Additional Decorators for the Model API

[jiyer2016]

I'd like to add a decorator on top of my Model API for allowing access to authorized consumers.
This is what I have in mind - add a new application-defined authorize decorator on top of bentoml.api decorator:

@authorize
@bentoml.api(input=JsonInput())
    def rank(self, json_input: dict, task: InferenceTask): 

Does anyone see any downside / negative side-effects with the approach ?

The one thing I notice - I must do on the application-defined authorize decorator to make this work is to make use of functools.wraps as shown below:

import functools

@functools.wraps(func)
def authorize(*args, **kwargs):
    // do something here

Without this - the "metadata" added to the decorated function within def api_decorator in bentoml/service/__init__.py will be lost and possibly have negative side-effects.

        setattr(func, "_is_api", True)
        setattr(func, "_input_adapter", input_adapter)
        setattr(func, "_output_adapter", output_adapter)
        setattr(func, "_api_name", _api_name)
        setattr(func, "_api_doc", api_doc)
        setattr(func, "_mb_max_batch_size", mb_max_batch_size)
        setattr(func, "_mb_max_latency", mb_max_latency)
        setattr(func, "_batch", batch)

Let me know if the functools.wraps approach is the right thing to do - something that will work across future upgrades/releases of the product.

Let me know if there are any other things that I may not have considered.

[bojiang]

Yeah, I believe functools.wraps is the right thing to do.

Plus I recommend calling your decorator before bentoml.api like this:

@bentoml.api
@auth 
def predict(self, inputs, tasks):
    pass

The bentoml API hasn't promised any behavior of the decorated function now. But the args that the user API function got are well defined.

[parano]

@jiyer2016 in general we recommend doing authentication/authorization in a proxy server in front of the API server rather than implementing it in the API server itself because it gives more flexibility for the DevOps/Security side and makes the deployment workflow easier to manage.