Skip to content

feat: Adding TLS support for offline server. #4744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dmartinol merged 6 commits into from
Nov 8, 2024
Merged

feat: Adding TLS support for offline server. #4744

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b090e86
* Adding TLS support for offline server.
lokeshrangineni Nov 6, 2024
dd9dca0
* Fixing the lint error and also integration tests.
lokeshrangineni Nov 7, 2024
f92d26b
* Added documentation for the offline server and moved to how to guide.
lokeshrangineni Nov 7, 2024
033e065
* Added documentation for the offline server and moved to how to guide.
lokeshrangineni Nov 7, 2024
c60c07a
* fixing the integration test by adding extra flag verify_client
lokeshrangineni Nov 7, 2024
0f9dc98
* Adding alias names for the host in self-signed certificate.
lokeshrangineni Nov 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
* fixing the integration test by adding extra flag verify_client 
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
  • Loading branch information
@lokeshrangineni
lokeshrangineni committed Nov 7, 2024
commit c60c07a52d65f370e2ab57869882f0af435be614
12 changes: 11 additions & 1 deletion sdk/python/feast/cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1132,13 +1132,23 @@ def serve_registry_command(
show_default=False,
help="path to TLS certificate public key. You need to pass --key as well to start server in TLS mode",
)
@click.option(
"--verify_client",
"-v",
"tls_verify_client",
type=click.BOOL,
default="True",
show_default=True,
help="Verify the client or not for the TLS client certificate.",
)
@click.pass_context
def serve_offline_command(
ctx: click.Context,
host: str,
port: int,
tls_key_path: str,
tls_cert_path: str,
tls_verify_client: bool,
):
"""Start a remote server locally on a given host, port."""
if (tls_key_path and not tls_cert_path) or (not tls_key_path and tls_cert_path):
Expand All @@ -1147,7 +1157,7 @@ def serve_offline_command(
)
store = create_feature_store(ctx)

store.serve_offline(host, port, tls_key_path, tls_cert_path)
store.serve_offline(host, port, tls_key_path, tls_cert_path, tls_verify_client)


@cli.command("validate")
Expand Down
5 changes: 4 additions & 1 deletion sdk/python/feast/feature_store.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1969,11 +1969,14 @@ def serve_offline(
port: int,
tls_key_path: str = "",
tls_cert_path: str = "",
tls_verify_client: bool = True,
) -> None:
"""Start offline server locally on a given port."""
from feast import offline_server

offline_server.start_server(self, host, port, tls_key_path, tls_cert_path)
offline_server.start_server(
self, host, port, tls_key_path, tls_cert_path, tls_verify_client
)

def serve_transformations(self, port: int) -> None:
"""Start the feature transformation server locally on a given port."""
Expand Down
25 changes: 19 additions & 6 deletions sdk/python/feast/infra/offline_stores/remote.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,9 @@ def list_actions(self, options: FlightCallOptions = None):
return super().list_actions(options)


def build_arrow_flight_client(scheme: str, host: str, port, auth_config: AuthConfig):
def build_arrow_flight_client(
scheme: str, host: str, port, auth_config: AuthConfig, cert: str = ""
):
arrow_scheme = "grpc+tcp"
if scheme == "https":
logger.info(
Expand All @@ -83,8 +85,12 @@ def build_arrow_flight_client(scheme: str, host: str, port, auth_config: AuthCon
return FeastFlightClient(
f"{arrow_scheme}://{host}:{port}", middleware=middlewares
)
kwargs = {}
if cert:
with open(cert, "rb") as root_certs:
kwargs["tls_root_certs"] = root_certs.read()

return FeastFlightClient(f"{arrow_scheme}://{host}:{port}")
return FeastFlightClient(f"{arrow_scheme}://{host}:{port}", **kwargs)


class RemoteOfflineStoreConfig(FeastConfigBaseModel):
Expand Down Expand Up @@ -198,6 +204,7 @@ def get_historical_features(
host=config.offline_store.host,
port=config.offline_store.port,
auth_config=config.auth_config,
cert=config.offline_store.cert,
)

feature_view_names = [fv.name for fv in feature_views]
Expand Down Expand Up @@ -233,10 +240,11 @@ def pull_all_from_table_or_query(

# Initialize the client connection
client = build_arrow_flight_client(
config.offline_store.scheme,
config.offline_store.host,
config.offline_store.port,
config.auth_config,
scheme=config.offline_store.scheme,
host=config.offline_store.host,
port=config.offline_store.port,
auth_config=config.auth_config,
cert=config.offline_store.cert,
)

api_parameters = {
Expand Down Expand Up @@ -273,6 +281,7 @@ def pull_latest_from_table_or_query(
config.offline_store.host,
config.offline_store.port,
config.auth_config,
cert=config.offline_store.cert,
)

api_parameters = {
Expand Down Expand Up @@ -311,6 +320,7 @@ def write_logged_features(
config.offline_store.host,
config.offline_store.port,
config.auth_config,
config.offline_store.cert,
)

api_parameters = {
Expand Down Expand Up @@ -340,6 +350,7 @@ def offline_write_batch(
config.offline_store.host,
config.offline_store.port,
config.auth_config,
config.offline_store.cert,
)

feature_view_names = [feature_view.name]
Expand Down Expand Up @@ -371,6 +382,7 @@ def validate_data_source(
config.offline_store.host,
config.offline_store.port,
config.auth_config,
config.offline_store.cert,
)

api_parameters = {
Expand All @@ -395,6 +407,7 @@ def get_table_column_names_and_types_from_data_source(
config.offline_store.host,
config.offline_store.port,
config.auth_config,
config.offline_store.cert,
)

api_parameters = {
Expand Down
3 changes: 2 additions & 1 deletion sdk/python/feast/offline_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -568,6 +568,7 @@ def start_server(
port: int,
tls_key_path: str = "",
tls_cert_path: str = "",
tls_verify_client: bool = True,
):
_init_auth_manager(store)

Expand All @@ -590,7 +591,7 @@ def start_server(
location=location,
host=host,
tls_certificates=tls_certificates,
verify_client=True,
verify_client=tls_verify_client,
)
try:
logger.info(f"Offline store server serving at: {location}")
Expand Down
3 changes: 3 additions & 0 deletions sdk/python/tests/integration/feature_repos/universal/data_sources/file.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,9 @@ def setup(self, registry: RegistryConfig):
str(tls_key_path),
"--cert",
str(self.tls_cert_path),
# This is needed for the self-signed certificate, disabled verify_client for integration tests.
"--verify_client",
str(False),
]
self.proc = subprocess.Popen(
cmd, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL
Expand Down