mirror of
https://github.com/meta-llama/llama-stack.git
synced 2025-12-04 18:13:44 +00:00
Closes security gaps where RBAC checks could be bypassed: o Inference router: Added RBAC enforcement in the fallback path to ensure access control is applied consistently. o Model listing: Dynamic models fetched via provider_data were returned without RBAC checks. Added filtering to ensure users only see models they have permission to access. Both fixes create temporary ModelWithOwner objects for RBAC validation, maintaining security through consistent access control enforcement. Closes: #4269 <hr>This is an automatic backport of pull request #4270 done by [Mergify](https://mergify.com). Signed-off-by: Derek Higgins <derekh@redhat.com> Signed-off-by: Charlie Doern <cdoern@redhat.com> Co-authored-by: Derek Higgins <derekh@redhat.com>
This commit is contained in:
mergify[bot]
GitHub
parent
01736b1f5c
commit
9afa387d16
2 changed files with 130 additions and 1 deletions
|
|
@ -49,10 +49,17 @@ from llama_stack.apis.inference import (
|
|||
)
|
||||
from llama_stack.apis.models import Model, ModelType
|
||||
from llama_stack.apis.telemetry import MetricEvent, MetricInResponse, Telemetry
|
||||
from llama_stack.core.access_control.access_control import is_action_allowed
|
||||
from llama_stack.core.datatypes import ModelWithOwner
|
||||
from llama_stack.core.request_headers import get_authenticated_user
|
||||
from llama_stack.log import get_logger
|
||||
from llama_stack.models.llama.llama3.chat_format import ChatFormat
|
||||
from llama_stack.models.llama.llama3.tokenizer import Tokenizer
|
||||
from llama_stack.providers.datatypes import HealthResponse, HealthStatus, RoutingTable
|
||||
from llama_stack.providers.datatypes import (
|
||||
HealthResponse,
|
||||
HealthStatus,
|
||||
RoutingTable,
|
||||
)
|
||||
from llama_stack.providers.utils.inference.inference_store import InferenceStore
|
||||
from llama_stack.providers.utils.telemetry.tracing import enqueue_event, get_current_span
|
||||
|
||||
|
|
@ -186,15 +193,41 @@ class InferenceRouter(Inference):
|
|||
provider = await self.routing_table.get_provider_impl(model.identifier)
|
||||
return provider, model.provider_resource_id
|
||||
|
||||
# Handles cases where clients use the provider format directly
|
||||
return await self._get_provider_by_fallback(model_id, expected_model_type)
|
||||
|
||||
async def _get_provider_by_fallback(self, model_id: str, expected_model_type: str) -> tuple[Inference, str]:
|
||||
"""
|
||||
Handle fallback case where model_id is in provider_id/provider_resource_id format.
|
||||
"""
|
||||
splits = model_id.split("/", maxsplit=1)
|
||||
if len(splits) != 2:
|
||||
raise ModelNotFoundError(model_id)
|
||||
|
||||
provider_id, provider_resource_id = splits
|
||||
|
||||
# Check if provider exists
|
||||
if provider_id not in self.routing_table.impls_by_provider_id:
|
||||
logger.warning(f"Provider {provider_id} not found for model {model_id}")
|
||||
raise ModelNotFoundError(model_id)
|
||||
|
||||
# Create a temporary model object for RBAC check
|
||||
temp_model = ModelWithOwner(
|
||||
identifier=model_id,
|
||||
provider_id=provider_id,
|
||||
provider_resource_id=provider_resource_id,
|
||||
model_type=expected_model_type,
|
||||
metadata={}, # Empty metadata for temporary object
|
||||
)
|
||||
|
||||
# Perform RBAC check
|
||||
user = get_authenticated_user()
|
||||
if not is_action_allowed(self.routing_table.policy, "read", temp_model, user):
|
||||
logger.debug(
|
||||
f"Access denied to model '{model_id}' via fallback path for user {user.principal if user else 'anonymous'}"
|
||||
)
|
||||
raise ModelNotFoundError(model_id)
|
||||
|
||||
return self.routing_table.impls_by_provider_id[provider_id], provider_resource_id
|
||||
|
||||
async def openai_completion(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue