Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENH]: CIP - Authorization #1250

Merged
merged 23 commits into from
Oct 27, 2023
Merged

[ENH]: CIP - Authorization #1250

merged 23 commits into from
Oct 27, 2023

Conversation

tazarov
Copy link
Contributor

@tazarov tazarov commented Oct 16, 2023

Description of changes

Summarize the changes made by this PR.

  • Improvements & Bug fixes
    • Minor fixes to the authentication framework
  • New functionality
    • Pluggable Authorization Framework

Test plan

How are these changes tested?

  • Tests pass locally with pytest for python, yarn test for js

Documentation Changes

TBD

@tazarov tazarov changed the title feat: CIP - Authorization [ENH]: CIP - Authorization Oct 16, 2023
@github-actions
Copy link

Reviewer Checklist

Please leverage this checklist to ensure your code review is thorough before approving

Testing, Bugs, Errors, Logs, Documentation

  • Can you think of any use case in which the code does not behave as intended? Have they been tested?
  • Can you think of any inputs or external events that could break the code? Is user input validated and safe? Have they been tested?
  • If appropriate, are there adequate property based tests?
  • If appropriate, are there adequate unit tests?
  • Should any logging, debugging, tracing information be added or removed?
  • Are error messages user-friendly?
  • Have all documentation changes needed been made?
  • Have all non-obvious changes been commented?

System Compatibility

  • Are there any potential impacts on other parts of the system or backward compatibility?
  • Does this change intersect with any items on our roadmap, and if so, is there a plan for fitting them together?

Quality

  • Is this code of a unexpectedly high quality (Readbility, Modularity, Intuitiveness)

HammadB
HammadB approved these changes Oct 18, 2023
View reviewed changes
Copy link
Collaborator

@HammadB HammadB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me!

@tazarov
Copy link
Contributor Author

tazarov commented Oct 18, 2023

@HammadB, the code is coming, just a little slower than expected with my research. And besides, we want to make it genuinely pluggable.

In the impl I am adding support for both decorator-based (for 80%+ of the cases) and a context manager-based way to set up the Authorization Context (a tuple that includes - user identity, resource (type, id, namespace info) and action (e.g. list_collections).

@tazarov
Copy link
Contributor Author

tazarov commented Oct 19, 2023

@HammadB, CIP + baseline is ready to go, I just need to create the tests.

@tazarov
feat: Authorization
19daf90 
- Added dependencies in requirements and pyproject
- Moved to enumerated resource types and actions for authz_context
- Added reset authz_context
@tazarov
chore: Updated README.md for authz example
d86ac2e
@tazarov
chore: Added property tests
02b4ac0 
- Added observability to baseline authorization provider
- Fixed a few bugs with authz decorators
@tazarov tazarov marked this pull request as ready for review October 23, 2023 22:25
@tazarov
Copy link
Contributor Author

tazarov commented Oct 23, 2023

I need to move authz tests as a standalone. It might be another OOM (from the failed test: bin/integration-test: line 56: 4107 Killed python -m pytest "$@")

@tazarov tazarov marked this pull request as draft October 25, 2023 14:47
@tazarov
Copy link
Contributor Author

tazarov commented Oct 25, 2023

Need to add support for DB and tenancy.

@tazarov
Merge remote-tracking branch 'origin/main' into feature/authz
7ee8263 
# Conflicts:
#	chromadb/server/fastapi/__init__.py
#	chromadb/telemetry/opentelemetry/__init__.py
@tazarov
feat: Refactored to support tenant and db
c9cd702
@tazarov tazarov marked this pull request as ready for review October 25, 2023 22:14
@tazarov
chore: Updated docs with new actions for db and tenant
69937f5 
Removed the max_examples for authz tests
Fixed a few issues with testing
@tazarov
Copy link
Contributor Author

tazarov commented Oct 25, 2023

@HammadB, have a look.

HammadB
HammadB reviewed Oct 26, 2023
View reviewed changes
chromadb/auth/__init__.py Outdated Show resolved Hide resolved
beggers
beggers reviewed Oct 26, 2023
View reviewed changes
Copy link
Contributor

@beggers beggers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few smallish comments, nothing major. I'd love to get this landed today.

chromadb/auth/authz/__init__.py Outdated Show resolved Hide resolved
chromadb/auth/basic/__init__.py Outdated Show resolved Hide resolved
chromadb/auth/fastapi.py Show resolved Hide resolved
chromadb/auth/fastapi.py Outdated Show resolved Hide resolved
chromadb/server/fastapi/__init__.py Show resolved Hide resolved
chromadb/auth/fastapi.py Outdated Show resolved Hide resolved
chromadb/auth/fastapi.py Outdated Show resolved Hide resolved
HammadB
HammadB reviewed Oct 26, 2023
View reviewed changes
chromadb/auth/__init__.py Outdated Show resolved Hide resolved
@HammadB HammadB merged commit 833bb45 into chroma-core:main Oct 27, 2023
94 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@beggers beggers beggers left review comments

@HammadB HammadB HammadB approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tazarov @HammadB @beggers