Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update charts #71

Merged
merged 6 commits into from
Jan 14, 2019
Merged

Update charts #71

merged 6 commits into from
Jan 14, 2019

Conversation

mansiib
Copy link
Contributor

@mansiib mansiib commented Jan 14, 2019

This PR addresses the following:

  1. Option to add service account to core deployment (Option to add service account to core deployment. #69)
  2. Create helm package repo (Create helm package repo to host helm charts #70)

@zhilingc
Copy link
Collaborator

/approve

@tims @woop @pradithya are we staying with 0.3.0 as the version?

@feast-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: zhilingc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pradithya
Copy link
Collaborator

/lgtm

@feast-ci-bot feast-ci-bot merged commit 3f97a8e into feast-dev:master Jan 14, 2019
lokeshrangineni pushed a commit to lokeshrangineni/feast that referenced this pull request Aug 9, 2024
* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
dmartinol added a commit to dmartinol/feast that referenced this pull request Aug 14, 2024
* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
tmihalac pushed a commit to tmihalac/feast that referenced this pull request Aug 14, 2024
* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
lokeshrangineni pushed a commit to lokeshrangineni/feast that referenced this pull request Aug 19, 2024
* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
franciscojavierarceo added a commit that referenced this pull request Aug 21, 2024
* initial commit

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linting issues (but 1)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* deleted AuthzedResource and moved types to the Permission class

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* using pytest.mark.parametrize tests

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* moved decorator to decorator module

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* parametrized decision tests

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added matcher and action modules. Added global assert_permissions function

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linting error

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Managing with_subclasses flag and overriding it in case it's an abstract class like DataSource

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission includes a single Policy

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* completed docstrings for permissions package

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed inter issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Changed roles matching rule from "all" to "any"

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* removed test code

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* hiding sensitive data (false positive, anyway)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added filter_only flag to assert_permissions and returning a list of filtered resources instead of PermissionError

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added the option to return the single resource, or None

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* separate validating functions: assert_permission and filtered_resources

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Applied review comments

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Added test
- Fixed missing property to permission
- Changed code following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Added test
- Fixed delete and apply permission

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* replaced aggregated actions with aliases for QUERY and WRITE and ALL

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updated user guide

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updated enum in proto

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed test errors following refactor
- Added test

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Removed redundant property
- Added tags filter option to list_permissions

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added permission assert check for registry server, offline server, online server functions

Signed-off-by: Abdul Hameed <[email protected]>

* Fix linter after rebase

Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added the documents reference for permissions for online, offline, registry server endpoints.

Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments to parse the auth block from the f… (#36)

* Incorporating code review comments to parse the auth block from the feature_store.yaml file.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorporating code review comments - renaming type from k8 to kubernetes.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* definition and integration of auth manager in feast offline and online servers

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* typo

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* duplicated if

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* renamed functions with long name

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* using User class instead of RoleManager (completely removed)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Feed SecurityManager with Registry instance to fetch the actual permissions

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* review comments

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed broken IT

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding registry server (UT to be completed)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* passing auth manager type from config

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* used auth config to set auth manager type

Signed-off-by: Abdul Hameed <[email protected]>

* inject the user details

Signed-off-by: Abdul Hameed <[email protected]>

* created decorator function and applied to arrow function for injecting the user detail:wq

Signed-off-by: Abdul Hameed <[email protected]>

* code review fixes including the unit test and integration test as suggested

Signed-off-by: Abdul Hameed <[email protected]>

* Implementation of oidc client authentication. (#40)

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorporating code review comments.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Added authentication header for client grpc calls

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added auth configuration for arrow flight client

Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Propagating auth config to token parser in server init

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* adding headers and client_secret to token request

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* working E2E test of authenticated registy server

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* renamed test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed broken test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix rebase issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix rebase issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Added missing dependency

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Added missing auth header for calls to remote registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes to enforcer ana security manager permission checking logic

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added check and list-roles subcommands

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* typo

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added comment in cli_utils to remind the original function from which this logic was derived

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Fixing an issue with the way getting markers after changing the fixture scope to module. Now looking up the markers coming from the entire module run.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed bug in GetPermission API

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission CRUD test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added feast-rbac example

Signed-off-by: Abdul Hameed <[email protected]>

* Added support to read the token from enviroment variable to run from local

Signed-off-by: Abdul Hameed <[email protected]>

* Fix the header for arrow fligth

Signed-off-by: Abdul Hameed <[email protected]>

* fix the header issue

Signed-off-by: Abdul Hameed <[email protected]>

* added permissions apply file

Signed-off-by: Abdul Hameed <[email protected]>

* set the user in the grpc server

Signed-off-by: Abdul Hameed <[email protected]>

* added roles and updated permission with all roles

Signed-off-by: Abdul Hameed <[email protected]>

* updated chart to include the service account

Signed-off-by: Abdul Hameed <[email protected]>

* created client example with roles and updated installation/cleanup script

Signed-off-by: Abdul Hameed <[email protected]>

* rebased with master

Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted
- Implemented review comments

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Revert "Fix decision strategy not saved"

Signed-off-by: Abdul Hameed <[email protected]>

* Dropped global decision strategy

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* updated rbac demo example

Signed-off-by: Abdul Hameed <[email protected]>

* Adding permissions directly instead of from the common place for the online read integration tests.
Cleaned up some minor changes to fix the unpredictable issue with the feature server process.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Initial Draft version to the tests with remote offline server with OIDC authentication permissions. Happy path only.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Abstracting the specific code for Offline Permissions by creating new class for PermissionsEnvironment.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Formatting the python files using make format-python.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the extra writer permission to fix the integration test issue with offline server.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Try to fix java integration test - ModuleNotFoundError: No module named 'feast.permissions.server'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix java integration test - ModuleNotFoundError: No module named 'jwt'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix java integration test - ModuleNotFoundError: No module named 'kubernetes'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding missing permissions for offline store test cases - classes FileSource, FeatureService classes. (#64)

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updating the offline integration test permissions.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* updated test.py file for rbac-example

Signed-off-by: Abdul Hameed <[email protected]>

* fix the DeleteFeatureView function to handle stream feature view type

Signed-off-by: Abdul Hameed <[email protected]>

* Updating permissions of the integration test cases to address code review comments and also check if the online_read integration test fixes.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating the code review comments from Francisco on upstream PR.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Small fixes (#71)

* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* commented/removed oidc tests to verify  integration test
commented/removed test_auth_permission.py file

Signed-off-by: Abdul Hameed <[email protected]>

* Enabling the keycloak related integration tests and also initializing the keycloak only once in the entire run.
Reduced the number of works and increased the duration as well.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Making number of workers back to 8 and enabled the test_remote_online_store_read

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Making number of workers to 4.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating the code review comments from Tornike to use @pytest.mark.xdist_group(name="keycloak").

Reverting number of markers from 4 to 8 for the make file target test-python-integration-local.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4. Reverting the marker @pytest.mark.xdist_group(name="keycloak")
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4 for make target test-python-integration-local

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added the arrow flight interceptor to inject the auth header. (#68)

* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* removed with_subclasses option (it's the default and unique behavior)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* a full, minimal, reproducible example of the RBAC feature

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Add missing required_tags to permission object and cli info
- Add missing required_tags to permission object
- added required_tags to cli info

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed the registry apply function assertation

Signed-off-by: Abdul Hameed <[email protected]>

* removed the examples

Signed-off-by: Abdul Hameed <[email protected]>

* Integrated comment

Signed-off-by: Daniele Martinoli <[email protected]>

* removed the firebase depdency and fix the doc conflicts

Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission resources miss the created_timestamp and last_updated_timestamp fields

Signed-off-by: Theodor Mihalache <[email protected]>

* remove error incase if user has no roles assinged incase unthorized user

Signed-off-by: Abdul Hameed <[email protected]>

* renamed READ action to DESCRIBE

Signed-off-by: Daniele Martinoli <[email protected]>

* Specified authorization manager and authorization configuration

Signed-off-by: Daniele Martinoli <[email protected]>

* fix the linter and remove subclass from doc

Signed-off-by: Abdul Hameed <[email protected]>

* addressed the pr reivew comments

Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comment and this file is not needed.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addressed the review comments on the PR

Signed-off-by: Abdul Hameed <[email protected]>

* Reducing the markers from 8 to 4 to see if it fixes the issues with memory.

Signed-off-by: Lokesh Rangineni <[email protected]>

* addresses feedback on rbac doc

Signed-off-by: Abdul Hameed <[email protected]>

* rename action name from QUERY to READ

Signed-off-by: Abdul Hameed <[email protected]>

* fix the doc to replace query with read

Signed-off-by: Abdul Hameed <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Co-authored-by: Theodor Mihalache <[email protected]>
Co-authored-by: Abdul Hameed <[email protected]>
Co-authored-by: lokeshrangineni <[email protected]>
Co-authored-by: Lokesh Rangineni <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
brijesh-vora-sp added a commit to sailpoint/feast that referenced this pull request Aug 27, 2024
* chore: Update language.md (feast-dev#4412)

Update language.md

* feat: Create ADOPTERS.md (feast-dev#4410)

* Create ADOPTERS.md

* Update ADOPTERS.md

* fix: Using repo_config parameter in teardown to allow for feature-store-yaml overrides (feast-dev#4413)

* fix: using repo_config parameter in teardown to allow for feature-store-yaml overrides

Signed-off-by: Dan Baron <[email protected]>

* fix: fixing linting and formatting issues in tests

Signed-off-by: Dan Baron <[email protected]>

* fix: removing unnecessary Path object construction

Signed-off-by: Dan Baron <[email protected]>

---------

Signed-off-by: Dan Baron <[email protected]>

* feat: Updating docs to include model inference guidelines (feast-dev#4416)

Signed-off-by: Francisco Javier Arceo <[email protected]>

* fix: Retire pytz library (feast-dev#4406)

* fix: Remove pytz.

Signed-off-by: Shuchu Han <[email protected]>

* fix: Keep the pytz.UTC part in dask.py

Signed-off-by: Shuchu Han <[email protected]>

---------

Signed-off-by: Shuchu Han <[email protected]>

* Update model-inference.md

* chore: Auto-detect python version in Makefile (feast-dev#4419)

* fix: Default to pandas mode if not specified in ODFV proto in database (feast-dev#4420)

* chore: Update SUMMARY.md (feast-dev#4422)

Update SUMMARY.md

* docs: Updated README template and fixed links to be consistent for HTML (feast-dev#4423)

* chore: fixed README template to be consistent with current README

Signed-off-by: dandawg <[email protected]>

* docs: markdown links consistency with html

Signed-off-by: dandawg <[email protected]>

---------

Signed-off-by: dandawg <[email protected]>

* fix: Add feast-operator Makefile to semantic-release script (feast-dev#4424)

Signed-off-by: Tommy Hughes <[email protected]>

* feat: Add health check service to registry server (feast-dev#4421)

Signed-off-by: Bhargav Dodla <[email protected]>
Co-authored-by: Bhargav Dodla <[email protected]>

* feat: Feast Security Model (aka RBAC) (feast-dev#4380)

* initial commit

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linting issues (but 1)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* deleted AuthzedResource and moved types to the Permission class

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* using pytest.mark.parametrize tests

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* moved decorator to decorator module

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* parametrized decision tests

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added matcher and action modules. Added global assert_permissions function

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linting error

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Managing with_subclasses flag and overriding it in case it's an abstract class like DataSource

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission includes a single Policy

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* completed docstrings for permissions package

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed inter issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Changed roles matching rule from "all" to "any"

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* removed test code

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* hiding sensitive data (false positive, anyway)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added filter_only flag to assert_permissions and returning a list of filtered resources instead of PermissionError

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added the option to return the single resource, or None

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* separate validating functions: assert_permission and filtered_resources

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Applied review comments

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Added test
- Fixed missing property to permission
- Changed code following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixes to code
- Made test case broader

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed incorrectly recognized linter error

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Added test
- Fixed delete and apply permission

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* replaced aggregated actions with aliases for QUERY and WRITE and ALL

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updated user guide

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updated enum in proto

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Fixed test errors following refactor
- Added test

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Store and Manage permissions in the Registry
- Removed redundant property
- Added tags filter option to list_permissions

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added permission assert check for registry server, offline server, online server functions

Signed-off-by: Abdul Hameed <[email protected]>

* Fix linter after rebase

Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added the documents reference for permissions for online, offline, registry server endpoints.

Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments to parse the auth block from the f… (feast-dev#36)

* Incorporating code review comments to parse the auth block from the feature_store.yaml file.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorporating code review comments - renaming type from k8 to kubernetes.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* definition and integration of auth manager in feast offline and online servers

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* typo

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* duplicated if

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* renamed functions with long name

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* using User class instead of RoleManager (completely removed)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Feed SecurityManager with Registry instance to fetch the actual permissions

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* review comments

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed broken IT

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding registry server (UT to be completed)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* passing auth manager type from config

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* used auth config to set auth manager type

Signed-off-by: Abdul Hameed <[email protected]>

* inject the user details

Signed-off-by: Abdul Hameed <[email protected]>

* created decorator function and applied to arrow function for injecting the user detail:wq

Signed-off-by: Abdul Hameed <[email protected]>

* code review fixes including the unit test and integration test as suggested

Signed-off-by: Abdul Hameed <[email protected]>

* Implementation of oidc client authentication. (feast-dev#40)

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding initial draft code to manage the oidc client authentication.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorporating code review comments.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Added authentication header for client grpc calls

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added auth configuration for arrow flight client

Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Made changes following code review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix linter

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Propagating auth config to token parser in server init

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* adding headers and client_secret to token request

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* working E2E test of authenticated registy server

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* renamed test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fixed broken test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix rebase issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix rebase issues

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the auth client documentations and unit testing for auth client code.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comments.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
- Added missing dependency

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Client module-grpc
- Added missing auth header for calls to remote registry

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes to enforcer ana security manager permission checking logic

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fix auth tests with permissions
- Made changes following review

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (feast-dev#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added check and list-roles subcommands

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* typo

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* added comment in cli_utils to remind the original function from which this logic was derived

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Updating the existing integration test with auth permissions configurations.
2) Refactored the common code and moved to the util class and common conftest.py file.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* 1) Fixing an issue with the way getting markers after changing the fixture scope to module. Now looking up the markers coming from the entire module run.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed bug in GetPermission API

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission CRUD test

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added feast-rbac example

Signed-off-by: Abdul Hameed <[email protected]>

* Added support to read the token from enviroment variable to run from local

Signed-off-by: Abdul Hameed <[email protected]>

* Fix the header for arrow fligth

Signed-off-by: Abdul Hameed <[email protected]>

* fix the header issue

Signed-off-by: Abdul Hameed <[email protected]>

* added permissions apply file

Signed-off-by: Abdul Hameed <[email protected]>

* set the user in the grpc server

Signed-off-by: Abdul Hameed <[email protected]>

* added roles and updated permission with all roles

Signed-off-by: Abdul Hameed <[email protected]>

* updated chart to include the service account

Signed-off-by: Abdul Hameed <[email protected]>

* created client example with roles and updated installation/cleanup script

Signed-off-by: Abdul Hameed <[email protected]>

* rebased with master

Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (feast-dev#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed DecisionStrategy not persisted
- Implemented review comments

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Revert "Fix decision strategy not saved"

Signed-off-by: Abdul Hameed <[email protected]>

* Dropped global decision strategy

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* updated rbac demo example

Signed-off-by: Abdul Hameed <[email protected]>

* Adding permissions directly instead of from the common place for the online read integration tests.
Cleaned up some minor changes to fix the unpredictable issue with the feature server process.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Initial Draft version to the tests with remote offline server with OIDC authentication permissions. Happy path only.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Abstracting the specific code for Offline Permissions by creating new class for PermissionsEnvironment.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Formatting the python files using make format-python.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Separated the permissions for online, offline and registry servers. moved the fixtures scope accordingly as we can't reuse the permissions for all the test cases.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Created the grpc client auth header interceptor and removed the manual injection of the header.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* CLI command "feast permissions list"
Added cli command permissions
Added tags parameter to list_validation_references and list_saved_datasets in registry
Added list_validation_references and list_saved_datasets apis to feature_store
Added missing tags parameters to registry_server methods

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py  (feast-dev#54)

* Moved the common fixtures to the root conftest.py or auth_permissions_util.py

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Adding missed dependency and regenerated the requirements files.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addinig missing changes from the original PR.

Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix: java to proto failing
- changed java_outer_classname for Permission.proto and Policy.proto
- removed experimental optional from permission proto

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding the extra writer permission to fix the integration test issue with offline server.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Try to fix java integration test - ModuleNotFoundError: No module named 'feast.permissions.server'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix java integration test - ModuleNotFoundError: No module named 'jwt'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* fix java integration test - ModuleNotFoundError: No module named 'kubernetes'

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Adding missing permissions for offline store test cases - classes FileSource, FeatureService classes. (feast-dev#64)

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Updating the offline integration test permissions.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* updated test.py file for rbac-example

Signed-off-by: Abdul Hameed <[email protected]>

* fix the DeleteFeatureView function to handle stream feature view type

Signed-off-by: Abdul Hameed <[email protected]>

* Updating permissions of the integration test cases to address code review comments and also check if the online_read integration test fixes.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating the code review comments from Francisco on upstream PR.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Update docs/getting-started/concepts/permission.md

Co-authored-by: Francisco Arceo <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Small fixes (feast-dev#71)

* Improved permission denial log

Signed-off-by: Daniele Martinoli <[email protected]>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* commented/removed oidc tests to verify  integration test
commented/removed test_auth_permission.py file

Signed-off-by: Abdul Hameed <[email protected]>

* Enabling the keycloak related integration tests and also initializing the keycloak only once in the entire run.
Reduced the number of works and increased the duration as well.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Making number of workers back to 8 and enabled the test_remote_online_store_read

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Making number of workers to 4.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating the code review comments from Tornike to use @pytest.mark.xdist_group(name="keycloak").

Reverting number of markers from 4 to 8 for the make file target test-python-integration-local.

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4.
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4. Reverting the marker @pytest.mark.xdist_group(name="keycloak")
Signed-off-by: Lokesh Rangineni <[email protected]>

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Reverting number of workers from 8 to 4 for make target test-python-integration-local

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Added the arrow flight interceptor to inject the auth header. (feast-dev#68)

* * Added the arrow flight interceptor to inject the auth header.
* Injecting grpc interceptor if it is needed when auth type is not NO_AUTH.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Fixing the failing integration test cases by setting the header in binary format.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Refactored method and moved to factory class to incorporate code review comment.
Fixed lint error by removing the type of port. and other minor changes.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Incorproating code review comments from Daniel.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* removed with_subclasses option (it's the default and unique behavior)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* a full, minimal, reproducible example of the RBAC feature

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Add missing required_tags to permission object and cli info
- Add missing required_tags to permission object
- added required_tags to cli info

Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Fixed the registry apply function assertation

Signed-off-by: Abdul Hameed <[email protected]>

* removed the examples

Signed-off-by: Abdul Hameed <[email protected]>

* Integrated comment

Signed-off-by: Daniele Martinoli <[email protected]>

* removed the firebase depdency and fix the doc conflicts

Signed-off-by: Abdul Hameed <[email protected]>

* Introducing permission framework and authorization manager in user guide (to be continued after the code is consolidated)

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>

* Permission resources miss the created_timestamp and last_updated_timestamp fields

Signed-off-by: Theodor Mihalache <[email protected]>

* remove error incase if user has no roles assinged incase unthorized user

Signed-off-by: Abdul Hameed <[email protected]>

* renamed READ action to DESCRIBE

Signed-off-by: Daniele Martinoli <[email protected]>

* Specified authorization manager and authorization configuration

Signed-off-by: Daniele Martinoli <[email protected]>

* fix the linter and remove subclass from doc

Signed-off-by: Abdul Hameed <[email protected]>

* addressed the pr reivew comments

Signed-off-by: Abdul Hameed <[email protected]>

* Incorporating code review comment and this file is not needed.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Addressed the review comments on the PR

Signed-off-by: Abdul Hameed <[email protected]>

* Reducing the markers from 8 to 4 to see if it fixes the issues with memory.

Signed-off-by: Lokesh Rangineni <[email protected]>

* addresses feedback on rbac doc

Signed-off-by: Abdul Hameed <[email protected]>

* rename action name from QUERY to READ

Signed-off-by: Abdul Hameed <[email protected]>

* fix the doc to replace query with read

Signed-off-by: Abdul Hameed <[email protected]>

---------

Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Co-authored-by: Theodor Mihalache <[email protected]>
Co-authored-by: Abdul Hameed <[email protected]>
Co-authored-by: lokeshrangineni <[email protected]>
Co-authored-by: Lokesh Rangineni <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>

* chore: Fix rbac url.

* fix: Links to the RBAC documentation under Concepts and Components (feast-dev#4430)

* fix the rbac docs links

Signed-off-by: Abdul Hameed <[email protected]>

* fix: links to the RBAC documentation under Concepts and Components sections

Signed-off-by: Abdul Hameed <[email protected]>

---------

Signed-off-by: Abdul Hameed <[email protected]>

* docs: Reorganize registry docs (feast-dev#4407)

* reorganize registry docs

Signed-off-by: tokoko <[email protected]>

* remove commented out text

Signed-off-by: tokoko <[email protected]>

* changes in registry.md

Signed-off-by: tokoko <[email protected]>

---------

Signed-off-by: tokoko <[email protected]>
Co-authored-by: tokoko <[email protected]>

* chore: Update Slack link

* build: Set a proper build-system protobuf version (feast-dev#4438)

build: force the protobuf version in the build system so that it is compatible with the runtime dependency

Signed-off-by: Yang, Bo <[email protected]>

* Update README.md

* fix: Typos related to k8s (feast-dev#4442)

fix typos

Signed-off-by: Brijesh Vora <[email protected]>

* feat: Refactoring code to get oidc end points from discovery URL. (feast-dev#4429)

* refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config.

Signed-off-by: Lokesh Rangineni <[email protected]>

* refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config.

Signed-off-by: Lokesh Rangineni <[email protected]>

* refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config.

Signed-off-by: Lokesh Rangineni <[email protected]>

* refactoring the permissions side server side code to get the OIDC end points from the discovery URL. Also removing the auth_server_url config from oidc auth config.

Signed-off-by: Lokesh Rangineni <[email protected]>

* Fixing the issue with pre-commit hook template. Accidentally this was reverted in previous rebase and reverting it now.

Signed-off-by: Lokesh Rangineni <[email protected]>

---------

Signed-off-by: Lokesh Rangineni <[email protected]>

* chore: Mark tests using keycloak with xdist_group (feast-dev#4436)

* mark keycloak tests with xdist_group

Signed-off-by: tokoko <[email protected]>

* apply changes to test-python-integration

Signed-off-by: tokoko <[email protected]>

---------

Signed-off-by: tokoko <[email protected]>
Co-authored-by: tokoko <[email protected]>

* fix: Locate feature_store.yaml from __file__ (feast-dev#4443)

fix: locate feature_store.yaml from __file__

Signed-off-by: Yang, Bo <[email protected]>

* feat: Update roadmap.md (feast-dev#4445)

* chore: Remove Rockset from feast (feast-dev#4434)

---------

Signed-off-by: Dan Baron <[email protected]>
Signed-off-by: Francisco Javier Arceo <[email protected]>
Signed-off-by: Shuchu Han <[email protected]>
Signed-off-by: dandawg <[email protected]>
Signed-off-by: Tommy Hughes <[email protected]>
Signed-off-by: Bhargav Dodla <[email protected]>
Signed-off-by: Daniele Martinoli <[email protected]>
Signed-off-by: Abdul Hameed <[email protected]>
Signed-off-by: Theodor Mihalache <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: Lokesh Rangineni <[email protected]>
Signed-off-by: tokoko <[email protected]>
Signed-off-by: Yang, Bo <[email protected]>
Signed-off-by: Brijesh Vora <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
Co-authored-by: Dan Baron <[email protected]>
Co-authored-by: Shuchu Han <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
Co-authored-by: Tornike Gurgenidze <[email protected]>
Co-authored-by: [email protected] <[email protected]>
Co-authored-by: Daniel Dowler <[email protected]>
Co-authored-by: Tommy Hughes IV <[email protected]>
Co-authored-by: Bhargav Dodla <[email protected]>
Co-authored-by: Daniele Martinoli <[email protected]>
Co-authored-by: Theodor Mihalache <[email protected]>
Co-authored-by: Abdul Hameed <[email protected]>
Co-authored-by: lokeshrangineni <[email protected]>
Co-authored-by: Lokesh Rangineni <[email protected]>
Co-authored-by: tokoko <[email protected]>
Co-authored-by: Yang, Bo <[email protected]>
Co-authored-by: Yang, Bo <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants