René's URL Explorer Experiment


Title: feat: Extended OIDC support to extract groups & namespaces and token injection with multiple methods by aniketpalu · Pull Request #6089 · feast-dev/feast · GitHub

Open Graph Title: feat: Extended OIDC support to extract groups & namespaces and token injection with multiple methods by aniketpalu · Pull Request #6089 · feast-dev/feast

X Title: feat: Extended OIDC support to extract groups & namespaces and token injection with multiple methods by aniketpalu · Pull Request #6089 · feast-dev/feast

Description: What this PR does / why we need it: Extends OIDC authentication in Feast to support GroupBasedPolicy and NamespaceBasedPolicy for OIDC users, adds flexible client token injection, and wires up operator support for OIDC deployments. Previously, the OIDC token parser only extracted preferred_username and resource_access roles from the JWT. GroupBasedPolicy, NamespaceBasedPolicy, and CombinedGroupNamespacePolicy could never grant access for OIDC users because the User object was always created with empty groups and namespaces. Server Side Changes Files: oidc_token_parser.py, oidc_service.py, utils.py When auth.type: oidc, the Feast server now handles two types of incoming tokens: Keycloak JWTs (human users via UI, Swagger, or notebooks) are validated against the OIDC provider's JWKS. The parser extracts preferred_username (with upn fallback for Azure AD / Entra ID), groups claim, and resource_access..roles. GroupBasedPolicy uses the groups. client_id is optional; when absent, roles default to empty and groups still work. Kubernetes SA tokens (workbench pods) are detected via the kubernetes.io claim in an initial unverified decode. These are delegated to a lightweight TokenReview that validates the token and extracts the namespace from the SA identity. NamespaceBasedPolicy uses the namespace. No RBAC queries are performed, only tokenreviews/create is needed. Additional server improvements: verify_ssl field (default true) controls TLS verification for OIDC discovery and JWKS endpoints. Set to false for self-signed certificates. ca_cert_path field allows specifying a custom CA certificate for the OIDC provider when verify_ssl: true. SSL certificate errors now produce clear, actionable log messages instead of generic "Invalid token" errors. PyJWKClientError is now caught (previously only InvalidTokenError was caught), preventing 500 responses when JWKS endpoints are unreachable or keys are not found. Malformed tokens in the intra-communication check no longer crash the parser. Server Configuration (feature_store.yaml) auth: type: oidc auth_discovery_url: https://keycloak.example.com/realms/myrealm/.well-known/openid-configuration client_id: feast-server # optional, needed only for role extraction verify_ssl: true # optional, default true ca_cert_path: /path/to/ca.crt # optional, for custom CA certs Keycloak Setup Required The OIDC client in Keycloak must have a Groups claim mapper configured: Client > Mappers > Add "Group Membership" mapper > claim name: groups Without this mapper, JWTs will not contain the groups claim and GroupBasedPolicy will deny all access. Client Side Changes Files: oidc_authentication_client_manager.py, auth_model.py, repo_config.py OidcAuthClientManager.get_token() now supports multiple token sources with a clear priority: token field in config: static JWT, returned directly, no network calls token_env_var field: reads from the named environment variable on every call (supports token refresh). If the variable is configured but missing, raises PermissionError immediately with no fallback. client_secret field (with auth_discovery_url and client_id): fetches token from the IDP via client_credentials or ROPG flow FEAST_OIDC_TOKEN environment variable: last resort fallback for bare {type: oidc} configs Kubernetes SA token file at /var/run/secrets/kubernetes.io/serviceaccount/token: for workbench pods running inside Kubernetes token, token_env_var, and client_secret are mutually exclusive (enforced by a Pydantic validator at config load time). Client Configuration Examples Zero config (workbench pods or kube-authkit users): auth: type: oidc Picks up FEAST_OIDC_TOKEN env var if set, otherwise reads the mounted SA token. Named environment variable (supports external token refresh): auth: type: oidc token_env_var: MY_APP_TOKEN Static token (testing / CI): auth: type: oidc token: "eyJhbGciOiJSUzI1NiIs..." Client credentials flow (service to service): auth: type: oidc auth_discovery_url: https://keycloak.example.com/realms/myrealm/.well-known/openid-configuration client_id: feast-client client_secret: my-secret Operator Changes Files: featurestore_types.go, repo_config.go, tls.go, services_types.go, authz.go The operator now generates separate server and client OIDC configs: Server config gets auth_discovery_url (resolved from three sources), optional client_id/client_secret from Secret, verify_ssl, and ca_cert_path. Client config gets only {type: oidc} with an optional token_env_var. Client pods never see server credentials. New CRD Fields on OidcAuthz Field Type Description issuerUrl string OIDC issuer URL. Operator appends /.well-known/openid-configuration to derive the discovery endpoint. secretRef LocalObjectReference (optional) Secret with OIDC properties (auth_discovery_url, client_id, client_secret). secretKeyName string Key in the Secret containing all OIDC properties as a single YAML value. tokenEnvVar string Env var name for client pods to read an OIDC token from. verifySSL bool Verify SSL certificates for the OIDC provider. Defaults to true. caCertConfigMap object (name, key) ConfigMap with the CA certificate for self-signed OIDC providers. Discovery URL Resolution Priority CR issuerUrl field (derives discovery URL by appending /.well-known/openid-configuration) Secret auth_discovery_url key (used verbatim) OIDC_ISSUER_URL environment variable on the operator pod (for RHOAI/ODH zero config) CA Certificate Resolution Priority CRD caCertConfigMap field (user specified ConfigMap, mounted at /etc/pki/tls/oidc-ca/ca.crt) Auto detected odh-trusted-ca-bundle ConfigMap with odh-ca-bundle.crt key (RHOAI/ODH clusters) System CA store (default when no custom CA is configured) RBAC When authz: oidc is configured, the operator provisions a ClusterRole and ClusterRoleBinding granting the Feast server SA tokenreviews/create permission. This enables the SA token delegation path for workbench pods. Operator CR Example Upstream (with issuerUrl): spec: authz: oidc: issuerUrl: "https://keycloak.example.com/realms/myrealm" secretRef: name: feast-oidc-secret verifySSL: true caCertConfigMap: name: keycloak-ca key: ca.crt ODH (OpenDataHub) zero config (platform injects OIDC_ISSUER_URL): spec: authz: oidc: {} Permission Examples from feast.permissions.permission import Permission from feast.permissions.policy import GroupBasedPolicy, NamespaceBasedPolicy from feast.permissions.action import AuthzedAction, ALL_ACTIONS from feast.feast_object import ALL_RESOURCE_TYPES from feast.feature_view import FeatureView # Grant full access to users in the "feast-admins" Keycloak group admin_perm = Permission( name="admin_permissions", types=ALL_RESOURCE_TYPES, policy=GroupBasedPolicy(groups=["feast-admins"]), actions=ALL_ACTIONS, ) # Grant read access to users in the "data-readers" Keycloak group reader_perm = Permission( name="reader_permissions", types=[FeatureView], policy=GroupBasedPolicy(groups=["data-readers"]), actions=[AuthzedAction.DESCRIBE, AuthzedAction.READ_ONLINE], ) # Grant full access to workbench pods in the "feast" namespace workbench_perm = Permission( name="workbench_permissions", types=ALL_RESOURCE_TYPES, policy=NamespaceBasedPolicy(namespaces=["feast"]), actions=ALL_ACTIONS, ) Which issue(s) this PR fixes: #6088 Misc

Open Graph Description: What this PR does / why we need it: Extends OIDC authentication in Feast to support GroupBasedPolicy and NamespaceBasedPolicy for OIDC users, adds flexible client token injection, and wires up ope...

X Description: What this PR does / why we need it: Extends OIDC authentication in Feast to support GroupBasedPolicy and NamespaceBasedPolicy for OIDC users, adds flexible client token injection, and wires up ope...

Opengraph URL: https://github.com/feast-dev/feast/pull/6089

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:28f02d9f-1371-8f1e-4dd5-5051b079eb99
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idDBCA:9775E:39C6D46:5178075:6A4F99CE
html-safe-noncea24163edacd742213214f63fb4401b6ffcbbd17700c00ca3aa07a63f85877ebe
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQkNBOjk3NzVFOjM5QzZENDY6NTE3ODA3NTo2QTRGOTlDRSIsInZpc2l0b3JfaWQiOiI3NjM1NDUyODMxNzkzNjUwMTI2IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmacbf8ccde47e8e1fa34145d3accef4265ab54f9761fe6270a3b26444a9552b6e53
hovercard-subject-tagpull_request:3378515398
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/feast-dev/feast/pull/6089/files
twitter:imagehttps://avatars.githubusercontent.com/u/64416568?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/64416568?s=400&v=4
og:image:altWhat this PR does / why we need it: Extends OIDC authentication in Feast to support GroupBasedPolicy and NamespaceBasedPolicy for OIDC users, adds flexible client token injection, and wires up ope...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noneb92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/feast-dev/feast git https://github.com/feast-dev/feast.git
octolytics-dimension-user_id57027613
octolytics-dimension-user_loginfeast-dev
octolytics-dimension-repository_id161133770
octolytics-dimension-repository_nwofeast-dev/feast
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id161133770
octolytics-dimension-repository_network_root_nwofeast-dev/feast
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release4b249b445842943ed31549e027f57a8ade9881ed
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/feast-dev/feast/pull/6089/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffeast-dev%2Ffeast%2Fpull%2F6089%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffeast-dev%2Ffeast%2Fpull%2F6089%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=feast-dev%2Ffeast
Reloadhttps://github.com/feast-dev/feast/pull/6089/files
Reloadhttps://github.com/feast-dev/feast/pull/6089/files
Reloadhttps://github.com/feast-dev/feast/pull/6089/files
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
feast-dev https://github.com/feast-dev
feasthttps://github.com/feast-dev/feast
Notifications https://github.com/login?return_to=%2Ffeast-dev%2Ffeast
Fork 1.4k https://github.com/login?return_to=%2Ffeast-dev%2Ffeast
Star 7.1k https://github.com/login?return_to=%2Ffeast-dev%2Ffeast
Code https://github.com/feast-dev/feast
Issues 212 https://github.com/feast-dev/feast/issues
Pull requests 173 https://github.com/feast-dev/feast/pulls
Discussions https://github.com/feast-dev/feast/discussions
Actions https://github.com/feast-dev/feast/actions
Security and quality 1 https://github.com/feast-dev/feast/security
Insights https://github.com/feast-dev/feast/pulse
Code https://github.com/feast-dev/feast
Issues https://github.com/feast-dev/feast/issues
Pull requests https://github.com/feast-dev/feast/pulls
Discussions https://github.com/feast-dev/feast/discussions
Actions https://github.com/feast-dev/feast/actions
Security and quality https://github.com/feast-dev/feast/security
Insights https://github.com/feast-dev/feast/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Ffeast-dev%2Ffeast%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Ffeast-dev%2Ffeast%2Fissues%2Fnew%2Fchoose
ntkatholehttps://github.com/ntkathole
feast-dev:masterhttps://github.com/feast-dev/feast/tree/master
aniketpalu:oidc-supporthttps://github.com/aniketpalu/feast/tree/oidc-support
Conversation 68 https://github.com/feast-dev/feast/pull/6089
Commits 41 https://github.com/feast-dev/feast/pull/6089/commits
Checks 28 https://github.com/feast-dev/feast/pull/6089/checks
Files changed https://github.com/feast-dev/feast/pull/6089/files
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
feat: Extended OIDC support to extract groups & namespaces and token injection with multiple methods https://github.com/feast-dev/feast/pull/6089/files#top
Show all changes 41 commits https://github.com/feast-dev/feast/pull/6089/files
493a6b9 feat: Extract groups and namespaces claims from JWT in OidcTokenParser aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/493a6b9962badd69165e0c4ad8124f1552d92bd9
3db6db3 Minor formatting aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/3db6db311b838cf29bbd4ce5d425e40456a5e97d
0d59eca feat: Allow Feast SDK to accept a pre-existing OIDC token without con… aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/0d59eca0785695b6d493aaff04c415f39eb30f73
36a5b06 fix: Raise error when configured token_env_var is empty aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/36a5b06c32b292cb483f561b3571009bf29718e8
a478a80 Minor formatting changes aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/a478a802c6556afb8e0f8fe359780ecf36ab2f7d
1483c6c Activate _check_mutually_exclusive groups only when all fields are se… aniketpalu Mar 10, 2026 https://github.com/feast-dev/feast/pull/6089/commits/1483c6c5bcc3c0781ec28c3693ba64e8e9a7b921
34474af Narrow OIDC client routing to use set-based key detection and extract… aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/34474afaa4c90184cf02796a4d47c1bea60fb385
505d6de Fix .sort() assertions in test_token_parser.py that always compared N… aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/505d6de174bda9cd911b3b4c5a6f3b02fce07d49
5c79fcf Guard against missing roles key in resource_access to prevent unhandl… aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/5c79fcffbff7213fb291442372e413156b5cb63a
e0359db Fixed lint errors aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/e0359dbc3369eabac3ad332877f71b19c2b80bf5
7453349 Fixed lint error aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/745334934b0225468d91ccb46d9799e74e714984
4b4c1dd Fixed lint errors aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/4b4c1dd07a1e997d2d112dd11f8563d8359a54cb
1353482 Added support to read ServiceAccount token and Minor improvements aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/13534821c6824e090306fb7777d24ae7d2712cc1
86c9d76 Improved code readibility aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/86c9d76a44fb25c914f483bcd5353b6e1c528e8e
5621f07 Minor reformatting aniketpalu Mar 11, 2026 https://github.com/feast-dev/feast/pull/6089/commits/5621f079168001048d77220f51a39698afd55125
b5db157 fix: Use exact dict-key lookup for kubernetes.io claim to satisfy Cod… aniketpalu Mar 12, 2026 https://github.com/feast-dev/feast/pull/6089/commits/b5db1571cab9d690eac034d787d61f298595703c
1331057 feat: Add verify_ssl support to OIDC auth flow for self-signed certif… aniketpalu Mar 20, 2026 https://github.com/feast-dev/feast/pull/6089/commits/13310576492133297095de49b51a7d57afa80d28
a875169 feat: Lightweight SA token validation for OIDC auth — TokenReview onl… aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/a87516960d004557f295861b0c22f5b98970bec5
7e59a53 Minor reformatting & lint related changes aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/7e59a53e43c63d3454c51d2db14e0962c122c916
611607b Update sdk/python/feast/permissions/auth/oidc_token_parser.py aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/611607ba75843bd1e578a3493f307b32d8ae0447
3c1e36b fix: Restore missing return in intra-comm check and add error handlin… aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/3c1e36bede5fff4dacd4fa187f3d536a756639f7
c2c4863 Minor reformatting aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/c2c4863ebad15da585700663500d0736722f0b7f
eed8b02 Checks preferred_username first (Keycloak default), then falls back t… aniketpalu Mar 23, 2026 https://github.com/feast-dev/feast/pull/6089/commits/eed8b02491b4c7c2229fd85df8037f10a4663206
593b95d feat(operator): Split server/client OIDC config and add secretKeyName… aniketpalu Mar 24, 2026 https://github.com/feast-dev/feast/pull/6089/commits/593b95d894e4d083d434f1fdeeb6bcc5598dabb2
a1c75de Reverted kustomization.yaml aniketpalu Mar 24, 2026 https://github.com/feast-dev/feast/pull/6089/commits/a1c75de21f4d00168ca8e8f8be23f8193df9068d
88a389b fix: Harden OIDC token parsing and make client_id optional aniketpalu Mar 25, 2026 https://github.com/feast-dev/feast/pull/6089/commits/88a389b5447cd209ba8ce5467c379a783215e242
f632686 cache K8s client, eliminate double JWT decode, improve error messages aniketpalu Apr 1, 2026 https://github.com/feast-dev/feast/pull/6089/commits/f632686892355f27342bd9c7d423ba53ad922901
45666da Minor formatting aniketpalu Apr 1, 2026 https://github.com/feast-dev/feast/pull/6089/commits/45666dad23c4c7d405d0e79d98dc3b20a27f92bc
0a59ad2 feat(odh): wire OIDC_ISSUER_URL from params.env into operator pod GowthamShanmugam Mar 31, 2026 https://github.com/feast-dev/feast/pull/6089/commits/0a59ad2613f1a321bd2393448be775b7abd0c5df
3557a15 Add issuerUrl to OidcAuthz CRD and OIDC_ISSUER_URL env var support fo… aniketpalu Apr 6, 2026 https://github.com/feast-dev/feast/pull/6089/commits/3557a15af54b0892d39b9c876e64e373954df068
30a04c2 Add caCertConfigMap to OidcAuthz CRD and ca_cert_path to SDK for self… aniketpalu Apr 6, 2026 https://github.com/feast-dev/feast/pull/6089/commits/30a04c2f5932289cc4142b357a7187c1a6e25228
a967bc6 Reverted kustomization.yaml to use upstream image aniketpalu Apr 6, 2026 https://github.com/feast-dev/feast/pull/6089/commits/a967bc6b3b084df6d648064a354abdfa99e23719
c1d7c11 Shorten CRD field descriptions to fit maxDescLen=120 and revert kusto… aniketpalu Apr 6, 2026 https://github.com/feast-dev/feast/pull/6089/commits/c1d7c1179e25021f4f3ddea868957976981ccec4
8aae62a fix: Remove unused param, nil deref in test, and update secrets baseline aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/8aae62ae5145a759898116917d393c8f1d4bfc87
cacd649 fix: Remove unused secretExtractionFunc from client config chain and … aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/cacd6493a31b02573bf986a66f6b28cdf744eea3
9200dd3 Merge branch 'master' into oidc-support aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/9200dd30eecde038bc707ef0561b5f9a2b339cb7
141c871 Remove always-nil error from getClientRepoConfig and stop leaking ODH… aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/141c87160084f5cbe42b108673499c35cfcdaf4a
bd81904 Remove always-nil error from getClientRepoConfig, stop leaking ODH CA… aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/bd81904dc7ada76a7c5fa260829aa9f75b2c9edc
66c3677 Thread ODH CA bundle detection into resolveOidcCACertPath for proper … aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/66c3677005063c55d5934a0945d542495d0e6b3f
bb6fb52 Provision TokenReview RBAC for OIDC auth and add SSL error logging in… aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/bb6fb52b386481ad8ea26391751b32a038a248b7
2f3e7b9 Merge upstream/master into oidc-support and regenerate secrets baseline aniketpalu Apr 7, 2026 https://github.com/feast-dev/feast/pull/6089/commits/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90
Clear filters https://github.com/feast-dev/feast/pull/6089/files
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
.secrets.baseline https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
authz_manager.md https://github.com/feast-dev/feast/pull/6089/files#diff-69eb482f40654b0071c13601bd14999012b9fd4fdfece0e9f08764d9cffaf731
featurestore_types.go https://github.com/feast-dev/feast/pull/6089/files#diff-200a2037d09ca5047b06caa0a6ef89565f8d8dc488cf55dcf18dd025e6e9c47a
zz_generated.deepcopy.go https://github.com/feast-dev/feast/pull/6089/files#diff-25b43087fcbecaba75a4b97a0d9f54ab41a9ab45ca077fbd1228559c698324f9
feast-operator.clusterserviceversion.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
feast.dev_featurestores.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-762cd80b14f04415894b608e22d981bf49a051fbc63c9f1418e6cb0e3152f27f
feast.dev_featurestores.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-e869201b90a280179a0d7d49f473bbbcfaff87f5d4ee8a757913567f4559858e
manager.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-1c31454e39b4bb64d28b379e22e0cce9377bf9b05861da29eb77adba8b59dd4c
kustomization.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-bddca6f88ccb486ae6be25441aaf16aecffe278e388f33fdeeacb42d09d4056b
params.env https://github.com/feast-dev/feast/pull/6089/files#diff-8232c46d2b3f0eaa5c23e9a2830e056430a83764bbeaf372b0fc4f488af7acc4
kustomization.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-00c01a804135fac6ddaf1440b2e12951775d7a5f9bde1f48e24ffa45401f2e87
params.env https://github.com/feast-dev/feast/pull/6089/files#diff-f7abe68575bd138362a49daa244338d53735bd31cb98148084281e8329a66b51
install.yaml https://github.com/feast-dev/feast/pull/6089/files#diff-9a160662c77106b5759918b6ee5293ab38814aca9c0eb035199c5b4397d1cfe4
ref.md https://github.com/feast-dev/feast/pull/6089/files#diff-55d2e8a3535b097c25be89d7b553e500a0811063321e415f5f7ce5485654fd8b
odh-operator-parameters.md https://github.com/feast-dev/feast/pull/6089/files#diff-100654bed847ce1bb66ba2870ad4d5ce6a137e47bfa718958c08d894771379b8
authz.go https://github.com/feast-dev/feast/pull/6089/files#diff-b844d1085d0176960bf65e41dacb3179159f05dc316d2f7826b9597ce8020907
featurestore_controller_oidc_auth_test.go https://github.com/feast-dev/feast/pull/6089/files#diff-1847e001c32834c924350d8ad724d3338cb7a7322fcab7299039fa2297292650
client.go https://github.com/feast-dev/feast/pull/6089/files#diff-fafb901b14c923144e916a25eb3dba12dee1e98c49d6a306185044b3da666e04
repo_config.go https://github.com/feast-dev/feast/pull/6089/files#diff-fc7f85fbe0916120be56bb8b7209d44ecf8026b963bbdfb4f4907d0b4f9e28b8
repo_config_test.go https://github.com/feast-dev/feast/pull/6089/files#diff-3b7f7a03dd8422844cdbffa8364f371dc981e256fee4ae2c19ae91137380fc79
services_types.go https://github.com/feast-dev/feast/pull/6089/files#diff-97853b3d7540c277dba32574e6ca783d8baac8bdefdf32577ab1300b2d09684f
tls.go https://github.com/feast-dev/feast/pull/6089/files#diff-b57db2d02369e703992212a6b8273b59145545671d7f6067fbcf1c8f30a245e3
tls_test.go https://github.com/feast-dev/feast/pull/6089/files#diff-a7e4418b24c6707a2bf2aebc6c01509136d49e89eb2e1a3d2d5f5880d050ea7d
util.go https://github.com/feast-dev/feast/pull/6089/files#diff-4aa9b159011474e09e9be5720f5c16d008121e01f111b3f56c88d3d8e9179c06
oidc_token_parser.py https://github.com/feast-dev/feast/pull/6089/files#diff-6ee6b90f59ccd6bbfd9c7ff898e9776807b83d81d203cad24fe509784bd85866
auth_model.py https://github.com/feast-dev/feast/pull/6089/files#diff-4f9b2e02b768b2046fa09606d5787aead37725be48bd328ce57e928542576093
oidc_authentication_client_manager.py https://github.com/feast-dev/feast/pull/6089/files#diff-e7144bf62eedefc68930345ab8aebffd0e2d07f58e0f9274c6046e512660a961
oidc_service.py https://github.com/feast-dev/feast/pull/6089/files#diff-ee1857b2101779e388f96aef98158346333dea395d0bad210db1af6c0e7405f3
repo_config.py https://github.com/feast-dev/feast/pull/6089/files#diff-c90c6781dcec3cdcc26843e013d3d6e9c1ce89d084b3a67e818fe76a0c7d0436
mock_utils.py https://github.com/feast-dev/feast/pull/6089/files#diff-cf6acde47b10cfbaed44edf05757180a99c79413d52319f2f7d9f5e8ceb023e6
test_token_parser.py https://github.com/feast-dev/feast/pull/6089/files#diff-cdf3c6901065a40034b2c3dba67dd5171b9fa4551e6f63000bdedc4ee7990964
test_oidc_token_passthrough.py https://github.com/feast-dev/feast/pull/6089/files#diff-a6508aaa515f42e3f4aeff49d79bd4ee1c7af87c16d9b8541814322e9fd62ad2
.secrets.baselinehttps://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
View file https://github.com/aniketpalu/feast/blob/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90/.secrets.baseline
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/feast-dev/feast/pull/6089/{{ revealButtonHref }}
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/pull/6089/files#diff-d8447df0cd384602c76086081f13f27ad0b45902297c42da35a6fc51fdf1cec3
https://github.com/feast-dev/feast/blob/master/CODEOWNERS#L4
docs/getting-started/components/authz_manager.mdhttps://github.com/feast-dev/feast/pull/6089/files#diff-69eb482f40654b0071c13601bd14999012b9fd4fdfece0e9f08764d9cffaf731
View file https://github.com/aniketpalu/feast/blob/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90/docs/getting-started/components/authz_manager.md
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/feast-dev/feast/pull/6089/{{ revealButtonHref }}
https://github.com/feast-dev/feast/pull/6089/files#diff-69eb482f40654b0071c13601bd14999012b9fd4fdfece0e9f08764d9cffaf731
https://github.com/feast-dev/feast/pull/6089/files#diff-69eb482f40654b0071c13601bd14999012b9fd4fdfece0e9f08764d9cffaf731
jyejarehttps://github.com/jyejare
Mar 24, 2026https://github.com/feast-dev/feast/pull/6089/files#r2980410701
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
aniketpaluhttps://github.com/aniketpalu
Apr 6, 2026https://github.com/feast-dev/feast/pull/6089/files#r3041890490
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
https://github.com/feast-dev/feast/pull/6089/files#diff-69eb482f40654b0071c13601bd14999012b9fd4fdfece0e9f08764d9cffaf731
https://github.com/feast-dev/feast/blob/master/CODEOWNERS#L7
infra/feast-operator/api/v1/featurestore_types.gohttps://github.com/feast-dev/feast/pull/6089/files#diff-200a2037d09ca5047b06caa0a6ef89565f8d8dc488cf55dcf18dd025e6e9c47a
View file https://github.com/aniketpalu/feast/blob/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90/infra/feast-operator/api/v1/featurestore_types.go
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/feast-dev/feast/pull/6089/{{ revealButtonHref }}
https://github.com/feast-dev/feast/pull/6089/files#diff-200a2037d09ca5047b06caa0a6ef89565f8d8dc488cf55dcf18dd025e6e9c47a
https://github.com/feast-dev/feast/pull/6089/files#diff-200a2037d09ca5047b06caa0a6ef89565f8d8dc488cf55dcf18dd025e6e9c47a
https://github.com/feast-dev/feast/blob/master/CODEOWNERS#L7
infra/feast-operator/api/v1/zz_generated.deepcopy.gohttps://github.com/feast-dev/feast/pull/6089/files#diff-25b43087fcbecaba75a4b97a0d9f54ab41a9ab45ca077fbd1228559c698324f9
View file https://github.com/aniketpalu/feast/blob/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90/infra/feast-operator/api/v1/zz_generated.deepcopy.go
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
https://github.com/feast-dev/feast/blob/master/CODEOWNERS#L7
infra/feast-operator/bundle/manifests/feast-operator.clusterserviceversion.yamlhttps://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
View file https://github.com/aniketpalu/feast/blob/2f3e7b9d98e3a19c1ebe330b37af3f7b3679fb90/infra/feast-operator/bundle/manifests/feast-operator.clusterserviceversion.yaml
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/feast-dev/feast/pull/6089/{{ revealButtonHref }}
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
devin-ai-integrationhttps://github.com/apps/devin-ai-integration
Apr 6, 2026https://github.com/feast-dev/feast/pull/6089/files#r3041973077
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
https://app.devin.ai/review/feast-dev/feast/pull/6089
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
aniketpaluhttps://github.com/aniketpalu
Apr 7, 2026https://github.com/feast-dev/feast/pull/6089/files#r3046728230
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
https://github.com/feast-dev/feast/pull/6089/files#diff-2df3d27ec8bd09f647858a863adb414f72381d47c546bcdf4a72cf160a35f8ff
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
Please reload this pagehttps://github.com/feast-dev/feast/pull/6089/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.