Skip to content

Commit

Permalink
fix: remove grant/revoke v2 optional collection name (milvus-io#2403)
Browse files Browse the repository at this point in the history
Since built-in privilege group level adjustment is not supported, remove
the optional collection name from the grant/revoke v2 API. The empty
db_name uses default db which follows the same rule as grant/revoke v1.
issue: milvus-io/milvus#37031

Signed-off-by: shaoting-huang <[email protected]>
  • Loading branch information
shaoting-huang authored Dec 4, 2024
1 parent 13d0664 commit a225cbf
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 24 deletions.
4 changes: 2 additions & 2 deletions pymilvus/client/grpc_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -1877,8 +1877,8 @@ def grant_privilege_v2(
self,
role_name: str,
privilege: str,
collection_name: str,
db_name: Optional[str] = None,
collection_name: Optional[str] = None,
timeout: Optional[float] = None,
**kwargs,
):
Expand All @@ -1897,8 +1897,8 @@ def revoke_privilege_v2(
self,
role_name: str,
privilege: str,
collection_name: str,
db_name: Optional[str] = None,
collection_name: Optional[str] = None,
timeout: Optional[float] = None,
**kwargs,
):
Expand Down
3 changes: 1 addition & 2 deletions pymilvus/client/prepare.py
Original file line number Diff line number Diff line change
Expand Up @@ -1484,12 +1484,11 @@ def operate_privilege_v2_request(
check_pass_param(
role_name=role_name,
privilege=privilege,
collection_name=collection_name,
operate_privilege_type=operate_privilege_type,
)
if db_name:
check_pass_param(db_name=db_name)
if collection_name:
check_pass_param(collection_name=collection_name)
return milvus_types.OperatePrivilegeV2Request(
role=milvus_types.RoleEntity(name=role_name),
grantor=milvus_types.GrantorEntity(
Expand Down
8 changes: 4 additions & 4 deletions pymilvus/milvus_client/milvus_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -1007,17 +1007,17 @@ def grant_privilege_v2(
self,
role_name: str,
privilege: str,
collection_name: str,
db_name: Optional[str] = None,
collection_name: Optional[str] = None,
timeout: Optional[float] = None,
**kwargs,
):
conn = self._get_connection()
conn.grant_privilege_v2(
role_name,
privilege,
collection_name,
db_name=db_name,
collection_name=collection_name,
timeout=timeout,
**kwargs,
)
Expand All @@ -1026,17 +1026,17 @@ def revoke_privilege_v2(
self,
role_name: str,
privilege: str,
collection_name: str,
db_name: Optional[str] = None,
collection_name: Optional[str] = None,
timeout: Optional[float] = None,
**kwargs,
):
conn = self._get_connection()
conn.revoke_privilege_v2(
role_name,
privilege,
collection_name,
db_name=db_name,
collection_name=collection_name,
timeout=timeout,
**kwargs,
)
Expand Down
34 changes: 18 additions & 16 deletions pymilvus/orm/role.py
Original file line number Diff line number Diff line change
Expand Up @@ -178,48 +178,50 @@ def revoke(self, object: str, object_name: str, privilege: str, db_name: str = "
self._name, object, object_name, privilege, db_name
)

def grant_v2(
self, privilege: str, db_name: Optional[str] = None, collection_name: Optional[str] = None
):
def grant_v2(self, privilege: str, collection_name: str, db_name: Optional[str] = None):
"""Grant a privilege for the role
:param privilege: privilege name.
:type privilege: str
:param db_name: db name. Optional
:type db_name: str
:param collection_name: collection name. Optional
:param collection_name: collection name.
:type collection_name: str
:param db_name: db name. Optional. If None, use the default db.
:type db_name: str
:example:
>>> from pymilvus import connections
>>> from pymilvus.orm.role import Role
>>> connections.connect()
>>> role = Role(role_name)
>>> role.grant_v2("Insert", db_name, collection_name)
>>> role.grant_v2("Insert", collection_name, db_name=db_name)
"""
return self._get_connection().grant_privilege_v2(
self._name, privilege, db_name=db_name, collection_name=collection_name
self._name,
privilege,
collection_name,
db_name=db_name,
)

def revoke_v2(
self, privilege: str, db_name: Optional[str] = None, collection_name: Optional[str] = None
):
def revoke_v2(self, privilege: str, collection_name: str, db_name: Optional[str] = None):
"""Revoke a privilege for the role
:param privilege: privilege name.
:type privilege: str
:param db_name: db name. Optional
:type db_name: str
:param collection_name: collection name. Optional
:param collection_name: collection name.
:type collection_name: str
:param db_name: db name. Optional. If None, use the default db.
:type db_name: str
:example:
>>> from pymilvus import connections
>>> from pymilvus.orm.role import Role
>>> connections.connect()
>>> role = Role(role_name)
>>> role.revoke_v2("Insert", db_name, collection_name)
>>> role.revoke_v2("Insert", collection_name, db_name=db_name)
"""
return self._get_connection().revoke_privilege_v2(
self._name, privilege, db_name=db_name, collection_name=collection_name
self._name,
privilege,
collection_name,
db_name=db_name,
)

def list_grant(self, object: str, object_name: str, db_name: str = ""):
Expand Down

0 comments on commit a225cbf

Please sign in to comment.