Skip to content

Commit

Permalink
Add the privilege and db name param for the operate privilege api
Browse files Browse the repository at this point in the history
Signed-off-by: SimFG <bang.fu@zilliz.com>
  • Loading branch information
SimFG committed Aug 1, 2024
1 parent d26d3d7 commit 620eb55
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 12 deletions.
4 changes: 2 additions & 2 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,9 @@ type Client interface {
// ListGrants lists all assigned privileges and objects for the role.
ListGrants(ctx context.Context, role string, dbName string) ([]entity.RoleGrants, error)
// Grant adds privilege for role.
Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error
Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, dbName string) error
// Revoke removes privilege from role.
Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error
Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, dbName string) error

// GetLoadingProgress get the collection or partitions loading progress
GetLoadingProgress(ctx context.Context, collectionName string, partitionNames []string) (int64, error)
Expand Down
16 changes: 14 additions & 2 deletions client/rbac.go
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ func (c *GrpcClient) ListGrant(ctx context.Context, role string, object string,
}

// Grant adds object privileged for role.
func (c *GrpcClient) Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error {
func (c *GrpcClient) Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, dbName string) error {
if c.Service == nil {
return ErrClientNotReady
}
Expand All @@ -334,6 +334,12 @@ func (c *GrpcClient) Grant(ctx context.Context, role string, objectType entity.P
Name: commonpb.ObjectType_name[int32(objectType)],
},
ObjectName: object,
Grantor: &milvuspb.GrantorEntity{
Privilege: &milvuspb.PrivilegeEntity{
Name: privilege,
},
},
DbName: dbName,
},
Type: milvuspb.OperatePrivilegeType_Grant,
}
Expand All @@ -347,7 +353,7 @@ func (c *GrpcClient) Grant(ctx context.Context, role string, objectType entity.P
}

// Revoke removes privilege from role.
func (c *GrpcClient) Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string) error {
func (c *GrpcClient) Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, dbName string) error {
if c.Service == nil {
return ErrClientNotReady
}
Expand All @@ -361,6 +367,12 @@ func (c *GrpcClient) Revoke(ctx context.Context, role string, objectType entity.
Name: commonpb.ObjectType_name[int32(objectType)],
},
ObjectName: object,
Grantor: &milvuspb.GrantorEntity{
Privilege: &milvuspb.PrivilegeEntity{
Name: privilege,
},
},
DbName: dbName,
},
Type: milvuspb.OperatePrivilegeType_Revoke,
}
Expand Down
24 changes: 16 additions & 8 deletions client/rbac_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -629,6 +629,8 @@ func (s *RBACSuite) TestGrant() {
roleName := "testRole"
objectName := testCollectionName
objectType := entity.PriviledegeObjectTypeCollection
dbName := "testDB"
privilege := "testPrivilege"

s.Run("normal run", func() {
ctx, cancel := context.WithCancel(ctx)
Expand All @@ -639,9 +641,11 @@ func (s *RBACSuite) TestGrant() {
s.Equal(objectName, req.GetEntity().GetObjectName())
s.Equal(commonpb.ObjectType_name[int32(objectType)], req.GetEntity().GetObject().GetName())
s.Equal(milvuspb.OperatePrivilegeType_Grant, req.GetType())
s.Equal(privilege, req.GetEntity().GetGrantor().GetPrivilege().GetName())
s.Equal(dbName, req.GetEntity().GetDbName())
}).Return(&commonpb.Status{ErrorCode: commonpb.ErrorCode_Success}, nil)

err := s.client.Grant(ctx, roleName, objectType, objectName)
err := s.client.Grant(ctx, roleName, objectType, objectName, privilege, dbName)

s.NoError(err)
})
Expand All @@ -652,7 +656,7 @@ func (s *RBACSuite) TestGrant() {
defer s.resetMock()
s.mock.EXPECT().OperatePrivilege(mock.Anything, mock.Anything).Return(nil, errors.New("mock error"))

err := s.client.Grant(ctx, roleName, objectType, objectName)
err := s.client.Grant(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
})

Expand All @@ -662,7 +666,7 @@ func (s *RBACSuite) TestGrant() {
defer s.resetMock()
s.mock.EXPECT().OperatePrivilege(mock.Anything, mock.Anything).Return(&commonpb.Status{ErrorCode: commonpb.ErrorCode_UnexpectedError}, nil)

err := s.client.Grant(ctx, roleName, objectType, objectName)
err := s.client.Grant(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
})

Expand All @@ -671,7 +675,7 @@ func (s *RBACSuite) TestGrant() {
defer cancel()

c := &GrpcClient{}
err := c.Grant(ctx, roleName, objectType, objectName)
err := c.Grant(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
s.ErrorIs(err, ErrClientNotReady)
})
Expand All @@ -683,6 +687,8 @@ func (s *RBACSuite) TestRevoke() {
roleName := "testRole"
objectName := testCollectionName
objectType := entity.PriviledegeObjectTypeCollection
dbName := "testDB"
privilege := "testPrivilege"

s.Run("normal run", func() {
ctx, cancel := context.WithCancel(ctx)
Expand All @@ -693,9 +699,11 @@ func (s *RBACSuite) TestRevoke() {
s.Equal(objectName, req.GetEntity().GetObjectName())
s.Equal(commonpb.ObjectType_name[int32(objectType)], req.GetEntity().GetObject().GetName())
s.Equal(milvuspb.OperatePrivilegeType_Revoke, req.GetType())
s.Equal(privilege, req.GetEntity().GetGrantor().GetPrivilege().GetName())
s.Equal(dbName, req.GetEntity().GetDbName())
}).Return(&commonpb.Status{ErrorCode: commonpb.ErrorCode_Success}, nil)

err := s.client.Revoke(ctx, roleName, objectType, objectName)
err := s.client.Revoke(ctx, roleName, objectType, objectName, privilege, dbName)

s.NoError(err)
})
Expand All @@ -706,7 +714,7 @@ func (s *RBACSuite) TestRevoke() {
defer s.resetMock()
s.mock.EXPECT().OperatePrivilege(mock.Anything, mock.Anything).Return(nil, errors.New("mock error"))

err := s.client.Revoke(ctx, roleName, objectType, objectName)
err := s.client.Revoke(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
})

Expand All @@ -716,7 +724,7 @@ func (s *RBACSuite) TestRevoke() {
defer s.resetMock()
s.mock.EXPECT().OperatePrivilege(mock.Anything, mock.Anything).Return(&commonpb.Status{ErrorCode: commonpb.ErrorCode_UnexpectedError}, nil)

err := s.client.Revoke(ctx, roleName, objectType, objectName)
err := s.client.Revoke(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
})

Expand All @@ -726,7 +734,7 @@ func (s *RBACSuite) TestRevoke() {
defer s.resetMock()

c := &GrpcClient{}
err := c.Revoke(ctx, roleName, objectType, objectName)
err := c.Revoke(ctx, roleName, objectType, objectName, privilege, dbName)
s.Error(err)
s.ErrorIs(err, ErrClientNotReady)
})
Expand Down

0 comments on commit 620eb55

Please sign in to comment.