rename action name from QUERY to READ

docs/getting-started/architecture/rbac.md

@@ -34,7 +34,7 @@ Feast operates as a collection of connected services, each enforcing authorizati
 The RBAC system in Feast uses a permission model that defines the following concepts:
 
 - **Resource**: An object within Feast that needs to be secured against unauthorized access.
-- **Action**: A logical operation performed on a resource, such as Create, Describe, Update, Delete, query, or write operations.
+- **Action**: A logical operation performed on a resource, such as Create, Describe, Update, Delete, Read, or write operations.
 - **Policy**: A set of rules that enforce authorization decisions on resources. The default implementation uses role-based policies.
 
 

docs/getting-started/concepts/permission.md

@@ -23,9 +23,9 @@ The permission model is based on the following components:
   - `describe`: Access the instance state.
   - `update`: Update the instance state.
   - `delete`: Delete an instance.
-  - `query`:  Query both online and offline stores.
-  - `query_online`:  Query the online store.
-  - `query_offline`:  Query the offline store.
+  - `read`:  Read both online and offline stores.
+  - `read_online`:  Read the online store.
+  - `read_offline`:  Read the offline store.
   - `write`:  Write on any store.
   - `write_online`:  Write to the online store.
   - `write_offline`:  Write to the offline store.
@@ -48,7 +48,7 @@ To simplify configuration, several constants are defined to streamline the permi
   `OnDemandFeatureView`.
 - In module `feast.permissions.action`:
   - `ALL_ACTIONS` is the list of all managed actions.
-  - `QUERY` includes all the query actions for online and offline store.
+  - `READ` includes all the read actions for online and offline store.
   - `WRITE` includes all the write actions for online and offline store.
   - `CRUD` includes all the state management actions to create, describe, update or delete a Feast resource.
 
@@ -69,7 +69,7 @@ Permission(
     name="feature-reader",
     types=[FeatureView, FeatureService],
     policy=RoleBasedPolicy(roles=["super-reader"]),
-    actions=[AuthzedAction.DESCRIBE, QUERY],
+    actions=[AuthzedAction.DESCRIBE, READ],
 )
 ```
 
@@ -89,14 +89,15 @@ Permission(
 {% endhint %}
 
 
-The following permission grants authorization to query the offline store of all the feature views including `risky` in the name, to users with role `trusted`:
+The following permission grants authorization to read the offline store of all the feature views including `risky` in the name, to users with role `trusted`:
+
 ```py
 Permission(
     name="reader",
     types=[FeatureView],
     name_pattern=".*risky.*",
     policy=RoleBasedPolicy(roles=["trusted"]),
-    actions=[AuthzedAction.QUERY_OFFLINE],
+    actions=[AuthzedAction.READ_OFFLINE],
 )
 ```
 

docs/reference/feature-servers/offline-feature-server.md

@@ -37,14 +37,14 @@ The set of functionalities supported by remote offline stores is the same as tho
 
 ## API Endpoints and Permissions
 
-| Endpoint                              | Resource Type    |Permission    | Description                                         |
-| ------------------------------------- |------------------|---------------|-----------------------------------------------------|
-| offline_write_batch                   | FeatureView      | Write Offline | Write a batch of data to the offline store          |
-| write_logged_features                 | FeatureService   | Write Offline | Write logged features to the offline store          |
-| persist                               | DataSource       | Write Offline | Persist the result of a query in the offline store  |
-| get_historical_features               | FeatureView      | Query Offline | Retrieve historical features                        |
-| pull_all_from_table_or_query          | DataSource       | Query Offline | Pull all data from a table or query it              |
-| pull_latest_from_table_or_query       | DataSource       | Query Offline | Pull the latest data from a table or query it       |
+| Endpoint                              | Resource Type    | Permission    | Description                                        |
+| ------------------------------------- |------------------|---------------|----------------------------------------------------|
+| offline_write_batch                   | FeatureView      | Write Offline | Write a batch of data to the offline store         |
+| write_logged_features                 | FeatureService   | Write Offline | Write logged features to the offline store         |
+| persist                               | DataSource       | Write Offline | Persist the result of a query in the offline store |
+| get_historical_features               | FeatureView      | Read Offline  | Retrieve historical features                       |
+| pull_all_from_table_or_query          | DataSource       | Read Offline  | Pull all data from a table or read it              |
+| pull_latest_from_table_or_query       | DataSource       | Read Offline  | Pull the latest data from a table or read it       |
 
 
 ## How to configure Authentication and Authorization ?

docs/reference/feature-servers/python-feature-server.md

@@ -206,7 +206,7 @@ requests.post(
 
 | Endpoint                     | Resource Type                   | Permission                                            | Description                                                              |
 | ---------------------------- |---------------------------------|-------------------------------------------------------| ------------------------------------------------------------------------ |
-| /get-online-features         | FeatureView,OnDemandFeatureView | Query Online                                          | Get online features from the feature store                     |
+| /get-online-features         | FeatureView,OnDemandFeatureView | Read Online                                           | Get online features from the feature store                     |
 | /push                        | FeatureView                     | Write Online, Write Offline, Write Online and Offline | Push features to the feature store (online, offline, or both)  |
 | /write-to-online-store       | FeatureView                     | Write Online                                          | Write features to the online store                             |
 | /materialize                 | FeatureView                     | Write Online                                          | Materialize features within a specified time range             |

protos/feast/core/Permission.proto

@@ -22,8 +22,8 @@ message PermissionSpec {
     DESCRIBE = 1;
     UPDATE = 2;
     DELETE = 3;
-    QUERY_ONLINE = 4;
-    QUERY_OFFLINE = 5;
+    READ_ONLINE = 4;
+    READ_OFFLINE = 5;
     WRITE_ONLINE = 6;
     WRITE_OFFLINE = 7;
   }

sdk/python/feast/feature_server.py

@@ -117,7 +117,7 @@ def get_online_features(body=Depends(get_body)):
                     body["feature_service"], allow_cache=True
                 )
                 assert_permissions(
-                    resource=feature_service, actions=[AuthzedAction.QUERY_ONLINE]
+                    resource=feature_service, actions=[AuthzedAction.READ_ONLINE]
                 )
                 features = feature_service
             else:
@@ -133,11 +133,11 @@ def get_online_features(body=Depends(get_body)):
                 )
                 for feature_view in all_feature_views:
                     assert_permissions(
-                        resource=feature_view, actions=[AuthzedAction.QUERY_ONLINE]
+                        resource=feature_view, actions=[AuthzedAction.READ_ONLINE]
                     )
                 for od_feature_view in all_on_demand_feature_views:
                     assert_permissions(
-                        resource=od_feature_view, actions=[AuthzedAction.QUERY_ONLINE]
+                        resource=od_feature_view, actions=[AuthzedAction.READ_ONLINE]
                     )
 
             response_proto = store.get_online_features(

sdk/python/feast/offline_server.py

@@ -296,7 +296,7 @@ def _validate_pull_all_from_table_or_query_parameters(self, command: dict):
     def pull_all_from_table_or_query(self, command: dict):
         self._validate_pull_all_from_table_or_query_parameters(command)
         data_source = self.store.get_data_source(command["data_source_name"])
-        assert_permissions(data_source, actions=[AuthzedAction.QUERY_OFFLINE])
+        assert_permissions(data_source, actions=[AuthzedAction.READ_OFFLINE])
 
         return self.offline_store.pull_all_from_table_or_query(
             self.store.config,
@@ -325,7 +325,7 @@ def _validate_pull_latest_from_table_or_query_parameters(self, command: dict):
     def pull_latest_from_table_or_query(self, command: dict):
         self._validate_pull_latest_from_table_or_query_parameters(command)
         data_source = self.store.get_data_source(command["data_source_name"])
-        assert_permissions(resource=data_source, actions=[AuthzedAction.QUERY_OFFLINE])
+        assert_permissions(resource=data_source, actions=[AuthzedAction.READ_OFFLINE])
         return self.offline_store.pull_latest_from_table_or_query(
             self.store.config,
             data_source,
@@ -383,7 +383,7 @@ def get_historical_features(self, command: dict, key: str):
 
         for feature_view in feature_views:
             assert_permissions(
-                resource=feature_view, actions=[AuthzedAction.QUERY_OFFLINE]
+                resource=feature_view, actions=[AuthzedAction.READ_OFFLINE]
             )
 
         retJob = self.offline_store.get_historical_features(

sdk/python/feast/permissions/action.py

@@ -10,19 +10,19 @@ class AuthzedAction(enum.Enum):
     DESCRIBE = "describe"  # Access the instance state
     UPDATE = "update"  # Update the instance state
     DELETE = "delete"  # Delete an instance
-    QUERY_ONLINE = "query_online"  # Query the online store only
-    QUERY_OFFLINE = "query_offline"  # Query the offline store only
+    READ_ONLINE = "read_online"  # Read the online store only
+    READ_OFFLINE = "read_offline"  # Read the offline store only
     WRITE_ONLINE = "write_online"  # Write to the online store only
     WRITE_OFFLINE = "write_offline"  # Write to the offline store only
 
 
 #  Alias for all available actions
 ALL_ACTIONS = [a for a in AuthzedAction.__members__.values()]
 
-#  Alias for all query actions
-QUERY = [
-    AuthzedAction.QUERY_OFFLINE,
-    AuthzedAction.QUERY_ONLINE,
+#  Alias for all read actions
+READ = [
+    AuthzedAction.READ_OFFLINE,
+    AuthzedAction.READ_ONLINE,
 ]
 #  Alias for all write actions
 WRITE = [

sdk/python/tests/integration/feature_repos/repo_configuration.py

@@ -489,31 +489,31 @@ def setup(self):
                 name="offline_fv_perm",
                 types=FeatureView,
                 policy=RoleBasedPolicy(roles=["writer"]),
-                actions=[AuthzedAction.QUERY_OFFLINE, AuthzedAction.WRITE_OFFLINE],
+                actions=[AuthzedAction.READ_OFFLINE, AuthzedAction.WRITE_OFFLINE],
             ),
             Permission(
                 name="offline_odfv_perm",
                 types=OnDemandFeatureView,
                 policy=RoleBasedPolicy(roles=["writer"]),
-                actions=[AuthzedAction.QUERY_OFFLINE, AuthzedAction.WRITE_OFFLINE],
+                actions=[AuthzedAction.READ_OFFLINE, AuthzedAction.WRITE_OFFLINE],
             ),
             Permission(
                 name="offline_sfv_perm",
                 types=StreamFeatureView,
                 policy=RoleBasedPolicy(roles=["writer"]),
-                actions=[AuthzedAction.QUERY_OFFLINE, AuthzedAction.WRITE_OFFLINE],
+                actions=[AuthzedAction.READ_OFFLINE, AuthzedAction.WRITE_OFFLINE],
             ),
             Permission(
                 name="offline_fs_perm",
                 types=FeatureService,
                 policy=RoleBasedPolicy(roles=["writer"]),
-                actions=[AuthzedAction.QUERY_OFFLINE, AuthzedAction.WRITE_OFFLINE],
+                actions=[AuthzedAction.READ_OFFLINE, AuthzedAction.WRITE_OFFLINE],
             ),
             Permission(
                 name="offline_datasource_perm",
                 types=DataSource,
                 policy=RoleBasedPolicy(roles=["writer"]),
-                actions=[AuthzedAction.QUERY_OFFLINE, AuthzedAction.WRITE_OFFLINE],
+                actions=[AuthzedAction.READ_OFFLINE, AuthzedAction.WRITE_OFFLINE],
             ),
         ]
         self.feature_store.apply(permissions_list)

sdk/python/tests/integration/online_store/test_remote_online_store.py

@@ -26,19 +26,19 @@ def test_remote_online_store_read(auth_config):
                 name="online_list_fv_perm",
                 types=FeatureView,
                 policy=RoleBasedPolicy(roles=["reader"]),
-                actions=[AuthzedAction.QUERY_ONLINE],
+                actions=[AuthzedAction.READ_ONLINE],
             ),
             Permission(
                 name="online_list_odfv_perm",
                 types=OnDemandFeatureView,
                 policy=RoleBasedPolicy(roles=["reader"]),
-                actions=[AuthzedAction.QUERY_ONLINE],
+                actions=[AuthzedAction.READ_ONLINE],
             ),
             Permission(
                 name="online_list_sfv_perm",
                 types=StreamFeatureView,
                 policy=RoleBasedPolicy(roles=["reader"]),
-                actions=[AuthzedAction.QUERY_ONLINE],
+                actions=[AuthzedAction.READ_ONLINE],
             ),
         ]
         server_store, server_url, registry_path = (

sdk/python/tests/unit/permissions/test_security_manager.py

@@ -1,7 +1,7 @@
 import assertpy
 import pytest
 
-from feast.permissions.action import QUERY, AuthzedAction
+from feast.permissions.action import READ, AuthzedAction
 from feast.permissions.security_manager import assert_permissions, permitted_resources
 
 
@@ -33,7 +33,7 @@
         ),
         (
             "admin",
-            QUERY + [AuthzedAction.UPDATE],
+            READ + [AuthzedAction.UPDATE],
             False,
             [False, False],
             [True, True],