-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added Authorisation for dataprep api's using tokenvalidator middleware #868
base: main
Are you sure you want to change the base?
Added Authorisation for dataprep api's using tokenvalidator middleware #868
Conversation
Signed-off-by: Ubuntu <[email protected]>
Codecov ReportAttention: Patch coverage is
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we end up in a denial of service type attack with too many documents uploaded and running out of space. May need to address this space aspect to trigger a warning to admin or at the very least add a comment to that effect here in case someone wants to adopt this sample, then the things they need to watch out for. On document delete, do we remove all vectors associated with the given document?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the PR, i guess the purpose is to allow only 'ADMIN_ROLE' user to upload and delete files and allow both 'USER_ROLE' and 'ADMIN_ROLE' user to get the existing files. Is that correct?
And from my understanding, authentication and authorization is not part of the logic of data preparation(comments are welcome), so it might not be that proper to make this part inside the component itself. Otherwise, any other component needs authentication and authorization have to add this part in there code. As now most of the pipelines involve a gateway, it is better to trigger authentication and authorization there. Comments are welcome.
@mkbhanda, |
@Ruoyu-y I agree with your summarization on which roles can do what. @amberjain1 and @jaswanth8888 would you please comment on her suggestion on where authentication and authorization should be handled -- as in the gateway |
On document delete we are deleting the vectors even before. so we didn't touch that part. |
@Ruoyu-y Different Api's would need different Role authorization. so, we imported the authorization middleware and used it in data prep. if any other components to implement this they can import and use it |
I understand that different APIs require different role authorization. But what i mean is that this authentication and authorization step shall not be part of the component or for certain API. Otherwise, the piece of code should duplicate for multiple components whatever needs an authentication
I understand that different API requires different Role authorization. But should the authentication and authorization logic reside within component or the API itself(handled by the API call itself)? Shall the gateway be the component that manage all these stuff? |
The ChatQnA test on gaudi failed https://github.com/opea-project/GenAIComps/actions/runs/11820755586/job/32959963824?pr=868, please check. |
We have some cross test when the PR update core part. |
Release the v1.1 milestone after sync with @jaswanth8888. |
Description
Issues
n/a
Type of change
List the type of change like below. Please delete options that are not relevant.
Dependencies
pyjwt
Tests
Describe the tests that you ran to verify your changes.