Skip to content

Commit 3dcddcc

Browse files
dmartinolredhatHameed
dmartinol
authored and
redhatHameed
committed
Small fixes (feast-dev#71)
* Improved permission denial log Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com> * Added leeway option to accept tokens released in the past (up to 10") Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com> --------- Signed-off-by: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com> Signed-off-by: Abdul Hameed <ahameed@redhat.com>
1 parent 9b9e341 commit 3dcddcc

2 files changed

Lines changed: 3 additions & 2 deletions

File tree

sdk/python/feast/permissions/auth/oidc_token_parser.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,7 @@ async def user_details_from_access_token(self, access_token: str) -> User:
7878
"verify_signature": True,
7979
"verify_exp": True,
8080
},
81+
leeway=10, # accepts tokens generated up to 10 seconds in the past, in case of clock skew
8182
)
8283

8384
if "preferred_username" not in data:

sdk/python/feast/permissions/enforcer.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ def enforce_policy(
4444
_permitted_resources: list[FeastObject] = []
4545
for resource in resources:
4646
logger.debug(
47-
f"Enforcing permission policies for {type(resource)}:{resource.name} to execute {actions}"
47+
f"Enforcing permission policies for {type(resource).__name__}:{resource.name} to execute {actions}"
4848
)
4949
matching_permissions = [
5050
p
@@ -60,7 +60,7 @@ def enforce_policy(
6060
)
6161
evaluator.add_grant(
6262
permission_grant,
63-
f"Permission {p.name} denied access: {permission_explanation}",
63+
f"Permission {p.name} denied execution of {[a.value.upper() for a in actions]} to {type(resource).__name__}:{resource.name}: {permission_explanation}",
6464
)
6565

6666
if evaluator.is_decided():

0 commit comments

Comments
 (0)