github.com/milvus-io/milvus-sdk-go/v2@v2.4.1/client/rbac.go (about) 1 // Licensed to the LF AI & Data foundation under one 2 // or more contributor license agreements. See the NOTICE file 3 // distributed with this work for additional information 4 // regarding copyright ownership. The ASF licenses this file 5 // to you under the Apache License, Version 2.0 (the 6 // "License"); you may not use this file except in compliance 7 // with the License. You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 17 package client 18 19 import ( 20 "context" 21 22 "github.com/milvus-io/milvus-proto/go-api/v2/commonpb" 23 "github.com/milvus-io/milvus-proto/go-api/v2/milvuspb" 24 "github.com/milvus-io/milvus-sdk-go/v2/entity" 25 ) 26 27 // CreateRole creates a role entity in Milvus. 28 func (c *GrpcClient) CreateRole(ctx context.Context, name string) error { 29 if c.Service == nil { 30 return ErrClientNotReady 31 } 32 33 req := &milvuspb.CreateRoleRequest{ 34 Entity: &milvuspb.RoleEntity{ 35 Name: name, 36 }, 37 } 38 resp, err := c.Service.CreateRole(ctx, req) 39 if err != nil { 40 return err 41 } 42 43 return handleRespStatus(resp) 44 } 45 46 // DropRole drops a role entity in Milvus. 47 func (c *GrpcClient) DropRole(ctx context.Context, name string) error { 48 if c.Service == nil { 49 return ErrClientNotReady 50 } 51 52 req := &milvuspb.DropRoleRequest{ 53 RoleName: name, 54 } 55 56 resp, err := c.Service.DropRole(ctx, req) 57 if err != nil { 58 return err 59 } 60 61 return handleRespStatus(resp) 62 } 63 64 // AddUserRole adds one role for user. 65 func (c *GrpcClient) AddUserRole(ctx context.Context, username string, role string) error { 66 if c.Service == nil { 67 return ErrClientNotReady 68 } 69 70 req := &milvuspb.OperateUserRoleRequest{ 71 Username: username, 72 RoleName: role, 73 Type: milvuspb.OperateUserRoleType_AddUserToRole, 74 } 75 76 resp, err := c.Service.OperateUserRole(ctx, req) 77 if err != nil { 78 return err 79 } 80 81 return handleRespStatus(resp) 82 } 83 84 // RemoveUserRole removes one role from user. 85 func (c *GrpcClient) RemoveUserRole(ctx context.Context, username string, role string) error { 86 if c.Service == nil { 87 return ErrClientNotReady 88 } 89 90 req := &milvuspb.OperateUserRoleRequest{ 91 Username: username, 92 RoleName: role, 93 Type: milvuspb.OperateUserRoleType_RemoveUserFromRole, 94 } 95 96 resp, err := c.Service.OperateUserRole(ctx, req) 97 if err != nil { 98 return err 99 } 100 101 return handleRespStatus(resp) 102 } 103 104 // ListRoles lists the role objects in system. 105 func (c *GrpcClient) ListRoles(ctx context.Context) ([]entity.Role, error) { 106 if c.Service == nil { 107 return nil, ErrClientNotReady 108 } 109 110 req := &milvuspb.SelectRoleRequest{} 111 112 resp, err := c.Service.SelectRole(ctx, req) 113 if err != nil { 114 return nil, err 115 } 116 if err = handleRespStatus(resp.GetStatus()); err != nil { 117 return nil, err 118 } 119 120 roles := make([]entity.Role, 0, len(resp.GetResults())) 121 for _, result := range resp.GetResults() { 122 roles = append(roles, entity.Role{Name: result.GetRole().GetName()}) 123 } 124 125 return roles, nil 126 } 127 128 // ListUsers lists the user objects in system. 129 func (c *GrpcClient) ListUsers(ctx context.Context) ([]entity.User, error) { 130 if c.Service == nil { 131 return nil, ErrClientNotReady 132 } 133 134 req := &milvuspb.SelectUserRequest{} 135 136 resp, err := c.Service.SelectUser(ctx, req) 137 if err != nil { 138 return nil, err 139 } 140 if err = handleRespStatus(resp.GetStatus()); err != nil { 141 return nil, err 142 } 143 144 users := make([]entity.User, 0, len(resp.GetResults())) 145 for _, result := range resp.GetResults() { 146 users = append(users, entity.User{Name: result.GetUser().GetName()}) 147 } 148 149 return users, nil 150 } 151 152 // DescribeUser lists the user descriptions in the system (name, roles) 153 func (c *GrpcClient) DescribeUser(ctx context.Context, username string) (entity.UserDescription, error) { 154 if c.Service == nil { 155 return entity.UserDescription{}, ErrClientNotReady 156 } 157 158 req := &milvuspb.SelectUserRequest{ 159 User: &milvuspb.UserEntity{ 160 Name: username, 161 }, 162 IncludeRoleInfo: true, 163 } 164 165 resp, err := c.Service.SelectUser(ctx, req) 166 167 if err != nil { 168 return entity.UserDescription{}, err 169 } 170 if err = handleRespStatus(resp.GetStatus()); err != nil { 171 return entity.UserDescription{}, err 172 } 173 results := resp.GetResults() 174 175 if len(results) == 0 { 176 return entity.UserDescription{}, nil 177 } 178 179 userDescription := entity.UserDescription{ 180 Name: results[0].GetUser().GetName(), 181 Roles: make([]string, 0, len(results[0].GetRoles())), 182 } 183 184 for _, role := range results[0].GetRoles() { 185 userDescription.Roles = append(userDescription.Roles, role.GetName()) 186 } 187 return userDescription, nil 188 } 189 190 // DescribeUsers lists all users with descriptions (names, roles) 191 func (c *GrpcClient) DescribeUsers(ctx context.Context) ([]entity.UserDescription, error) { 192 if c.Service == nil { 193 return nil, ErrClientNotReady 194 } 195 196 req := &milvuspb.SelectUserRequest{ 197 IncludeRoleInfo: true, 198 } 199 200 resp, err := c.Service.SelectUser(ctx, req) 201 202 if err != nil { 203 return nil, err 204 } 205 if err = handleRespStatus(resp.GetStatus()); err != nil { 206 return nil, err 207 } 208 results := resp.GetResults() 209 210 userDescriptions := make([]entity.UserDescription, 0, len(results)) 211 212 for _, result := range results { 213 userDescription := entity.UserDescription{ 214 Name: result.GetUser().GetName(), 215 Roles: make([]string, 0, len(result.GetRoles())), 216 } 217 for _, role := range result.GetRoles() { 218 userDescription.Roles = append(userDescription.Roles, role.GetName()) 219 } 220 userDescriptions = append(userDescriptions, userDescription) 221 } 222 223 return userDescriptions, nil 224 } 225 226 // ListGrants lists the role grants in the system 227 func (c *GrpcClient) ListGrants(ctx context.Context, role string, dbName string) ([]entity.RoleGrants, error) { 228 RoleGrantsList := make([]entity.RoleGrants, 0) 229 if c.Service == nil { 230 return RoleGrantsList, ErrClientNotReady 231 } 232 233 req := &milvuspb.SelectGrantRequest{ 234 Entity: &milvuspb.GrantEntity{ 235 Role: &milvuspb.RoleEntity{ 236 Name: role, 237 }, 238 DbName: dbName, 239 }, 240 } 241 242 resp, err := c.Service.SelectGrant(ctx, req) 243 244 if err != nil { 245 return RoleGrantsList, err 246 } 247 if err = handleRespStatus(resp.GetStatus()); err != nil { 248 return RoleGrantsList, err 249 } 250 251 results := resp.GetEntities() 252 253 if len(results) == 0 { 254 return RoleGrantsList, nil 255 } 256 257 for _, roleEntity := range results { 258 RoleGrant := entity.RoleGrants{ 259 Object: roleEntity.Object.Name, 260 ObjectName: roleEntity.ObjectName, 261 RoleName: roleEntity.Role.Name, 262 GrantorName: roleEntity.Grantor.User.Name, 263 PrivilegeName: roleEntity.Grantor.Privilege.Name, 264 DbName: roleEntity.DbName, 265 } 266 RoleGrantsList = append(RoleGrantsList, RoleGrant) 267 } 268 269 return RoleGrantsList, nil 270 } 271 272 // ListGrant lists a grant info for the role and the specific object 273 func (c *GrpcClient) ListGrant(ctx context.Context, role string, object string, objectName string, dbName string) ([]entity.RoleGrants, error) { 274 RoleGrantsList := make([]entity.RoleGrants, 0) 275 if c.Service == nil { 276 return RoleGrantsList, ErrClientNotReady 277 } 278 279 req := &milvuspb.SelectGrantRequest{ 280 Entity: &milvuspb.GrantEntity{ 281 Role: &milvuspb.RoleEntity{ 282 Name: role, 283 }, 284 Object: &milvuspb.ObjectEntity{ 285 Name: object, 286 }, 287 ObjectName: objectName, 288 DbName: dbName, 289 }, 290 } 291 292 resp, err := c.Service.SelectGrant(ctx, req) 293 294 if err != nil { 295 return RoleGrantsList, err 296 } 297 if err = handleRespStatus(resp.GetStatus()); err != nil { 298 return RoleGrantsList, err 299 } 300 301 results := resp.GetEntities() 302 303 if len(results) == 0 { 304 return RoleGrantsList, nil 305 } 306 307 for _, roleEntity := range results { 308 RoleGrant := entity.RoleGrants{ 309 Object: roleEntity.Object.Name, 310 ObjectName: roleEntity.ObjectName, 311 RoleName: roleEntity.Role.Name, 312 GrantorName: roleEntity.Grantor.User.Name, 313 PrivilegeName: roleEntity.Grantor.Privilege.Name, 314 DbName: roleEntity.DbName, 315 } 316 RoleGrantsList = append(RoleGrantsList, RoleGrant) 317 } 318 319 return RoleGrantsList, nil 320 } 321 322 // Grant adds object privileged for role. 323 func (c *GrpcClient) Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error { 324 if c.Service == nil { 325 return ErrClientNotReady 326 } 327 328 req := &milvuspb.OperatePrivilegeRequest{ 329 Entity: &milvuspb.GrantEntity{ 330 Role: &milvuspb.RoleEntity{ 331 Name: role, 332 }, 333 Object: &milvuspb.ObjectEntity{ 334 Name: commonpb.ObjectType_name[int32(objectType)], 335 }, 336 ObjectName: object, 337 }, 338 Type: milvuspb.OperatePrivilegeType_Grant, 339 } 340 341 resp, err := c.Service.OperatePrivilege(ctx, req) 342 if err != nil { 343 return err 344 } 345 346 return handleRespStatus(resp) 347 } 348 349 // Revoke removes privilege from role. 350 func (c *GrpcClient) Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error { 351 if c.Service == nil { 352 return ErrClientNotReady 353 } 354 355 req := &milvuspb.OperatePrivilegeRequest{ 356 Entity: &milvuspb.GrantEntity{ 357 Role: &milvuspb.RoleEntity{ 358 Name: role, 359 }, 360 Object: &milvuspb.ObjectEntity{ 361 Name: commonpb.ObjectType_name[int32(objectType)], 362 }, 363 ObjectName: object, 364 }, 365 Type: milvuspb.OperatePrivilegeType_Revoke, 366 } 367 368 resp, err := c.Service.OperatePrivilege(ctx, req) 369 if err != nil { 370 return err 371 } 372 373 return handleRespStatus(resp) 374 }