow/mlflow/HEAD/dev/install-skinny.sh | sh -s pull/18486/merge

Related Issues/PRs

#xxx

What changes are proposed in this pull request?

Adds auth validation to flask routes that do not have corresponding proto definitions (server local routes)

How is this PR tested?

• Existing unit/integration tests
• New unit/integration tests
• Manual tests

Due to the nature of this fix, ask me if you want to see the repro and fix validation.

Does this PR require documentation update?

• No. You can skip the rest of this section.
• Yes. I've updated:
  • Examples
  • API references
  • Instructions

Release Notes

Is this a user-facing change?

• No. You can skip the rest of this section.
• Yes. Give a description of this change to be included in the release notes for MLflow users.

What component(s), interfaces, languages, and integrations does this PR affect?

Components

• area/tracking: Tracking Service, tracking client APIs, autologging
• area/models: MLmodel format, model serialization/deserialization, flavors
• area/model-registry: Model Registry service, APIs, and the fluent client calls for Model Registry
• area/scoring: MLflow Model server, model deployment tools, Spark UDFs
• area/evaluation: MLflow model evaluation features, evaluation metrics, and evaluation workflows
• area/gateway: MLflow AI Gateway client APIs, server, and third-party integrations
• area/prompts: MLflow prompt engineering features, prompt templates, and prompt management
• area/tracing: MLflow Tracing features, tracing APIs, and LLM tracing functionality
• area/projects: MLproject format, project running backends
• area/uiux: Front-end, user experience, plotting, JavaScript, JavaScript dev server
• area/build: Build and test infrastructure for MLflow
• area/docs: MLflow documentation pages

How should the PR be classified in the release notes? Choose one:

• rn/none - No description will be included. The PR will be mentioned only by the PR number in the "Small Bugfixes and Documentation Updates" section
• rn/breaking-change - The PR will be mentioned in the "Breaking Changes" section
• rn/feature - A new user-facing feature worth mentioning in the release notes
• rn/bug-fix - A user-facing bug fix worth mentioning in the release notes
• rn/documentation - A user-facing documentation change worth mentioning in the release notes

Should this PR be included in the next patch release?

Yes should be selected for bug fixes, documentation updates, and other small changes. No should be selected for new features and larger changes. If you're unsure about the release classification of this PR, leave this unchecked to let the maintainers decide.

What is a minor/patch release?

• Minor release: a release that increments the second part of the version number (e.g., 1.2.0 -> 1.3.0).
  Bug fixes, doc updates and new features usually go into minor releases.
• Patch release: a release that increments the third part of the version number (e.g., 1.2.0 -> 1.2.1).
  Bug fixes and doc updates usually go into patch releases.

• Yes (this PR will be cherry-picked and included in the next patch release)
• No (this PR will be included in the next minor release)

[github-actions]

Documentation preview for c0af4e1 is available at:

• https://pr-18486--mlflow-docs-preview.netlify.app/docs/latest/

More info

• Ignore this comment if this PR does not change the documentation.
• The preview is updated when a new commit is pushed to this PR.
• This comment was created by this workflow run.
• The documentation was built by this workflow run.

[WeichenXu123]

what's this for ? the validator always return True

[BenWilson2]

Purely for consistency so that we have all server routes listed.

[serena-ruan]

Could we remove them? It's confusing since it does nothing, will it cause CVE?

[WeichenXu123]

I think Ben's purpose is to force every path has a validator, an empty validator can be a placeholder (so that we won't missing permission validation for any endpoint path)

[WeichenXu123]

Q: can we make the request failing if no validator is found for a request path ? ( in

mlflow/mlflow/server/auth/__init__.py

Line 583 in 27c95c3

def _find_validator(req: Request) -> Callable[[], bool] | None:

)

[WeichenXu123]

One idea (does not block this PR):

Current approach is to add validator for each endpoint path, which is easy to cause omissions,
The following way might be better.

when a request comes, put the request username in a thread-local variable,
then in SqlAlchemyStore.get_run / SqlAlchemyStore.get_experiment method, we can validate the related experiment permission setting with the username set in the thread-local variable, if validation fails, raise permission error.

[serena-ruan]

/review

---

🚀 Review workflow started

---

✅ Review completed.

Review Output

Perfect! I've successfully reviewed PR #18486 and added 12 review comments. The review found:

Style Guide Issues:

• Multiple redundant docstrings that merely repeat function names (violations of MLflow's Python style guide)
• Several functions with docstrings that could be more concise or converted to regular comments

Potential Bug:

• The validate_gateway_proxy() function has a docstring that mentions "Returns empty list" but the function returns a boolean True, suggesting a documentation error

All comments have been posted to the PR with clickable suggestion blocks where applicable, making it easy for maintainers to apply the fixes with one click.

[github-actions]

Per the Python style guide, this docstring is redundant - the function name already clearly indicates it gets permission from run_id or run_uuid parameter. Consider removing it.

Suggested change

	"""
	Get permission for Flask routes that use either run_id or run_uuid parameter.
	"""
	def _get_permission_from_run_id_or_uuid() -> Permission:

🤖 Generated with Claude Code

[serena-ruan]

Yeah could we remove these useless docstrings?

[github-actions]

Per the Python style guide, this docstring is redundant. The function name already conveys what it does, and the inheritance comment can be moved to a regular comment if needed.

Suggested change

	def _get_permission_from_model_version() -> Permission:
	"""
	Get permission for model version artifacts.
	Model versions inherit permissions from their registered model.
	"""
	def _get_permission_from_model_version() -> Permission:
	# Model versions inherit permissions from their registered model.

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring is redundant. The function name is self-documenting, and the inheritance comment can be a regular comment if needed.

Suggested change

	def _get_permission_from_trace_request_id() -> Permission:
	"""
	Get permission for trace artifacts.
	Traces inherit permissions from their parent run/experiment.
	"""
	def _get_permission_from_trace_request_id() -> Permission:
	# Traces inherit permissions from their parent run/experiment.

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring merely repeats what the function name already indicates. Consider removing it.

Suggested change

	def validate_can_read_run_artifact():
	"""Validator for /get-artifact Flask route"""
	return _get_permission_from_run_id_or_uuid().can_read
	def validate_can_read_run_artifact():
	return _get_permission_from_run_id_or_uuid().can_read

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring merely repeats what the function name already indicates. Consider removing it.

Suggested change

	def validate_can_update_run_artifact():
	"""Validator for /upload-artifact Flask route"""
	def validate_can_update_run_artifact():
	return _get_permission_from_run_id_or_uuid().can_update

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring merely repeats what the function name already indicates. Consider removing it.

Suggested change

	def validate_can_read_model_version_artifact():
	"""Validator for /model-versions/get-artifact Flask route"""
	return _get_permission_from_model_version().can_read
	def validate_can_read_model_version_artifact():
	return _get_permission_from_model_version().can_read

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring merely repeats what the function name already indicates. Consider removing it.

Suggested change

	def validate_can_read_trace_artifact():
	"""Validator for /ajax-api/2.0/mlflow/get-trace-artifact Flask route"""
	return _get_permission_from_trace_request_id().can_read
	def validate_can_read_trace_artifact():
	return _get_permission_from_trace_request_id().can_read

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, consider making this docstring more concise or removing it if the function name is self-explanatory. The "Checks READ permission on all requested runs" part is valuable context though.

Suggested change

	def validate_can_read_metric_history_bulk():
	"""
	Validator for /ajax-api/2.0/mlflow/metrics/get-history-bulk Flask route.
	Checks READ permission on all requested runs.
	"""
	def validate_can_read_metric_history_bulk():
	"""Checks READ permission on all requested runs."""

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, this docstring is redundant. The function call itself shows it has the same logic.

Suggested change

	def validate_can_read_metric_history_bulk_interval():
	"""
	Validator for /ajax-api/2.0/mlflow/metrics/get-history-bulk-interval Flask route.
	Same logic as bulk metrics endpoint.
	"""
	return validate_can_read_metric_history_bulk()
	def validate_can_read_metric_history_bulk_interval():
	# Same logic as bulk metrics endpoint
	return validate_can_read_metric_history_bulk()

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, consider making this docstring more concise. The "Checks READ permission on the experiment" part is the valuable context.

Suggested change

	def validate_can_search_datasets():
	"""
	Validator for /ajax-api/2.0/mlflow/experiments/search-datasets Flask route.
	Checks READ permission on the experiment.
	"""
	def validate_can_search_datasets():
	"""Checks READ permission on the experiment."""

🤖 Generated with Claude Code

[github-actions]

Per the Python style guide, consider making this docstring more concise. The key information is the UPDATE permission requirement.

Suggested change

	def validate_can_create_promptlab_run():
	"""
	Validator for /ajax-api/2.0/mlflow/runs/create-promptlab-run Flask route.
	Checks UPDATE permission on the experiment (same as CreateRun).
	def validate_can_create_promptlab_run():
	"""Checks UPDATE permission on the experiment (same as CreateRun)."""

🤖 Generated with Claude Code

[github-actions]

This docstring provides valuable context explaining why the function returns True and the security model. This is appropriate to keep as it explains non-obvious behavior.

However, there's a potential issue: the docstring mentions "Returns empty list if MLFLOW_DEPLOYMENTS_TARGET is not configured" but the function returns True (a boolean), not a list. This seems like a copy-paste error in the docstring. Consider clarifying what this function's behavior actually is.

🤖 Generated with Claude Code

[serena-ruan]

Insteresting, is this still valid?

[WeichenXu123]

should be valid, these endpoints all exist

[BenWilson2]

good point! I'll verify if this has any issues before merging.

[BenWilson2]

confirmed the route still exists and is viable.

[serena-ruan]

LGTM once https://github.com/mlflow/mlflow/pull/18486/files#r2520933037 is addressed/answered! If it's for consistency only then I think we don't need it :)

[WeichenXu123]

LGTM