added/updated logger for permission flow

Signed-off-by: Abdul Hameed <[email protected]>
feast-dev · Sep 18, 2024 · 1b5a8fc · 1b5a8fc
1 parent 71267e5
commit 1b5a8fc
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 8 deletions.
diff --git a/sdk/python/feast/permissions/auth/kubernetes_token_parser.py b/sdk/python/feast/permissions/auth/kubernetes_token_parser.py
@@ -40,14 +40,16 @@ async def user_details_from_access_token(self, access_token: str) -> User:
         """
         sa_namespace, sa_name = _decode_token(access_token)
         current_user = f"{sa_namespace}:{sa_name}"
-        logging.info(f"Received request from {sa_name} in {sa_namespace}")
+        logger.info(
+            f"Request received from ServiceAccount: {sa_name} in namespace: {sa_namespace}"
+        )
 
         intra_communication_base64 = os.getenv("INTRA_COMMUNICATION_BASE64")
         if sa_name is not None and sa_name == intra_communication_base64:
             return User(username=sa_name, roles=[])
         else:
             roles = self.get_roles(sa_namespace, sa_name)
-            logging.info(f"SA roles are: {roles}")
+            logger.info(f"Roles for ServiceAccount {sa_name}: {roles}")
 
             return User(username=current_user, roles=roles)
 

diff --git a/sdk/python/feast/permissions/auth/oidc_token_parser.py b/sdk/python/feast/permissions/auth/oidc_token_parser.py
@@ -69,8 +69,9 @@ async def user_details_from_access_token(self, access_token: str) -> User:
 
         try:
             await self._validate_token(access_token)
-            logger.info("Validated token")
+            logger.debug("Token successfully validated.")
         except Exception as e:
+            logger.error(f"Token validation failed: {e}")
             raise AuthenticationError(f"Invalid token: {e}")
 
         optional_custom_headers = {"User-agent": "custom-user-agent"}

diff --git a/sdk/python/feast/permissions/client/intra_comm_authentication_client_manager.py b/sdk/python/feast/permissions/client/intra_comm_authentication_client_manager.py
@@ -13,6 +13,7 @@ class IntraCommAuthClientManager(AuthenticationClientManager):
     def __init__(self, auth_config: AuthConfig, intra_communication_base64: str):
         self.auth_config = auth_config
         self.intra_communication_base64 = intra_communication_base64
+        logger.debug(f"AuthConfig type set to {self.auth_config.type}")
 
     def get_token(self):
         if self.auth_config.type == AuthType.OIDC.value:

diff --git a/sdk/python/feast/permissions/enforcer.py b/sdk/python/feast/permissions/enforcer.py
@@ -67,8 +67,12 @@ def enforce_policy(
                 if evaluator.is_decided():
                     grant, explanations = evaluator.grant()
                     if not grant and not filter_only:
+                        logger.error(f"Permission denied: {','.join(explanations)}")
                         raise FeastPermissionError(",".join(explanations))
                     if grant:
+                        logger.debug(
+                            f"Permission granted for {type(resource).__name__}:{resource.name}"
+                        )
                         _permitted_resources.append(resource)
                     break
         else:

diff --git a/sdk/python/feast/permissions/server/arrow.py b/sdk/python/feast/permissions/server/arrow.py
@@ -49,7 +49,9 @@ def __init__(self, access_token: str, *args, **kwargs):
 
     def call_completed(self, exception):
         if exception:
-            print(f"{AuthorizationMiddleware.__name__} received {exception}")
+            logger.error(
+                f"{AuthorizationMiddleware.__name__} encountered an exception: {exception}"
+            )
 
     async def extract_user(self) -> User:
         """
@@ -69,14 +71,14 @@ def inject_user_details(context: ServerCallContext):
         context: The endpoint context.
     """
     if context.get_middleware("auth") is None:
-        logger.info("No `auth` middleware.")
+        logger.warning("No `auth` middleware.")
         return
 
     sm = get_security_manager()
     if sm is not None:
         auth_middleware = cast(AuthorizationMiddleware, context.get_middleware("auth"))
         current_user = asyncio.run(auth_middleware.extract_user())
-        print(f"extracted user: {current_user}")
+        logger.info(f"User extracted: {current_user}")
 
         sm.set_current_user(current_user)
 

diff --git a/sdk/python/feast/permissions/server/grpc.py b/sdk/python/feast/permissions/server/grpc.py
@@ -22,11 +22,11 @@ def intercept_service(self, continuation, handler_call_details):
                 metadata=dict(handler_call_details.invocation_metadata)
             )
 
-            print(f"Fetching user for token: {len(access_token)}")
+            logger.info(f"Fetching user details for token of length: {len(access_token)}")
             current_user = asyncio.run(
                 auth_manager.token_parser.user_details_from_access_token(access_token)
             )
-            print(f"User is: {current_user}")
+            logger.info(f"User is: {current_user.username}")
             sm.set_current_user(current_user)
 
         return continuation(handler_call_details)