Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added the arrow flight interceptor to inject the auth header. #68

Conversation

lokeshrangineni
Copy link

@lokeshrangineni lokeshrangineni commented Aug 7, 2024

  • Added the arrow flight interceptor to inject the auth header.
  • Injecting GRPC interceptor if it is needed when auth type is not NO_AUTH.
  • Refactored method and moved to factory class to incorporate code review comment.
    Fixed lint error by removing the type of port. and other minor changes.

@lokeshrangineni lokeshrangineni changed the title Feature/feast arrow interceptor rebased DRAFT - Feature/feast arrow interceptor rebased Aug 7, 2024
@lokeshrangineni lokeshrangineni changed the title DRAFT - Feature/feast arrow interceptor rebased DRAFT - Added the arrow flight interceptor to inject the auth header. Aug 7, 2024
@lokeshrangineni lokeshrangineni changed the title DRAFT - Added the arrow flight interceptor to inject the auth header. Added the arrow flight interceptor to inject the auth header. Aug 8, 2024
@redhatHameed redhatHameed force-pushed the feast-rbac branch 4 times, most recently from f3a257e to 9efac57 Compare August 8, 2024 19:16
@lokeshrangineni lokeshrangineni marked this pull request as ready for review August 8, 2024 22:43
@dmartinol dmartinol deleted the branch RHEcosystemAppEng:feast-rbac August 9, 2024 08:26
@dmartinol dmartinol closed this Aug 9, 2024
channel, auth_header_interceptor
)
self.stub = RegistryServer_pb2_grpc.RegistryServerStub(self.intercepted_channel)
if self.auth_config.type is not AuthType.NONE.value:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is not instaed of !=?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No real reason. I can update. Just moved the code from old file to here.

client_call_details = client_call_details._replace(metadata=metadata)
logger.info(
f"Intercepted the grpc api method {client_call_details.method} call to inject Authorization header "
f"token. "

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should not log the token

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I m not logging token but i get the intention. I will keep the log to minimum and keep it in debug mode.

dmartinol
dmartinol previously approved these changes Aug 9, 2024
@lokeshrangineni lokeshrangineni force-pushed the feature/feast-arrow-interceptor-rebased branch from c4eaabf to 103e310 Compare August 9, 2024 18:06
@lokeshrangineni lokeshrangineni changed the base branch from feast-rbac to master August 9, 2024 18:07
@lokeshrangineni lokeshrangineni dismissed dmartinol’s stale review August 9, 2024 18:07

The base branch was changed.

@lokeshrangineni lokeshrangineni changed the base branch from master to feast-rbac August 9, 2024 18:07
@lokeshrangineni lokeshrangineni force-pushed the feature/feast-arrow-interceptor-rebased branch from 103e310 to c13f229 Compare August 11, 2024 02:58
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
…nary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
…ew comment.

Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
@lokeshrangineni lokeshrangineni merged commit 0aad7a8 into RHEcosystemAppEng:feast-rbac Aug 11, 2024
14 checks passed
redhatHameed pushed a commit that referenced this pull request Aug 14, 2024
* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
redhatHameed pushed a commit that referenced this pull request Aug 14, 2024
* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
redhatHameed pushed a commit that referenced this pull request Aug 14, 2024
* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
redhatHameed pushed a commit that referenced this pull request Aug 19, 2024
* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
redhatHameed added a commit that referenced this pull request Aug 21, 2024
* initial commit

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed linting issues (but 1)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* deleted AuthzedResource and moved types to the Permission class

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* using pytest.mark.parametrize tests

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* moved decorator to decorator module

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* parametrized decision tests

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added matcher and action modules. Added global assert_permissions function

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed linting error

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Managing with_subclasses flag and overriding it in case it's an abstract class like DataSource

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Permission includes a single Policy

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* completed docstrings for permissions package

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed inter issues

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Changed roles matching rule from "all" to "any"

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* removed test code

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* hiding sensitive data (false positive, anyway)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added filter_only flag to assert_permissions and returning a list of filtered resources instead of PermissionError

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added the option to return the single resource, or None

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* separate validating functions: assert_permission and filtered_resources

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Applied review comments

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Added test
- Fixed missing property to permission
- Changed code following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Added test
- Fixed delete and apply permission

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* replaced aggregated actions with aliases for QUERY and WRITE and ALL

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Updated user guide

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Updated enum in proto

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Fixed test errors following refactor
- Added test

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Store and Manage permissions in the Registry
- Removed redundant property
- Added tags filter option to list_permissions

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added permission assert check for registry server, offline server, online server functions

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix linter after rebase

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added the documents reference for permissions for online, offline, registry server endpoints.

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating code review comments to parse the auth block from the f… (#36)

* Incorporating code review comments to parse the auth block from the feature_store.yaml file.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Incorporating code review comments - renaming type from k8 to kubernetes.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

---------

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* definition and integration of auth manager in feast offline and online servers

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* typo

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* duplicated if

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* renamed functions with long name

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* using User class instead of RoleManager (completely removed)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Feed SecurityManager with Registry instance to fetch the actual permissions

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed linter

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* review comments

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed broken IT

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding registry server (UT to be completed)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix linter

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* passing auth manager type from config

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* used auth config to set auth manager type

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* inject the user details

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* created decorator function and applied to arrow function for injecting the user detail:wq

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* code review fixes including the unit test and integration test as suggested

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Implementation of oidc client authentication. (#40)

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Incorporating code review comments.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

---------

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Added authentication header for client grpc calls

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added auth configuration for arrow flight client

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix linter

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Propagating auth config to token parser in server init

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* adding headers and client_secret to token request

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* working E2E test of authenticated registy server

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* renamed test

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fixed broken test

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix rebase issues

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix rebase issues

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* CLI command "feast permissions list"
- Added missing dependency

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Client module-grpc
- Added missing auth header for calls to remote registry

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix auth tests with permissions
- Made changes to enforcer ana security manager permission checking logic

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

---------

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added check and list-roles subcommands

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* typo

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added comment in cli_utils to remind the original function from which this logic was derived

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* 1) Fixing an issue with the way getting markers after changing the fixture scope to module. Now looking up the markers coming from the entire module run.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fixed bug in GetPermission API

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Permission CRUD test

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added feast-rbac example

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added support to read the token from enviroment variable to run from local

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fix the header for arrow fligth

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix the header issue

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added permissions apply file

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* set the user in the grpc server

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* added roles and updated permission with all roles

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* updated chart to include the service account

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* created client example with roles and updated installation/cleanup script

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* rebased with master

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

---------

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fixed DecisionStrategy not persisted
- Implemented review comments

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Revert "Fix decision strategy not saved"

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Dropped global decision strategy

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* updated rbac demo example

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding permissions directly instead of from the common place for the online read integration tests.
Cleaned up some minor changes to fix the unpredictable issue with the feature server process.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Initial Draft version to the tests with remote offline server with OIDC authentication permissions. Happy path only.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Abstracting the specific code for Offline Permissions by creating new class for PermissionsEnvironment.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Formatting the python files using make format-python.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>

---------

Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding the extra writer permission to fix the integration test issue with offline server.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Try to fix java integration test - ModuleNotFoundError: No module named 'feast.permissions.server'

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix java integration test - ModuleNotFoundError: No module named 'jwt'

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix java integration test - ModuleNotFoundError: No module named 'kubernetes'

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Adding missing permissions for offline store test cases - classes FileSource, FeatureService classes. (#64)

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Updating the offline integration test permissions.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* updated test.py file for rbac-example

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix the DeleteFeatureView function to handle stream feature view type

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Updating permissions of the integration test cases to address code review comments and also check if the online_read integration test fixes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating the code review comments from Francisco on upstream PR.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <farceo@redhat.com>
Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <farceo@redhat.com>
Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <farceo@redhat.com>
Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Small fixes (#71)

* Improved permission denial log

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

---------

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* commented/removed oidc tests to verify  integration test
commented/removed test_auth_permission.py file

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Enabling the keycloak related integration tests and also initializing the keycloak only once in the entire run.
Reduced the number of works and increased the duration as well.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Making number of workers back to 8 and enabled the test_remote_online_store_read

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Making number of workers to 4.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating the code review comments from Tornike to use @pytest.mark.xdist_group(name="keycloak").

Reverting number of markers from 4 to 8 for the make file target test-python-integration-local.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Reverting number of workers from 8 to 4.
Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Reverting number of workers from 8 to 4. Reverting the marker @pytest.mark.xdist_group(name="keycloak")
Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Reverting number of workers from 8 to 4 for make target test-python-integration-local

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Added the arrow flight interceptor to inject the auth header. (#68)

* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* removed with_subclasses option (it's the default and unique behavior)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* a full, minimal, reproducible example of the RBAC feature

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Add missing required_tags to permission object and cli info
- Add missing required_tags to permission object
- added required_tags to cli info

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Fixed the registry apply function assertation

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* removed the examples

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Integrated comment

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* removed the firebase depdency and fix the doc conflicts

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Permission resources miss the created_timestamp and last_updated_timestamp fields

Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>

* remove error incase if user has no roles assinged incase unthorized user

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* renamed READ action to DESCRIBE

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* Specified authorization manager and authorization configuration

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* fix the linter and remove subclass from doc

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* addressed the pr reivew comments

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Incorporating code review comment and this file is not needed.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* Addressed the review comments on the PR

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* Reducing the markers from 8 to 4 to see if it fixes the issues with memory.

Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>

* addresses feedback on rbac doc

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* rename action name from QUERY to READ

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

* fix the doc to replace query with read

Signed-off-by: Abdul Hameed <ahameed@redhat.com>

---------

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
Signed-off-by: Theodor Mihalache <tmihalac@redhat.com>
Signed-off-by: Lokesh Rangineni <lokeshforjava@gmail.com>
Signed-off-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Co-authored-by: Theodor Mihalache <tmihalac@redhat.com>
Co-authored-by: Abdul Hameed <ahameed@redhat.com>
Co-authored-by: lokeshrangineni <lokeshforjava@gmail.com>
Co-authored-by: Lokesh Rangineni <19699092+lokeshrangineni@users.noreply.github.com>
Co-authored-by: Francisco Arceo <farceo@redhat.com>
@lokeshrangineni lokeshrangineni deleted the feature/feast-arrow-interceptor-rebased branch October 23, 2024 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants