feat: Intra server to server communication by tmihalac · Pull Request #4433 · feast-dev/feast

All the server-to-server requests should not be secured. Only client requests are secured.
This PR introduces a mechanism for intra server to server.

What this PR does / why we need it:
Which issue(s) is related to PR:
(#4198)

any documentation need for this ?

any documentation need for this ?

I don't think so, as far as I understand we decided not to expose the env variable for security purposes.

@tokoko can we merge this if there is no any further comments .

@tmihalac @dmartinol @lokeshrangineni also now as username and password not required incase if the server can we make this optional here

I am not sure I understand what is the connection between auth_model.py and the intra server communication

@tmihalac @dmartinol @lokeshrangineni also now as username and password not required incase if the server can we make this optional here

I am not sure I understand what is the connection between auth_model.py and the intra server communication

this isn’t directly related, but I’ve found below validation error while deploying server it always asks for a username and password, with OIDC, and it throws a validation error if those fields are empty. Maybe we could just make the username and password fields optional WDYT?

username
Field required [type=missing, input_value={'type': 'oidc', 'auth_di..., 'realm': 'feast-rbac'}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.8/v/missing
password```

@tmihalac @dmartinol @lokeshrangineni also now as username and password not required incase if the server can we make this optional here

I am not sure I understand what is the connection between auth_model.py and the intra server communication

this isn’t directly related, but I’ve found below validation error while deploying server it always asks for a username and password, with OIDC, and it throws a validation error if those fields are empty. Maybe we could just make the username and password fields optional WDYT?

username
Field required [type=missing, input_value={'type': 'oidc', 'auth_di..., 'realm': 'feast-rbac'}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.8/v/missing
password```

I am not sure, maybe ask @lokeshrangineni but aren't those parameters mandatory when auth type is oidc ?

@tmihalac @dmartinol @lokeshrangineni also now as username and password not required incase if the server can we make this optional here

I am not sure I understand what is the connection between auth_model.py and the intra server communication

this isn’t directly related, but I’ve found below validation error while deploying server it always asks for a username and password, with OIDC, and it throws a validation error if those fields are empty. Maybe we could just make the username and password fields optional WDYT?

username
Field required [type=missing, input_value={'type': 'oidc', 'auth_di..., 'realm': 'feast-rbac'}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.8/v/missing
password```

I am not sure, maybe ask @lokeshrangineni but aren't those parameters mandatory when auth type is oidc ?

AFAIK for the client yes but incase server these should not mandatory.

@tmihalac @dmartinol @lokeshrangineni also now as username and password not required incase if the server can we make this optional here

I am not sure I understand what is the connection between auth_model.py and the intra server communication

this isn’t directly related, but I’ve found below validation error while deploying server it always asks for a username and password, with OIDC, and it throws a validation error if those fields are empty. Maybe we could just make the username and password fields optional WDYT?

username
Field required [type=missing, input_value={'type': 'oidc', 'auth_di..., 'realm': 'feast-rbac'}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.8/v/missing
password```

I am not sure, maybe ask @lokeshrangineni but aren't those parameters mandatory when auth type is oidc ?

AFAIK for the client yes but incase server these should not mandatory.

Yes, it is mandatory for client and not for server. May be better to create separate task/issue and handle it as it is not related to this PR.