Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Control Plugin for Registry APIs #409

Merged
merged 3 commits into from
Jul 4, 2022
Merged

Access Control Plugin for Registry APIs #409

merged 3 commits into from
Jul 4, 2022

Conversation

Yuqing-cat
Copy link
Collaborator

This PR covers

  • A access control plugin for all registry APIs (regardless of registry type)
  • Access Control Management APIs and management UI
  • A readme document

image

@Yuqing-cat Yuqing-cat added the feature New feature or request label Jun 28, 2022
This was linked to issues Jun 28, 2022
Implement Basic RBAC Roles (Admin, Producer, Consumer) #146
Closed
Add docs talking about RBAC and credential propagation, as well as compliance best practices #271
Open
enable JWT token Param in frontend API calls #336
Closed
Supporting token based authentication for offline stores #21
Open
@Yuqing-cat Yuqing-cat mentioned this pull request Jun 28, 2022
Closed
@Yuqing-cat Yuqing-cat linked an issue Jun 28, 2022 that may be closed by this pull request
Add azure ad authentication to Fast API #295
Closed
This was unlinked from issues Jun 28, 2022
Supporting token based authentication for offline stores #21
Open
Add docs talking about RBAC and credential propagation, as well as compliance best practices #271
Open
enable JWT token Param in frontend API calls #336
Closed
blrchen
blrchen reviewed Jun 29, 2022
View reviewed changes
registry/api.py Outdated Show resolved Hide resolved
@Yuqing-cat
Copy link
Collaborator Author

Some updates:

  • Offer 2 options for @router.get("/features/{feature}":
    • if user pass project name, will validate access directly
    • if user do NOT pass project name, will validate access with the project name in feature response json
  • Clearer configuration
    • Add ".env" sample file
    • update os.envrion[""] to os.environ.get()
  • Add Exception for requests without token
  • The behavior of UI performs the same with test registry endpoint https://feathr-sql-registry.azurewebsites.net and localhost in all pages.

Will include in the following PR:

  • Add a redirect page for 403 Exceptions to tell user what access is required.

@windoze windoze mentioned this pull request Jul 2, 2022
Merged
@Yuqing-cat
fix comments
488c185 
update sql query & enhance config
@Yuqing-cat
Copy link
Collaborator Author

Updates:

  • All SQL query is updated to prevent injection
  • All configs will follow the os.env >.env > default config sequence to get value.
  • All operation will read / write direct to SQL table rather than Cache.

@Yuqing-cat Yuqing-cat added the safe to test Tag to execute build pipeline for a PR from forked repo label Jul 4, 2022
@Yuqing-cat Yuqing-cat requested a review from blrchen July 4, 2022 07:43
@Yuqing-cat Yuqing-cat merged commit f8b5de7 into feathr-ai:main Jul 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@windoze windoze windoze approved these changes

@blrchen blrchen blrchen approved these changes

@xiaoyongzhu xiaoyongzhu Awaiting requested review from xiaoyongzhu

@jainr jainr Awaiting requested review from jainr

Assignees
No one assigned
Labels
feature New feature or request safe to test Tag to execute build pipeline for a PR from forked repo
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add azure ad authentication to Fast API Implement Basic RBAC Roles (Admin, Producer, Consumer)
3 participants
@Yuqing-cat @windoze @blrchen