enhance: [GoSDK] add operate privilege & privilege group API (#38141)

related issue: #37031

Signed-off-by: shaoting-huang <[email protected]>

client/entity/privilege_group.go

@@ -0,0 +1,23 @@
+// Licensed to the LF AI & Data foundation under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package entity
+
+// PrivilegeGroup is the entity model for custom privilege group.
+type PrivilegeGroup struct {
+	GroupName  string
+	Privileges []string
+}

client/go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cockroachdb/errors v1.9.1
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
-	github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17
+	github.com/milvus-io/milvus-proto/go-api/v2 v2.4.18-0.20241120092224-a1c2ac2fd2c1
 	github.com/milvus-io/milvus/pkg v0.0.2-0.20240317152703-17b4938985f3
 	github.com/quasilyte/go-ruleguard/dsl v0.3.22
 	github.com/samber/lo v1.27.0

client/go.sum

@@ -400,8 +400,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfr
 github.com/mediocregopher/radix/v3 v3.4.2/go.mod h1:8FL3F6UQRXHXIBSPUs5h0RybMF8i4n7wVopoX3x7Bv8=
 github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17 h1:ANkXdUKKpIPPQkw9pkV9ku9AEtSaPyua9XzdMTUxjCs=
-github.com/milvus-io/milvus-proto/go-api/v2 v2.4.17/go.mod h1:/6UT4zZl6awVeXLeE7UGDWZvXj3IWkRsh3mqsn0DiAs=
+github.com/milvus-io/milvus-proto/go-api/v2 v2.4.18-0.20241120092224-a1c2ac2fd2c1 h1:Xp4zOR85XFFtM7Eif945BeSmDf30hbdijbeNSuy92Bg=
+github.com/milvus-io/milvus-proto/go-api/v2 v2.4.18-0.20241120092224-a1c2ac2fd2c1/go.mod h1:/6UT4zZl6awVeXLeE7UGDWZvXj3IWkRsh3mqsn0DiAs=
 github.com/milvus-io/milvus/pkg v0.0.2-0.20240317152703-17b4938985f3 h1:ZBpRWhBa7FTFxW4YYVv9AUESoW1Xyb3KNXTzTqfkZmw=
 github.com/milvus-io/milvus/pkg v0.0.2-0.20240317152703-17b4938985f3/go.mod h1:jQ2BUZny1COsgv1Qbcv8dmbppW+V9J/c4YQZNb3EOm8=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=

client/rbac.go

@@ -0,0 +1,96 @@
+// Licensed to the LF AI & Data foundation under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+
+	"github.com/samber/lo"
+	"google.golang.org/grpc"
+
+	"github.com/milvus-io/milvus-proto/go-api/v2/milvuspb"
+	"github.com/milvus-io/milvus/client/v2/entity"
+	"github.com/milvus-io/milvus/pkg/util/merr"
+)
+
+func (c *Client) GrantV2(ctx context.Context, option GrantV2Option, callOptions ...grpc.CallOption) error {
+	req := option.Request()
+
+	return c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		resp, err := milvusService.OperatePrivilegeV2(ctx, req, callOptions...)
+		return merr.CheckRPCCall(resp, err)
+	})
+}
+
+func (c *Client) RevokeV2(ctx context.Context, option RevokeV2Option, callOptions ...grpc.CallOption) error {
+	req := option.Request()
+
+	return c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		resp, err := milvusService.OperatePrivilegeV2(ctx, req, callOptions...)
+		return merr.CheckRPCCall(resp, err)
+	})
+}
+
+func (c *Client) CreatePrivilegeGroup(ctx context.Context, option CreatePrivilegeGroupOption, callOptions ...grpc.CallOption) error {
+	req := option.Request()
+
+	return c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		resp, err := milvusService.CreatePrivilegeGroup(ctx, req, callOptions...)
+		return merr.CheckRPCCall(resp, err)
+	})
+}
+
+func (c *Client) DropPrivilegeGroup(ctx context.Context, option DropPrivilegeGroupOption, callOptions ...grpc.CallOption) error {
+	req := option.Request()
+
+	return c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		resp, err := milvusService.DropPrivilegeGroup(ctx, req, callOptions...)
+		return merr.CheckRPCCall(resp, err)
+	})
+}
+
+func (c *Client) ListPrivilegeGroups(ctx context.Context, option ListPrivilegeGroupsOption, callOptions ...grpc.CallOption) ([]*entity.PrivilegeGroup, error) {
+	req := option.Request()
+
+	var privilegeGroups []*entity.PrivilegeGroup
+	err := c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		r, err := milvusService.ListPrivilegeGroups(ctx, req, callOptions...)
+		if err != nil {
+			return err
+		}
+		for _, pg := range r.PrivilegeGroups {
+			privileges := lo.Map(pg.Privileges, func(p *milvuspb.PrivilegeEntity, _ int) string {
+				return p.Name
+			})
+			privilegeGroups = append(privilegeGroups, &entity.PrivilegeGroup{
+				GroupName:  pg.GroupName,
+				Privileges: privileges,
+			})
+		}
+		return nil
+	})
+	return privilegeGroups, err
+}
+
+func (c *Client) OperatePrivilegeGroup(ctx context.Context, option OperatePrivilegeGroupOption, callOptions ...grpc.CallOption) error {
+	req := option.Request()
+
+	return c.callService(func(milvusService milvuspb.MilvusServiceClient) error {
+		resp, err := milvusService.OperatePrivilegeGroup(ctx, req, callOptions...)
+		return merr.CheckRPCCall(resp, err)
+	})
+}

client/rbac_options.go

@@ -0,0 +1,171 @@
+// Licensed to the LF AI & Data foundation under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"github.com/milvus-io/milvus-proto/go-api/v2/milvuspb"
+)
+
+// GrantV2Option is the interface builds OperatePrivilegeV2Request
+type GrantV2Option interface {
+	Request() *milvuspb.OperatePrivilegeV2Request
+}
+
+type grantV2Option struct {
+	roleName       string
+	privilegeName  string
+	dbName         string
+	collectionName string
+}
+
+func (opt *grantV2Option) Request() *milvuspb.OperatePrivilegeV2Request {
+	return &milvuspb.OperatePrivilegeV2Request{
+		Role: &milvuspb.RoleEntity{Name: opt.roleName},
+		Grantor: &milvuspb.GrantorEntity{
+			Privilege: &milvuspb.PrivilegeEntity{Name: opt.privilegeName},
+		},
+		Type:           milvuspb.OperatePrivilegeType_Grant,
+		DbName:         opt.dbName,
+		CollectionName: opt.collectionName,
+	}
+}
+
+func NewGrantV2Option(roleName, privilegeName, dbName, collectionName string) *grantV2Option {
+	return &grantV2Option{
+		roleName:       roleName,
+		privilegeName:  privilegeName,
+		dbName:         dbName,
+		collectionName: collectionName,
+	}
+}
+
+// RevokeV2Option is the interface builds OperatePrivilegeV2Request
+type RevokeV2Option interface {
+	Request() *milvuspb.OperatePrivilegeV2Request
+}
+
+type revokeV2Option struct {
+	roleName       string
+	privilegeName  string
+	dbName         string
+	collectionName string
+}
+
+func (opt *revokeV2Option) Request() *milvuspb.OperatePrivilegeV2Request {
+	return &milvuspb.OperatePrivilegeV2Request{
+		Role: &milvuspb.RoleEntity{Name: opt.roleName},
+		Grantor: &milvuspb.GrantorEntity{
+			Privilege: &milvuspb.PrivilegeEntity{Name: opt.privilegeName},
+		},
+		Type:           milvuspb.OperatePrivilegeType_Revoke,
+		DbName:         opt.dbName,
+		CollectionName: opt.collectionName,
+	}
+}
+
+func NewRevokeV2Option(roleName, privilegeName, dbName, collectionName string) *revokeV2Option {
+	return &revokeV2Option{
+		roleName:       roleName,
+		privilegeName:  privilegeName,
+		dbName:         dbName,
+		collectionName: collectionName,
+	}
+}
+
+// CreatePrivilegeGroupOption is the interface builds CreatePrivilegeGroupRequest
+type CreatePrivilegeGroupOption interface {
+	Request() *milvuspb.CreatePrivilegeGroupRequest
+}
+
+type createPrivilegeGroupOption struct {
+	groupName string
+}
+
+func (opt *createPrivilegeGroupOption) Request() *milvuspb.CreatePrivilegeGroupRequest {
+	return &milvuspb.CreatePrivilegeGroupRequest{
+		GroupName: opt.groupName,
+	}
+}
+
+func NewCreatePrivilegeGroupOption(groupName string) *createPrivilegeGroupOption {
+	return &createPrivilegeGroupOption{
+		groupName: groupName,
+	}
+}
+
+// DropPrivilegeGroupOption is the interface builds DropPrivilegeGroupRequest
+type DropPrivilegeGroupOption interface {
+	Request() *milvuspb.DropPrivilegeGroupRequest
+}
+
+type dropPrivilegeGroupOption struct {
+	groupName string
+}
+
+func (opt *dropPrivilegeGroupOption) Request() *milvuspb.DropPrivilegeGroupRequest {
+	return &milvuspb.DropPrivilegeGroupRequest{
+		GroupName: opt.groupName,
+	}
+}
+
+func NewDropPrivilegeGroupOption(groupName string) *dropPrivilegeGroupOption {
+	return &dropPrivilegeGroupOption{
+		groupName: groupName,
+	}
+}
+
+// ListPrivilegeGroupsOption is the interface builds ListPrivilegeGroupsRequest
+type ListPrivilegeGroupsOption interface {
+	Request() *milvuspb.ListPrivilegeGroupsRequest
+}
+
+type listPrivilegeGroupsOption struct{}
+
+func (opt *listPrivilegeGroupsOption) Request() *milvuspb.ListPrivilegeGroupsRequest {
+	return &milvuspb.ListPrivilegeGroupsRequest{}
+}
+
+func NewListPrivilegeGroupsOption() *listPrivilegeGroupsOption {
+	return &listPrivilegeGroupsOption{}
+}
+
+// OperatePrivilegeGroupOption is the interface builds OperatePrivilegeGroupRequest
+type OperatePrivilegeGroupOption interface {
+	Request() *milvuspb.OperatePrivilegeGroupRequest
+}
+
+type operatePrivilegeGroupOption struct {
+	groupName   string
+	privileges  []*milvuspb.PrivilegeEntity
+	operateType milvuspb.OperatePrivilegeGroupType
+}
+
+func (opt *operatePrivilegeGroupOption) Request() *milvuspb.OperatePrivilegeGroupRequest {
+	return &milvuspb.OperatePrivilegeGroupRequest{
+		GroupName:  opt.groupName,
+		Privileges: opt.privileges,
+		Type:       opt.operateType,
+	}
+}
+
+func NewOperatePrivilegeGroupOption(groupName string, privileges []*milvuspb.PrivilegeEntity, operateType milvuspb.OperatePrivilegeGroupType) *operatePrivilegeGroupOption {
+	return &operatePrivilegeGroupOption{
+		groupName:   groupName,
+		privileges:  privileges,
+		operateType: operateType,
+	}
+}