Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace Keto Authorization with External HTTP Authorization #864

Merged
merged 11 commits into from
Jul 10, 2020

Conversation

woop
Copy link
Member

@woop woop commented Jul 8, 2020

What this PR does / why we need it:

We need to extend Feast Auth towards Feast Serving, but pulling in more and more dependencies in Serving (and throughout Feast) is becoming a big pain. This PR replaces the existing Keto Authorization Provider with an HTTP Authorization Provider. It also comes with an Open API specification that users can implement as a web service in order to roll their own authorization layer.

Does this PR introduce a user-facing change?:

Users can now provide their own external authorization service for use with Feast

@woop woop force-pushed the replace-keto-with-http branch from 437e872 to 83d3a65 Compare July 8, 2020 08:44
@woop woop added the kind/feature New feature or request label Jul 8, 2020
auth/pom.xml Show resolved Hide resolved
String subject = getSubjectFromAuth(authentication, DEFAULT_SUBJECT_CLAIM);
checkAccessRequest.setAction("ALL");
checkAccessRequest.setContext(context);
checkAccessRequest.setResource(projectId);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we probably need to change this to include the resourcetype like org.feast.project:{projectId} or something

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, I fixed it but havent pushed yet.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had the do-not-merge on for protection ;)

But no worries, this at least allows your team to move ahead. I'll submit a patch tomorrow. I am going to bed now.

@feast-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dr3s, woop

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dr3s
Copy link
Collaborator

dr3s commented Jul 10, 2020

/lgtm

@dr3s
Copy link
Collaborator

dr3s commented Jul 10, 2020

/ok-to-test

@dr3s
Copy link
Collaborator

dr3s commented Jul 10, 2020

/ok-to-merge

@feast-ci-bot feast-ci-bot merged commit dc159e4 into feast-dev:master Jul 10, 2020
@dr3s dr3s mentioned this pull request Jul 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants