Authentication and Authorization for feast serving #823
Comments
|
As part of this, I will be moving the below files into feast-auth package, Also I feel the generic validators can be moved to the feast-common package since it is used in core, will be used in auth and may be useful in other modules too. So for now I will move src/main/java/feast/core/validators/OneOfStrings.java validator into feast-common. Let me know your thoughts. I will update the list if I come across other files that needs to be moved. |
|
Sounds good. I think it would be easier to evaluate this refactor once you have submitted a PR, but the idea seems fine. |
|
Working on getting Authentication (only) working on Feast Serving. |
@mrzzy I'm almost ready with for the PR for authentication. I'm working on authorization in the same PR. I will create a wip PR. |
Is your feature request related to a problem? Please describe.
Currently user authentication and authorization limits access to Feast core(#793 ), but doesn't secure feast serving. Since feast client connects to core and serving directly, authentication and authorization on feast serving is a necessary feature.
Describe the solution you'd like
The PR #793, implements jwt authenticator and Keto authorizer for feast core. Same implementation will be done on the feast serving. Instead of replicating the code, Authorization and authentication will be moved separate module feast-auth, which will be included as a dependency in feast core and feast serving. Rest of the configuration will remain same as described in the documentation for #793. Python sdk will be updated to use secure channel to connect to feast serving.
Assumptions:
Out of scope:
Describe alternatives you've considered
Refer to issue #793 for the alternatives considered.
The text was updated successfully, but these errors were encountered: