enhance: [2.4] RBAC privielge group and grant v2 api

client/client.go

@@ -86,6 +86,17 @@ type Client interface {
 	BackupRBAC(ctx context.Context) (*entity.RBACMeta, error)
 	RestoreRBAC(ctx context.Context, meta *entity.RBACMeta) error
 
+	// CreatePrivilegeGroup creates a privilege group
+	CreatePrivilegeGroup(ctx context.Context, groupName string) error
+	// DropPrivilegeGroup drops the specified privilege group
+	DropPrivilegeGroup(ctx context.Context, groupName string) error
+	// ListPrivilegeGroups lists all privilege groups
+	ListPrivilegeGroups(ctx context.Context) ([]*entity.PrivilegeGroup, error)
+	// AddPrivilegeToGroup adds privileges to a privilege group
+	AddPrivilegesToGroup(ctx context.Context, groupName string, privileges []string) error
+	// RemovePrivilegesFromGroup removes privileges from a privilege group
+	RemovePrivilegesFromGroup(ctx context.Context, groupName string, privileges []string) error
+
 	// -- authentication --
 
 	// CreateCredential create new user and password
@@ -215,6 +226,10 @@ type Client interface {
 	Grant(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, options ...entity.OperatePrivilegeOption) error
 	// Revoke removes privilege from role.
 	Revoke(ctx context.Context, role string, objectType entity.PriviledgeObjectType, object string, privilege string, options ...entity.OperatePrivilegeOption) error
+	// GrantV2 adds privilege for role.
+	GrantV2(ctx context.Context, role string, privilege string, dbName string, colName string) error
+	// RevokeV2 removes privilege from role.
+	RevokeV2(ctx context.Context, role string, privilege string, dbName string, colName string) error
 
 	// GetLoadingProgress get the collection or partitions loading progress
 	GetLoadingProgress(ctx context.Context, collectionName string, partitionNames []string) (int64, error)

client/client_mock_test.go

@@ -256,6 +256,7 @@ const (
 	MAlterCollection         ServiceMethod = 109
 	MGetLoadingProgress      ServiceMethod = 110
 	MGetLoadState            ServiceMethod = 111
+	MOperatePrivilegeV2      ServiceMethod = 112
 
 	MCreatePartition   ServiceMethod = 201
 	MDropPartition     ServiceMethod = 202
@@ -312,6 +313,11 @@ const (
 	MReplicateMessage ServiceMethod = 1100
 	MBackupRBAC       ServiceMethod = 1101
 	MRestoreRBAC      ServiceMethod = 1102
+
+	MCreatePrivilegeGroup  ServiceMethod = 1200
+	MDropPrivilegeGroup    ServiceMethod = 1201
+	MListPrivilegeGroups   ServiceMethod = 1202
+	MOperatePrivilegeGroup ServiceMethod = 1203
 )
 
 // injection function definition
@@ -495,6 +501,15 @@ func (m *MockServer) AlterCollection(ctx context.Context, req *milvuspb.AlterCol
 	return SuccessStatus()
 }
 
+func (m *MockServer) OperatePrivilegeV2(ctx context.Context, req *milvuspb.OperatePrivilegeV2Request) (*commonpb.Status, error) {
+	f := m.GetInjection(MOperatePrivilegeV2)
+	if f != nil {
+		r, err := f(ctx, req)
+		return r.(*commonpb.Status), err
+	}
+	return SuccessStatus()
+}
+
 func (m *MockServer) CreatePartition(ctx context.Context, req *milvuspb.CreatePartitionRequest) (*commonpb.Status, error) {
 	f := m.GetInjection(MCreatePartition)
 	if f != nil {
@@ -1079,3 +1094,40 @@ func (m *MockServer) RestoreRBAC(ctx context.Context, req *milvuspb.RestoreRBACM
 	}
 	return SuccessStatus()
 }
+
+func (m *MockServer) CreatePrivilegeGroup(ctx context.Context, req *milvuspb.CreatePrivilegeGroupRequest) (*commonpb.Status, error) {
+	f := m.GetInjection(MCreatePrivilegeGroup)
+	if f != nil {
+		r, err := f(ctx, req)
+		return r.(*commonpb.Status), err
+	}
+	return SuccessStatus()
+}
+
+func (m *MockServer) DropPrivilegeGroup(ctx context.Context, req *milvuspb.DropPrivilegeGroupRequest) (*commonpb.Status, error) {
+	f := m.GetInjection(MDropPrivilegeGroup)
+	if f != nil {
+		r, err := f(ctx, req)
+		return r.(*commonpb.Status), err
+	}
+	return SuccessStatus()
+}
+
+func (m *MockServer) ListPrivilegeGroups(ctx context.Context, req *milvuspb.ListPrivilegeGroupsRequest) (*milvuspb.ListPrivilegeGroupsResponse, error) {
+	f := m.GetInjection(MListPrivilegeGroups)
+	if f != nil {
+		r, err := f(ctx, req)
+		return r.(*milvuspb.ListPrivilegeGroupsResponse), err
+	}
+	s, err := SuccessStatus()
+	return &milvuspb.ListPrivilegeGroupsResponse{Status: s}, err
+}
+
+func (m *MockServer) OperatePrivilegeGroup(ctx context.Context, req *milvuspb.OperatePrivilegeGroupRequest) (*commonpb.Status, error) {
+	f := m.GetInjection(MOperatePrivilegeGroup)
+	if f != nil {
+		r, err := f(ctx, req)
+		return r.(*commonpb.Status), err
+	}
+	return SuccessStatus()
+}

client/rbac.go

@@ -393,6 +393,62 @@ func (c *GrpcClient) Revoke(ctx context.Context, role string, objectType entity.
 	return handleRespStatus(resp)
 }
 
+// GrantV2 adds object privilege for role without object type
+func (c *GrpcClient) GrantV2(ctx context.Context, role string, privilege string, dbName string, colName string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	req := &milvuspb.OperatePrivilegeV2Request{
+		Role: &milvuspb.RoleEntity{
+			Name: role,
+		},
+		Grantor: &milvuspb.GrantorEntity{
+			Privilege: &milvuspb.PrivilegeEntity{
+				Name: privilege,
+			},
+		},
+		Type:           milvuspb.OperatePrivilegeType_Grant,
+		DbName:         dbName,
+		CollectionName: colName,
+	}
+
+	resp, err := c.Service.OperatePrivilegeV2(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}
+
+// Revoke removes privilege from role without object type
+func (c *GrpcClient) RevokeV2(ctx context.Context, role string, privilege string, dbName string, colName string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	req := &milvuspb.OperatePrivilegeV2Request{
+		Role: &milvuspb.RoleEntity{
+			Name: role,
+		},
+		Grantor: &milvuspb.GrantorEntity{
+			Privilege: &milvuspb.PrivilegeEntity{
+				Name: privilege,
+			},
+		},
+		Type:           milvuspb.OperatePrivilegeType_Revoke,
+		DbName:         dbName,
+		CollectionName: colName,
+	}
+
+	resp, err := c.Service.OperatePrivilegeV2(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}
+
 func (c *GrpcClient) BackupRBAC(ctx context.Context) (*entity.RBACMeta, error) {
 	if c.Service == nil {
 		return nil, ErrClientNotReady
@@ -521,3 +577,127 @@ func (c *GrpcClient) RestoreRBAC(ctx context.Context, meta *entity.RBACMeta) err
 
 	return handleRespStatus(resp)
 }
+
+func (c *GrpcClient) CreatePrivilegeGroup(ctx context.Context, groupName string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	req := &milvuspb.CreatePrivilegeGroupRequest{
+		GroupName: groupName,
+	}
+
+	resp, err := c.Service.CreatePrivilegeGroup(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}
+
+func (c *GrpcClient) DropPrivilegeGroup(ctx context.Context, groupName string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	req := &milvuspb.DropPrivilegeGroupRequest{
+		GroupName: groupName,
+	}
+
+	resp, err := c.Service.DropPrivilegeGroup(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}
+
+func (c *GrpcClient) ListPrivilegeGroups(ctx context.Context) ([]*entity.PrivilegeGroup, error) {
+	PrivilegeGroupList := make([]*entity.PrivilegeGroup, 0)
+	if c.Service == nil {
+		return PrivilegeGroupList, ErrClientNotReady
+	}
+
+	req := &milvuspb.ListPrivilegeGroupsRequest{}
+
+	resp, err := c.Service.ListPrivilegeGroups(ctx, req)
+	if err != nil {
+		return PrivilegeGroupList, err
+	}
+
+	if err = handleRespStatus(resp.GetStatus()); err != nil {
+		return PrivilegeGroupList, err
+	}
+
+	results := resp.GetPrivilegeGroups()
+
+	if len(results) == 0 {
+		return PrivilegeGroupList, nil
+	}
+
+	for _, pg := range results {
+		privs := make([]string, 0, len(pg.Privileges))
+		for _, p := range pg.Privileges {
+			privs = append(privs, p.GetName())
+		}
+		PrivilegeGroup := &entity.PrivilegeGroup{
+			GroupName:  pg.GroupName,
+			Privileges: privs,
+		}
+		PrivilegeGroupList = append(PrivilegeGroupList, PrivilegeGroup)
+	}
+
+	return PrivilegeGroupList, nil
+}
+
+func (c *GrpcClient) AddPrivilegesToGroup(ctx context.Context, groupName string, privileges []string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	privs := make([]*milvuspb.PrivilegeEntity, 0, len(privileges))
+	for _, p := range privileges {
+		privs = append(privs, &milvuspb.PrivilegeEntity{
+			Name: p,
+		})
+	}
+
+	req := &milvuspb.OperatePrivilegeGroupRequest{
+		GroupName:  groupName,
+		Privileges: privs,
+		Type:       milvuspb.OperatePrivilegeGroupType_AddPrivilegesToGroup,
+	}
+
+	resp, err := c.Service.OperatePrivilegeGroup(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}
+
+func (c *GrpcClient) RemovePrivilegesFromGroup(ctx context.Context, groupName string, privileges []string) error {
+	if c.Service == nil {
+		return ErrClientNotReady
+	}
+
+	privs := make([]*milvuspb.PrivilegeEntity, 0, len(privileges))
+	for _, p := range privileges {
+		privs = append(privs, &milvuspb.PrivilegeEntity{
+			Name: p,
+		})
+	}
+
+	req := &milvuspb.OperatePrivilegeGroupRequest{
+		GroupName:  groupName,
+		Privileges: privs,
+		Type:       milvuspb.OperatePrivilegeGroupType_RemovePrivilegesFromGroup,
+	}
+
+	resp, err := c.Service.OperatePrivilegeGroup(ctx, req)
+	if err != nil {
+		return err
+	}
+
+	return handleRespStatus(resp)
+}

entity/rbac.go

@@ -72,3 +72,8 @@ type RBACMeta struct {
 	Roles      []*Role
 	RoleGrants []*RoleGrants
 }
+
+type PrivilegeGroup struct {
+	GroupName  string
+	Privileges []string
+}

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/go-faker/faker/v4 v4.1.0
 	github.com/golang/protobuf v1.5.2
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
-	github.com/milvus-io/milvus-proto/go-api/v2 v2.4.10-0.20240819025435-512e3b98866a
+	github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17-0.20241120092224-a1c2ac2fd2c1
 	github.com/stretchr/testify v1.8.1
 	github.com/tidwall/gjson v1.14.4
 	github.com/x448/float16 v0.8.4
@@ -22,6 +22,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/getsentry/sentry-go v0.12.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect

go.sum

@@ -99,8 +99,9 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -157,8 +158,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/mediocregopher/radix/v3 v3.4.2/go.mod h1:8FL3F6UQRXHXIBSPUs5h0RybMF8i4n7wVopoX3x7Bv8=
 github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
-github.com/milvus-io/milvus-proto/go-api/v2 v2.4.10-0.20240819025435-512e3b98866a h1:0B/8Fo66D8Aa23Il0yrQvg1KKz92tE/BJ5BvkUxxAAk=
-github.com/milvus-io/milvus-proto/go-api/v2 v2.4.10-0.20240819025435-512e3b98866a/go.mod h1:1OIl0v5PQeNxIJhCvY+K55CBUOYDZevw9g9380u1Wek=
+github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17-0.20241120092224-a1c2ac2fd2c1 h1:WLm5qrm6vPAnuhrKcA0htuaDboG5YOvgzfZgMKEzsGc=
+github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17-0.20241120092224-a1c2ac2fd2c1/go.mod h1:/6UT4zZl6awVeXLeE7UGDWZvXj3IWkRsh3mqsn0DiAs=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -289,7 +290,6 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
@@ -332,9 +332,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -375,7 +373,6 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=