Skip to content

fix: Denial by default to all resources when no permissions set #5663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jyejare wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: Denial by default to all resources when no permissions set #5663

jyejare wants to merge 2 commits into from
+73 −18

Conversation

@jyejare
Copy link
Collaborator

@jyejare jyejare commented Oct 14, 2025
edited
Loading

What this PR does / why we need it:

We observed Inconsistent permission response behavior across Feature Store API routes.

  • Fixing the behaviour by changes in filter_only and named_patterns

Which issue(s) this PR fixes:

Inconsistent permission response behavior across Feature Store API routes. RHOAIENG-35929

Misc

@jyejare jyejare requested a review from a team as a code owner October 14, 2025 13:54
@jyejare jyejare changed the title Denial by default to all resources when no permissions set fix: Denial by default to all resources when no permissions set Oct 14, 2025
jameerpathan111
jameerpathan111 reviewed Oct 21, 2025
View reviewed changes
@jyejare
Denial by default to all resources when no permissions set
1d1bfb0 
Signed-off-by: jyejare <jyejare@redhat.com>

filter only for named patterns
No matching permissions are handled
@jyejare jyejare force-pushed the objects_default_deniel branch from 59af5bb to 1d1bfb0 Compare December 15, 2025 07:38
@jyejare
Tests are updated to match the new behavior
8739c76 
Signed-off-by: jyejare <jyejare@redhat.com>
ntkathole
ntkathole reviewed Dec 15, 2025
View reviewed changes
sdk/python/feast/permissions/enforcer.py
if not resource_type_permissions:
# No permissions exist for this resource type - should raise error
message = f"No permissions defined to manage {actions} on {type(resource)}/{resource.name}."
logger.exception(f"**PERMISSION NOT GRANTED**: {message}")
Copy link
Member

@ntkathole ntkathole Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be logger.error() ?

Copy link
Collaborator Author

@jyejare jyejare Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah thats error with exception :)

franciscojavierarceo
franciscojavierarceo reviewed Jan 12, 2026
View reviewed changes
sdk/python/feast/permissions/enforcer.py
if not filter_only:
raise FeastPermissionError("No permissions defined - access denied")
return []
raise FeastPermissionError(
Copy link
Member

@franciscojavierarceo franciscojavierarceo Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wait, am i correct in understanding that if no permissions are enabled we'll raise the permission error for everyone? is this forcing the functionality to everyone then?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@franciscojavierarceo franciscojavierarceo franciscojavierarceo left review comments

@ntkathole ntkathole ntkathole left review comments

+1 more reviewer

@jameerpathan111 jameerpathan111 jameerpathan111 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jyejare @franciscojavierarceo @ntkathole @jameerpathan111