Skip to content

Commit

Permalink
merge from master
Browse files Browse the repository at this point in the history
Signed-off-by: tokoko <[email protected]>
  • Loading branch information
tokoko committed Sep 19, 2024
2 parents 7094342 + cecca83 commit bc5e86b
Show file tree
Hide file tree
Showing 17 changed files with 571 additions and 103 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build_wheels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ jobs:
# There's a `git restore` in here because `make install-go-ci-dependencies` is actually messing up go.mod & go.sum.
run: |
pip install -U pip setuptools wheel twine
make install-protoc-dependencies
make build-ui
git status
git restore go.mod go.sum
Expand Down
19 changes: 12 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,16 @@ install-python-ci-dependencies-uv-venv:
uv pip install --no-deps -e .
python setup.py build_python_protos --inplace

install-protoc-dependencies:
pip install "protobuf<5" "grpcio-tools>=1.56.2,<2" "mypy-protobuf>=3.1"

lock-python-ci-dependencies:
uv pip compile --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py$(PYTHON_VERSION)-ci-requirements.txt

package-protos:
cp -r ${ROOT_DIR}/protos ${ROOT_DIR}/sdk/python/feast/protos

compile-protos-python:
compile-protos-python: install-protoc-dependencies
python setup.py build_python_protos --inplace

install-python:
Expand All @@ -81,12 +84,14 @@ lock-python-dependencies:
uv pip compile --system --no-strip-extras setup.py --output-file sdk/python/requirements/py$(PYTHON_VERSION)-requirements.txt

lock-python-dependencies-all:
pixi run --environment py39 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.9-requirements.txt"
pixi run --environment py39 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.9-ci-requirements.txt"
pixi run --environment py310 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.10-requirements.txt"
pixi run --environment py310 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.10-ci-requirements.txt"
pixi run --environment py311 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.11-requirements.txt"
pixi run --environment py311 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.11-ci-requirements.txt"
# Remove all existing requirements because we noticed the lock file is not always updated correctly. Removing and running the command again ensures that the lock file is always up to date.
rm -r sdk/python/requirements/*
pixi run --environment py39 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.9 --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.9-requirements.txt"
pixi run --environment py39 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.9 --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.9-ci-requirements.txt"
pixi run --environment py310 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.10 --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.10-requirements.txt"
pixi run --environment py310 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.10 --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.10-ci-requirements.txt"
pixi run --environment py311 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.11 --system --no-strip-extras setup.py --output-file sdk/python/requirements/py3.11-requirements.txt"
pixi run --environment py311 --manifest-path infra/scripts/pixi/pixi.toml "uv pip compile -p 3.11 --system --no-strip-extras setup.py --extra ci --output-file sdk/python/requirements/py3.11-ci-requirements.txt"

benchmark-python:
IS_TEST=True python -m pytest --integration --benchmark --benchmark-autosave --benchmark-save-data sdk/python/tests
Expand Down
8 changes: 8 additions & 0 deletions infra/charts/feast-feature-server/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,20 +42,28 @@ spec:
command:
{{- if eq .Values.feast_mode "offline" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve_offline"
- "-h"
- "0.0.0.0"
{{- else if eq .Values.feast_mode "ui" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "ui"
- "-h"
- "0.0.0.0"
{{- else if eq .Values.feast_mode "registry" }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve_registry"
{{- else }}
{{- if .Values.metrics.enlabled }}
- "feast"
- "--log-level"
- "{{ .Values.logLevel }}"
- "serve"
- "--metrics"
- "-h"
Expand Down
2 changes: 2 additions & 0 deletions infra/charts/feast-feature-server/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ image:
# image.tag -- The Docker image tag (can be overwritten if custom feature server deps are needed for on demand transforms)
tag: 0.40.0

logLevel: "WARNING" # Set log level DEBUG, INFO, WARNING, ERROR, and CRITICAL (case-insensitive)

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
Expand Down
6 changes: 4 additions & 2 deletions sdk/python/feast/permissions/auth/kubernetes_token_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,16 @@ async def user_details_from_access_token(self, access_token: str) -> User:
"""
sa_namespace, sa_name = _decode_token(access_token)
current_user = f"{sa_namespace}:{sa_name}"
logging.info(f"Received request from {sa_name} in {sa_namespace}")
logger.info(
f"Request received from ServiceAccount: {sa_name} in namespace: {sa_namespace}"
)

intra_communication_base64 = os.getenv("INTRA_COMMUNICATION_BASE64")
if sa_name is not None and sa_name == intra_communication_base64:
return User(username=sa_name, roles=[])
else:
roles = self.get_roles(sa_namespace, sa_name)
logging.info(f"SA roles are: {roles}")
logger.info(f"Roles for ServiceAccount {sa_name}: {roles}")

return User(username=current_user, roles=roles)

Expand Down
4 changes: 2 additions & 2 deletions sdk/python/feast/permissions/auth/oidc_token_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
from feast.permissions.user import User

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class OidcTokenParser(TokenParser):
Expand Down Expand Up @@ -69,8 +68,9 @@ async def user_details_from_access_token(self, access_token: str) -> User:

try:
await self._validate_token(access_token)
logger.info("Validated token")
logger.debug("Token successfully validated.")
except Exception as e:
logger.error(f"Token validation failed: {e}")
raise AuthenticationError(f"Invalid token: {e}")

optional_custom_headers = {"User-agent": "custom-user-agent"}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ class IntraCommAuthClientManager(AuthenticationClientManager):
def __init__(self, auth_config: AuthConfig, intra_communication_base64: str):
self.auth_config = auth_config
self.intra_communication_base64 = intra_communication_base64
logger.debug(f"AuthConfig type set to {self.auth_config.type}")

def get_token(self):
if self.auth_config.type == AuthType.OIDC.value:
Expand Down
4 changes: 4 additions & 0 deletions sdk/python/feast/permissions/enforcer.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,12 @@ def enforce_policy(
if evaluator.is_decided():
grant, explanations = evaluator.grant()
if not grant and not filter_only:
logger.error(f"Permission denied: {','.join(explanations)}")
raise FeastPermissionError(",".join(explanations))
if grant:
logger.debug(
f"Permission granted for {type(resource).__name__}:{resource.name}"
)
_permitted_resources.append(resource)
break
else:
Expand Down
9 changes: 5 additions & 4 deletions sdk/python/feast/permissions/server/arrow.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
from feast.permissions.user import User

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class AuthorizationMiddlewareFactory(fl.ServerMiddlewareFactory):
Expand Down Expand Up @@ -49,7 +48,9 @@ def __init__(self, access_token: str, *args, **kwargs):

def call_completed(self, exception):
if exception:
print(f"{AuthorizationMiddleware.__name__} received {exception}")
logger.exception(
f"{AuthorizationMiddleware.__name__} encountered an exception: {exception}"
)

async def extract_user(self) -> User:
"""
Expand All @@ -69,14 +70,14 @@ def inject_user_details(context: ServerCallContext):
context: The endpoint context.
"""
if context.get_middleware("auth") is None:
logger.info("No `auth` middleware.")
logger.warning("No `auth` middleware.")
return

sm = get_security_manager()
if sm is not None:
auth_middleware = cast(AuthorizationMiddleware, context.get_middleware("auth"))
current_user = asyncio.run(auth_middleware.extract_user())
print(f"extracted user: {current_user}")
logger.debug(f"User extracted: {current_user}")

sm.set_current_user(current_user)

Expand Down
7 changes: 4 additions & 3 deletions sdk/python/feast/permissions/server/grpc.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
from feast.permissions.security_manager import get_security_manager

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class AuthInterceptor(grpc.ServerInterceptor):
Expand All @@ -22,11 +21,13 @@ def intercept_service(self, continuation, handler_call_details):
metadata=dict(handler_call_details.invocation_metadata)
)

print(f"Fetching user for token: {len(access_token)}")
logger.debug(
f"Fetching user details for token of length: {len(access_token)}"
)
current_user = asyncio.run(
auth_manager.token_parser.user_details_from_access_token(access_token)
)
print(f"User is: {current_user}")
logger.debug(f"User is: {current_user}")
sm.set_current_user(current_user)

return continuation(handler_call_details)
1 change: 0 additions & 1 deletion sdk/python/feast/permissions/server/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
from feast.permissions.server.rest_token_extractor import RestTokenExtractor

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


class ServerType(enum.Enum):
Expand Down
Loading

0 comments on commit bc5e86b

Please sign in to comment.