Skip to content

fix: add project_id filter to SnowflakeRegistry UPDATE path#6243

Open
Abhishek8108 wants to merge 1 commit intofeast-dev:masterfrom
Abhishek8108:fix/snowflake-registry-update-project-id-filter
Open

fix: add project_id filter to SnowflakeRegistry UPDATE path#6243
Abhishek8108 wants to merge 1 commit intofeast-dev:masterfrom
Abhishek8108:fix/snowflake-registry-update-project-id-filter

Conversation

@Abhishek8108
Copy link
Copy Markdown

@Abhishek8108 Abhishek8108 commented Apr 8, 2026
edited by devin-ai-integration bot
Loading

Summary

Fixes #6208.

SnowflakeRegistry._apply_object had a missing project_id clause in the UPDATE branch's WHERE condition. In a shared Snowflake registry, this allowed a feast apply in one project to silently overwrite a same-named object belonging to a different project.

Root cause: The helper has two SQL branches:

  • SELECT (existence check) — correctly scoped: WHERE project_id = '{project}' AND {id_field} = '{name}'
  • UPDATE (overwrite) — was missing project_id: WHERE {id_field} = '{name}'

The fix brings the UPDATE path in line with the SELECT and DELETE paths, which already scoped by project_id correctly.

Impact: Affects all resource types routed through _apply_object — entities, data sources, feature views, feature services, saved datasets, validation references, permissions, and infrastructure objects.

Changes

  • sdk/python/feast/infra/registry/snowflake.py — add project_id = '{project}' AND to the UPDATE WHERE clause (one line)
  • sdk/python/tests/unit/infra/registry/test_snowflake_registry.py — new regression test; mocks the Snowflake connection, drives _apply_object into the UPDATE path, and asserts project_id appears in the WHERE clause

Test plan

  • New regression test passes: pytest sdk/python/tests/unit/infra/registry/test_snowflake_registry.py -v
  • All existing registry unit tests pass: pytest sdk/python/tests/unit/infra/registry/ -v
  • Manually verified UPDATE query now reads: WHERE project_id = '{project}' AND {id_field} = '{name}'
Open with Devin

@Abhishek8108 Abhishek8108 requested a review from a team as a code owner April 8, 2026 19:27
devin-ai-integration[bot]
devin-ai-integration bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

@Abhishek8108
fix: add project_id filter to SnowflakeRegistry UPDATE path
7a9cf1f 
_apply_object had a missing project_id clause in the UPDATE branch's
WHERE condition. In a shared Snowflake registry, this allowed a
feast apply in one project to silently overwrite a same-named object
belonging to a different project.

The SELECT path already scoped correctly by project_id. The DELETE
path (_delete_object) also scoped correctly. This commit brings the
UPDATE path in line with both.

Fixes feast-dev#6208

Signed-off-by: Abhishek8108 <[email protected]>
@Abhishek8108 Abhishek8108 force-pushed the fix/snowflake-registry-update-project-id-filter branch from d1458cf to 7a9cf1f Compare April 8, 2026 19:30
@Abhishek8108 Abhishek8108 mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SnowflakeRegistry._apply_object UPDATE path missing project_id filter - cross-project overwrites

1 participant

@Abhishek8108