Let Flask handle graphql authorization

Since we need the request body and FastAPI requires a bit of hackery to
read the response body and pass it on to Flask, we just let Flask handle
this.

The bug stemmed from FastAPI calling the authorization rule which
assumed a Flask context.

Signed-off-by: mprahl <mprahl@users.noreply.github.com>

Author: mprahl

kubernetes-workspace-provider/src/kubernetes_workspace_provider/auth.py

@@ -1002,6 +1002,7 @@ def _authorize_request(
     authorizer: KubernetesAuthorizer,
     config_values: KubernetesAuthConfig,
     workspace: str | None,
+    graphql_payload: dict[str, object] | None = None,
 ) -> _AuthorizationResult:
     """
     Resolve the caller identity and ensure the MLflow request is permitted.
@@ -1041,7 +1042,7 @@ def _authorize_request(
     if isinstance(workspace, str):
         workspace_name = workspace.strip() or None
 
-    rules = _find_authorization_rules(path, method)
+    rules = _find_authorization_rules(path, method, graphql_payload=graphql_payload)
     if rules is None or len(rules) == 0:
         _logger.warning(
             "No Kubernetes authorization rule matched request %s %s; returning 404.",
@@ -1550,7 +1551,9 @@ def _validate_fastapi_route_authorization(fastapi_app: FastAPI) -> None:
         )
 
 
-def _find_authorization_rules(request_path: str, method: str) -> list[AuthorizationRule] | None:
+def _find_authorization_rules(
+    request_path: str, method: str, graphql_payload: dict[str, object] | None = None
+) -> list[AuthorizationRule] | None:
     """Find authorization rules for a request.
 
     For most endpoints, returns a single-element list. For GraphQL endpoints,
@@ -1569,10 +1572,7 @@ def _find_authorization_rules(request_path: str, method: str) -> list[Authorizat
         # send operationName="GetRun" but include model registry fields in the
         # query, bypassing authorization checks for those resources.
         if canonical_path.endswith("/graphql"):
-            try:
-                payload = request.get_json(silent=True) or {}
-            except Exception:
-                payload = {}
+            payload = graphql_payload or {}
 
             query_string = payload.get("query", "")
             if not query_string:
@@ -1656,6 +1656,14 @@ async def dispatch(self, request: Request, call_next):
                     workspace_context.set_server_request_workspace(workspace_name)
                     workspace_set = True
 
+            if canonical_path.endswith("/graphql"):
+                # Let Flask authorize GraphQL to avoid consuming/rebuffering the ASGI body.
+                try:
+                    return await call_next(request)
+                finally:
+                    if workspace_set:
+                        workspace_context.clear_server_request_workspace()
+
             try:
                 auth_result = _authorize_request(
                     authorization_header=request.headers.get("Authorization"),
@@ -1759,6 +1767,15 @@ def _k8s_auth_before_request():
         if _is_unprotected_path(canonical_path):
             return None
 
+        graphql_payload: dict[str, object] | None = None
+        if canonical_path.endswith("/graphql"):
+            try:
+                payload = request.get_json(silent=True) or {}
+                if isinstance(payload, dict):
+                    graphql_payload = payload
+            except Exception:
+                graphql_payload = None
+
         try:
             auth_result = _authorize_request(
                 authorization_header=request.headers.get("Authorization"),
@@ -1770,6 +1787,7 @@ def _k8s_auth_before_request():
                 authorizer=authorizer,
                 config_values=config_values,
                 workspace=workspace_context.get_request_workspace(),
+                graphql_payload=graphql_payload,
             )
         except MlflowException as exc:
             response = Response(mimetype="application/json")

kubernetes-workspace-provider/tests/test_auth.py

@@ -593,7 +593,7 @@ def test_workspace_scope_string_is_normalized(monkeypatch):
 
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [AuthorizationRule("list", resource="experiments")],
+        lambda path, method, **kwargs: [AuthorizationRule("list", resource="experiments")],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -629,7 +629,7 @@ def test_workspace_listing_allows_missing_context(monkeypatch):
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -659,7 +659,7 @@ def test_unmapped_endpoint_returns_not_found(monkeypatch):
     authorizer.is_allowed.return_value = True
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: None,
+        lambda path, method, **kwargs: None,
     )
 
     config = KubernetesAuthConfig()
@@ -687,7 +687,7 @@ def test_subject_access_review_mode_uses_remote_headers(monkeypatch):
     rule = AuthorizationRule("list", resource=RESOURCE_EXPERIMENTS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
 
     config = KubernetesAuthConfig(authorization_mode=AuthorizationMode.SUBJECT_ACCESS_REVIEW)
@@ -718,7 +718,7 @@ def test_subject_access_review_mode_requires_user_header(monkeypatch):
     rule = AuthorizationRule("get", resource=RESOURCE_EXPERIMENTS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
 
     config = KubernetesAuthConfig(authorization_mode=AuthorizationMode.SUBJECT_ACCESS_REVIEW)
@@ -748,7 +748,7 @@ def test_gateway_endpoint_create_requires_model_definition_use(monkeypatch):
     rule = AuthorizationRule("create", resource=RESOURCE_GATEWAY_ENDPOINTS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -794,7 +794,7 @@ def test_gateway_endpoint_update_requires_model_definition_use(monkeypatch):
     rule = AuthorizationRule("update", resource=RESOURCE_GATEWAY_ENDPOINTS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -839,7 +839,7 @@ def test_gateway_model_definition_create_requires_secret_use(monkeypatch):
     rule = AuthorizationRule("create", resource=RESOURCE_GATEWAY_MODEL_DEFINITIONS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -884,7 +884,7 @@ def test_gateway_model_definition_update_requires_secret_use(monkeypatch):
     rule = AuthorizationRule("update", resource=RESOURCE_GATEWAY_MODEL_DEFINITIONS)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -928,7 +928,7 @@ def test_workspace_scope_falls_back_to_view_args(monkeypatch):
     rule = AuthorizationRule(None, requires_workspace=False, workspace_access_check=True)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",
@@ -962,7 +962,7 @@ def test_workspace_create_requests_are_denied(monkeypatch):
     rule = AuthorizationRule("create", deny=True, requires_workspace=False)
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._find_authorization_rules",
-        lambda path, method: [rule],
+        lambda path, method, **kwargs: [rule],
     )
     monkeypatch.setattr(
         "kubernetes_workspace_provider.auth._parse_jwt_subject",

kubernetes-workspace-provider/tests/test_auth_fastapi.py

@@ -3,13 +3,15 @@
 These tests ensure OTEL and job APIs enforce workspace-aware authentication.
 """
 
+from types import SimpleNamespace
 from unittest.mock import Mock, patch
 
 import pytest
 from fastapi import FastAPI
 from fastapi.middleware.wsgi import WSGIMiddleware
 from fastapi.testclient import TestClient
 from flask import Flask
+from flask import request as flask_request
 from kubernetes_workspace_provider.auth import (
     DEFAULT_REMOTE_GROUPS_HEADER,
     DEFAULT_REMOTE_GROUPS_SEPARATOR,
@@ -26,7 +28,6 @@
 from starlette.requests import Request
 from starlette.responses import JSONResponse
 
-from mlflow.environment_variables import MLFLOW_ENABLE_WORKSPACES
 from mlflow.exceptions import MlflowException
 from mlflow.tracing.utils.otlp import OTLP_TRACES_PATH
 from mlflow.utils import workspace_context
@@ -490,6 +491,88 @@ def test_job_api_endpoints_prefer_forwarded_token_on_invalid_authorization(
     assert subresource is None
 
 
+def test_graphql_flask_authorizes_when_fastapi_defers(
+    mock_authorizer, mock_config, monkeypatch
+) -> None:
+    from kubernetes_workspace_provider.auth import create_app
+
+    flask_app = Flask(__name__)
+
+    @flask_app.post("/graphql")
+    def graphql_endpoint():
+        payload = flask_request.get_json(silent=True) or {}
+        return {"query": payload.get("query")}
+
+    monkeypatch.setenv("MLFLOW_K8S_AUTH_CACHE_TTL_SECONDS", "300")
+    fake_k8s_config = SimpleNamespace(
+        host="https://cluster.local",
+        ssl_ca_cert=None,
+        verify_ssl=True,
+        proxy=None,
+        no_proxy=None,
+        proxy_headers=None,
+        safe_chars_for_path_param=None,
+        connection_pool_maxsize=10,
+    )
+    with (
+        patch(
+            "kubernetes_workspace_provider.auth.KubernetesAuthorizer.is_allowed",
+            return_value=True,
+        ) as flask_is_allowed,
+        patch(
+            "kubernetes_workspace_provider.auth._load_kubernetes_configuration",
+            return_value=fake_k8s_config,
+        ),
+    ):
+        create_app(flask_app)
+
+        fastapi_app = FastAPI()
+        fastapi_app.mount("/", WSGIMiddleware(flask_app))
+
+        class _WorkspaceContextMiddleware(BaseHTTPMiddleware):
+            async def dispatch(self, request: Request, call_next):
+                workspace_header = request.headers.get(WORKSPACE_HEADER_NAME)
+                if not workspace_header:
+                    return JSONResponse(
+                        status_code=400,
+                        content={"error": {"message": f"Missing {WORKSPACE_HEADER_NAME} header"}},
+                    )
+                workspace_context.set_server_request_workspace(workspace_header)
+                try:
+                    return await call_next(request)
+                finally:
+                    workspace_context.clear_server_request_workspace()
+
+        fastapi_app.add_middleware(
+            KubernetesAuthMiddleware,
+            authorizer=mock_authorizer,
+            config_values=mock_config,
+        )
+        fastapi_app.add_middleware(_WorkspaceContextMiddleware)
+
+        client = TestClient(fastapi_app)
+        query = '{ mlflowGetExperiment(input: { experimentId: "123" }) { experiment { name } } }'
+        with patch(
+            "kubernetes_workspace_provider.auth._parse_jwt_subject",
+            return_value="test-user",
+        ):
+            response = client.post(
+                "/graphql",
+                headers={
+                    "Authorization": "Bearer valid-token",
+                    WORKSPACE_HEADER_NAME: "team-a",
+                },
+                json={"query": query},
+            )
+
+    assert response.status_code == 200
+    assert response.json()["query"] == query
+    # FastAPI middleware should NOT have called its authorizer
+    mock_authorizer.is_allowed.assert_not_called()
+    # Flask's before_request handler SHOULD have called the authorizer
+    flask_is_allowed.assert_called_once()
+
+
 def test_job_api_missing_workspace_context_returns_error(
     mock_authorizer, mock_config, monkeypatch
 ) -> None:
@@ -499,10 +582,9 @@ def test_job_api_missing_workspace_context_returns_error(
         authorizer=mock_authorizer,
         config_values=mock_config,
     )
-    monkeypatch.setenv(MLFLOW_ENABLE_WORKSPACES.name, "true")
     monkeypatch.setattr(
-        "mlflow.server.workspace_helpers.get_default_workspace_optional",
-        lambda _store: (None, False),
+        "kubernetes_workspace_provider.auth.resolve_workspace_from_header",
+        lambda _header: None,
     )
 
     @app.get("/ajax-api/3.0/jobs/123")