-
Notifications
You must be signed in to change notification settings - Fork 1.4k
feat: Feast Security Model (aka RBAC) #4380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
franciscojavierarceo
merged 170 commits into
feast-dev:master
from
RHEcosystemAppEng:feast-rbac
Aug 21, 2024
Merged
Changes from 1 commit
Commits
Show all changes
170 commits
Select commit
Hold shift + click to select a range
4390a41
initial commit
dmartinol a4859b7
fixed linting issues (but 1)
dmartinol 1f6d6f3
deleted AuthzedResource and moved types to the Permission class
dmartinol a2fa5de
using pytest.mark.parametrize tests
dmartinol d906554
moved decorator to decorator module
dmartinol 21d29a8
parametrized decision tests
dmartinol f477add
Added matcher and action modules. Added global assert_permissions fun…
dmartinol 30ee844
fixed linting error
dmartinol 183d0c4
Managing with_subclasses flag and overriding it in case it's an abstr…
dmartinol e4a0f9f
Permission includes a single Policy
dmartinol b5c5af1
completed docstrings for permissions package
dmartinol dd15dd9
fixed inter issues
dmartinol 7d7a787
Changed roles matching rule from "all" to "any"
dmartinol bb857e2
Introducing permission framework and authorization manager in user gu…
dmartinol abf384f
removed test code
dmartinol 8fb5227
hiding sensitive data (false positive, anyway)
dmartinol ae01740
Added filter_only flag to assert_permissions and returning a list of …
dmartinol 7b02d26
added the option to return the single resource, or None
dmartinol ad6765b
separate validating functions: assert_permission and filtered_resources
dmartinol b1fbdb6
Store and Manage permissions in the Registry
tmihalac a9d7a92
Applied review comments
tmihalac 1534a8d
Store and Manage permissions in the Registry
tmihalac a21845d
Store and Manage permissions in the Registry
tmihalac e06a631
Store and Manage permissions in the Registry
tmihalac 4fadb7b
Store and Manage permissions in the Registry
tmihalac 7d17c78
Store and Manage permissions in the Registry
tmihalac ec079a6
Store and Manage permissions in the Registry
tmihalac aef0747
Store and Manage permissions in the Registry
tmihalac 14ea4c2
replaced aggregated actions with aliases for QUERY and WRITE and ALL
dmartinol 98eed44
Updated user guide
dmartinol 78decaa
Updated enum in proto
dmartinol a02602d
Store and Manage permissions in the Registry
tmihalac 6fba046
Store and Manage permissions in the Registry
tmihalac 4408be5
Added permission assert check for registry server, offline server, on…
redhatHameed 34c151c
Fix linter after rebase
redhatHameed aa0758c
CLI command "feast permissions list"
tmihalac fbe1bd5
CLI command "feast permissions list"
tmihalac 87710cb
CLI command "feast permissions list"
tmihalac e9ff6e6
added the documents reference for permissions for online, offline, re…
redhatHameed 679579e
Incorporating code review comments to parse the auth block from the f…
lokeshrangineni 1085b99
definition and integration of auth manager in feast offline and onlin…
dmartinol 7bfc945
typo
dmartinol d988846
duplicated if
dmartinol 07211da
renamed functions with long name
dmartinol 5386419
using User class instead of RoleManager (completely removed)
dmartinol 0548aea
Feed SecurityManager with Registry instance to fetch the actual permi…
dmartinol a921f07
fixed linter
dmartinol f0b95c8
review comments
dmartinol f8a7140
fixed broken IT
dmartinol 95eca10
Adding registry server (UT to be completed)
dmartinol 8d42fcf
fix linter
dmartinol ef6d21f
passing auth manager type from config
dmartinol 86a2e6b
used auth config to set auth manager type
redhatHameed 9fc6db7
inject the user details
redhatHameed ea97997
created decorator function and applied to arrow function for injectin…
redhatHameed 711374a
code review fixes including the unit test and integration test as sug…
redhatHameed 6899f41
Implementation of oidc client authentication. (#40)
lokeshrangineni 7b6561e
Client module-grpc
tmihalac bc086ef
Client module-grpc
tmihalac fb48f1a
Client module-grpc
tmihalac 0158cfd
Client module-grpc
tmihalac 2dbf6b1
Client module-grpc
tmihalac 6ac6c01
Client module-grpc
tmihalac dc99e59
Client module-grpc
tmihalac aaeb7b7
Client module-grpc
tmihalac 23ac8a6
added auth configuration for arrow flight client
redhatHameed c7e92a0
Client module-grpc
tmihalac 77abd12
fix linter
dmartinol c6e9638
Propagating auth config to token parser in server init
dmartinol 53d7d10
adding headers and client_secret to token request
dmartinol fcd7419
working E2E test of authenticated registy server
dmartinol f3e36d2
renamed test
dmartinol 811dc83
fixed broken test
dmartinol 7dca956
fix rebase issues
dmartinol d2a9f6c
fix rebase issues
dmartinol 92198de
Adding the auth client documentations and unit testing for auth clien…
lokeshrangineni 2cf1f00
Adding the auth client documentations and unit testing for auth clien…
lokeshrangineni 74fe957
Incorporating code review comments.
lokeshrangineni 3b43c04
Incorporating code review comments.
lokeshrangineni a83c5a6
Introducing permission framework and authorization manager in user gu…
dmartinol ce6413b
CLI command "feast permissions list"
tmihalac a400f8f
Client module-grpc
tmihalac dcec0cb
Fix auth tests with permissions
tmihalac db1cfd6
Fix auth tests with permissions
tmihalac 93e6f4d
Fix auth tests with permissions
tmihalac a0a68ef
Fix auth tests with permissions
tmihalac b4e0e08
Moved the common fixtures to the root conftest.py or auth_permissions…
lokeshrangineni 137fed1
added check and list-roles subcommands
dmartinol 716e099
typo
dmartinol bacd4a1
added comment in cli_utils to remind the original function from which…
dmartinol d76e3c4
1) Updating the existing integration test with auth permissions confi…
lokeshrangineni 5fff1ff
Moved the common fixtures to the root conftest.py or auth_permissions…
lokeshrangineni 23d9a31
Adding missed dependency and regenerated the requirements files.
lokeshrangineni 49fd90d
1) Updating the existing integration test with auth permissions confi…
lokeshrangineni 6a96e70
1) Fixing an issue with the way getting markers after changing the fi…
lokeshrangineni 9308731
Fixed bug in GetPermission API
dmartinol 6538db6
Permission CRUD test
dmartinol c9bdbbe
Added feast-rbac example
redhatHameed 3ab7087
Added support to read the token from enviroment variable to run from …
redhatHameed b260756
Fix the header for arrow fligth
redhatHameed 269cc33
fix the header issue
redhatHameed 741010d
added permissions apply file
redhatHameed 8c1993b
set the user in the grpc server
redhatHameed 6558760
added roles and updated permission with all roles
redhatHameed cb4add7
updated chart to include the service account
redhatHameed bf4ac90
created client example with roles and updated installation/cleanup sc…
redhatHameed d7defc1
rebased with master
redhatHameed 190e609
Moved the common fixtures to the root conftest.py or auth_permissions…
lokeshrangineni 542f389
Fixed DecisionStrategy not persisted
tmihalac bdd4fd6
Fixed DecisionStrategy not persisted
tmihalac 571d9c6
Fixed DecisionStrategy not persisted
tmihalac de34a11
Revert "Fix decision strategy not saved"
dmartinol 900bc86
Dropped global decision strategy
dmartinol 065c99c
updated rbac demo example
redhatHameed 444ae71
Adding permissions directly instead of from the common place for the …
lokeshrangineni 86ec133
Initial Draft version to the tests with remote offline server with OI…
lokeshrangineni 1fcb89d
Abstracting the specific code for Offline Permissions by creating new…
lokeshrangineni 787105b
Formatting the python files using make format-python.
lokeshrangineni 2f169df
Separated the permissions for online, offline and registry servers. m…
lokeshrangineni af35739
Separated the permissions for online, offline and registry servers. m…
lokeshrangineni 0333c56
Created the grpc client auth header interceptor and removed the manua…
lokeshrangineni 9c42cfb
Created the grpc client auth header interceptor and removed the manua…
lokeshrangineni b51e58c
fix: java to proto failing
tmihalac bc1f30c
CLI command "feast permissions list"
tmihalac 63fa1e8
Moved the common fixtures to the root conftest.py or auth_permissions…
lokeshrangineni 8c17cf8
fix: java to proto failing
tmihalac 035f197
Adding the extra writer permission to fix the integration test issue …
lokeshrangineni f98b8d1
Try to fix java integration test - ModuleNotFoundError: No module nam…
tmihalac 7c7ec37
fix java integration test - ModuleNotFoundError: No module named 'jwt'
tmihalac 414cd48
fix java integration test - ModuleNotFoundError: No module named 'kub…
tmihalac 7631099
Adding missing permissions for offline store test cases - classes Fil…
lokeshrangineni 54a8392
Updating the offline integration test permissions.
lokeshrangineni 366e288
updated test.py file for rbac-example
redhatHameed cdb19fa
fix the DeleteFeatureView function to handle stream feature view type
redhatHameed 3b06316
Updating permissions of the integration test cases to address code re…
lokeshrangineni 61f5ef1
Incorporating the code review comments from Francisco on upstream PR.
lokeshrangineni 5b67a6c
Update docs/getting-started/concepts/permission.md
dmartinol ab454be
Update docs/getting-started/concepts/permission.md
dmartinol 8cfe18f
Update docs/getting-started/concepts/permission.md
dmartinol 7e8bfaa
Small fixes (#71)
dmartinol 6418549
commented/removed oidc tests to verify integration test
redhatHameed f79b6ec
Enabling the keycloak related integration tests and also initializing…
lokeshrangineni bebd292
Making number of workers back to 8 and enabled the test_remote_online…
lokeshrangineni e6b5e4c
Making number of workers to 4.
lokeshrangineni 33bb445
Incorporating the code review comments from Tornike to use @pytest.ma…
lokeshrangineni 12895c0
Reverting number of workers from 8 to 4.
lokeshrangineni 9951489
Reverting number of workers from 8 to 4. Reverting the marker @pytest…
lokeshrangineni 71e4044
Reverting number of workers from 8 to 4 for make target test-python-i…
lokeshrangineni fd1243b
Added the arrow flight interceptor to inject the auth header. (#68)
lokeshrangineni 807c0f5
removed with_subclasses option (it's the default and unique behavior)
dmartinol a8abd21
a full, minimal, reproducible example of the RBAC feature
dmartinol 1183fbd
Add missing required_tags to permission object and cli info
tmihalac 063a87f
Fixed the registry apply function assertation
redhatHameed 4922b8b
removed the examples
redhatHameed 7c9389d
Integrated comment
dmartinol 3ff811e
removed the firebase depdency and fix the doc conflicts
redhatHameed 0498d3f
Introducing permission framework and authorization manager in user gu…
dmartinol 23c829f
Permission resources miss the created_timestamp and last_updated_time…
tmihalac 6c5e2c7
remove error incase if user has no roles assinged incase unthorized user
redhatHameed 8409014
renamed READ action to DESCRIBE
dmartinol fdf331f
Specified authorization manager and authorization configuration
dmartinol 3a4f122
fix the linter and remove subclass from doc
redhatHameed acf2190
addressed the pr reivew comments
redhatHameed 136719e
Incorporating code review comment and this file is not needed.
lokeshrangineni 9e3efe2
Addressed the review comments on the PR
redhatHameed 5534044
Reducing the markers from 8 to 4 to see if it fixes the issues with m…
lokeshrangineni 09893af
addresses feedback on rbac doc
redhatHameed 2581335
rename action name from QUERY to READ
redhatHameed f04150a
Merge pull request #84 from redhatHameed/query-to-read
redhatHameed 3f1cd9c
fix the doc to replace query with read
redhatHameed File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Updated enum in proto
Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com> Signed-off-by: Abdul Hameed <ahameed@redhat.com>
- Loading branch information
commit 78decaaf2f7801753a22a6fee0975d8269eec767
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.