From cbf2706bf14c043b57c1c4cee555813b9a25b53d Mon Sep 17 00:00:00 2001 From: yhmo Date: Tue, 19 Nov 2024 18:09:00 +0800 Subject: [PATCH] Add rbac enhancement interfaces for V2 Signed-off-by: yhmo --- .../io/milvus/v2/client/MilvusClientV2.java | 52 ++-- .../io/milvus/v2/service/rbac/Privilege.java | 10 + .../v2/service/rbac/PrivilegeGroup.java | 16 + .../milvus/v2/service/rbac/RBACService.java | 275 ++++++++++++++++++ .../milvus/v2/service/rbac/RoleService.java | 155 ---------- .../milvus/v2/service/rbac/UserService.java | 96 ------ .../rbac/request/AddPrivilegesToGroupReq.java | 17 ++ .../rbac/request/CreatePrivilegeGroupReq.java | 10 + .../rbac/request/DropPrivilegeGroupReq.java | 10 + .../rbac/request/ListPrivilegeGroupsReq.java | 9 + .../request/RemovePrivilegesFromGroupReq.java | 17 ++ .../response/ListPrivilegeGroupsResp.java | 15 + 12 files changed, 414 insertions(+), 268 deletions(-) create mode 100644 src/main/java/io/milvus/v2/service/rbac/Privilege.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/PrivilegeGroup.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/RBACService.java delete mode 100644 src/main/java/io/milvus/v2/service/rbac/RoleService.java delete mode 100644 src/main/java/io/milvus/v2/service/rbac/UserService.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/request/AddPrivilegesToGroupReq.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/request/CreatePrivilegeGroupReq.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/request/DropPrivilegeGroupReq.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/request/ListPrivilegeGroupsReq.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/request/RemovePrivilegesFromGroupReq.java create mode 100644 src/main/java/io/milvus/v2/service/rbac/response/ListPrivilegeGroupsResp.java diff --git a/src/main/java/io/milvus/v2/client/MilvusClientV2.java b/src/main/java/io/milvus/v2/client/MilvusClientV2.java index 8af250f01..af3f09694 100644 --- a/src/main/java/io/milvus/v2/client/MilvusClientV2.java +++ b/src/main/java/io/milvus/v2/client/MilvusClientV2.java @@ -42,8 +42,7 @@ import io.milvus.v2.service.index.response.*; import io.milvus.v2.service.partition.PartitionService; import io.milvus.v2.service.partition.request.*; -import io.milvus.v2.service.rbac.RoleService; -import io.milvus.v2.service.rbac.UserService; +import io.milvus.v2.service.rbac.RBACService; import io.milvus.v2.service.rbac.request.*; import io.milvus.v2.service.rbac.response.*; import io.milvus.v2.service.utility.UtilityService; @@ -73,8 +72,7 @@ public class MilvusClientV2 { private final IndexService indexService = new IndexService(); private final VectorService vectorService = new VectorService(); private final PartitionService partitionService = new PartitionService(); - private final UserService userService = new UserService(); - private final RoleService roleService = new RoleService(); + private final RBACService rbacService = new RBACService(); private final UtilityService utilityService = new UtilityService(); private ConnectConfig connectConfig; private RetryConfig retryConfig = RetryConfig.builder().build(); @@ -625,7 +623,7 @@ public void releasePartitions(ReleasePartitionsReq request) { * @return List of String usernames */ public List listUsers() { - return retry(()->userService.listUsers(this.getRpcStub())); + return retry(()->rbacService.listUsers(this.getRpcStub())); } /** * describe user @@ -634,7 +632,7 @@ public List listUsers() { * @return DescribeUserResp */ public DescribeUserResp describeUser(DescribeUserReq request) { - return retry(()->userService.describeUser(this.getRpcStub(), request)); + return retry(()->rbacService.describeUser(this.getRpcStub(), request)); } /** * create user @@ -642,7 +640,7 @@ public DescribeUserResp describeUser(DescribeUserReq request) { * @param request create user request */ public void createUser(CreateUserReq request) { - retry(()->userService.createUser(this.getRpcStub(), request)); + retry(()->rbacService.createUser(this.getRpcStub(), request)); } /** * change password @@ -650,7 +648,7 @@ public void createUser(CreateUserReq request) { * @param request change password request */ public void updatePassword(UpdatePasswordReq request) { - retry(()->userService.updatePassword(this.getRpcStub(), request)); + retry(()->rbacService.updatePassword(this.getRpcStub(), request)); } /** * drop user @@ -658,7 +656,7 @@ public void updatePassword(UpdatePasswordReq request) { * @param request drop user request */ public void dropUser(DropUserReq request) { - retry(()->userService.dropUser(this.getRpcStub(), request)); + retry(()->rbacService.dropUser(this.getRpcStub(), request)); } // role operations /** @@ -667,7 +665,7 @@ public void dropUser(DropUserReq request) { * @return List of String role names */ public List listRoles() { - return retry(()->roleService.listRoles(this.getRpcStub())); + return retry(()->rbacService.listRoles(this.getRpcStub())); } /** * describe role @@ -676,7 +674,7 @@ public List listRoles() { * @return DescribeRoleResp */ public DescribeRoleResp describeRole(DescribeRoleReq request) { - return retry(()->roleService.describeRole(this.getRpcStub(), request)); + return retry(()->rbacService.describeRole(this.getRpcStub(), request)); } /** * create role @@ -684,7 +682,7 @@ public DescribeRoleResp describeRole(DescribeRoleReq request) { * @param request create role request */ public void createRole(CreateRoleReq request) { - retry(()->roleService.createRole(this.getRpcStub(), request)); + retry(()->rbacService.createRole(this.getRpcStub(), request)); } /** * drop role @@ -692,7 +690,7 @@ public void createRole(CreateRoleReq request) { * @param request drop role request */ public void dropRole(DropRoleReq request) { - retry(()->roleService.dropRole(this.getRpcStub(), request)); + retry(()->rbacService.dropRole(this.getRpcStub(), request)); } /** * grant privilege @@ -700,7 +698,7 @@ public void dropRole(DropRoleReq request) { * @param request grant privilege request */ public void grantPrivilege(GrantPrivilegeReq request) { - retry(()->roleService.grantPrivilege(this.getRpcStub(), request)); + retry(()->rbacService.grantPrivilege(this.getRpcStub(), request)); } /** * revoke privilege @@ -708,7 +706,7 @@ public void grantPrivilege(GrantPrivilegeReq request) { * @param request revoke privilege request */ public void revokePrivilege(RevokePrivilegeReq request) { - retry(()->roleService.revokePrivilege(this.getRpcStub(), request)); + retry(()->rbacService.revokePrivilege(this.getRpcStub(), request)); } /** * grant role @@ -716,7 +714,7 @@ public void revokePrivilege(RevokePrivilegeReq request) { * @param request grant role request */ public void grantRole(GrantRoleReq request) { - retry(()->roleService.grantRole(this.getRpcStub(), request)); + retry(()->rbacService.grantRole(this.getRpcStub(), request)); } /** * revoke role @@ -724,7 +722,27 @@ public void grantRole(GrantRoleReq request) { * @param request revoke role request */ public void revokeRole(RevokeRoleReq request) { - retry(()->roleService.revokeRole(this.getRpcStub(), request)); + retry(()->rbacService.revokeRole(this.getRpcStub(), request)); + } + + public void createPrivilegeGroup(CreatePrivilegeGroupReq request) { + retry(()->rbacService.createPrivilegeGroup(this.getRpcStub(), request)); + } + + public void dropPrivilegeGroup(DropPrivilegeGroupReq request) { + retry(()->rbacService.dropPrivilegeGroup(this.getRpcStub(), request)); + } + + public ListPrivilegeGroupsResp listPrivilegeGroups(ListPrivilegeGroupsReq request) { + return retry(()->rbacService.listPrivilegeGroups(this.getRpcStub(), request)); + } + + public void addPrivilegesToGroup(AddPrivilegesToGroupReq request) { + retry(()->rbacService.addPrivilegesToGroup(this.getRpcStub(), request)); + } + + public void removePrivilegesFromGroup(RemovePrivilegesFromGroupReq request) { + retry(()->rbacService.removePrivilegesFromGroup(this.getRpcStub(), request)); } // Utility Operations diff --git a/src/main/java/io/milvus/v2/service/rbac/Privilege.java b/src/main/java/io/milvus/v2/service/rbac/Privilege.java new file mode 100644 index 000000000..76e9037af --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/Privilege.java @@ -0,0 +1,10 @@ +package io.milvus.v2.service.rbac; + +import lombok.Data; +import lombok.experimental.SuperBuilder; + +@Data +@SuperBuilder +public class Privilege { + private String name; +} diff --git a/src/main/java/io/milvus/v2/service/rbac/PrivilegeGroup.java b/src/main/java/io/milvus/v2/service/rbac/PrivilegeGroup.java new file mode 100644 index 000000000..d5bf04944 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/PrivilegeGroup.java @@ -0,0 +1,16 @@ +package io.milvus.v2.service.rbac; + +import lombok.Builder; +import lombok.Data; +import lombok.experimental.SuperBuilder; + +import java.util.ArrayList; +import java.util.List; + +@Data +@SuperBuilder +public class PrivilegeGroup { + private String groupName; + @Builder.Default + private List privileges = new ArrayList<>(); +} diff --git a/src/main/java/io/milvus/v2/service/rbac/RBACService.java b/src/main/java/io/milvus/v2/service/rbac/RBACService.java new file mode 100644 index 000000000..6046bcf07 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/RBACService.java @@ -0,0 +1,275 @@ +package io.milvus.v2.service.rbac; + +import io.milvus.grpc.*; +import io.milvus.v2.service.BaseService; +import io.milvus.v2.service.rbac.request.*; +import io.milvus.v2.service.rbac.response.DescribeRoleResp; +import io.milvus.v2.service.rbac.response.DescribeUserResp; +import io.milvus.v2.service.rbac.response.ListPrivilegeGroupsResp; + +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.Base64; +import java.util.List; +import java.util.stream.Collectors; + +public class RBACService extends BaseService { + public List listRoles(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub) { + String title = "listRoles"; + SelectRoleRequest request = SelectRoleRequest.newBuilder().build(); + SelectRoleResponse response = blockingStub.selectRole(request); + + rpcUtils.handleResponse(title, response.getStatus()); + return response.getResultsList().stream().map(roleResult -> roleResult.getRole().getName()).collect(Collectors.toList()); + } + + public Void createRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, CreateRoleReq request) { + String title = "createRole"; + CreateRoleRequest createRoleRequest = CreateRoleRequest.newBuilder() + .setEntity(RoleEntity.newBuilder() + .setName(request.getRoleName()) + .build()) + .build(); + Status status = blockingStub.createRole(createRoleRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + public DescribeRoleResp describeRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DescribeRoleReq request) { + String title = "describeRole"; + SelectGrantRequest selectGrantRequest = SelectGrantRequest.newBuilder() + .setEntity(GrantEntity.newBuilder() + .setRole(RoleEntity.newBuilder() + .setName(request.getRoleName()) + .build()) + .build()) + .build(); + SelectGrantResponse response = blockingStub.selectGrant(selectGrantRequest); + rpcUtils.handleResponse(title, response.getStatus()); + DescribeRoleResp describeRoleResp = DescribeRoleResp.builder() + .grantInfos(response.getEntitiesList().stream().map(grantEntity -> DescribeRoleResp.GrantInfo.builder() + .dbName(grantEntity.getDbName()) + .objectName(grantEntity.getObjectName()) + .objectType(grantEntity.getObject().getName()) + .privilege(grantEntity.getGrantor().getPrivilege().getName()) + .grantor(grantEntity.getGrantor().getUser().getName()) + .build()).collect(Collectors.toList())) + .build(); + return describeRoleResp; + } + + public Void dropRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DropRoleReq request) { + String title = "dropRole"; + DropRoleRequest dropRoleRequest = DropRoleRequest.newBuilder() + .setRoleName(request.getRoleName()) + .build(); + Status status = blockingStub.dropRole(dropRoleRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + public Void grantPrivilege(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, GrantPrivilegeReq request) { + String title = "grantPrivilege"; + GrantEntity entity = GrantEntity.newBuilder() + .setRole(RoleEntity.newBuilder() + .setName(request.getRoleName()) + .build()) + .setObjectName(request.getObjectName()) + .setObject(ObjectEntity.newBuilder().setName(request.getObjectType()).build()) + .setGrantor(GrantorEntity.newBuilder() + .setPrivilege(PrivilegeEntity.newBuilder().setName(request.getPrivilege()).build()).build()) + .build(); + OperatePrivilegeRequest operatePrivilegeRequest = OperatePrivilegeRequest.newBuilder() + .setEntity(entity) + .setType(OperatePrivilegeType.Grant) + .build(); + Status status = blockingStub.operatePrivilege(operatePrivilegeRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + public Void revokePrivilege(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, RevokePrivilegeReq request) { + String title = "revokePrivilege"; + GrantEntity entity = GrantEntity.newBuilder() + .setRole(RoleEntity.newBuilder() + .setName(request.getRoleName()) + .build()) + .setObjectName(request.getObjectName()) + .setObject(ObjectEntity.newBuilder().setName(request.getObjectType()).build()) + .setGrantor(GrantorEntity.newBuilder() + .setPrivilege(PrivilegeEntity.newBuilder().setName(request.getPrivilege()).build()).build()) + .build(); + OperatePrivilegeRequest operatePrivilegeRequest = OperatePrivilegeRequest.newBuilder() + .setEntity(entity) + .setType(OperatePrivilegeType.Revoke) + .build(); + Status status = blockingStub.operatePrivilege(operatePrivilegeRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + public Void grantRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, GrantRoleReq request) { + String title = "grantRole"; + OperateUserRoleRequest operateUserRoleRequest = OperateUserRoleRequest.newBuilder() + .setUsername(request.getUserName()) + .setRoleName(request.getRoleName()) + .setType(OperateUserRoleType.AddUserToRole) + .build(); + Status status = blockingStub.operateUserRole(operateUserRoleRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + public Void revokeRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, RevokeRoleReq request) { + String title = "grantRole"; + OperateUserRoleRequest operateUserRoleRequest = OperateUserRoleRequest.newBuilder() + .setUsername(request.getUserName()) + .setRoleName(request.getRoleName()) + .setType(OperateUserRoleType.RemoveUserFromRole) + .build(); + Status status = blockingStub.operateUserRole(operateUserRoleRequest); + rpcUtils.handleResponse(title, status); + + return null; + } + + //////////////////////////////////////////////////////////////////////////////////////////////////////////// + public List listUsers(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub) { + String title = "list users"; + ListCredUsersRequest request = ListCredUsersRequest.newBuilder().build(); + ListCredUsersResponse response = blockingStub.listCredUsers(request); + rpcUtils.handleResponse(title, response.getStatus()); + return response.getUsernamesList(); + } + + public DescribeUserResp describeUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DescribeUserReq request) { + String title = String.format("describe user %s", request.getUserName()); + // TODO: check user exists + SelectUserRequest selectUserRequest = SelectUserRequest.newBuilder() + .setUser(UserEntity.newBuilder().setName(request.getUserName()).build()) + .setIncludeRoleInfo(Boolean.TRUE) + .build(); + io.milvus.grpc.SelectUserResponse response = blockingStub.selectUser(selectUserRequest); + rpcUtils.handleResponse(title, response.getStatus()); + DescribeUserResp describeUserResp = DescribeUserResp.builder() + .roles(response.getResultsList().isEmpty()? null : response.getResultsList().get(0).getRolesList().stream().map(RoleEntity::getName).collect(Collectors.toList())) + .build(); + return describeUserResp; + } + + public Void createUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, CreateUserReq request) { + String title = String.format("create user %s", request.getUserName()); + CreateCredentialRequest createCredentialRequest = CreateCredentialRequest.newBuilder() + .setUsername(request.getUserName()) + .setPassword(Base64.getEncoder().encodeToString(request.getPassword().getBytes(StandardCharsets.UTF_8))) + .build(); + Status response = blockingStub.createCredential(createCredentialRequest); + rpcUtils.handleResponse(title, response); + + return null; + } + + + public Void updatePassword(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, UpdatePasswordReq request) { + String title = String.format("update password for user %s", request.getUserName()); + UpdateCredentialRequest updateCredentialRequest = UpdateCredentialRequest.newBuilder() + .setUsername(request.getUserName()) + .setOldPassword(Base64.getEncoder().encodeToString(request.getPassword().getBytes(StandardCharsets.UTF_8))) + .setNewPassword(Base64.getEncoder().encodeToString(request.getNewPassword().getBytes(StandardCharsets.UTF_8))) + .build(); + Status response = blockingStub.updateCredential(updateCredentialRequest); + rpcUtils.handleResponse(title, response); + + return null; + } + + public Void dropUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DropUserReq request) { + String title = String.format("drop user %s", request.getUserName()); + DeleteCredentialRequest deleteCredentialRequest = DeleteCredentialRequest.newBuilder() + .setUsername(request.getUserName()) + .build(); + Status response = blockingStub.deleteCredential(deleteCredentialRequest); + rpcUtils.handleResponse(title, response); + + return null; + } + + //////////////////////////////////////////////////////////////////////////////////////////////////////////// + public Void createPrivilegeGroup(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, CreatePrivilegeGroupReq request) { + String title = String.format("create privilege group %s", request.getGroupName()); + CreatePrivilegeGroupRequest createPrivilegeGroupRequest = CreatePrivilegeGroupRequest.newBuilder() + .setGroupName(request.getGroupName()) + .build(); + Status response = blockingStub.createPrivilegeGroup(createPrivilegeGroupRequest); + rpcUtils.handleResponse(title, response); + + return null; + } + + public Void dropPrivilegeGroup(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DropPrivilegeGroupReq request) { + String title = String.format("drop privilege group %s", request.getGroupName()); + DropPrivilegeGroupRequest dropPrivilegeGroupRequest = DropPrivilegeGroupRequest.newBuilder() + .setGroupName(request.getGroupName()) + .build(); + Status response = blockingStub.dropPrivilegeGroup(dropPrivilegeGroupRequest); + rpcUtils.handleResponse(title, response); + + return null; + } + + public ListPrivilegeGroupsResp listPrivilegeGroups(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, ListPrivilegeGroupsReq request) { + String title = "list privilege groups"; + ListPrivilegeGroupsRequest listPrivilegeGroupsRequest = ListPrivilegeGroupsRequest.newBuilder() + .build(); + ListPrivilegeGroupsResponse response = blockingStub.listPrivilegeGroups(listPrivilegeGroupsRequest); + rpcUtils.handleResponse(title, response.getStatus()); + + List privilegeGroups = new ArrayList<>(); + response.getPrivilegeGroupsList().forEach((privilegeGroupInfo)->{ + List privileges = new ArrayList<>(); + privilegeGroupInfo.getPrivilegesList().forEach((privilege)->{ + privileges.add(Privilege.builder().name(privilege.getName()).build()); + }); + privilegeGroups.add(PrivilegeGroup.builder().privileges(privileges).build()); + }); + + return ListPrivilegeGroupsResp.builder() + .privilegeGroups(privilegeGroups) + .build(); + } + + public Void addPrivilegesToGroup(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, AddPrivilegesToGroupReq request) { + String title = String.format("add privilege to group %s", request.getGroupName()); + OperatePrivilegeGroupRequest.Builder builder = OperatePrivilegeGroupRequest.newBuilder() + .setGroupName(request.getGroupName()) + .setType(OperatePrivilegeGroupType.AddPrivilegesToGroup); + for (Privilege privilege : request.getPrivileges()) { + builder.addPrivileges(PrivilegeEntity.newBuilder().setName(privilege.getName()).build()); + } + + Status response = blockingStub.operatePrivilegeGroup(builder.build()); + rpcUtils.handleResponse(title, response); + + return null; + } + + public Void removePrivilegesFromGroup(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, RemovePrivilegesFromGroupReq request) { + String title = String.format("remove privilege from group %s", request.getGroupName()); + OperatePrivilegeGroupRequest.Builder builder = OperatePrivilegeGroupRequest.newBuilder() + .setGroupName(request.getGroupName()) + .setType(OperatePrivilegeGroupType.RemovePrivilegesFromGroup); + for (Privilege privilege : request.getPrivileges()) { + builder.addPrivileges(PrivilegeEntity.newBuilder().setName(privilege.getName()).build()); + } + + Status response = blockingStub.operatePrivilegeGroup(builder.build()); + rpcUtils.handleResponse(title, response); + + return null; + } +} diff --git a/src/main/java/io/milvus/v2/service/rbac/RoleService.java b/src/main/java/io/milvus/v2/service/rbac/RoleService.java deleted file mode 100644 index 98047571c..000000000 --- a/src/main/java/io/milvus/v2/service/rbac/RoleService.java +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package io.milvus.v2.service.rbac; - -import io.milvus.grpc.*; -import io.milvus.v2.service.BaseService; -import io.milvus.v2.service.rbac.request.*; -import io.milvus.v2.service.rbac.response.DescribeRoleResp; - -import java.util.List; -import java.util.stream.Collectors; - -public class RoleService extends BaseService { - - public List listRoles(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub) { - String title = "listRoles"; - SelectRoleRequest request = SelectRoleRequest.newBuilder().build(); - SelectRoleResponse response = blockingStub.selectRole(request); - - rpcUtils.handleResponse(title, response.getStatus()); - return response.getResultsList().stream().map(roleResult -> roleResult.getRole().getName()).collect(Collectors.toList()); - } - - public Void createRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, CreateRoleReq request) { - String title = "createRole"; - CreateRoleRequest createRoleRequest = CreateRoleRequest.newBuilder() - .setEntity(RoleEntity.newBuilder() - .setName(request.getRoleName()) - .build()) - .build(); - Status status = blockingStub.createRole(createRoleRequest); - rpcUtils.handleResponse(title, status); - - return null; - } - - public DescribeRoleResp describeRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DescribeRoleReq request) { - String title = "describeRole"; - SelectGrantRequest selectGrantRequest = SelectGrantRequest.newBuilder() - .setEntity(GrantEntity.newBuilder() - .setRole(RoleEntity.newBuilder() - .setName(request.getRoleName()) - .build()) - .build()) - .build(); - SelectGrantResponse response = blockingStub.selectGrant(selectGrantRequest); - rpcUtils.handleResponse(title, response.getStatus()); - DescribeRoleResp describeRoleResp = DescribeRoleResp.builder() - .grantInfos(response.getEntitiesList().stream().map(grantEntity -> DescribeRoleResp.GrantInfo.builder() - .dbName(grantEntity.getDbName()) - .objectName(grantEntity.getObjectName()) - .objectType(grantEntity.getObject().getName()) - .privilege(grantEntity.getGrantor().getPrivilege().getName()) - .grantor(grantEntity.getGrantor().getUser().getName()) - .build()).collect(Collectors.toList())) - .build(); - return describeRoleResp; - } - - public Void dropRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DropRoleReq request) { - String title = "dropRole"; - DropRoleRequest dropRoleRequest = DropRoleRequest.newBuilder() - .setRoleName(request.getRoleName()) - .build(); - Status status = blockingStub.dropRole(dropRoleRequest); - rpcUtils.handleResponse(title, status); - - return null; - } - - public Void grantPrivilege(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, GrantPrivilegeReq request) { - String title = "grantPrivilege"; - GrantEntity entity = GrantEntity.newBuilder() - .setRole(RoleEntity.newBuilder() - .setName(request.getRoleName()) - .build()) - .setObjectName(request.getObjectName()) - .setObject(ObjectEntity.newBuilder().setName(request.getObjectType()).build()) - .setGrantor(GrantorEntity.newBuilder() - .setPrivilege(PrivilegeEntity.newBuilder().setName(request.getPrivilege()).build()).build()) - .build(); - OperatePrivilegeRequest operatePrivilegeRequest = OperatePrivilegeRequest.newBuilder() - .setEntity(entity) - .setType(OperatePrivilegeType.Grant) - .build(); - Status status = blockingStub.operatePrivilege(operatePrivilegeRequest); - rpcUtils.handleResponse(title, status); - - return null; - } - - public Void revokePrivilege(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, RevokePrivilegeReq request) { - String title = "revokePrivilege"; - GrantEntity entity = GrantEntity.newBuilder() - .setRole(RoleEntity.newBuilder() - .setName(request.getRoleName()) - .build()) - .setObjectName(request.getObjectName()) - .setObject(ObjectEntity.newBuilder().setName(request.getObjectType()).build()) - .setGrantor(GrantorEntity.newBuilder() - .setPrivilege(PrivilegeEntity.newBuilder().setName(request.getPrivilege()).build()).build()) - .build(); - OperatePrivilegeRequest operatePrivilegeRequest = OperatePrivilegeRequest.newBuilder() - .setEntity(entity) - .setType(OperatePrivilegeType.Revoke) - .build(); - Status status = blockingStub.operatePrivilege(operatePrivilegeRequest); - rpcUtils.handleResponse(title, status); - - return null; - } - - public Void grantRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, GrantRoleReq request) { - String title = "grantRole"; - OperateUserRoleRequest operateUserRoleRequest = OperateUserRoleRequest.newBuilder() - .setUsername(request.getUserName()) - .setRoleName(request.getRoleName()) - .setType(OperateUserRoleType.AddUserToRole) - .build(); - Status status = blockingStub.operateUserRole(operateUserRoleRequest); - rpcUtils.handleResponse(title, status); - - return null; - } - - public Void revokeRole(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, RevokeRoleReq request) { - String title = "grantRole"; - OperateUserRoleRequest operateUserRoleRequest = OperateUserRoleRequest.newBuilder() - .setUsername(request.getUserName()) - .setRoleName(request.getRoleName()) - .setType(OperateUserRoleType.RemoveUserFromRole) - .build(); - Status status = blockingStub.operateUserRole(operateUserRoleRequest); - rpcUtils.handleResponse(title, status); - - return null; - } -} diff --git a/src/main/java/io/milvus/v2/service/rbac/UserService.java b/src/main/java/io/milvus/v2/service/rbac/UserService.java deleted file mode 100644 index dfbce02f5..000000000 --- a/src/main/java/io/milvus/v2/service/rbac/UserService.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package io.milvus.v2.service.rbac; - -import io.milvus.grpc.*; -import io.milvus.v2.service.BaseService; -import io.milvus.v2.service.rbac.request.CreateUserReq; -import io.milvus.v2.service.rbac.request.DescribeUserReq; -import io.milvus.v2.service.rbac.request.DropUserReq; -import io.milvus.v2.service.rbac.request.UpdatePasswordReq; -import io.milvus.v2.service.rbac.response.DescribeUserResp; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import java.util.List; -import java.util.stream.Collectors; - -public class UserService extends BaseService { - - public List listUsers(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub) { - String title = "list users"; - ListCredUsersRequest request = ListCredUsersRequest.newBuilder().build(); - ListCredUsersResponse response = blockingStub.listCredUsers(request); - rpcUtils.handleResponse(title, response.getStatus()); - return response.getUsernamesList(); - } - - public DescribeUserResp describeUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DescribeUserReq request) { - String title = String.format("describe user %s", request.getUserName()); - // TODO: check user exists - SelectUserRequest selectUserRequest = SelectUserRequest.newBuilder() - .setUser(UserEntity.newBuilder().setName(request.getUserName()).build()) - .setIncludeRoleInfo(Boolean.TRUE) - .build(); - io.milvus.grpc.SelectUserResponse response = blockingStub.selectUser(selectUserRequest); - rpcUtils.handleResponse(title, response.getStatus()); - DescribeUserResp describeUserResp = DescribeUserResp.builder() - .roles(response.getResultsList().isEmpty()? null : response.getResultsList().get(0).getRolesList().stream().map(RoleEntity::getName).collect(Collectors.toList())) - .build(); - return describeUserResp; - } - - public Void createUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, CreateUserReq request) { - String title = String.format("create user %s", request.getUserName()); - CreateCredentialRequest createCredentialRequest = CreateCredentialRequest.newBuilder() - .setUsername(request.getUserName()) - .setPassword(Base64.getEncoder().encodeToString(request.getPassword().getBytes(StandardCharsets.UTF_8))) - .build(); - Status response = blockingStub.createCredential(createCredentialRequest); - rpcUtils.handleResponse(title, response); - - return null; - } - - - public Void updatePassword(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, UpdatePasswordReq request) { - String title = String.format("update password for user %s", request.getUserName()); - UpdateCredentialRequest updateCredentialRequest = UpdateCredentialRequest.newBuilder() - .setUsername(request.getUserName()) - .setOldPassword(Base64.getEncoder().encodeToString(request.getPassword().getBytes(StandardCharsets.UTF_8))) - .setNewPassword(Base64.getEncoder().encodeToString(request.getNewPassword().getBytes(StandardCharsets.UTF_8))) - .build(); - Status response = blockingStub.updateCredential(updateCredentialRequest); - rpcUtils.handleResponse(title, response); - - return null; - } - - public Void dropUser(MilvusServiceGrpc.MilvusServiceBlockingStub blockingStub, DropUserReq request) { - String title = String.format("drop user %s", request.getUserName()); - DeleteCredentialRequest deleteCredentialRequest = DeleteCredentialRequest.newBuilder() - .setUsername(request.getUserName()) - .build(); - Status response = blockingStub.deleteCredential(deleteCredentialRequest); - rpcUtils.handleResponse(title, response); - - return null; - } -} diff --git a/src/main/java/io/milvus/v2/service/rbac/request/AddPrivilegesToGroupReq.java b/src/main/java/io/milvus/v2/service/rbac/request/AddPrivilegesToGroupReq.java new file mode 100644 index 000000000..580b8e56a --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/request/AddPrivilegesToGroupReq.java @@ -0,0 +1,17 @@ +package io.milvus.v2.service.rbac.request; + +import io.milvus.v2.service.rbac.Privilege; +import lombok.Builder; +import lombok.Data; +import lombok.experimental.SuperBuilder; + +import java.util.ArrayList; +import java.util.List; + +@Data +@SuperBuilder +public class AddPrivilegesToGroupReq { + private String groupName; + @Builder.Default + private List privileges = new ArrayList<>(); +} diff --git a/src/main/java/io/milvus/v2/service/rbac/request/CreatePrivilegeGroupReq.java b/src/main/java/io/milvus/v2/service/rbac/request/CreatePrivilegeGroupReq.java new file mode 100644 index 000000000..4ef8169e5 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/request/CreatePrivilegeGroupReq.java @@ -0,0 +1,10 @@ +package io.milvus.v2.service.rbac.request; + +import lombok.Data; +import lombok.experimental.SuperBuilder; + +@Data +@SuperBuilder +public class CreatePrivilegeGroupReq { + private String groupName; +} diff --git a/src/main/java/io/milvus/v2/service/rbac/request/DropPrivilegeGroupReq.java b/src/main/java/io/milvus/v2/service/rbac/request/DropPrivilegeGroupReq.java new file mode 100644 index 000000000..88bcf1edb --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/request/DropPrivilegeGroupReq.java @@ -0,0 +1,10 @@ +package io.milvus.v2.service.rbac.request; + +import lombok.Data; +import lombok.experimental.SuperBuilder; + +@Data +@SuperBuilder +public class DropPrivilegeGroupReq { + private String groupName; +} diff --git a/src/main/java/io/milvus/v2/service/rbac/request/ListPrivilegeGroupsReq.java b/src/main/java/io/milvus/v2/service/rbac/request/ListPrivilegeGroupsReq.java new file mode 100644 index 000000000..60742f3b8 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/request/ListPrivilegeGroupsReq.java @@ -0,0 +1,9 @@ +package io.milvus.v2.service.rbac.request; + +import lombok.Data; +import lombok.experimental.SuperBuilder; + +@Data +@SuperBuilder +public class ListPrivilegeGroupsReq { +} diff --git a/src/main/java/io/milvus/v2/service/rbac/request/RemovePrivilegesFromGroupReq.java b/src/main/java/io/milvus/v2/service/rbac/request/RemovePrivilegesFromGroupReq.java new file mode 100644 index 000000000..3e877a161 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/request/RemovePrivilegesFromGroupReq.java @@ -0,0 +1,17 @@ +package io.milvus.v2.service.rbac.request; + +import io.milvus.v2.service.rbac.Privilege; +import lombok.Builder; +import lombok.Data; +import lombok.experimental.SuperBuilder; + +import java.util.ArrayList; +import java.util.List; + +@Data +@SuperBuilder +public class RemovePrivilegesFromGroupReq { + private String groupName; + @Builder.Default + private List privileges = new ArrayList<>(); +} diff --git a/src/main/java/io/milvus/v2/service/rbac/response/ListPrivilegeGroupsResp.java b/src/main/java/io/milvus/v2/service/rbac/response/ListPrivilegeGroupsResp.java new file mode 100644 index 000000000..a888820a0 --- /dev/null +++ b/src/main/java/io/milvus/v2/service/rbac/response/ListPrivilegeGroupsResp.java @@ -0,0 +1,15 @@ +package io.milvus.v2.service.rbac.response; + +import io.milvus.v2.service.rbac.PrivilegeGroup; +import lombok.Builder; +import lombok.Data; +import lombok.experimental.SuperBuilder; + +import java.util.*; + +@Data +@SuperBuilder +public class ListPrivilegeGroupsResp { + @Builder.Default + private List privilegeGroups = new ArrayList<>(); +}