From 26c8b7433a3a242622e4e21ee3bba6b40a6e1bf2 Mon Sep 17 00:00:00 2001 From: shaoting-huang Date: Mon, 18 Nov 2024 16:50:24 +0800 Subject: [PATCH 1/3] add privilege group orm Signed-off-by: shaoting-huang --- pymilvus/client/check.py | 8 +++++ pymilvus/orm/role.py | 78 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/pymilvus/client/check.py b/pymilvus/client/check.py index c76ab7f7a..e9d5c9535 100644 --- a/pymilvus/client/check.py +++ b/pymilvus/client/check.py @@ -275,6 +275,12 @@ def is_legal_operate_privilege_type(operate_privilege_type: Any) -> bool: milvus_types.OperatePrivilegeType.Revoke, ) +def is_legal_privilege_group(privilege_group: Any) -> bool: + return privilege_group and isinstance(privilege_group, str) + +def is_legal_privileges(privileges: Any) -> bool: + return privileges and isinstance(privileges, list) and all(is_legal_privilege(p) for p in privileges) + class ParamChecker(metaclass=Singleton): def __init__(self) -> None: @@ -320,6 +326,8 @@ def __init__(self) -> None: "timeout": is_legal_timeout, "drop_ratio_build": is_legal_drop_ratio, "drop_ratio_search": is_legal_drop_ratio, + "privilege_group": is_legal_privilege_group, + "privileges": is_legal_privileges, } def check(self, key: str, value: Callable): diff --git a/pymilvus/orm/role.py b/pymilvus/orm/role.py index 6fe4a93f4..e2a4eed3a 100644 --- a/pymilvus/orm/role.py +++ b/pymilvus/orm/role.py @@ -221,3 +221,81 @@ def list_grants(self, db_name: str = ""): >>> role.list_grants() """ return self._get_connection().select_grant_for_one_role(self._name, db_name) + + def create_privilege_group(self, group_name: str): + """Create a privilege group for the role + :param group_name: privilege group name. + :type group_name: str + + :example: + >>> from pymilvus import connections + >>> from pymilvus.orm.role import Role + >>> connections.connect() + >>> role = Role(role_name) + >>> role.create_privilege_group(group_name) + """ + return self._get_connection().create_privilege_group(self._name, group_name) + + def drop_privilege_group(self, group_name: str): + """Drop a privilege group for the role + :param group_name: privilege group name. + :type group_name: str + + :example: + >>> from pymilvus import connections + >>> from pymilvus.orm.role import Role + >>> connections.connect() + >>> role = Role(role_name) + >>> role.drop_privilege_group(group_name) + """ + return self._get_connection().drop_privilege_group(self._name, group_name) + + def list_privilege_groups(self): + """List all privilege groups for the role + :return a PrivilegeGroupInfo object + :rtype PrivilegeGroupInfo + + PrivilegeGroupInfo groups: + - PrivilegeGroupItem: , + + :example: + >>> from pymilvus import connections + >>> from pymilvus.orm.role import Role + >>> connections.connect() + >>> role = Role(role_name) + >>> role.list_privilege_groups() + """ + return self._get_connection().list_privilege_groups(self._name) + + def add_privileges_to_group(self, group_name: str, privileges: list): + """Add privileges to a privilege group for the role + :param group_name: privilege group name. + :type group_name: str + :param privileges: a list of privilege names. + :type privileges: list + + :example: + >>> from pymilvus import connections + >>> from pymilvus.orm.role import Role + >>> connections.connect() + >>> role = Role(role_name) + >>> role.add_privileges_to_group(group_name, ["Insert", "Select"]) + """ + return self._get_connection().add_privileges_to_group(self._name, group_name, privileges) + + def remove_privileges_from_group(self, group_name: str, privileges: list): + """Remove privileges from a privilege group for the role + :param group_name: privilege group name. + :type group_name: str + :param privileges: a list of privilege names. + :type privileges: list + + :example: + >>> from pymilvus import connections + >>> from pymilvus.orm.role import Role + >>> connections.connect() + >>> role = Role(role_name) + >>> role.remove_privileges_from_group(group_name, ["Insert", "Select"]) + """ + return self._get_connection().remove_privileges_from_group(self._name, group_name, privileges) + From 174df403cfa8befcf21defbc4392aa5898884495 Mon Sep 17 00:00:00 2001 From: shaoting-huang Date: Mon, 18 Nov 2024 16:53:19 +0800 Subject: [PATCH 2/3] fix lint Signed-off-by: shaoting-huang --- pymilvus/client/check.py | 8 +++++++- pymilvus/orm/role.py | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pymilvus/client/check.py b/pymilvus/client/check.py index e9d5c9535..a534c96c4 100644 --- a/pymilvus/client/check.py +++ b/pymilvus/client/check.py @@ -275,11 +275,17 @@ def is_legal_operate_privilege_type(operate_privilege_type: Any) -> bool: milvus_types.OperatePrivilegeType.Revoke, ) + def is_legal_privilege_group(privilege_group: Any) -> bool: return privilege_group and isinstance(privilege_group, str) + def is_legal_privileges(privileges: Any) -> bool: - return privileges and isinstance(privileges, list) and all(is_legal_privilege(p) for p in privileges) + return ( + privileges + and isinstance(privileges, list) + and all(is_legal_privilege(p) for p in privileges) + ) class ParamChecker(metaclass=Singleton): diff --git a/pymilvus/orm/role.py b/pymilvus/orm/role.py index e2a4eed3a..3995a5f5a 100644 --- a/pymilvus/orm/role.py +++ b/pymilvus/orm/role.py @@ -297,5 +297,6 @@ def remove_privileges_from_group(self, group_name: str, privileges: list): >>> role = Role(role_name) >>> role.remove_privileges_from_group(group_name, ["Insert", "Select"]) """ - return self._get_connection().remove_privileges_from_group(self._name, group_name, privileges) - + return self._get_connection().remove_privileges_from_group( + self._name, group_name, privileges + ) From b2611d11e663bb221fbc3d5836be59e01367b4ae Mon Sep 17 00:00:00 2001 From: shaoting-huang Date: Mon, 18 Nov 2024 17:23:25 +0800 Subject: [PATCH 3/3] fix lint Signed-off-by: shaoting-huang --- pymilvus/client/check.py | 8 +++++++ pymilvus/client/grpc_handler.py | 20 +++++++++------- pymilvus/client/prepare.py | 33 +++++++++++--------------- pymilvus/orm/role.py | 42 +++++++++++++++++---------------- 4 files changed, 56 insertions(+), 47 deletions(-) diff --git a/pymilvus/client/check.py b/pymilvus/client/check.py index a534c96c4..a7a698b30 100644 --- a/pymilvus/client/check.py +++ b/pymilvus/client/check.py @@ -288,6 +288,13 @@ def is_legal_privileges(privileges: Any) -> bool: ) +def is_legal_operate_privilege_group_type(operate_privilege_group_type: Any) -> bool: + return operate_privilege_group_type in ( + milvus_types.OperatePrivilegeGroupType.AddPrivilegesToGroup, + milvus_types.OperatePrivilegeGroupType.RemovePrivilegesFromGroup, + ) + + class ParamChecker(metaclass=Singleton): def __init__(self) -> None: self.check_dict = { @@ -334,6 +341,7 @@ def __init__(self) -> None: "drop_ratio_search": is_legal_drop_ratio, "privilege_group": is_legal_privilege_group, "privileges": is_legal_privileges, + "operate_privilege_group_type": is_legal_operate_privilege_group_type, } def check(self, key: str, value: Callable): diff --git a/pymilvus/client/grpc_handler.py b/pymilvus/client/grpc_handler.py index bd070251d..ad360e42b 100644 --- a/pymilvus/client/grpc_handler.py +++ b/pymilvus/client/grpc_handler.py @@ -2023,14 +2023,16 @@ def alloc_timestamp(self, timeout: Optional[float] = None) -> int: return response.timestamp @retry_on_rpc_failure() - def create_privilege_group(self, group_name: str, timeout: Optional[float] = None, **kwargs): - req = Prepare.create_privilege_group_req(group_name) + def create_privilege_group( + self, privilege_group: str, timeout: Optional[float] = None, **kwargs + ): + req = Prepare.create_privilege_group_req(privilege_group) resp = self._stub.CreatePrivilegeGroup(req, wait_for_ready=True, timeout=timeout) check_status(resp) @retry_on_rpc_failure() - def drop_privilege_group(self, group_name: str, timeout: Optional[float] = None, **kwargs): - req = Prepare.drop_privilege_group_req(group_name) + def drop_privilege_group(self, privilege_group: str, timeout: Optional[float] = None, **kwargs): + req = Prepare.drop_privilege_group_req(privilege_group) resp = self._stub.DropPrivilegeGroup(req, wait_for_ready=True, timeout=timeout) check_status(resp) @@ -2043,20 +2045,22 @@ def list_privilege_groups(self, timeout: Optional[float] = None, **kwargs): @retry_on_rpc_failure() def add_privileges_to_group( - self, group_name: str, privileges: List[str], timeout: Optional[float] = None, **kwargs + self, privilege_group: str, privileges: List[str], timeout: Optional[float] = None, **kwargs ): req = Prepare.operate_privilege_group_req( - group_name, privileges, milvus_types.OperatePrivilegeGroupType.AddPrivilegesToGroup + privilege_group, privileges, milvus_types.OperatePrivilegeGroupType.AddPrivilegesToGroup ) resp = self._stub.OperatePrivilegeGroup(req, wait_for_ready=True, timeout=timeout) check_status(resp) @retry_on_rpc_failure() def remove_privileges_from_group( - self, group_name: str, privileges: List[str], timeout: Optional[float] = None, **kwargs + self, privilege_group: str, privileges: List[str], timeout: Optional[float] = None, **kwargs ): req = Prepare.operate_privilege_group_req( - group_name, privileges, milvus_types.OperatePrivilegeGroupType.RemovePrivilegesFromGroup + privilege_group, + privileges, + milvus_types.OperatePrivilegeGroupType.RemovePrivilegesFromGroup, ) resp = self._stub.OperatePrivilegeGroup(req, wait_for_ready=True, timeout=timeout) check_status(resp) diff --git a/pymilvus/client/prepare.py b/pymilvus/client/prepare.py index 9e4820ab2..1427c8ec9 100644 --- a/pymilvus/client/prepare.py +++ b/pymilvus/client/prepare.py @@ -1590,33 +1590,28 @@ def describe_database_req(cls, db_name: str): return milvus_types.DescribeDatabaseRequest(db_name=db_name) @classmethod - def create_privilege_group_req(cls, group_name: str): - check_pass_param(group_name=group_name) - return milvus_types.CreatePrivilegeGroupRequest(group_name=group_name) + def create_privilege_group_req(cls, privilege_group: str): + check_pass_param(privilege_group=privilege_group) + return milvus_types.CreatePrivilegeGroupRequest(group_name=privilege_group) @classmethod - def drop_privilege_group_req(cls, group_name: str): - check_pass_param(group_name=group_name) - return milvus_types.DropPrivilegeGroupRequest(group_name=group_name) + def drop_privilege_group_req(cls, privilege_group: str): + check_pass_param(privilege_group=privilege_group) + return milvus_types.DropPrivilegeGroupRequest(group_name=privilege_group) @classmethod def list_privilege_groups_req(cls): return milvus_types.ListPrivilegeGroupsRequest() @classmethod - def operate_privilege_group_req(cls, group_name: str, privileges: List[str], operate_type: Any): - check_pass_param(group_name=group_name) - check_pass_param(operate_type=operate_type) - if not isinstance( - privileges, - (list), - ): - msg = f"Privileges {privileges} is not a list" - raise ParamError(message=msg) - for p in privileges: - check_pass_param(privilege=p) + def operate_privilege_group_req( + cls, privilege_group: str, privileges: List[str], operate_privilege_group_type: Any + ): + check_pass_param(privilege_group=privilege_group) + check_pass_param(privileges=privileges) + check_pass_param(operate_privilege_group_type=operate_privilege_group_type) return milvus_types.OperatePrivilegeGroupRequest( - group_name=group_name, + group_name=privilege_group, privileges=[milvus_types.PrivilegeEntity(name=p) for p in privileges], - type=operate_type, + type=operate_privilege_group_type, ) diff --git a/pymilvus/orm/role.py b/pymilvus/orm/role.py index 3995a5f5a..95c3ed442 100644 --- a/pymilvus/orm/role.py +++ b/pymilvus/orm/role.py @@ -222,33 +222,33 @@ def list_grants(self, db_name: str = ""): """ return self._get_connection().select_grant_for_one_role(self._name, db_name) - def create_privilege_group(self, group_name: str): + def create_privilege_group(self, privilege_group: str): """Create a privilege group for the role - :param group_name: privilege group name. - :type group_name: str + :param privilege_group: privilege group name. + :type privilege_group: str :example: >>> from pymilvus import connections >>> from pymilvus.orm.role import Role >>> connections.connect() >>> role = Role(role_name) - >>> role.create_privilege_group(group_name) + >>> role.create_privilege_group(privilege_group) """ - return self._get_connection().create_privilege_group(self._name, group_name) + return self._get_connection().create_privilege_group(self._name, privilege_group) - def drop_privilege_group(self, group_name: str): + def drop_privilege_group(self, privilege_group: str): """Drop a privilege group for the role - :param group_name: privilege group name. - :type group_name: str + :param privilege_group: privilege group name. + :type privilege_group: str :example: >>> from pymilvus import connections >>> from pymilvus.orm.role import Role >>> connections.connect() >>> role = Role(role_name) - >>> role.drop_privilege_group(group_name) + >>> role.drop_privilege_group(privilege_group) """ - return self._get_connection().drop_privilege_group(self._name, group_name) + return self._get_connection().drop_privilege_group(self._name, privilege_group) def list_privilege_groups(self): """List all privilege groups for the role @@ -267,10 +267,10 @@ def list_privilege_groups(self): """ return self._get_connection().list_privilege_groups(self._name) - def add_privileges_to_group(self, group_name: str, privileges: list): + def add_privileges_to_group(self, privilege_group: str, privileges: list): """Add privileges to a privilege group for the role - :param group_name: privilege group name. - :type group_name: str + :param privilege_group: privilege group name. + :type privilege_group: str :param privileges: a list of privilege names. :type privileges: list @@ -279,14 +279,16 @@ def add_privileges_to_group(self, group_name: str, privileges: list): >>> from pymilvus.orm.role import Role >>> connections.connect() >>> role = Role(role_name) - >>> role.add_privileges_to_group(group_name, ["Insert", "Select"]) + >>> role.add_privileges_to_group(privilege_group, ["Insert", "Select"]) """ - return self._get_connection().add_privileges_to_group(self._name, group_name, privileges) + return self._get_connection().add_privileges_to_group( + self._name, privilege_group, privileges + ) - def remove_privileges_from_group(self, group_name: str, privileges: list): + def remove_privileges_from_group(self, privilege_group: str, privileges: list): """Remove privileges from a privilege group for the role - :param group_name: privilege group name. - :type group_name: str + :param privilege_group: privilege group name. + :type privilege_group: str :param privileges: a list of privilege names. :type privileges: list @@ -295,8 +297,8 @@ def remove_privileges_from_group(self, group_name: str, privileges: list): >>> from pymilvus.orm.role import Role >>> connections.connect() >>> role = Role(role_name) - >>> role.remove_privileges_from_group(group_name, ["Insert", "Select"]) + >>> role.remove_privileges_from_group(privilege_group, ["Insert", "Select"]) """ return self._get_connection().remove_privileges_from_group( - self._name, group_name, privileges + self._name, privilege_group, privileges )