-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Feast Security Model (aka RBAC) #4380
feat: Feast Security Model (aka RBAC) #4380
Conversation
13c57d4
to
c456222
Compare
This is gonna take a while 😄 |
e7b67ce
to
5674629
Compare
Hey, this is a great feature and also a big PR. Maybe it's better to walk us through the design, implementation, demo etc. in the next standup to get us understanding it better? |
sure, this will be a good idea. |
9b8f88d
to
0a3a3ba
Compare
@tokoko we realized that when the remote registry (transparently) invokes a server API, there's no way to catch a Should we create an issue to extend the registry server to add error details and the registry client to convert the grpc error into the original Exception? I don't think this has to be part of the RBAC commit. @redhatHameed FYI this is also the root cause of the error in the demo setup
|
@dmartinol sure, sounds like a bug to me. That should be tested in registry tests as well, I think. please go ahead and create a ticket. |
In the PR template you say
Did you mean "To avoid backward incompatibility with.." |
|
||
## Introduction | ||
|
||
Role-Based Access Control (RBAC) is a security mechanism that restricts access to resources based on the roles of individual users within an organization. In the context of the Feast Feature Store, RBAC ensures that only authorized users or groups can access or modify specific resources, thereby maintaining data security and operational integrity. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Role-Based Access Control (RBAC) is a security mechanism that restricts access to resources based on the roles of individual users within an organization. In the context of the Feast Feature Store, RBAC ensures that only authorized users or groups can access or modify specific resources, thereby maintaining data security and operational integrity. | |
Role-Based Access Control (RBAC) is a security mechanism that restricts access to resources based on the roles of individual users within an organization. In the context of the Feast Feature Store, RBAC ensures that only authorized users or groups can access or modify specific resources, thereby maintaining data security and operational integrity. |
Role-Based Access Control (RBAC) is a security mechanism that restricts access to resources based on the roles of individual users within an organization. In the context of the Feast Feature Store, RBAC ensures that only authorized users or groups can access or modify specific resources, thereby maintaining data security and operational integrity. | |
Role-Based Access Control (RBAC) is a security mechanism that restricts access to resources based on the roles of individual users within an organization. In the context of the Feast, RBAC ensures that only authorized users or groups can access or modify specific resources, thereby maintaining data security and operational integrity. |
|
||
## Functional Requirements | ||
|
||
The RBAC implementation in Feast Feature Store is designed to: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The RBAC implementation in Feast Feature Store is designed to: | |
The RBAC implementation in Feast is designed to: |
|
||
## Business Goals | ||
|
||
The primary business goals of implementing RBAC in the Feast Feature Store are: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The primary business goals of implementing RBAC in the Feast Feature Store are: | |
The primary business goals of implementing RBAC in the Feast are: |
|
||
The primary business goals of implementing RBAC in the Feast Feature Store are: | ||
|
||
1. **Feature Sharing**: Enable multiple teams to share the feature store while ensuring controlled access to data partitions. This allows for collaborative work without compromising data security. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. **Feature Sharing**: Enable multiple teams to share the feature store while ensuring controlled access to data partitions. This allows for collaborative work without compromising data security. | |
1. **Feature Sharing**: Enable multiple teams to share the feature store while ensuring controlled access. This allows for collaborative work without compromising data security. |
|
||
## Reference Architecture | ||
|
||
The Feast Feature Store operates as a collection of connected services, each enforcing authorization permissions. The architecture is designed as a distributed microservices system with the following key components: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Feast Feature Store operates as a collection of connected services, each enforcing authorization permissions. The architecture is designed as a distributed microservices system with the following key components: | |
Feast operates as a collection of connected services, each enforcing authorization permissions. The architecture is designed as a distributed microservices system with the following key components: |
|
||
The Feast Feature Store operates as a collection of connected services, each enforcing authorization permissions. The architecture is designed as a distributed microservices system with the following key components: | ||
|
||
- **Service Endpoints**: These enforce authorization permissions, ensuring that only authorized requests are processed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you confirm that these three are correct? i know this was generated with an LLM (which is fine!) but I think some of this may not be right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's correct, simplified it more .
note Service-to-Service Communication
this feature not yet part of this PR will be implementation next PRs.
- **Action**: A logical operation performed on a resource, such as Create, Describe, Update, Delete, query, or write operations. | ||
- **Policy**: A set of rules that enforce authorization decisions on resources. The default implementation uses role-based policies. | ||
|
||
### Configuring Permissions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as the architecture is meant to give a motivation and not the implementation details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last changes. The architecture section should be pretty high level. I believe some of what you added to a PR is included in other documentation. If it's not, can you add it to the components section? I like the documentation, I just think it's better served under the components section.
After that I think we're good.
) | ||
``` | ||
|
||
### Enforcing Permission Policy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as well.
```python | ||
assert_permissions( | ||
resource=feature_service, | ||
actions=[AuthzedAction.QUERY_ONLINE] | ||
) | ||
``` | ||
|
||
## Use Cases | ||
|
||
### Tag-Based Permission |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as well.
) | ||
``` | ||
|
||
### Name-Based Permission |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as well.
3. **Policy Enforcer**: Validates the secured endpoint against the retrieved user details. | ||
4. **Token Injector**: Adds the authorization token to each secured request header. | ||
|
||
### OIDC Authorization |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as well.
auth_server_url: _OIDC_SERVER_URL_ | ||
``` | ||
|
||
### Kubernetes Authorization |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this section as well.
…emory. Signed-off-by: Lokesh Rangineni <[email protected]>
Agreed was repetition these are already aded into components section, hence removed from here. |
bd1a3f0
to
54a3aa6
Compare
README.md
Outdated
@@ -16,9 +16,6 @@ | |||
[![License](https://img.shields.io/badge/License-Apache%202.0-blue)](https://github.com/feast-dev/feast/blob/master/LICENSE) | |||
[![GitHub Release](https://img.shields.io/github/v/release/feast-dev/feast.svg?style=flat&sort=semver&color=blue)](https://github.com/feast-dev/feast/releases) | |||
|
|||
## Join us on Slack! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you revert this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Signed-off-by: Abdul Hameed <[email protected]>
54a3aa6
to
09893af
Compare
Signed-off-by: Abdul Hameed <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amazing work here, thanks for taking in all of the changes!
/lgtm
@tokoko @franciscojavierarceo Thanks for taking time to review and approve this Next PRs will handle:
Also if there is no any further concern can you merge this Thanks |
* chore: Update language.md (feast-dev#4412) Update language.md * feat: Create ADOPTERS.md (feast-dev#4410) * Create ADOPTERS.md * Update ADOPTERS.md * fix: Using repo_config parameter in teardown to allow for feature-store-yaml overrides (feast-dev#4413) * fix: using repo_config parameter in teardown to allow for feature-store-yaml overrides Signed-off-by: Dan Baron <[email protected]> * fix: fixing linting and formatting issues in tests Signed-off-by: Dan Baron <[email protected]> * fix: removing unnecessary Path object construction Signed-off-by: Dan Baron <[email protected]> --------- Signed-off-by: Dan Baron <[email protected]> * feat: Updating docs to include model inference guidelines (feast-dev#4416) Signed-off-by: Francisco Javier Arceo <[email protected]> * fix: Retire pytz library (feast-dev#4406) * fix: Remove pytz. Signed-off-by: Shuchu Han <[email protected]> * fix: Keep the pytz.UTC part in dask.py Signed-off-by: Shuchu Han <[email protected]> --------- Signed-off-by: Shuchu Han <[email protected]> * Update model-inference.md * chore: Auto-detect python version in Makefile (feast-dev#4419) * fix: Default to pandas mode if not specified in ODFV proto in database (feast-dev#4420) * chore: Update SUMMARY.md (feast-dev#4422) Update SUMMARY.md * docs: Updated README template and fixed links to be consistent for HTML (feast-dev#4423) * chore: fixed README template to be consistent with current README Signed-off-by: dandawg <[email protected]> * docs: markdown links consistency with html Signed-off-by: dandawg <[email protected]> --------- Signed-off-by: dandawg <[email protected]> * fix: Add feast-operator Makefile to semantic-release script (feast-dev#4424) Signed-off-by: Tommy Hughes <[email protected]> * feat: Add health check service to registry server (feast-dev#4421) Signed-off-by: Bhargav Dodla <[email protected]> Co-authored-by: Bhargav Dodla <[email protected]> * feat: Feast Security Model (aka RBAC) (feast-dev#4380) * initial commit Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed linting issues (but 1) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * deleted AuthzedResource and moved types to the Permission class Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * using pytest.mark.parametrize tests Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * moved decorator to decorator module Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * parametrized decision tests Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Added matcher and action modules. Added global assert_permissions function Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed linting error Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Managing with_subclasses flag and overriding it in case it's an abstract class like DataSource Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Permission includes a single Policy Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * completed docstrings for permissions package Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed inter issues Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Changed roles matching rule from "all" to "any" Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * removed test code Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * hiding sensitive data (false positive, anyway) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Added filter_only flag to assert_permissions and returning a list of filtered resources instead of PermissionError Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * added the option to return the single resource, or None Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * separate validating functions: assert_permission and filtered_resources Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Applied review comments Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Fixes to code - Made test case broader Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Fixed incorrectly recognized linter error Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Added test - Fixed missing property to permission - Changed code following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Fixes to code - Made test case broader Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Fixed incorrectly recognized linter error Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Added test - Fixed delete and apply permission Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * replaced aggregated actions with aliases for QUERY and WRITE and ALL Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Updated user guide Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Updated enum in proto Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Fixed test errors following refactor - Added test Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Store and Manage permissions in the Registry - Removed redundant property - Added tags filter option to list_permissions Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Added permission assert check for registry server, offline server, online server functions Signed-off-by: Abdul Hameed <[email protected]> * Fix linter after rebase Signed-off-by: Abdul Hameed <[email protected]> * CLI command "feast permissions list" Added cli command permissions Added tags parameter to list_validation_references and list_saved_datasets in registry Added list_validation_references and list_saved_datasets apis to feature_store Added missing tags parameters to registry_server methods Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * CLI command "feast permissions list" - Changes following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * CLI command "feast permissions list" - Changes following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * added the documents reference for permissions for online, offline, registry server endpoints. Signed-off-by: Abdul Hameed <[email protected]> * Incorporating code review comments to parse the auth block from the f… (feast-dev#36) * Incorporating code review comments to parse the auth block from the feature_store.yaml file. Signed-off-by: Lokesh Rangineni <[email protected]> * Incorporating code review comments - renaming type from k8 to kubernetes. Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * definition and integration of auth manager in feast offline and online servers Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * typo Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * duplicated if Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * renamed functions with long name Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * using User class instead of RoleManager (completely removed) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Feed SecurityManager with Registry instance to fetch the actual permissions Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed linter Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * review comments Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed broken IT Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding registry server (UT to be completed) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix linter Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * passing auth manager type from config Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * used auth config to set auth manager type Signed-off-by: Abdul Hameed <[email protected]> * inject the user details Signed-off-by: Abdul Hameed <[email protected]> * created decorator function and applied to arrow function for injecting the user detail:wq Signed-off-by: Abdul Hameed <[email protected]> * code review fixes including the unit test and integration test as suggested Signed-off-by: Abdul Hameed <[email protected]> * Implementation of oidc client authentication. (feast-dev#40) * Adding initial draft code to manage the oidc client authentication. Signed-off-by: Lokesh Rangineni <[email protected]> * Adding initial draft code to manage the oidc client authentication. Signed-off-by: Lokesh Rangineni <[email protected]> * Incorporating code review comments. Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Added authentication header for client grpc calls Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * added auth configuration for arrow flight client Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Made changes following code review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix linter Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Propagating auth config to token parser in server init Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * adding headers and client_secret to token request Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * working E2E test of authenticated registy server Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * renamed test Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fixed broken test Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix rebase issues Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix rebase issues Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding the auth client documentations and unit testing for auth client code. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding the auth client documentations and unit testing for auth client code. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Incorporating code review comments. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Incorporating code review comments. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * CLI command "feast permissions list" - Added missing dependency Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Client module-grpc - Added missing auth header for calls to remote registry Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fix auth tests with permissions - Made changes to enforcer ana security manager permission checking logic Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fix auth tests with permissions - Made changes following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fix auth tests with permissions - Made changes following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fix auth tests with permissions - Made changes following review Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Moved the common fixtures to the root conftest.py or auth_permissions_util.py (feast-dev#54) * Moved the common fixtures to the root conftest.py or auth_permissions_util.py Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Adding missed dependency and regenerated the requirements files. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Addinig missing changes from the original PR. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * added check and list-roles subcommands Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * typo Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * added comment in cli_utils to remind the original function from which this logic was derived Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * 1) Updating the existing integration test with auth permissions configurations. 2) Refactored the common code and moved to the util class and common conftest.py file. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Moved the common fixtures to the root conftest.py or auth_permissions_util.py Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding missed dependency and regenerated the requirements files. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * 1) Updating the existing integration test with auth permissions configurations. 2) Refactored the common code and moved to the util class and common conftest.py file. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * 1) Fixing an issue with the way getting markers after changing the fixture scope to module. Now looking up the markers coming from the entire module run. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fixed bug in GetPermission API Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Permission CRUD test Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Added feast-rbac example Signed-off-by: Abdul Hameed <[email protected]> * Added support to read the token from enviroment variable to run from local Signed-off-by: Abdul Hameed <[email protected]> * Fix the header for arrow fligth Signed-off-by: Abdul Hameed <[email protected]> * fix the header issue Signed-off-by: Abdul Hameed <[email protected]> * added permissions apply file Signed-off-by: Abdul Hameed <[email protected]> * set the user in the grpc server Signed-off-by: Abdul Hameed <[email protected]> * added roles and updated permission with all roles Signed-off-by: Abdul Hameed <[email protected]> * updated chart to include the service account Signed-off-by: Abdul Hameed <[email protected]> * created client example with roles and updated installation/cleanup script Signed-off-by: Abdul Hameed <[email protected]> * rebased with master Signed-off-by: Abdul Hameed <[email protected]> * Moved the common fixtures to the root conftest.py or auth_permissions_util.py (feast-dev#54) * Moved the common fixtures to the root conftest.py or auth_permissions_util.py Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Adding missed dependency and regenerated the requirements files. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Addinig missing changes from the original PR. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fixed DecisionStrategy not persisted Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fixed DecisionStrategy not persisted Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fixed DecisionStrategy not persisted - Implemented review comments Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Revert "Fix decision strategy not saved" Signed-off-by: Abdul Hameed <[email protected]> * Dropped global decision strategy Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * updated rbac demo example Signed-off-by: Abdul Hameed <[email protected]> * Adding permissions directly instead of from the common place for the online read integration tests. Cleaned up some minor changes to fix the unpredictable issue with the feature server process. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Initial Draft version to the tests with remote offline server with OIDC authentication permissions. Happy path only. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Abstracting the specific code for Offline Permissions by creating new class for PermissionsEnvironment. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Formatting the python files using make format-python. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Created the grpc client auth header interceptor and removed the manual injection of the header. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Created the grpc client auth header interceptor and removed the manual injection of the header. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix: java to proto failing - changed java_outer_classname for Permission.proto and Policy.proto - removed experimental optional from permission proto Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * CLI command "feast permissions list" Added cli command permissions Added tags parameter to list_validation_references and list_saved_datasets in registry Added list_validation_references and list_saved_datasets apis to feature_store Added missing tags parameters to registry_server methods Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Moved the common fixtures to the root conftest.py or auth_permissions_util.py (feast-dev#54) * Moved the common fixtures to the root conftest.py or auth_permissions_util.py Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Adding missed dependency and regenerated the requirements files. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> * Addinig missing changes from the original PR. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix: java to proto failing - changed java_outer_classname for Permission.proto and Policy.proto - removed experimental optional from permission proto Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding the extra writer permission to fix the integration test issue with offline server. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Try to fix java integration test - ModuleNotFoundError: No module named 'feast.permissions.server' Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix java integration test - ModuleNotFoundError: No module named 'jwt' Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * fix java integration test - ModuleNotFoundError: No module named 'kubernetes' Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Adding missing permissions for offline store test cases - classes FileSource, FeatureService classes. (feast-dev#64) Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Updating the offline integration test permissions. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * updated test.py file for rbac-example Signed-off-by: Abdul Hameed <[email protected]> * fix the DeleteFeatureView function to handle stream feature view type Signed-off-by: Abdul Hameed <[email protected]> * Updating permissions of the integration test cases to address code review comments and also check if the online_read integration test fixes. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Incorporating the code review comments from Francisco on upstream PR. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Update docs/getting-started/concepts/permission.md Co-authored-by: Francisco Arceo <[email protected]> Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Update docs/getting-started/concepts/permission.md Co-authored-by: Francisco Arceo <[email protected]> Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Update docs/getting-started/concepts/permission.md Co-authored-by: Francisco Arceo <[email protected]> Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Small fixes (feast-dev#71) * Improved permission denial log Signed-off-by: Daniele Martinoli <[email protected]> * Added leeway option to accept tokens released in the past (up to 10") Signed-off-by: Daniele Martinoli <[email protected]> --------- Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * commented/removed oidc tests to verify integration test commented/removed test_auth_permission.py file Signed-off-by: Abdul Hameed <[email protected]> * Enabling the keycloak related integration tests and also initializing the keycloak only once in the entire run. Reduced the number of works and increased the duration as well. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Making number of workers back to 8 and enabled the test_remote_online_store_read Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Making number of workers to 4. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Incorporating the code review comments from Tornike to use @pytest.mark.xdist_group(name="keycloak"). Reverting number of markers from 4 to 8 for the make file target test-python-integration-local. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Reverting number of workers from 8 to 4. Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Reverting number of workers from 8 to 4. Reverting the marker @pytest.mark.xdist_group(name="keycloak") Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Reverting number of workers from 8 to 4 for make target test-python-integration-local Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Added the arrow flight interceptor to inject the auth header. (feast-dev#68) * * Added the arrow flight interceptor to inject the auth header. * Injecting grpc interceptor if it is needed when auth type is not NO_AUTH. Signed-off-by: Lokesh Rangineni <[email protected]> * Fixing the failing integration test cases by setting the header in binary format. Signed-off-by: Lokesh Rangineni <[email protected]> * Refactored method and moved to factory class to incorporate code review comment. Fixed lint error by removing the type of port. and other minor changes. Signed-off-by: Lokesh Rangineni <[email protected]> * Incorproating code review comments from Daniel. Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * removed with_subclasses option (it's the default and unique behavior) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * a full, minimal, reproducible example of the RBAC feature Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Add missing required_tags to permission object and cli info - Add missing required_tags to permission object - added required_tags to cli info Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Fixed the registry apply function assertation Signed-off-by: Abdul Hameed <[email protected]> * removed the examples Signed-off-by: Abdul Hameed <[email protected]> * Integrated comment Signed-off-by: Daniele Martinoli <[email protected]> * removed the firebase depdency and fix the doc conflicts Signed-off-by: Abdul Hameed <[email protected]> * Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated) Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> * Permission resources miss the created_timestamp and last_updated_timestamp fields Signed-off-by: Theodor Mihalache <[email protected]> * remove error incase if user has no roles assinged incase unthorized user Signed-off-by: Abdul Hameed <[email protected]> * renamed READ action to DESCRIBE Signed-off-by: Daniele Martinoli <[email protected]> * Specified authorization manager and authorization configuration Signed-off-by: Daniele Martinoli <[email protected]> * fix the linter and remove subclass from doc Signed-off-by: Abdul Hameed <[email protected]> * addressed the pr reivew comments Signed-off-by: Abdul Hameed <[email protected]> * Incorporating code review comment and this file is not needed. Signed-off-by: Lokesh Rangineni <[email protected]> * Addressed the review comments on the PR Signed-off-by: Abdul Hameed <[email protected]> * Reducing the markers from 8 to 4 to see if it fixes the issues with memory. Signed-off-by: Lokesh Rangineni <[email protected]> * addresses feedback on rbac doc Signed-off-by: Abdul Hameed <[email protected]> * rename action name from QUERY to READ Signed-off-by: Abdul Hameed <[email protected]> * fix the doc to replace query with read Signed-off-by: Abdul Hameed <[email protected]> --------- Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Co-authored-by: Theodor Mihalache <[email protected]> Co-authored-by: Abdul Hameed <[email protected]> Co-authored-by: lokeshrangineni <[email protected]> Co-authored-by: Lokesh Rangineni <[email protected]> Co-authored-by: Francisco Arceo <[email protected]> * chore: Fix rbac url. * fix: Links to the RBAC documentation under Concepts and Components (feast-dev#4430) * fix the rbac docs links Signed-off-by: Abdul Hameed <[email protected]> * fix: links to the RBAC documentation under Concepts and Components sections Signed-off-by: Abdul Hameed <[email protected]> --------- Signed-off-by: Abdul Hameed <[email protected]> * docs: Reorganize registry docs (feast-dev#4407) * reorganize registry docs Signed-off-by: tokoko <[email protected]> * remove commented out text Signed-off-by: tokoko <[email protected]> * changes in registry.md Signed-off-by: tokoko <[email protected]> --------- Signed-off-by: tokoko <[email protected]> Co-authored-by: tokoko <[email protected]> * chore: Update Slack link * build: Set a proper build-system protobuf version (feast-dev#4438) build: force the protobuf version in the build system so that it is compatible with the runtime dependency Signed-off-by: Yang, Bo <[email protected]> * Update README.md * fix: Typos related to k8s (feast-dev#4442) fix typos Signed-off-by: Brijesh Vora <[email protected]> * feat: Refactoring code to get oidc end points from discovery URL. (feast-dev#4429) * refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config. Signed-off-by: Lokesh Rangineni <[email protected]> * refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config. Signed-off-by: Lokesh Rangineni <[email protected]> * refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config. Signed-off-by: Lokesh Rangineni <[email protected]> * refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config. Signed-off-by: Lokesh Rangineni <[email protected]> * Fixing the issue with pre-commit hook template. Accidentally this was reverted in previous rebase and reverting it now. Signed-off-by: Lokesh Rangineni <[email protected]> --------- Signed-off-by: Lokesh Rangineni <[email protected]> * chore: Mark tests using keycloak with xdist_group (feast-dev#4436) * mark keycloak tests with xdist_group Signed-off-by: tokoko <[email protected]> * apply changes to test-python-integration Signed-off-by: tokoko <[email protected]> --------- Signed-off-by: tokoko <[email protected]> Co-authored-by: tokoko <[email protected]> * fix: Locate feature_store.yaml from __file__ (feast-dev#4443) fix: locate feature_store.yaml from __file__ Signed-off-by: Yang, Bo <[email protected]> * feat: Update roadmap.md (feast-dev#4445) * chore: Remove Rockset from feast (feast-dev#4434) --------- Signed-off-by: Dan Baron <[email protected]> Signed-off-by: Francisco Javier Arceo <[email protected]> Signed-off-by: Shuchu Han <[email protected]> Signed-off-by: dandawg <[email protected]> Signed-off-by: Tommy Hughes <[email protected]> Signed-off-by: Bhargav Dodla <[email protected]> Signed-off-by: Daniele Martinoli <[email protected]> Signed-off-by: Abdul Hameed <[email protected]> Signed-off-by: Theodor Mihalache <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: Lokesh Rangineni <[email protected]> Signed-off-by: tokoko <[email protected]> Signed-off-by: Yang, Bo <[email protected]> Signed-off-by: Brijesh Vora <[email protected]> Co-authored-by: Francisco Arceo <[email protected]> Co-authored-by: Dan Baron <[email protected]> Co-authored-by: Shuchu Han <[email protected]> Co-authored-by: Francisco Arceo <[email protected]> Co-authored-by: Tornike Gurgenidze <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Daniel Dowler <[email protected]> Co-authored-by: Tommy Hughes IV <[email protected]> Co-authored-by: Bhargav Dodla <[email protected]> Co-authored-by: Daniele Martinoli <[email protected]> Co-authored-by: Theodor Mihalache <[email protected]> Co-authored-by: Abdul Hameed <[email protected]> Co-authored-by: lokeshrangineni <[email protected]> Co-authored-by: Lokesh Rangineni <[email protected]> Co-authored-by: tokoko <[email protected]> Co-authored-by: Yang, Bo <[email protected]> Co-authored-by: Yang, Bo <[email protected]>
# [0.41.0](v0.40.0...v0.41.0) (2024-10-26) * chore!: Update @elastic/eui and @emotion/react in Feast UI ([#4597](#4597)) ([b9ddbf9](b9ddbf9)) ### Bug Fixes * Add --chdir to test_workflow.py ([#4453](#4453)) ([6b2f026](6b2f026)) * Add feast-operator files to semantic-release script ([#4382](#4382)) ([8eceff2](8eceff2)) * Add feast-operator Makefile to semantic-release script ([#4424](#4424)) ([d18d01d](d18d01d)) * Added Offline Store Arrow client errors handler ([#4524](#4524)) ([7535b40](7535b40)) * Added Online Store REST client errors handler ([#4488](#4488)) ([2118719](2118719)) * Added Permission API docs ([#4485](#4485)) ([2bd03fa](2bd03fa)) * Added support for multiple name patterns to Permissions ([#4633](#4633)) ([f05e928](f05e928)) * Adding protobuf<5 as a required dependency due to snowflake limitations ([#4537](#4537)) ([cecca83](cecca83)) * Avoid the python 3.9+ threadpool cleanup bug ([#4627](#4627)) ([ba05893](ba05893)) * Bigquery dataset create table disposition ([#4649](#4649)) ([58e03d1](58e03d1)) * Changes template file path to relative path ([#4624](#4624)) ([3e313b1](3e313b1)) * Check for snowflake functions when setting up materialization engine ([#4456](#4456)) ([c365b4e](c365b4e)) * Correctly handle list values in _python_value_to_proto_value ([#4608](#4608)) ([c0a1026](c0a1026)) * Default to pandas mode if not specified in ODFV proto in database ([#4420](#4420)) ([d235832](d235832)) * Deleting data from feast_metadata when we delete project ([#4550](#4550)) ([351a2d0](351a2d0)) * Disable active_timer When registry_ttl_sec is 0 ([#4499](#4499)) ([c94f32f](c94f32f)) * Escape special characters in the Postgres password ([#4394](#4394)) ([419ca5e](419ca5e)) * FeastExtrasDependencyImportError when using SparkOfflineStore without S3 ([#4594](#4594)) ([1ba94f7](1ba94f7)) * Fix Feast project name test ([#4685](#4685)) ([9f41fd6](9f41fd6)) * Fix for SQL registry initialization fails [#4543](#4543) ([#4544](#4544)) ([4e2eacc](4e2eacc)) * Fix gitignore issue ([#4674](#4674)) ([2807dfa](2807dfa)) * Fix online pg import ([#4581](#4581)) ([1f17caa](1f17caa)) * Fix the mypy type check issue. ([#4498](#4498)) ([7ecc615](7ecc615)) * Fix vector store config ([#4583](#4583)) ([11c00d4](11c00d4)) * Fixes validator field access for 'project_id' in BigQuery offline Store ([#4509](#4509)) ([9a0398e](9a0398e)) * Fixing failure of protos during ODFV transformations for missing entities ([#4667](#4667)) ([41aaeeb](41aaeeb)) * Fixing the master branch build failure. ([#4563](#4563)) ([0192b2e](0192b2e)) * Hao xu request source timestamp_field ([#4495](#4495)) ([96344b2](96344b2)) * Ignore the type check as both functions calls are not belonging to Feast code. ([#4500](#4500)) ([867f532](867f532)) * Import grpc only for type checking in errors.py ([#4533](#4533)) ([f308572](f308572)) * Initial commit targetting grpc registry server ([#4458](#4458)) ([484240c](484240c)), closes [#4465](#4465) * Links to the RBAC documentation under Concepts and Components ([#4430](#4430)) ([0a48f7b](0a48f7b)) * Locate feature_store.yaml from __file__ ([#4443](#4443)) ([20290ce](20290ce)) * Logger settings for feature servers and updated logger for permission flow ([#4531](#4531)) ([50b8f23](50b8f23)) * Move tslib from devDependencies to dependencies in Feast UI ([#4525](#4525)) ([c5a4d90](c5a4d90)) * Null value compatibility for unit timestamp list value type ([#4378](#4378)) ([8f264b6](8f264b6)) * Patch FAISS online return signature ([#4671](#4671)) ([0d45e95](0d45e95)) * Quickstart documentation changes ([#4618](#4618)) ([7ac0908](7ac0908)) * Refactor auth_client_manager_factory.py in function get_auth_client_m… ([#4505](#4505)) ([def8633](def8633)) * Remote apply using offline store ([#4559](#4559)) ([ac62a32](ac62a32)) * Remove Feast UI TypeScript dependencies from `peerDependencies` and `dependencies` ([#4554](#4554)) ([e781e16](e781e16)) * Remove unnecessary peer dependencies from Feast UI ([#4577](#4577)) ([9ac7f4e](9ac7f4e)) * Removed protobuf as a required dependency ([#4535](#4535)) ([0fb76e9](0fb76e9)) * Removed the k8s dependency from required dependencies ([#4519](#4519)) ([3073ea5](3073ea5)) * Removed usage of pull_request_target as much as possible to prevent security concerns ([#4549](#4549)) ([3198371](3198371)) * Replaced ClusterRoles with local RoleBindings ([#4625](#4625)) ([ca9fb9b](ca9fb9b)) * Retire pytz library ([#4406](#4406)) ([23c6c86](23c6c86)) * Typos related to k8s ([#4442](#4442)) ([dda0088](dda0088)) * Update java testcontainers to use Compose V2 ([#4381](#4381)) ([9a33fce](9a33fce)) * Update min versions for pyarrow and protobuf ([#4646](#4646)) ([c7ddd4b](c7ddd4b)) * Update react-router-dom to 6.3.0 and restrict its version in Feast UI ([#4556](#4556)) ([4293608](4293608)), closes [#3794](#3794) [/github.com/remix-run/react-router/blob/main/CHANGELOG.md#v630](https://github.com//github.com/remix-run/react-router/blob/main/CHANGELOG.md/issues/v630) * Update the base image for feature-server. ([#4576](#4576)) ([0390d8a](0390d8a)) * Update the base image of materilization engine. ([#4580](#4580)) ([f8592d8](f8592d8)) * Updated README link ([#4669](#4669)) ([35fbdc9](35fbdc9)) * Updating the documentation and adding tests for project length ([#4628](#4628)) ([945b0fa](945b0fa)) * Using get_type_hints instead of inspect signature for udf return annotation ([#4391](#4391)) ([3a32e8a](3a32e8a)) * Using repo_config parameter in teardown to allow for feature-store-yaml overrides ([#4413](#4413)) ([0baeeb5](0baeeb5)) * Validating permission to update an existing request on both the new and the old instance ([#4449](#4449)) ([635a01b](635a01b)) ### Features * Add boto3 session based auth for dynamodb online store for cross account access ([#4606](#4606)) ([00eaf74](00eaf74)) * Add cli list/describe for SavedDatasets, StreamFeatureViews, & … ([#4487](#4487)) ([7b250e5](7b250e5)) * Add connection_name field to Snowflake config ([#4600](#4600)) ([10ce2aa](10ce2aa)) * Add health check service to registry server ([#4421](#4421)) ([46655f0](46655f0)) * Add more __repr__ methods ([#4676](#4676)) ([e726c09](e726c09)) * Add registry methods for dealing with all FV types ([#4435](#4435)) ([ac381b2](ac381b2)) * Added Project object to Feast Objects ([#4475](#4475)) ([4a6b663](4a6b663)) * Added support for reading from Reader Endpoints for AWS Aurora use cases ([#4494](#4494)) ([d793c77](d793c77)) * Adding documentation for On Demand Feature Transformations with writes ([#4607](#4607)) ([8e0c1b5](8e0c1b5)) * Adding mode='python' for get_historical_features on ODFVs ([#4653](#4653)) ([c40d539](c40d539)) * Adding registry cache support for get_on_demand_feature_view ([#4572](#4572)) ([354c059](354c059)) * Adding SSL support for online server ([#4677](#4677)) ([80a5b3c](80a5b3c)) * Adding write capability to online store to on demand feature views ([#4585](#4585)) ([ef9e0bb](ef9e0bb)), closes [#4603](#4603) * Allow feast snowflake to read in byte string for private-key authentication ([#4384](#4384)) ([5215a21](5215a21)) * An action to test operator at PR time ([#4635](#4635)) ([14c1000](14c1000)) * Create ADOPTERS.md ([#4410](#4410)) ([721ec74](721ec74)) * Create initial structure of Feast Go Operator ([#4596](#4596)) ([b5ab6c7](b5ab6c7)) * Faiss and In memory store ([#4464](#4464)) ([a1ff129](a1ff129)) * Feast Security Model (aka RBAC) ([#4380](#4380)) ([1771f66](1771f66)), closes [#36](#36) * Instrument Feast using Prometheus and OpenTelemetry ([#4366](#4366)) ([a571e08](a571e08)) * Intra server to server communication ([#4433](#4433)) ([729c874](729c874)) * Publish TypeScript types in Feast UI package ([#4551](#4551)) ([334e5d7](334e5d7)) * Refactoring code to get oidc end points from discovery URL. ([#4429](#4429)) ([896360a](896360a)) * Return entity key in the retrieval document api ([#4511](#4511)) ([5f5caf0](5f5caf0)) * Update roadmap.md ([#4445](#4445)) ([34238d2](34238d2)) * Update sqlite-vec package ([#4389](#4389)) ([b734cb1](b734cb1)) * Updated Feast model Inference Architecture ([#4570](#4570)) ([8cd0dcf](8cd0dcf)) * Updating docs to include model inference guidelines ([#4416](#4416)) ([cebbe04](cebbe04)) * Updating FeatureViewProjection and OnDemandFeatureView to add batch_source and entities ([#4530](#4530)) ([0795496](0795496)) * Upgrade React from 17.0.2 to 18.3.1 in Feast UI ([#4620](#4620)) ([d6f3cb8](d6f3cb8)) ### Performance Improvements * Add init and cleanup of long lived resources ([#4642](#4642)) ([47dc04d](47dc04d)) * Added indexes to sql tables to optimize query execution ([#4538](#4538)) ([9688790](9688790)) * Default to async endpoints, use threadpool for sync ([#4647](#4647)) ([c1f1912](c1f1912)) * Implement dynamo write_batch_async ([#4675](#4675)) ([ba4404c](ba4404c)) * Make /push async ([#4650](#4650)) ([61abf89](61abf89)) * Parallelize read calls by table and batch ([#4619](#4619)) ([043eff1](043eff1)) ### BREAKING CHANGES * Consuming apps that use @elastic/eui should update it to a compatible version. If you use @elastic/eui components that have been renamed or replaced with others, you'll need to update your code accordingly. Signed-off-by: Harri Lehtola <[email protected]> * chore: Update Node version from 17 to 20 in UI unit tests Node 17 is not an LTS (long-term support) version and apparently rejected by the latest versions of Elastic UI: > error @elastic/[email protected]: The engine "node" is incompatible with > this module. Expected version "16.x || 18.x || >=20.x". Got "17.9.1" Let's try with the latest LTS version. Signed-off-by: Harri Lehtola <[email protected]>
# [0.41.0](v0.40.0...v0.41.0) (2024-10-26) * chore!: Update @elastic/eui and @emotion/react in Feast UI ([#4597](#4597)) ([b9ddbf9](b9ddbf9)) ### Bug Fixes * Add --chdir to test_workflow.py ([#4453](#4453)) ([6b2f026](6b2f026)) * Add feast-operator files to semantic-release script ([#4382](#4382)) ([8eceff2](8eceff2)) * Add feast-operator Makefile to semantic-release script ([#4424](#4424)) ([d18d01d](d18d01d)) * Added Offline Store Arrow client errors handler ([#4524](#4524)) ([7535b40](7535b40)) * Added Online Store REST client errors handler ([#4488](#4488)) ([2118719](2118719)) * Added Permission API docs ([#4485](#4485)) ([2bd03fa](2bd03fa)) * Added support for multiple name patterns to Permissions ([#4633](#4633)) ([f05e928](f05e928)) * Adding protobuf<5 as a required dependency due to snowflake limitations ([#4537](#4537)) ([cecca83](cecca83)) * Avoid the python 3.9+ threadpool cleanup bug ([#4627](#4627)) ([ba05893](ba05893)) * Bigquery dataset create table disposition ([#4649](#4649)) ([58e03d1](58e03d1)) * Changes template file path to relative path ([#4624](#4624)) ([3e313b1](3e313b1)) * Check for snowflake functions when setting up materialization engine ([#4456](#4456)) ([c365b4e](c365b4e)) * Correctly handle list values in _python_value_to_proto_value ([#4608](#4608)) ([c0a1026](c0a1026)) * Default to pandas mode if not specified in ODFV proto in database ([#4420](#4420)) ([d235832](d235832)) * Deleting data from feast_metadata when we delete project ([#4550](#4550)) ([351a2d0](351a2d0)) * Disable active_timer When registry_ttl_sec is 0 ([#4499](#4499)) ([c94f32f](c94f32f)) * Escape special characters in the Postgres password ([#4394](#4394)) ([419ca5e](419ca5e)) * FeastExtrasDependencyImportError when using SparkOfflineStore without S3 ([#4594](#4594)) ([1ba94f7](1ba94f7)) * Fix Feast project name test ([#4685](#4685)) ([9f41fd6](9f41fd6)) * Fix for SQL registry initialization fails [#4543](#4543) ([#4544](#4544)) ([4e2eacc](4e2eacc)) * Fix gitignore issue ([#4674](#4674)) ([2807dfa](2807dfa)) * Fix online pg import ([#4581](#4581)) ([1f17caa](1f17caa)) * Fix the mypy type check issue. ([#4498](#4498)) ([7ecc615](7ecc615)) * Fix vector store config ([#4583](#4583)) ([11c00d4](11c00d4)) * Fixes validator field access for 'project_id' in BigQuery offline Store ([#4509](#4509)) ([9a0398e](9a0398e)) * Fixing failure of protos during ODFV transformations for missing entities ([#4667](#4667)) ([41aaeeb](41aaeeb)) * Fixing the master branch build failure. ([#4563](#4563)) ([0192b2e](0192b2e)) * Hao xu request source timestamp_field ([#4495](#4495)) ([96344b2](96344b2)) * Ignore the type check as both functions calls are not belonging to Feast code. ([#4500](#4500)) ([867f532](867f532)) * Import grpc only for type checking in errors.py ([#4533](#4533)) ([f308572](f308572)) * Initial commit targetting grpc registry server ([#4458](#4458)) ([484240c](484240c)), closes [#4465](#4465) * Links to the RBAC documentation under Concepts and Components ([#4430](#4430)) ([0a48f7b](0a48f7b)) * Locate feature_store.yaml from __file__ ([#4443](#4443)) ([20290ce](20290ce)) * Logger settings for feature servers and updated logger for permission flow ([#4531](#4531)) ([50b8f23](50b8f23)) * Move tslib from devDependencies to dependencies in Feast UI ([#4525](#4525)) ([c5a4d90](c5a4d90)) * Null value compatibility for unit timestamp list value type ([#4378](#4378)) ([8f264b6](8f264b6)) * Patch FAISS online return signature ([#4671](#4671)) ([0d45e95](0d45e95)) * Quickstart documentation changes ([#4618](#4618)) ([7ac0908](7ac0908)) * Refactor auth_client_manager_factory.py in function get_auth_client_m… ([#4505](#4505)) ([def8633](def8633)) * Remote apply using offline store ([#4559](#4559)) ([ac62a32](ac62a32)) * Remove Feast UI TypeScript dependencies from `peerDependencies` and `dependencies` ([#4554](#4554)) ([e781e16](e781e16)) * Remove unnecessary peer dependencies from Feast UI ([#4577](#4577)) ([9ac7f4e](9ac7f4e)) * Removed protobuf as a required dependency ([#4535](#4535)) ([0fb76e9](0fb76e9)) * Removed the k8s dependency from required dependencies ([#4519](#4519)) ([3073ea5](3073ea5)) * Removed usage of pull_request_target as much as possible to prevent security concerns ([#4549](#4549)) ([3198371](3198371)) * Replaced ClusterRoles with local RoleBindings ([#4625](#4625)) ([ca9fb9b](ca9fb9b)) * Retire pytz library ([#4406](#4406)) ([23c6c86](23c6c86)) * Typos related to k8s ([#4442](#4442)) ([dda0088](dda0088)) * Update java testcontainers to use Compose V2 ([#4381](#4381)) ([9a33fce](9a33fce)) * Update min versions for pyarrow and protobuf ([#4646](#4646)) ([c7ddd4b](c7ddd4b)) * Update react-router-dom to 6.3.0 and restrict its version in Feast UI ([#4556](#4556)) ([4293608](4293608)), closes [#3794](#3794) [/github.com/remix-run/react-router/blob/main/CHANGELOG.md#v630](https://github.com//github.com/remix-run/react-router/blob/main/CHANGELOG.md/issues/v630) * Update the base image for feature-server. ([#4576](#4576)) ([0390d8a](0390d8a)) * Update the base image of materilization engine. ([#4580](#4580)) ([f8592d8](f8592d8)) * Updated README link ([#4669](#4669)) ([35fbdc9](35fbdc9)) * Updating the documentation and adding tests for project length ([#4628](#4628)) ([945b0fa](945b0fa)) * Using get_type_hints instead of inspect signature for udf return annotation ([#4391](#4391)) ([3a32e8a](3a32e8a)) * Using repo_config parameter in teardown to allow for feature-store-yaml overrides ([#4413](#4413)) ([0baeeb5](0baeeb5)) * Validating permission to update an existing request on both the new and the old instance ([#4449](#4449)) ([635a01b](635a01b)) ### Features * Add boto3 session based auth for dynamodb online store for cross account access ([#4606](#4606)) ([00eaf74](00eaf74)) * Add cli list/describe for SavedDatasets, StreamFeatureViews, & … ([#4487](#4487)) ([7b250e5](7b250e5)) * Add connection_name field to Snowflake config ([#4600](#4600)) ([10ce2aa](10ce2aa)) * Add health check service to registry server ([#4421](#4421)) ([46655f0](46655f0)) * Add more __repr__ methods ([#4676](#4676)) ([e726c09](e726c09)) * Add registry methods for dealing with all FV types ([#4435](#4435)) ([ac381b2](ac381b2)) * Added Project object to Feast Objects ([#4475](#4475)) ([4a6b663](4a6b663)) * Added support for reading from Reader Endpoints for AWS Aurora use cases ([#4494](#4494)) ([d793c77](d793c77)) * Adding documentation for On Demand Feature Transformations with writes ([#4607](#4607)) ([8e0c1b5](8e0c1b5)) * Adding mode='python' for get_historical_features on ODFVs ([#4653](#4653)) ([c40d539](c40d539)) * Adding registry cache support for get_on_demand_feature_view ([#4572](#4572)) ([354c059](354c059)) * Adding SSL support for online server ([#4677](#4677)) ([80a5b3c](80a5b3c)) * Adding write capability to online store to on demand feature views ([#4585](#4585)) ([ef9e0bb](ef9e0bb)), closes [#4603](#4603) * Allow feast snowflake to read in byte string for private-key authentication ([#4384](#4384)) ([5215a21](5215a21)) * An action to test operator at PR time ([#4635](#4635)) ([14c1000](14c1000)) * Create ADOPTERS.md ([#4410](#4410)) ([721ec74](721ec74)) * Create initial structure of Feast Go Operator ([#4596](#4596)) ([b5ab6c7](b5ab6c7)) * Faiss and In memory store ([#4464](#4464)) ([a1ff129](a1ff129)) * Feast Security Model (aka RBAC) ([#4380](#4380)) ([1771f66](1771f66)), closes [#36](#36) * Instrument Feast using Prometheus and OpenTelemetry ([#4366](#4366)) ([a571e08](a571e08)) * Intra server to server communication ([#4433](#4433)) ([729c874](729c874)) * Publish TypeScript types in Feast UI package ([#4551](#4551)) ([334e5d7](334e5d7)) * Refactoring code to get oidc end points from discovery URL. ([#4429](#4429)) ([896360a](896360a)) * Return entity key in the retrieval document api ([#4511](#4511)) ([5f5caf0](5f5caf0)) * Update roadmap.md ([#4445](#4445)) ([34238d2](34238d2)) * Update sqlite-vec package ([#4389](#4389)) ([b734cb1](b734cb1)) * Updated Feast model Inference Architecture ([#4570](#4570)) ([8cd0dcf](8cd0dcf)) * Updating docs to include model inference guidelines ([#4416](#4416)) ([cebbe04](cebbe04)) * Updating FeatureViewProjection and OnDemandFeatureView to add batch_source and entities ([#4530](#4530)) ([0795496](0795496)) * Upgrade React from 17.0.2 to 18.3.1 in Feast UI ([#4620](#4620)) ([d6f3cb8](d6f3cb8)) ### Performance Improvements * Add init and cleanup of long lived resources ([#4642](#4642)) ([47dc04d](47dc04d)) * Added indexes to sql tables to optimize query execution ([#4538](#4538)) ([9688790](9688790)) * Default to async endpoints, use threadpool for sync ([#4647](#4647)) ([c1f1912](c1f1912)) * Implement dynamo write_batch_async ([#4675](#4675)) ([ba4404c](ba4404c)) * Make /push async ([#4650](#4650)) ([61abf89](61abf89)) * Parallelize read calls by table and batch ([#4619](#4619)) ([043eff1](043eff1)) ### BREAKING CHANGES * Consuming apps that use @elastic/eui should update it to a compatible version. If you use @elastic/eui components that have been renamed or replaced with others, you'll need to update your code accordingly. Signed-off-by: Harri Lehtola <[email protected]> * chore: Update Node version from 17 to 20 in UI unit tests Node 17 is not an LTS (long-term support) version and apparently rejected by the latest versions of Elastic UI: > error @elastic/[email protected]: The engine "node" is incompatible with > this module. Expected version "16.x || 18.x || >=20.x". Got "17.9.1" Let's try with the latest LTS version. Signed-off-by: Harri Lehtola <[email protected]>
# [0.41.0](feast-dev/feast@v0.40.0...v0.41.0) (2024-10-26) * chore!: Update @elastic/eui and @emotion/react in Feast UI ([feast-dev#4597](feast-dev#4597)) ([b9ddbf9](feast-dev@b9ddbf9)) ### Bug Fixes * Add --chdir to test_workflow.py ([feast-dev#4453](feast-dev#4453)) ([6b2f026](feast-dev@6b2f026)) * Add feast-operator files to semantic-release script ([feast-dev#4382](feast-dev#4382)) ([8eceff2](feast-dev@8eceff2)) * Add feast-operator Makefile to semantic-release script ([feast-dev#4424](feast-dev#4424)) ([d18d01d](feast-dev@d18d01d)) * Added Offline Store Arrow client errors handler ([feast-dev#4524](feast-dev#4524)) ([7535b40](feast-dev@7535b40)) * Added Online Store REST client errors handler ([feast-dev#4488](feast-dev#4488)) ([2118719](feast-dev@2118719)) * Added Permission API docs ([feast-dev#4485](feast-dev#4485)) ([2bd03fa](feast-dev@2bd03fa)) * Added support for multiple name patterns to Permissions ([feast-dev#4633](feast-dev#4633)) ([f05e928](feast-dev@f05e928)) * Adding protobuf<5 as a required dependency due to snowflake limitations ([feast-dev#4537](feast-dev#4537)) ([cecca83](feast-dev@cecca83)) * Avoid the python 3.9+ threadpool cleanup bug ([feast-dev#4627](feast-dev#4627)) ([ba05893](feast-dev@ba05893)) * Bigquery dataset create table disposition ([feast-dev#4649](feast-dev#4649)) ([58e03d1](feast-dev@58e03d1)) * Changes template file path to relative path ([feast-dev#4624](feast-dev#4624)) ([3e313b1](feast-dev@3e313b1)) * Check for snowflake functions when setting up materialization engine ([feast-dev#4456](feast-dev#4456)) ([c365b4e](feast-dev@c365b4e)) * Correctly handle list values in _python_value_to_proto_value ([feast-dev#4608](feast-dev#4608)) ([c0a1026](feast-dev@c0a1026)) * Default to pandas mode if not specified in ODFV proto in database ([feast-dev#4420](feast-dev#4420)) ([d235832](feast-dev@d235832)) * Deleting data from feast_metadata when we delete project ([feast-dev#4550](feast-dev#4550)) ([351a2d0](feast-dev@351a2d0)) * Disable active_timer When registry_ttl_sec is 0 ([feast-dev#4499](feast-dev#4499)) ([c94f32f](feast-dev@c94f32f)) * Escape special characters in the Postgres password ([feast-dev#4394](feast-dev#4394)) ([419ca5e](feast-dev@419ca5e)) * FeastExtrasDependencyImportError when using SparkOfflineStore without S3 ([feast-dev#4594](feast-dev#4594)) ([1ba94f7](feast-dev@1ba94f7)) * Fix Feast project name test ([feast-dev#4685](feast-dev#4685)) ([9f41fd6](feast-dev@9f41fd6)) * Fix for SQL registry initialization fails [feast-dev#4543](feast-dev#4543) ([feast-dev#4544](feast-dev#4544)) ([4e2eacc](feast-dev@4e2eacc)) * Fix gitignore issue ([feast-dev#4674](feast-dev#4674)) ([2807dfa](feast-dev@2807dfa)) * Fix online pg import ([feast-dev#4581](feast-dev#4581)) ([1f17caa](feast-dev@1f17caa)) * Fix the mypy type check issue. ([feast-dev#4498](feast-dev#4498)) ([7ecc615](feast-dev@7ecc615)) * Fix vector store config ([feast-dev#4583](feast-dev#4583)) ([11c00d4](feast-dev@11c00d4)) * Fixes validator field access for 'project_id' in BigQuery offline Store ([feast-dev#4509](feast-dev#4509)) ([9a0398e](feast-dev@9a0398e)) * Fixing failure of protos during ODFV transformations for missing entities ([feast-dev#4667](feast-dev#4667)) ([41aaeeb](feast-dev@41aaeeb)) * Fixing the master branch build failure. ([feast-dev#4563](feast-dev#4563)) ([0192b2e](feast-dev@0192b2e)) * Hao xu request source timestamp_field ([feast-dev#4495](feast-dev#4495)) ([96344b2](feast-dev@96344b2)) * Ignore the type check as both functions calls are not belonging to Feast code. ([feast-dev#4500](feast-dev#4500)) ([867f532](feast-dev@867f532)) * Import grpc only for type checking in errors.py ([feast-dev#4533](feast-dev#4533)) ([f308572](feast-dev@f308572)) * Initial commit targetting grpc registry server ([feast-dev#4458](feast-dev#4458)) ([484240c](feast-dev@484240c)), closes [feast-dev#4465](feast-dev#4465) * Links to the RBAC documentation under Concepts and Components ([feast-dev#4430](feast-dev#4430)) ([0a48f7b](feast-dev@0a48f7b)) * Locate feature_store.yaml from __file__ ([feast-dev#4443](feast-dev#4443)) ([20290ce](feast-dev@20290ce)) * Logger settings for feature servers and updated logger for permission flow ([feast-dev#4531](feast-dev#4531)) ([50b8f23](feast-dev@50b8f23)) * Move tslib from devDependencies to dependencies in Feast UI ([feast-dev#4525](feast-dev#4525)) ([c5a4d90](feast-dev@c5a4d90)) * Null value compatibility for unit timestamp list value type ([feast-dev#4378](feast-dev#4378)) ([8f264b6](feast-dev@8f264b6)) * Patch FAISS online return signature ([feast-dev#4671](feast-dev#4671)) ([0d45e95](feast-dev@0d45e95)) * Quickstart documentation changes ([feast-dev#4618](feast-dev#4618)) ([7ac0908](feast-dev@7ac0908)) * Refactor auth_client_manager_factory.py in function get_auth_client_m… ([feast-dev#4505](feast-dev#4505)) ([def8633](feast-dev@def8633)) * Remote apply using offline store ([feast-dev#4559](feast-dev#4559)) ([ac62a32](feast-dev@ac62a32)) * Remove Feast UI TypeScript dependencies from `peerDependencies` and `dependencies` ([feast-dev#4554](feast-dev#4554)) ([e781e16](feast-dev@e781e16)) * Remove unnecessary peer dependencies from Feast UI ([feast-dev#4577](feast-dev#4577)) ([9ac7f4e](feast-dev@9ac7f4e)) * Removed protobuf as a required dependency ([feast-dev#4535](feast-dev#4535)) ([0fb76e9](feast-dev@0fb76e9)) * Removed the k8s dependency from required dependencies ([feast-dev#4519](feast-dev#4519)) ([3073ea5](feast-dev@3073ea5)) * Removed usage of pull_request_target as much as possible to prevent security concerns ([feast-dev#4549](feast-dev#4549)) ([3198371](feast-dev@3198371)) * Replaced ClusterRoles with local RoleBindings ([feast-dev#4625](feast-dev#4625)) ([ca9fb9b](feast-dev@ca9fb9b)) * Retire pytz library ([feast-dev#4406](feast-dev#4406)) ([23c6c86](feast-dev@23c6c86)) * Typos related to k8s ([feast-dev#4442](feast-dev#4442)) ([dda0088](feast-dev@dda0088)) * Update java testcontainers to use Compose V2 ([feast-dev#4381](feast-dev#4381)) ([9a33fce](feast-dev@9a33fce)) * Update min versions for pyarrow and protobuf ([feast-dev#4646](feast-dev#4646)) ([c7ddd4b](feast-dev@c7ddd4b)) * Update react-router-dom to 6.3.0 and restrict its version in Feast UI ([feast-dev#4556](feast-dev#4556)) ([4293608](feast-dev@4293608)), closes [feast-dev#3794](feast-dev#3794) [/github.com/remix-run/react-router/blob/main/CHANGELOG.md#v630](https://github.com//github.com/remix-run/react-router/blob/main/CHANGELOG.md/issues/v630) * Update the base image for feature-server. ([feast-dev#4576](feast-dev#4576)) ([0390d8a](feast-dev@0390d8a)) * Update the base image of materilization engine. ([feast-dev#4580](feast-dev#4580)) ([f8592d8](feast-dev@f8592d8)) * Updated README link ([feast-dev#4669](feast-dev#4669)) ([35fbdc9](feast-dev@35fbdc9)) * Updating the documentation and adding tests for project length ([feast-dev#4628](feast-dev#4628)) ([945b0fa](feast-dev@945b0fa)) * Using get_type_hints instead of inspect signature for udf return annotation ([feast-dev#4391](feast-dev#4391)) ([3a32e8a](feast-dev@3a32e8a)) * Using repo_config parameter in teardown to allow for feature-store-yaml overrides ([feast-dev#4413](feast-dev#4413)) ([0baeeb5](feast-dev@0baeeb5)) * Validating permission to update an existing request on both the new and the old instance ([feast-dev#4449](feast-dev#4449)) ([635a01b](feast-dev@635a01b)) ### Features * Add boto3 session based auth for dynamodb online store for cross account access ([feast-dev#4606](feast-dev#4606)) ([00eaf74](feast-dev@00eaf74)) * Add cli list/describe for SavedDatasets, StreamFeatureViews, & … ([feast-dev#4487](feast-dev#4487)) ([7b250e5](feast-dev@7b250e5)) * Add connection_name field to Snowflake config ([feast-dev#4600](feast-dev#4600)) ([10ce2aa](feast-dev@10ce2aa)) * Add health check service to registry server ([feast-dev#4421](feast-dev#4421)) ([46655f0](feast-dev@46655f0)) * Add more __repr__ methods ([feast-dev#4676](feast-dev#4676)) ([e726c09](feast-dev@e726c09)) * Add registry methods for dealing with all FV types ([feast-dev#4435](feast-dev#4435)) ([ac381b2](feast-dev@ac381b2)) * Added Project object to Feast Objects ([feast-dev#4475](feast-dev#4475)) ([4a6b663](feast-dev@4a6b663)) * Added support for reading from Reader Endpoints for AWS Aurora use cases ([feast-dev#4494](feast-dev#4494)) ([d793c77](feast-dev@d793c77)) * Adding documentation for On Demand Feature Transformations with writes ([feast-dev#4607](feast-dev#4607)) ([8e0c1b5](feast-dev@8e0c1b5)) * Adding mode='python' for get_historical_features on ODFVs ([feast-dev#4653](feast-dev#4653)) ([c40d539](feast-dev@c40d539)) * Adding registry cache support for get_on_demand_feature_view ([feast-dev#4572](feast-dev#4572)) ([354c059](feast-dev@354c059)) * Adding SSL support for online server ([feast-dev#4677](feast-dev#4677)) ([80a5b3c](feast-dev@80a5b3c)) * Adding write capability to online store to on demand feature views ([feast-dev#4585](feast-dev#4585)) ([ef9e0bb](feast-dev@ef9e0bb)), closes [feast-dev#4603](feast-dev#4603) * Allow feast snowflake to read in byte string for private-key authentication ([feast-dev#4384](feast-dev#4384)) ([5215a21](feast-dev@5215a21)) * An action to test operator at PR time ([feast-dev#4635](feast-dev#4635)) ([14c1000](feast-dev@14c1000)) * Create ADOPTERS.md ([feast-dev#4410](feast-dev#4410)) ([721ec74](feast-dev@721ec74)) * Create initial structure of Feast Go Operator ([feast-dev#4596](feast-dev#4596)) ([b5ab6c7](feast-dev@b5ab6c7)) * Faiss and In memory store ([feast-dev#4464](feast-dev#4464)) ([a1ff129](feast-dev@a1ff129)) * Feast Security Model (aka RBAC) ([feast-dev#4380](feast-dev#4380)) ([1771f66](feast-dev@1771f66)), closes [feast-dev#36](feast-dev#36) * Instrument Feast using Prometheus and OpenTelemetry ([feast-dev#4366](feast-dev#4366)) ([a571e08](feast-dev@a571e08)) * Intra server to server communication ([feast-dev#4433](feast-dev#4433)) ([729c874](feast-dev@729c874)) * Publish TypeScript types in Feast UI package ([feast-dev#4551](feast-dev#4551)) ([334e5d7](feast-dev@334e5d7)) * Refactoring code to get oidc end points from discovery URL. ([feast-dev#4429](feast-dev#4429)) ([896360a](feast-dev@896360a)) * Return entity key in the retrieval document api ([feast-dev#4511](feast-dev#4511)) ([5f5caf0](feast-dev@5f5caf0)) * Update roadmap.md ([feast-dev#4445](feast-dev#4445)) ([34238d2](feast-dev@34238d2)) * Update sqlite-vec package ([feast-dev#4389](feast-dev#4389)) ([b734cb1](feast-dev@b734cb1)) * Updated Feast model Inference Architecture ([feast-dev#4570](feast-dev#4570)) ([8cd0dcf](feast-dev@8cd0dcf)) * Updating docs to include model inference guidelines ([feast-dev#4416](feast-dev#4416)) ([cebbe04](feast-dev@cebbe04)) * Updating FeatureViewProjection and OnDemandFeatureView to add batch_source and entities ([feast-dev#4530](feast-dev#4530)) ([0795496](feast-dev@0795496)) * Upgrade React from 17.0.2 to 18.3.1 in Feast UI ([feast-dev#4620](feast-dev#4620)) ([d6f3cb8](feast-dev@d6f3cb8)) ### Performance Improvements * Add init and cleanup of long lived resources ([feast-dev#4642](feast-dev#4642)) ([47dc04d](feast-dev@47dc04d)) * Added indexes to sql tables to optimize query execution ([feast-dev#4538](feast-dev#4538)) ([9688790](feast-dev@9688790)) * Default to async endpoints, use threadpool for sync ([feast-dev#4647](feast-dev#4647)) ([c1f1912](feast-dev@c1f1912)) * Implement dynamo write_batch_async ([feast-dev#4675](feast-dev#4675)) ([ba4404c](feast-dev@ba4404c)) * Make /push async ([feast-dev#4650](feast-dev#4650)) ([61abf89](feast-dev@61abf89)) * Parallelize read calls by table and batch ([feast-dev#4619](feast-dev#4619)) ([043eff1](feast-dev@043eff1)) ### BREAKING CHANGES * Consuming apps that use @elastic/eui should update it to a compatible version. If you use @elastic/eui components that have been renamed or replaced with others, you'll need to update your code accordingly. Signed-off-by: Harri Lehtola <[email protected]> * chore: Update Node version from 17 to 20 in UI unit tests Node 17 is not an LTS (long-term support) version and apparently rejected by the latest versions of Elastic UI: > error @elastic/[email protected]: The engine "node" is incompatible with > this module. Expected version "16.x || 18.x || >=20.x". Got "17.9.1" Let's try with the latest LTS version. Signed-off-by: Harri Lehtola <[email protected]>
# [0.41.0](feast-dev/feast@v0.40.0...v0.41.0) (2024-10-26) * chore!: Update @elastic/eui and @emotion/react in Feast UI ([feast-dev#4597](feast-dev#4597)) ([b9ddbf9](feast-dev@b9ddbf9)) ### Bug Fixes * Add --chdir to test_workflow.py ([feast-dev#4453](feast-dev#4453)) ([6b2f026](feast-dev@6b2f026)) * Add feast-operator files to semantic-release script ([feast-dev#4382](feast-dev#4382)) ([8eceff2](feast-dev@8eceff2)) * Add feast-operator Makefile to semantic-release script ([feast-dev#4424](feast-dev#4424)) ([d18d01d](feast-dev@d18d01d)) * Added Offline Store Arrow client errors handler ([feast-dev#4524](feast-dev#4524)) ([7535b40](feast-dev@7535b40)) * Added Online Store REST client errors handler ([feast-dev#4488](feast-dev#4488)) ([2118719](feast-dev@2118719)) * Added Permission API docs ([feast-dev#4485](feast-dev#4485)) ([2bd03fa](feast-dev@2bd03fa)) * Added support for multiple name patterns to Permissions ([feast-dev#4633](feast-dev#4633)) ([f05e928](feast-dev@f05e928)) * Adding protobuf<5 as a required dependency due to snowflake limitations ([feast-dev#4537](feast-dev#4537)) ([cecca83](feast-dev@cecca83)) * Avoid the python 3.9+ threadpool cleanup bug ([feast-dev#4627](feast-dev#4627)) ([ba05893](feast-dev@ba05893)) * Bigquery dataset create table disposition ([feast-dev#4649](feast-dev#4649)) ([58e03d1](feast-dev@58e03d1)) * Changes template file path to relative path ([feast-dev#4624](feast-dev#4624)) ([3e313b1](feast-dev@3e313b1)) * Check for snowflake functions when setting up materialization engine ([feast-dev#4456](feast-dev#4456)) ([c365b4e](feast-dev@c365b4e)) * Correctly handle list values in _python_value_to_proto_value ([feast-dev#4608](feast-dev#4608)) ([c0a1026](feast-dev@c0a1026)) * Default to pandas mode if not specified in ODFV proto in database ([feast-dev#4420](feast-dev#4420)) ([d235832](feast-dev@d235832)) * Deleting data from feast_metadata when we delete project ([feast-dev#4550](feast-dev#4550)) ([351a2d0](feast-dev@351a2d0)) * Disable active_timer When registry_ttl_sec is 0 ([feast-dev#4499](feast-dev#4499)) ([c94f32f](feast-dev@c94f32f)) * Escape special characters in the Postgres password ([feast-dev#4394](feast-dev#4394)) ([419ca5e](feast-dev@419ca5e)) * FeastExtrasDependencyImportError when using SparkOfflineStore without S3 ([feast-dev#4594](feast-dev#4594)) ([1ba94f7](feast-dev@1ba94f7)) * Fix Feast project name test ([feast-dev#4685](feast-dev#4685)) ([9f41fd6](feast-dev@9f41fd6)) * Fix for SQL registry initialization fails [feast-dev#4543](feast-dev#4543) ([feast-dev#4544](feast-dev#4544)) ([4e2eacc](feast-dev@4e2eacc)) * Fix gitignore issue ([feast-dev#4674](feast-dev#4674)) ([2807dfa](feast-dev@2807dfa)) * Fix online pg import ([feast-dev#4581](feast-dev#4581)) ([1f17caa](feast-dev@1f17caa)) * Fix the mypy type check issue. ([feast-dev#4498](feast-dev#4498)) ([7ecc615](feast-dev@7ecc615)) * Fix vector store config ([feast-dev#4583](feast-dev#4583)) ([11c00d4](feast-dev@11c00d4)) * Fixes validator field access for 'project_id' in BigQuery offline Store ([feast-dev#4509](feast-dev#4509)) ([9a0398e](feast-dev@9a0398e)) * Fixing failure of protos during ODFV transformations for missing entities ([feast-dev#4667](feast-dev#4667)) ([41aaeeb](feast-dev@41aaeeb)) * Fixing the master branch build failure. ([feast-dev#4563](feast-dev#4563)) ([0192b2e](feast-dev@0192b2e)) * Hao xu request source timestamp_field ([feast-dev#4495](feast-dev#4495)) ([96344b2](feast-dev@96344b2)) * Ignore the type check as both functions calls are not belonging to Feast code. ([feast-dev#4500](feast-dev#4500)) ([867f532](feast-dev@867f532)) * Import grpc only for type checking in errors.py ([feast-dev#4533](feast-dev#4533)) ([f308572](feast-dev@f308572)) * Initial commit targetting grpc registry server ([feast-dev#4458](feast-dev#4458)) ([484240c](feast-dev@484240c)), closes [feast-dev#4465](feast-dev#4465) * Links to the RBAC documentation under Concepts and Components ([feast-dev#4430](feast-dev#4430)) ([0a48f7b](feast-dev@0a48f7b)) * Locate feature_store.yaml from __file__ ([feast-dev#4443](feast-dev#4443)) ([20290ce](feast-dev@20290ce)) * Logger settings for feature servers and updated logger for permission flow ([feast-dev#4531](feast-dev#4531)) ([50b8f23](feast-dev@50b8f23)) * Move tslib from devDependencies to dependencies in Feast UI ([feast-dev#4525](feast-dev#4525)) ([c5a4d90](feast-dev@c5a4d90)) * Null value compatibility for unit timestamp list value type ([feast-dev#4378](feast-dev#4378)) ([8f264b6](feast-dev@8f264b6)) * Patch FAISS online return signature ([feast-dev#4671](feast-dev#4671)) ([0d45e95](feast-dev@0d45e95)) * Quickstart documentation changes ([feast-dev#4618](feast-dev#4618)) ([7ac0908](feast-dev@7ac0908)) * Refactor auth_client_manager_factory.py in function get_auth_client_m… ([feast-dev#4505](feast-dev#4505)) ([def8633](feast-dev@def8633)) * Remote apply using offline store ([feast-dev#4559](feast-dev#4559)) ([ac62a32](feast-dev@ac62a32)) * Remove Feast UI TypeScript dependencies from `peerDependencies` and `dependencies` ([feast-dev#4554](feast-dev#4554)) ([e781e16](feast-dev@e781e16)) * Remove unnecessary peer dependencies from Feast UI ([feast-dev#4577](feast-dev#4577)) ([9ac7f4e](feast-dev@9ac7f4e)) * Removed protobuf as a required dependency ([feast-dev#4535](feast-dev#4535)) ([0fb76e9](feast-dev@0fb76e9)) * Removed the k8s dependency from required dependencies ([feast-dev#4519](feast-dev#4519)) ([3073ea5](feast-dev@3073ea5)) * Removed usage of pull_request_target as much as possible to prevent security concerns ([feast-dev#4549](feast-dev#4549)) ([3198371](feast-dev@3198371)) * Replaced ClusterRoles with local RoleBindings ([feast-dev#4625](feast-dev#4625)) ([ca9fb9b](feast-dev@ca9fb9b)) * Retire pytz library ([feast-dev#4406](feast-dev#4406)) ([23c6c86](feast-dev@23c6c86)) * Typos related to k8s ([feast-dev#4442](feast-dev#4442)) ([dda0088](feast-dev@dda0088)) * Update java testcontainers to use Compose V2 ([feast-dev#4381](feast-dev#4381)) ([9a33fce](feast-dev@9a33fce)) * Update min versions for pyarrow and protobuf ([feast-dev#4646](feast-dev#4646)) ([c7ddd4b](feast-dev@c7ddd4b)) * Update react-router-dom to 6.3.0 and restrict its version in Feast UI ([feast-dev#4556](feast-dev#4556)) ([4293608](feast-dev@4293608)), closes [feast-dev#3794](feast-dev#3794) [/github.com/remix-run/react-router/blob/main/CHANGELOG.md#v630](https://github.com//github.com/remix-run/react-router/blob/main/CHANGELOG.md/issues/v630) * Update the base image for feature-server. ([feast-dev#4576](feast-dev#4576)) ([0390d8a](feast-dev@0390d8a)) * Update the base image of materilization engine. ([feast-dev#4580](feast-dev#4580)) ([f8592d8](feast-dev@f8592d8)) * Updated README link ([feast-dev#4669](feast-dev#4669)) ([35fbdc9](feast-dev@35fbdc9)) * Updating the documentation and adding tests for project length ([feast-dev#4628](feast-dev#4628)) ([945b0fa](feast-dev@945b0fa)) * Using get_type_hints instead of inspect signature for udf return annotation ([feast-dev#4391](feast-dev#4391)) ([3a32e8a](feast-dev@3a32e8a)) * Using repo_config parameter in teardown to allow for feature-store-yaml overrides ([feast-dev#4413](feast-dev#4413)) ([0baeeb5](feast-dev@0baeeb5)) * Validating permission to update an existing request on both the new and the old instance ([feast-dev#4449](feast-dev#4449)) ([635a01b](feast-dev@635a01b)) ### Features * Add boto3 session based auth for dynamodb online store for cross account access ([feast-dev#4606](feast-dev#4606)) ([00eaf74](feast-dev@00eaf74)) * Add cli list/describe for SavedDatasets, StreamFeatureViews, & … ([feast-dev#4487](feast-dev#4487)) ([7b250e5](feast-dev@7b250e5)) * Add connection_name field to Snowflake config ([feast-dev#4600](feast-dev#4600)) ([10ce2aa](feast-dev@10ce2aa)) * Add health check service to registry server ([feast-dev#4421](feast-dev#4421)) ([46655f0](feast-dev@46655f0)) * Add more __repr__ methods ([feast-dev#4676](feast-dev#4676)) ([e726c09](feast-dev@e726c09)) * Add registry methods for dealing with all FV types ([feast-dev#4435](feast-dev#4435)) ([ac381b2](feast-dev@ac381b2)) * Added Project object to Feast Objects ([feast-dev#4475](feast-dev#4475)) ([4a6b663](feast-dev@4a6b663)) * Added support for reading from Reader Endpoints for AWS Aurora use cases ([feast-dev#4494](feast-dev#4494)) ([d793c77](feast-dev@d793c77)) * Adding documentation for On Demand Feature Transformations with writes ([feast-dev#4607](feast-dev#4607)) ([8e0c1b5](feast-dev@8e0c1b5)) * Adding mode='python' for get_historical_features on ODFVs ([feast-dev#4653](feast-dev#4653)) ([c40d539](feast-dev@c40d539)) * Adding registry cache support for get_on_demand_feature_view ([feast-dev#4572](feast-dev#4572)) ([354c059](feast-dev@354c059)) * Adding SSL support for online server ([feast-dev#4677](feast-dev#4677)) ([80a5b3c](feast-dev@80a5b3c)) * Adding write capability to online store to on demand feature views ([feast-dev#4585](feast-dev#4585)) ([ef9e0bb](feast-dev@ef9e0bb)), closes [feast-dev#4603](feast-dev#4603) * Allow feast snowflake to read in byte string for private-key authentication ([feast-dev#4384](feast-dev#4384)) ([5215a21](feast-dev@5215a21)) * An action to test operator at PR time ([feast-dev#4635](feast-dev#4635)) ([14c1000](feast-dev@14c1000)) * Create ADOPTERS.md ([feast-dev#4410](feast-dev#4410)) ([721ec74](feast-dev@721ec74)) * Create initial structure of Feast Go Operator ([feast-dev#4596](feast-dev#4596)) ([b5ab6c7](feast-dev@b5ab6c7)) * Faiss and In memory store ([feast-dev#4464](feast-dev#4464)) ([a1ff129](feast-dev@a1ff129)) * Feast Security Model (aka RBAC) ([feast-dev#4380](feast-dev#4380)) ([1771f66](feast-dev@1771f66)), closes [feast-dev#36](feast-dev#36) * Instrument Feast using Prometheus and OpenTelemetry ([feast-dev#4366](feast-dev#4366)) ([a571e08](feast-dev@a571e08)) * Intra server to server communication ([feast-dev#4433](feast-dev#4433)) ([729c874](feast-dev@729c874)) * Publish TypeScript types in Feast UI package ([feast-dev#4551](feast-dev#4551)) ([334e5d7](feast-dev@334e5d7)) * Refactoring code to get oidc end points from discovery URL. ([feast-dev#4429](feast-dev#4429)) ([896360a](feast-dev@896360a)) * Return entity key in the retrieval document api ([feast-dev#4511](feast-dev#4511)) ([5f5caf0](feast-dev@5f5caf0)) * Update roadmap.md ([feast-dev#4445](feast-dev#4445)) ([34238d2](feast-dev@34238d2)) * Update sqlite-vec package ([feast-dev#4389](feast-dev#4389)) ([b734cb1](feast-dev@b734cb1)) * Updated Feast model Inference Architecture ([feast-dev#4570](feast-dev#4570)) ([8cd0dcf](feast-dev@8cd0dcf)) * Updating docs to include model inference guidelines ([feast-dev#4416](feast-dev#4416)) ([cebbe04](feast-dev@cebbe04)) * Updating FeatureViewProjection and OnDemandFeatureView to add batch_source and entities ([feast-dev#4530](feast-dev#4530)) ([0795496](feast-dev@0795496)) * Upgrade React from 17.0.2 to 18.3.1 in Feast UI ([feast-dev#4620](feast-dev#4620)) ([d6f3cb8](feast-dev@d6f3cb8)) ### Performance Improvements * Add init and cleanup of long lived resources ([feast-dev#4642](feast-dev#4642)) ([47dc04d](feast-dev@47dc04d)) * Added indexes to sql tables to optimize query execution ([feast-dev#4538](feast-dev#4538)) ([9688790](feast-dev@9688790)) * Default to async endpoints, use threadpool for sync ([feast-dev#4647](feast-dev#4647)) ([c1f1912](feast-dev@c1f1912)) * Implement dynamo write_batch_async ([feast-dev#4675](feast-dev#4675)) ([ba4404c](feast-dev@ba4404c)) * Make /push async ([feast-dev#4650](feast-dev#4650)) ([61abf89](feast-dev@61abf89)) * Parallelize read calls by table and batch ([feast-dev#4619](feast-dev#4619)) ([043eff1](feast-dev@043eff1)) ### BREAKING CHANGES * Consuming apps that use @elastic/eui should update it to a compatible version. If you use @elastic/eui components that have been renamed or replaced with others, you'll need to update your code accordingly. Signed-off-by: Harri Lehtola <[email protected]> * chore: Update Node version from 17 to 20 in UI unit tests Node 17 is not an LTS (long-term support) version and apparently rejected by the latest versions of Elastic UI: > error @elastic/[email protected]: The engine "node" is incompatible with > this module. Expected version "16.x || 18.x || >=20.x". Got "17.9.1" Let's try with the latest LTS version. Signed-off-by: Harri Lehtola <[email protected]>
What this PR does / why we need it:
This PR proposes a permission model to enable the store administrator to identify which users are allowed to execute operations on each managed resource.
Granular permission enforcement identifies user roles (*) allowed to execute requested operations on
resources matched by type, optional name patterns, and tags:
Such resource partitioning allows teams working on the same set of features to share the same feature store, mitigating the risk of unexpected changes due to unauthorized operations.
The PR also adds support for managing authorization tokens from either OIDC or Kubernetes, in a configurable way.
Permission authorization enforcement is performed when requests are executed through one of the Feast (Python) servers:
REST)
Arrow Flight
)grpc
)To avoid backward incompatibility with existing installations, the default authorization is not enabled (e.g.,
auth
typeis set to
no-auth
) .Feast clients can use the same configuration options to automatically retrieve the token from the authorization server
and transparently secure all the remote requests. This pattern allows the client to use the authorization infrastructure without affecting the business code.
By design, only the client requests are validated: once the endpoint execution is permitted for the original client request,
all the next service-to-service requests generated by the execution flow are automatically allowed.
Validation is typically implemented within the endpoint functions using an assertion-like style:
The PR also includes:
permission
CLI command with sub-commands to explore and troubleshoot the permissions settingsFully working examples both Kubernetes and OIDC authorization will be in another next PR.
(*) Match by role is the predefined option, but it can be customized to support any other user validation.
Other features coming soon
Which issue(s) this PR fixes:
Fixes #4198