Skip to content

fix: Denial by default to all resources when no permissions set #5663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ntkathole merged 2 commits into from
Jan 13, 2026
Merged

fix: Denial by default to all resources when no permissions set #5663

ntkathole merged 2 commits into from
Jan 13, 2026

Conversation

@jyejare
Copy link
Collaborator

@jyejare jyejare commented Oct 14, 2025
edited
Loading

What this PR does / why we need it:

We observed Inconsistent permission response behavior across Feature Store API routes.

  • Fixing the behaviour by changes in filter_only and named_patterns

Which issue(s) this PR fixes:

Inconsistent permission response behavior across Feature Store API routes. RHOAIENG-35929

Misc

@jyejare jyejare requested a review from a team as a code owner October 14, 2025 13:54
@jyejare jyejare changed the title Denial by default to all resources when no permissions set fix: Denial by default to all resources when no permissions set Oct 14, 2025
jameerpathan111
jameerpathan111 reviewed Oct 21, 2025
View reviewed changes
@jyejare jyejare force-pushed the objects_default_deniel branch from 59af5bb to 1d1bfb0 Compare December 15, 2025 07:38
ntkathole
ntkathole reviewed Dec 15, 2025
View reviewed changes
franciscojavierarceo
franciscojavierarceo reviewed Jan 12, 2026
View reviewed changes
@jyejare jyejare force-pushed the objects_default_deniel branch from 8739c76 to 4c0a47b Compare January 13, 2026 07:14
ntkathole
ntkathole approved these changes Jan 13, 2026
View reviewed changes
Copy link
Member

@ntkathole ntkathole left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@jyejare @ntkathole
Denial by default to all resources when no permissions set
606f98d 
Signed-off-by: jyejare <jyejare@redhat.com>

filter only for named patterns
No matching permissions are handled
@jyejare @ntkathole
Tests are updated to match the new behavior
11e2026 
Signed-off-by: jyejare <jyejare@redhat.com>
@ntkathole ntkathole force-pushed the objects_default_deniel branch from 4c0a47b to 11e2026 Compare January 13, 2026 14:52
@ntkathole ntkathole merged commit 1524f1c into feast-dev:master Jan 13, 2026
13 of 17 checks passed
franciscojavierarceo pushed a commit that referenced this pull request Jan 16, 2026
@feast-ci-bot
chore(release): release 0.59.0
6214d05 
# [0.59.0](v0.58.0...v0.59.0) (2026-01-16)

### Bug Fixes

* Add get_table_query_string_with_alias() for PostgreSQL subquery aliasing ([#5811](#5811)) ([11122ce](11122ce))
* Add hybrid online store to ONLINE_STORE_CLASS_FOR_TYPE mapping ([#5810](#5810)) ([678589b](678589b))
* Add possibility to overwrite send_receive_timeout for clickhouse offline store ([#5792](#5792)) ([59dbb33](59dbb33))
* Denial by default to all resources when no permissions set  ([#5663](#5663)) ([1524f1c](1524f1c))
* Make operator include full OIDC secret in repo config ([#5676](#5676)) ([#5809](#5809)) ([a536bc2](a536bc2))
* Populate Postgres `registry.path` during `feast init` ([#5785](#5785)) ([f293ae8](f293ae8))
* **redis:** Preserve millisecond timestamp precision for Redis online store ([#5807](#5807)) ([9e3f213](9e3f213))
* Search API to return all matching tags in matched_tags field ([#5843](#5843)) ([de37f66](de37f66))
* Spark Materialization Engine Cannot Infer Schema ([#5806](#5806)) ([58d0325](58d0325)), closes [#5594](#5594) [#5594](#5594)
* Support arro3 table schema with newer deltalake packages ([#5799](#5799)) ([103c5e9](103c5e9))
* Timestamp formatting and lakehouse-type connector for trino_offline_store. ([#5846](#5846)) ([c2ea7e9](c2ea7e9))
* Update model_validator to use instance method signature (Pydantic v2.12 deprecation) ([#5825](#5825)) ([3c10b6e](3c10b6e))

### Features

* Add dbt integration for importing models as FeatureViews ([#5827](#5827)) ([b997361](b997361)), closes [#3335](#3335) [#3335](#3335) [#3335](#3335)
* Add GCS registry store in Go feature server ([#5818](#5818)) ([1dc2be5](1dc2be5))
* Add progress bar to CLI from feast apply ([#5867](#5867)) ([ab3562b](ab3562b))
* Add RBAC blog post to website ([#5861](#5861)) ([b1844a3](b1844a3))
* Add skip_feature_view_validation parameter to FeatureStore.apply() and plan() ([#5859](#5859)) ([5482a0e](5482a0e))
* Added batching to feature server /push to offline store ([#5683](#5683)) ([#5729](#5729)) ([ce35ce6](ce35ce6))
* Enable static artifacts for feature server that can be used in Feature Transformations ([#5787](#5787)) ([edefc3f](edefc3f))
* Improve lambda materialization engine ([#5829](#5829)) ([f6116f9](f6116f9))
* Offline Store historical features retrieval based on datetime range in Ray ([#5738](#5738)) ([e484c12](e484c12))
* Read, Save docs and chat fixes ([#5865](#5865)) ([2081b55](2081b55))
* Resolve pyarrow >21 installation with ibis-framework ([#5847](#5847)) ([8b9bb50](8b9bb50))
* Support staging for spark materialization ([#5671](#5671)) ([#5797](#5797)) ([5b787af](5b787af))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@franciscojavierarceo franciscojavierarceo franciscojavierarceo left review comments

@ntkathole ntkathole ntkathole approved these changes

+1 more reviewer

@jameerpathan111 jameerpathan111 jameerpathan111 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jyejare @franciscojavierarceo @ntkathole @jameerpathan111