Skip to content

Commit

Permalink
Small fixes (feast-dev#71)
Browse files Browse the repository at this point in the history
* Improved permission denial log

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

---------

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
  • Loading branch information
dmartinol authored and redhatHameed committed Aug 14, 2024
1 parent 9b9e341 commit 3dcddcc
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions sdk/python/feast/permissions/auth/oidc_token_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ async def user_details_from_access_token(self, access_token: str) -> User:
"verify_signature": True,
"verify_exp": True,
},
leeway=10, # accepts tokens generated up to 10 seconds in the past, in case of clock skew
)

if "preferred_username" not in data:
Expand Down
4 changes: 2 additions & 2 deletions sdk/python/feast/permissions/enforcer.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def enforce_policy(
_permitted_resources: list[FeastObject] = []
for resource in resources:
logger.debug(
f"Enforcing permission policies for {type(resource)}:{resource.name} to execute {actions}"
f"Enforcing permission policies for {type(resource).__name__}:{resource.name} to execute {actions}"
)
matching_permissions = [
p
Expand All @@ -60,7 +60,7 @@ def enforce_policy(
)
evaluator.add_grant(
permission_grant,
f"Permission {p.name} denied access: {permission_explanation}",
f"Permission {p.name} denied execution of {[a.value.upper() for a in actions]} to {type(resource).__name__}:{resource.name}: {permission_explanation}",
)

if evaluator.is_decided():
Expand Down

0 comments on commit 3dcddcc

Please sign in to comment.