Small fixes (feast-dev#71)

* Improved permission denial log

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

* Added leeway option to accept tokens released in the past (up to 10")

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>

---------

Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com>
Signed-off-by: Abdul Hameed <ahameed@redhat.com>

sdk/python/feast/permissions/auth/oidc_token_parser.py

@@ -78,6 +78,7 @@ async def user_details_from_access_token(self, access_token: str) -> User:
                     "verify_signature": True,
                     "verify_exp": True,
                 },
+                leeway=10,  # accepts tokens generated up to 10 seconds in the past, in case of clock skew
             )
 
             if "preferred_username" not in data:

sdk/python/feast/permissions/enforcer.py

@@ -44,7 +44,7 @@ def enforce_policy(
     _permitted_resources: list[FeastObject] = []
     for resource in resources:
         logger.debug(
-            f"Enforcing permission policies for {type(resource)}:{resource.name} to execute {actions}"
+            f"Enforcing permission policies for {type(resource).__name__}:{resource.name} to execute {actions}"
         )
         matching_permissions = [
             p
@@ -60,7 +60,7 @@ def enforce_policy(
                 )
                 evaluator.add_grant(
                     permission_grant,
-                    f"Permission {p.name} denied access: {permission_explanation}",
+                    f"Permission {p.name} denied execution of {[a.value.upper() for a in actions]} to {type(resource).__name__}:{resource.name}: {permission_explanation}",
                 )
 
                 if evaluator.is_decided():