Skip to content

fix: Logger settings for feature servers and updated logger for permission flow #4531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tokoko merged 3 commits into from
Sep 19, 2024
Merged

fix: Logger settings for feature servers and updated logger for permission flow #4531

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
71267e5
Logger setting for feature servers
redhatHameed Sep 17, 2024
1b5a8fc
added/updated logger for permission flow
redhatHameed Sep 18, 2024
286a6d7
set defualt logger level for feature servers as WARNING
redhatHameed Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
added/updated logger for permission flow 
Signed-off-by: Abdul Hameed <ahameed@redhat.com>
  • Loading branch information
@redhatHameed
redhatHameed committed Sep 18, 2024
commit 1b5a8fc21e69d0cf3cb20185d875a77283b0f28c
6 changes: 4 additions & 2 deletions sdk/python/feast/permissions/auth/kubernetes_token_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,16 @@ async def user_details_from_access_token(self, access_token: str) -> User:
"""
sa_namespace, sa_name = _decode_token(access_token)
current_user = f"{sa_namespace}:{sa_name}"
logging.info(f"Received request from {sa_name} in {sa_namespace}")
logger.info(
f"Request received from ServiceAccount: {sa_name} in namespace: {sa_namespace}"
)

intra_communication_base64 = os.getenv("INTRA_COMMUNICATION_BASE64")
if sa_name is not None and sa_name == intra_communication_base64:
return User(username=sa_name, roles=[])
else:
roles = self.get_roles(sa_namespace, sa_name)
logging.info(f"SA roles are: {roles}")
logger.info(f"Roles for ServiceAccount {sa_name}: {roles}")

return User(username=current_user, roles=roles)

Expand Down
3 changes: 2 additions & 1 deletion sdk/python/feast/permissions/auth/oidc_token_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,9 @@ async def user_details_from_access_token(self, access_token: str) -> User:

try:
await self._validate_token(access_token)
logger.info("Validated token")
logger.debug("Token successfully validated.")
except Exception as e:
logger.error(f"Token validation failed: {e}")
raise AuthenticationError(f"Invalid token: {e}")

optional_custom_headers = {"User-agent": "custom-user-agent"}
Expand Down
1 change: 1 addition & 0 deletions sdk/python/feast/permissions/client/intra_comm_authentication_client_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ class IntraCommAuthClientManager(AuthenticationClientManager):
def __init__(self, auth_config: AuthConfig, intra_communication_base64: str):
self.auth_config = auth_config
self.intra_communication_base64 = intra_communication_base64
logger.debug(f"AuthConfig type set to {self.auth_config.type}")

def get_token(self):
if self.auth_config.type == AuthType.OIDC.value:
Expand Down
4 changes: 4 additions & 0 deletions sdk/python/feast/permissions/enforcer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,12 @@ def enforce_policy(
if evaluator.is_decided():
grant, explanations = evaluator.grant()
if not grant and not filter_only:
logger.error(f"Permission denied: {','.join(explanations)}")
raise FeastPermissionError(",".join(explanations))
if grant:
logger.debug(
f"Permission granted for {type(resource).__name__}:{resource.name}"
)
_permitted_resources.append(resource)
break
else:
Expand Down
8 changes: 5 additions & 3 deletions sdk/python/feast/permissions/server/arrow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@ def __init__(self, access_token: str, *args, **kwargs):

def call_completed(self, exception):
if exception:
print(f"{AuthorizationMiddleware.__name__} received {exception}")
logger.error(
f"{AuthorizationMiddleware.__name__} encountered an exception: {exception}"
Copy link
Copy Markdown
Contributor

@lokeshrangineni lokeshrangineni Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The better way to log exception is logging.exception I m not sure what it logs if we do the {exception}.

Copy link
Copy Markdown
Contributor Author

@redhatHameed redhatHameed Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set as logging.exception. These will arrow flight sever related internal exceptions.

)

async def extract_user(self) -> User:
"""
Expand All @@ -69,14 +71,14 @@ def inject_user_details(context: ServerCallContext):
context: The endpoint context.
"""
if context.get_middleware("auth") is None:
logger.info("No `auth` middleware.")
logger.warning("No `auth` middleware.")
return

sm = get_security_manager()
if sm is not None:
auth_middleware = cast(AuthorizationMiddleware, context.get_middleware("auth"))
current_user = asyncio.run(auth_middleware.extract_user())
print(f"extracted user: {current_user}")
logger.info(f"User extracted: {current_user}")
Copy link
Copy Markdown
Contributor

@lokeshrangineni lokeshrangineni Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need to log every user using info?

Copy link
Copy Markdown
Contributor Author

@redhatHameed redhatHameed Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't set as a debug incase if required


sm.set_current_user(current_user)

Expand Down
4 changes: 2 additions & 2 deletions sdk/python/feast/permissions/server/grpc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ def intercept_service(self, continuation, handler_call_details):
metadata=dict(handler_call_details.invocation_metadata)
)

print(f"Fetching user for token: {len(access_token)}")
logger.info(f"Fetching user details for token of length: {len(access_token)}")
current_user = asyncio.run(
auth_manager.token_parser.user_details_from_access_token(access_token)
)
print(f"User is: {current_user}")
logger.info(f"User is: {current_user.username}")
sm.set_current_user(current_user)

return continuation(handler_call_details)