◐ Shell
reader mode source ↗
Skip to content
Merged

feat: Refactoring code to get oidc end points from discovery URL. #4429

Show file tree
Hide file tree
Changes from all commits
File filter
Conversations
Jump to
Diff view
Apply and reload
Show whitespace
Diff view
Apply and reload
3 changes: 1 addition & 2 deletions docs/getting-started/components/authz_manager.md
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
@@ -68,8 +68,7 @@ auth:
type: oidc
client_id: _CLIENT_ID__
client_secret: _CLIENT_SECRET__
realm: _REALM__
auth_server_url: _OIDC_SERVER_URL_
auth_discovery_url: _OIDC_SERVER_URL_/realms/master/.well-known/openid-configuration
...
```
Expand Down
21 changes: 4 additions & 17 deletions sdk/python/feast/permissions/client/oidc_authentication_client_manager.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from feast.permissions.auth_model import OidcAuthConfig
from feast.permissions.client.auth_client_manager import AuthenticationClientManager

logger = logging.getLogger(__name__)

Expand All @@ -12,25 +13,11 @@ class OidcAuthClientManager(AuthenticationClientManager):
def __init__(self, auth_config: OidcAuthConfig):
self.auth_config = auth_config

def _get_token_endpoint(self):
response = requests.get(self.auth_config.auth_discovery_url)
if response.status_code == 200:
oidc_config = response.json()
if not oidc_config["token_endpoint"]:
raise RuntimeError(
" OIDC token_endpoint is not available from discovery url response."
)
return oidc_config["token_endpoint"].replace(
"master", self.auth_config.realm
)
else:
raise RuntimeError(
f"Error fetching OIDC token endpoint configuration: {response.status_code} - {response.text}"
)

def get_token(self):
# Fetch the token endpoint from the discovery URL
token_endpoint = self._get_token_endpoint()

token_request_body = {
"grant_type": "password",
Expand Down
1 change: 0 additions & 1 deletion sdk/python/tests/integration/feature_repos/repo_configuration.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,6 @@ def setup(self):
password="password",
realm="master",
type="oidc",
auth_server_url=keycloak_url,
auth_discovery_url=f"{keycloak_url}/realms/master/.well-known"
f"/openid-configuration",
)
Expand Down
1 change: 0 additions & 1 deletion sdk/python/tests/integration/feature_repos/universal/data_sources/file.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,6 @@ def __init__(self, project_name: str, *args, **kwargs):
username: reader_writer
password: password
realm: master
auth_server_url: {keycloak_url}
auth_discovery_url: {keycloak_url}/realms/master/.well-known/openid-configuration
"""
self.auth_config = auth_config_template.format(keycloak_url=self.keycloak_url)
Expand Down
4 changes: 0 additions & 4 deletions sdk/python/tests/unit/infra/scaffolding/test_repo_config.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,6 @@ def test_auth_config():
username: test_user_name
password: test_password
realm: master
auth_server_url: http://localhost:8712
auth_discovery_url: http://localhost:8080/realms/master/.well-known/openid-configuration
registry: "registry.db"
provider: local
Expand All @@ -237,7 +236,6 @@ def test_auth_config():
username: test_user_name
password: test_password
realm: master
auth_server_url: http://localhost:8712
auth_discovery_url: http://localhost:8080/realms/master/.well-known/openid-configuration
registry: "registry.db"
provider: local
Expand All @@ -260,7 +258,6 @@ def test_auth_config():
username: test_user_name
password: test_password
realm: master
auth_server_url: http://localhost:8080
auth_discovery_url: http://localhost:8080/realms/master/.well-known/openid-configuration
registry: "registry.db"
provider: local
Expand All @@ -278,7 +275,6 @@ def test_auth_config():
assert oidc_repo_config.auth_config.username == "test_user_name"
assert oidc_repo_config.auth_config.password == "test_password"
assert oidc_repo_config.auth_config.realm == "master"
assert oidc_repo_config.auth_config.auth_server_url == "http://localhost:8080"
assert (
oidc_repo_config.auth_config.auth_discovery_url
== "http://localhost:8080/realms/master/.well-known/openid-configuration"
Expand Down
9 changes: 9 additions & 0 deletions sdk/python/tests/unit/permissions/auth/server/mock_utils.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,15 @@ async def mock_oath2(self, request):
lambda url, data, headers: token_response,
)


def mock_kubernetes(request, monkeypatch):
sa_name = request.getfixturevalue("sa_name")
Expand Down
9 changes: 8 additions & 1 deletion sdk/python/tests/unit/permissions/auth/test_token_parser.py
View file Edit file Delete file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,20 @@
)
@patch("feast.permissions.auth.oidc_token_parser.PyJWKClient.get_signing_key_from_jwt")
@patch("feast.permissions.auth.oidc_token_parser.jwt.decode")
def test_oidc_token_validation_success(
mock_jwt, mock_signing_key, mock_oauth2, oidc_config
):
signing_key = MagicMock()
signing_key.key = "a-key"
mock_signing_key.return_value = signing_key

user_data = {
"preferred_username": "my-name",
"resource_access": {_CLIENT_ID: {"roles": ["reader", "writer"]}},
Expand Down
Toggle all file notes Toggle all file annotations