Add RBAC for FlushAll (#24751)

Signed-off-by: bigsheeper <yihao.dai@zilliz.com>
This commit is contained in:
yihao.dai 2023-06-08 20:28:35 +08:00 committed by GitHub
parent b77bee6708
commit 2086b4f75d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 119 additions and 49 deletions

2
go.mod
View File

@ -23,7 +23,7 @@ require (
github.com/klauspost/compress v1.16.5
github.com/lingdor/stackerror v0.0.0-20191119040541-976d8885ed76
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230531124827-410c849303a9
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230608062631-c453ef1b870a
github.com/minio/minio-go/v7 v7.0.17
github.com/nats-io/nats-server/v2 v2.9.17
github.com/nats-io/nats.go v1.24.0

2
go.sum
View File

@ -583,6 +583,8 @@ github.com/milvus-io/gorocksdb v0.0.0-20220624081344-8c5f4212846b h1:TfeY0NxYxZz
github.com/milvus-io/gorocksdb v0.0.0-20220624081344-8c5f4212846b/go.mod h1:iwW+9cWfIzzDseEBCCeDSN5SD16Tidvy8cwQ7ZY8Qj4=
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230531124827-410c849303a9 h1:l4UDSKK29zXAg5+oqa4eAZaAfRHsyFsij3QPxu1tqvk=
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230531124827-410c849303a9/go.mod h1:148qnlmZ0Fdm1Fq+Mj/OW2uDoEP25g3mjh0vMGtkgmk=
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230608062631-c453ef1b870a h1:kAQIZ883jq7ZypLibJZfA5NSPDKalaOhvt8qBR1VWSc=
github.com/milvus-io/milvus-proto/go-api v0.0.0-20230608062631-c453ef1b870a/go.mod h1:148qnlmZ0Fdm1Fq+Mj/OW2uDoEP25g3mjh0vMGtkgmk=
github.com/milvus-io/pulsar-client-go v0.6.10 h1:eqpJjU+/QX0iIhEo3nhOqMNXL+TyInAs1IAHZCrCM/A=
github.com/milvus-io/pulsar-client-go v0.6.10/go.mod h1:lQqCkgwDF8YFYjKA+zOheTk1tev2B+bKj5j7+nm8M1w=
github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 h1:AMFGa4R4MiIpspGNG7Z948v4n35fFGB3RR3G/ry4FWs=

View File

@ -522,7 +522,7 @@ const char descriptor_table_protodef_common_2eproto[] PROTOBUF_SECTION_VARIABLE(
"\n\n\006Sealed\020\003\022\013\n\007Flushed\020\004\022\014\n\010Flushing\020\005\022\013"
"\n\007Dropped\020\006\022\r\n\tImporting\020\007*>\n\017Placeholde"
"rType\022\010\n\004None\020\000\022\020\n\014BinaryVector\020d\022\017\n\013Flo"
"atVector\020e*\343\017\n\007MsgType\022\r\n\tUndefined\020\000\022\024\n"
"atVector\020e*\237\020\n\007MsgType\022\r\n\tUndefined\020\000\022\024\n"
"\020CreateCollection\020d\022\022\n\016DropCollection\020e\022"
"\021\n\rHasCollection\020f\022\026\n\022DescribeCollection"
"\020g\022\023\n\017ShowCollections\020h\022\024\n\020GetSystemConf"
@ -572,57 +572,62 @@ const char descriptor_table_protodef_common_2eproto[] PROTOBUF_SECTION_VARIABLE(
"olicy\020\311\014\022\030\n\023CreateResourceGroup\020\244\r\022\026\n\021Dr"
"opResourceGroup\020\245\r\022\027\n\022ListResourceGroups"
"\020\246\r\022\032\n\025DescribeResourceGroup\020\247\r\022\021\n\014Trans"
"ferNode\020\250\r\022\024\n\017TransferReplica\020\251\r*\"\n\007DslT"
"ype\022\007\n\003Dsl\020\000\022\016\n\nBoolExprV1\020\001*B\n\017Compacti"
"onState\022\021\n\rUndefiedState\020\000\022\r\n\tExecuting\020"
"\001\022\r\n\tCompleted\020\002*X\n\020ConsistencyLevel\022\n\n\006"
"Strong\020\000\022\013\n\007Session\020\001\022\013\n\007Bounded\020\002\022\016\n\nEv"
"entually\020\003\022\016\n\nCustomized\020\004*\236\001\n\013ImportSta"
"te\022\021\n\rImportPending\020\000\022\020\n\014ImportFailed\020\001\022"
"\021\n\rImportStarted\020\002\022\023\n\017ImportPersisted\020\005\022"
"\021\n\rImportFlushed\020\010\022\023\n\017ImportCompleted\020\006\022"
"\032\n\026ImportFailedAndCleaned\020\007*2\n\nObjectTyp"
"e\022\016\n\nCollection\020\000\022\n\n\006Global\020\001\022\010\n\004User\020\002*"
"\227\007\n\017ObjectPrivilege\022\020\n\014PrivilegeAll\020\000\022\035\n"
"\031PrivilegeCreateCollection\020\001\022\033\n\027Privileg"
"eDropCollection\020\002\022\037\n\033PrivilegeDescribeCo"
"llection\020\003\022\034\n\030PrivilegeShowCollections\020\004"
"\022\021\n\rPrivilegeLoad\020\005\022\024\n\020PrivilegeRelease\020"
"\006\022\027\n\023PrivilegeCompaction\020\007\022\023\n\017PrivilegeI"
"nsert\020\010\022\023\n\017PrivilegeDelete\020\t\022\032\n\026Privileg"
"eGetStatistics\020\n\022\030\n\024PrivilegeCreateIndex"
"\020\013\022\030\n\024PrivilegeIndexDetail\020\014\022\026\n\022Privileg"
"eDropIndex\020\r\022\023\n\017PrivilegeSearch\020\016\022\022\n\016Pri"
"vilegeFlush\020\017\022\022\n\016PrivilegeQuery\020\020\022\030\n\024Pri"
"vilegeLoadBalance\020\021\022\023\n\017PrivilegeImport\020\022"
"\022\034\n\030PrivilegeCreateOwnership\020\023\022\027\n\023Privil"
"egeUpdateUser\020\024\022\032\n\026PrivilegeDropOwnershi"
"p\020\025\022\034\n\030PrivilegeSelectOwnership\020\026\022\034\n\030Pri"
"vilegeManageOwnership\020\027\022\027\n\023PrivilegeSele"
"ctUser\020\030\022\023\n\017PrivilegeUpsert\020\031\022 \n\034Privile"
"geCreateResourceGroup\020\032\022\036\n\032PrivilegeDrop"
"ResourceGroup\020\033\022\"\n\036PrivilegeDescribeReso"
"urceGroup\020\034\022\037\n\033PrivilegeListResourceGrou"
"ps\020\035\022\031\n\025PrivilegeTransferNode\020\036\022\034\n\030Privi"
"legeTransferReplica\020\037\022\037\n\033PrivilegeGetLoa"
"dingProgress\020 \022\031\n\025PrivilegeGetLoadState\020"
"!*S\n\tStateCode\022\020\n\014Initializing\020\000\022\013\n\007Heal"
"thy\020\001\022\014\n\010Abnormal\020\002\022\013\n\007StandBy\020\003\022\014\n\010Stop"
"ping\020\004*c\n\tLoadState\022\025\n\021LoadStateNotExist"
"\020\000\022\024\n\020LoadStateNotLoad\020\001\022\024\n\020LoadStateLoa"
"ding\020\002\022\023\n\017LoadStateLoaded\020\003:^\n\021privilege"
"_ext_obj\022\037.google.protobuf.MessageOption"
"s\030\351\007 \001(\0132!.milvus.proto.common.Privilege"
"ExtBf\n\016io.milvus.grpcB\013CommonProtoP\001Z1gi"
"thub.com/milvus-io/milvus-proto/go-api/c"
"ommonpb\240\001\001\252\002\016IO.Milvus.Grpcb\006proto3"
"ferNode\020\250\r\022\024\n\017TransferReplica\020\251\r\022\023\n\016Crea"
"teDatabase\020\211\016\022\021\n\014DropDatabase\020\212\016\022\022\n\rList"
"Databases\020\213\016*\"\n\007DslType\022\007\n\003Dsl\020\000\022\016\n\nBool"
"ExprV1\020\001*B\n\017CompactionState\022\021\n\rUndefiedS"
"tate\020\000\022\r\n\tExecuting\020\001\022\r\n\tCompleted\020\002*X\n\020"
"ConsistencyLevel\022\n\n\006Strong\020\000\022\013\n\007Session\020"
"\001\022\013\n\007Bounded\020\002\022\016\n\nEventually\020\003\022\016\n\nCustom"
"ized\020\004*\236\001\n\013ImportState\022\021\n\rImportPending\020"
"\000\022\020\n\014ImportFailed\020\001\022\021\n\rImportStarted\020\002\022\023"
"\n\017ImportPersisted\020\005\022\021\n\rImportFlushed\020\010\022\023"
"\n\017ImportCompleted\020\006\022\032\n\026ImportFailedAndCl"
"eaned\020\007*2\n\nObjectType\022\016\n\nCollection\020\000\022\n\n"
"\006Global\020\001\022\010\n\004User\020\002*\241\010\n\017ObjectPrivilege\022"
"\020\n\014PrivilegeAll\020\000\022\035\n\031PrivilegeCreateColl"
"ection\020\001\022\033\n\027PrivilegeDropCollection\020\002\022\037\n"
"\033PrivilegeDescribeCollection\020\003\022\034\n\030Privil"
"egeShowCollections\020\004\022\021\n\rPrivilegeLoad\020\005\022"
"\024\n\020PrivilegeRelease\020\006\022\027\n\023PrivilegeCompac"
"tion\020\007\022\023\n\017PrivilegeInsert\020\010\022\023\n\017Privilege"
"Delete\020\t\022\032\n\026PrivilegeGetStatistics\020\n\022\030\n\024"
"PrivilegeCreateIndex\020\013\022\030\n\024PrivilegeIndex"
"Detail\020\014\022\026\n\022PrivilegeDropIndex\020\r\022\023\n\017Priv"
"ilegeSearch\020\016\022\022\n\016PrivilegeFlush\020\017\022\022\n\016Pri"
"vilegeQuery\020\020\022\030\n\024PrivilegeLoadBalance\020\021\022"
"\023\n\017PrivilegeImport\020\022\022\034\n\030PrivilegeCreateO"
"wnership\020\023\022\027\n\023PrivilegeUpdateUser\020\024\022\032\n\026P"
"rivilegeDropOwnership\020\025\022\034\n\030PrivilegeSele"
"ctOwnership\020\026\022\034\n\030PrivilegeManageOwnershi"
"p\020\027\022\027\n\023PrivilegeSelectUser\020\030\022\023\n\017Privileg"
"eUpsert\020\031\022 \n\034PrivilegeCreateResourceGrou"
"p\020\032\022\036\n\032PrivilegeDropResourceGroup\020\033\022\"\n\036P"
"rivilegeDescribeResourceGroup\020\034\022\037\n\033Privi"
"legeListResourceGroups\020\035\022\031\n\025PrivilegeTra"
"nsferNode\020\036\022\034\n\030PrivilegeTransferReplica\020"
"\037\022\037\n\033PrivilegeGetLoadingProgress\020 \022\031\n\025Pr"
"ivilegeGetLoadState\020!\022\035\n\031PrivilegeRename"
"Collection\020\"\022\033\n\027PrivilegeCreateDatabase\020"
"#\022\031\n\025PrivilegeDropDatabase\020$\022\032\n\026Privileg"
"eListDatabases\020%\022\025\n\021PrivilegeFlushAll\020&*"
"S\n\tStateCode\022\020\n\014Initializing\020\000\022\013\n\007Health"
"y\020\001\022\014\n\010Abnormal\020\002\022\013\n\007StandBy\020\003\022\014\n\010Stoppi"
"ng\020\004*c\n\tLoadState\022\025\n\021LoadStateNotExist\020\000"
"\022\024\n\020LoadStateNotLoad\020\001\022\024\n\020LoadStateLoadi"
"ng\020\002\022\023\n\017LoadStateLoaded\020\003:^\n\021privilege_e"
"xt_obj\022\037.google.protobuf.MessageOptions\030"
"\351\007 \001(\0132!.milvus.proto.common.PrivilegeEx"
"tBf\n\016io.milvus.grpcB\013CommonProtoP\001Z1gith"
"ub.com/milvus-io/milvus-proto/go-api/com"
"monpb\240\001\001\252\002\016IO.Milvus.Grpcb\006proto3"
;
static const ::_pbi::DescriptorTable* const descriptor_table_common_2eproto_deps[1] = {
&::descriptor_table_google_2fprotobuf_2fdescriptor_2eproto,
};
static ::_pbi::once_flag descriptor_table_common_2eproto_once;
const ::_pbi::DescriptorTable descriptor_table_common_2eproto = {
false, false, 6835, descriptor_table_protodef_common_2eproto,
false, false, 7033, descriptor_table_protodef_common_2eproto,
"common.proto",
&descriptor_table_common_2eproto_once, descriptor_table_common_2eproto_deps, 1, 16,
schemas, file_default_instances, TableStruct_common_2eproto::offsets,
@ -864,6 +869,9 @@ bool MsgType_IsValid(int value) {
case 1703:
case 1704:
case 1705:
case 1801:
case 1802:
case 1803:
return true;
default:
return false;
@ -990,6 +998,11 @@ bool ObjectPrivilege_IsValid(int value) {
case 31:
case 32:
case 33:
case 34:
case 35:
case 36:
case 37:
case 38:
return true;
default:
return false;

View File

@ -390,12 +390,15 @@ enum MsgType : int {
DescribeResourceGroup = 1703,
TransferNode = 1704,
TransferReplica = 1705,
CreateDatabase = 1801,
DropDatabase = 1802,
ListDatabases = 1803,
MsgType_INT_MIN_SENTINEL_DO_NOT_USE_ = std::numeric_limits<int32_t>::min(),
MsgType_INT_MAX_SENTINEL_DO_NOT_USE_ = std::numeric_limits<int32_t>::max()
};
bool MsgType_IsValid(int value);
constexpr MsgType MsgType_MIN = Undefined;
constexpr MsgType MsgType_MAX = TransferReplica;
constexpr MsgType MsgType_MAX = ListDatabases;
constexpr int MsgType_ARRAYSIZE = MsgType_MAX + 1;
const ::PROTOBUF_NAMESPACE_ID::EnumDescriptor* MsgType_descriptor();
@ -582,12 +585,17 @@ enum ObjectPrivilege : int {
PrivilegeTransferReplica = 31,
PrivilegeGetLoadingProgress = 32,
PrivilegeGetLoadState = 33,
PrivilegeRenameCollection = 34,
PrivilegeCreateDatabase = 35,
PrivilegeDropDatabase = 36,
PrivilegeListDatabases = 37,
PrivilegeFlushAll = 38,
ObjectPrivilege_INT_MIN_SENTINEL_DO_NOT_USE_ = std::numeric_limits<int32_t>::min(),
ObjectPrivilege_INT_MAX_SENTINEL_DO_NOT_USE_ = std::numeric_limits<int32_t>::max()
};
bool ObjectPrivilege_IsValid(int value);
constexpr ObjectPrivilege ObjectPrivilege_MIN = PrivilegeAll;
constexpr ObjectPrivilege ObjectPrivilege_MAX = PrivilegeGetLoadState;
constexpr ObjectPrivilege ObjectPrivilege_MAX = PrivilegeFlushAll;
constexpr int ObjectPrivilege_ARRAYSIZE = ObjectPrivilege_MAX + 1;
const ::PROTOBUF_NAMESPACE_ID::EnumDescriptor* ObjectPrivilege_descriptor();

View File

@ -942,3 +942,26 @@ func (s *Server) Connect(ctx context.Context, req *milvuspb.ConnectRequest) (*mi
func (s *Server) ListClientInfos(ctx context.Context, req *proxypb.ListClientInfosRequest) (*proxypb.ListClientInfosResponse, error) {
return s.proxy.ListClientInfos(ctx, req)
}
func (s *Server) CreateDatabase(ctx context.Context, req *milvuspb.CreateDatabaseRequest) (*commonpb.Status, error) {
return &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
}, nil
}
func (s *Server) DropDatabase(ctx context.Context, req *milvuspb.DropDatabaseRequest) (*commonpb.Status, error) {
return &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
}, nil
}
func (s *Server) ListDatabases(ctx context.Context, req *milvuspb.ListDatabasesRequest) (*milvuspb.ListDatabasesResponse, error) {
return &milvuspb.ListDatabasesResponse{
Status: &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
},
}, nil
}

View File

@ -5128,3 +5128,26 @@ func (node *Proxy) ListClientInfos(ctx context.Context, req *proxypb.ListClientI
ClientInfos: clients,
}, nil
}
func (node *Proxy) CreateDatabase(ctx context.Context, req *milvuspb.CreateDatabaseRequest) (*commonpb.Status, error) {
return &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
}, nil
}
func (node *Proxy) DropDatabase(ctx context.Context, req *milvuspb.DropDatabaseRequest) (*commonpb.Status, error) {
return &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
}, nil
}
func (node *Proxy) ListDatabases(ctx context.Context, req *milvuspb.ListDatabasesRequest) (*milvuspb.ListDatabasesResponse, error) {
return &milvuspb.ListDatabasesResponse{
Status: &commonpb.Status{
ErrorCode: commonpb.ErrorCode_UnexpectedError,
Reason: "TODO: implement me @jaime",
},
}, nil
}

View File

@ -107,6 +107,7 @@ var (
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListResourceGroups.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeTransferReplica.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeTransferNode.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeFlushAll.String()),
},
commonpb.ObjectType_User.String(): {
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpdateUser.String()),