mirror of
https://gitee.com/milvus-io/milvus.git
synced 2025-12-07 01:28:27 +08:00
80bb09f7c2
issue: #43897 - RBAC(Roles/Users/Privileges/Privilege Groups) is implemented by WAL-based DDL framework now. - Support following message type in wal `AlterUser`, `DropUser`, `AlterRole`, `DropRole`, `AlterUserRole`, `DropUserRole`, `AlterPrivilege`, `DropPrivilege`, `AlterPrivilegeGroup`, `DropPrivilegeGroup`, `RestoreRBAC`. - RBAC can be synced by new CDC now. - Refactor some UT for RBAC. --------- Signed-off-by: chyezh <chyezh@outlook.com>
63 lines
2.6 KiB
Go
63 lines
2.6 KiB
Go
package rootcoord
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/cockroachdb/errors"
|
|
|
|
"github.com/milvus-io/milvus-proto/go-api/v2/milvuspb"
|
|
"github.com/milvus-io/milvus/pkg/v2/proto/internalpb"
|
|
)
|
|
|
|
var (
|
|
errEmptyUsername = errors.New("username is empty")
|
|
errUserNotFound = errors.New("user not found")
|
|
errUserAlreadyExists = errors.New("user already exists")
|
|
|
|
errEmptyRoleName = errors.New("role name is empty")
|
|
errRoleAlreadyExists = errors.New("role already exists")
|
|
errRoleNotExists = errors.New("role not exists")
|
|
|
|
errEmptyRBACMeta = errors.New("rbac meta is empty")
|
|
errNotCustomPrivilegeGroup = errors.New("not a custom privilege group")
|
|
|
|
errEmptyPrivilegeGroupName = errors.New("privilege group name is empty")
|
|
)
|
|
|
|
type RBACChecker interface {
|
|
// CheckIfAddCredential checks if the credential can be added.
|
|
// if the credential already exists, it will return errUserAlreadyExists.
|
|
CheckIfAddCredential(ctx context.Context, req *internalpb.CredentialInfo) error
|
|
|
|
// CheckIfUpdateCredential checks if the credential can be updated.
|
|
// if the credential not exists, it will return errUserNotFound.
|
|
CheckIfUpdateCredential(ctx context.Context, req *internalpb.CredentialInfo) error
|
|
|
|
// CheckIfDeleteCredential checks if the credential can be deleted.
|
|
// if the credential not exists, it will return errUserNotFound.
|
|
CheckIfDeleteCredential(ctx context.Context, req *milvuspb.DeleteCredentialRequest) error
|
|
|
|
// CheckIfCreateRole checks if the role can be created.
|
|
// if the role already exists, it will return errRoleAlreadyExists.
|
|
CheckIfCreateRole(ctx context.Context, req *milvuspb.CreateRoleRequest) error
|
|
|
|
// CheckIfDropRole checks if the role can be dropped.
|
|
// if the role not exists, it will return errRoleNotExists.
|
|
CheckIfDropRole(ctx context.Context, in *milvuspb.DropRoleRequest) error
|
|
|
|
// CheckIfOperateUserRole checks if the user role can be operated.
|
|
CheckIfOperateUserRole(ctx context.Context, req *milvuspb.OperateUserRoleRequest) error
|
|
|
|
// CheckIfPrivilegeGroupCreatable checks if the privilege group can be created.
|
|
CheckIfPrivilegeGroupCreatable(ctx context.Context, req *milvuspb.CreatePrivilegeGroupRequest) error
|
|
|
|
// CheckIfPrivilegeGroupAlterable checks if the privilege group can be altered.
|
|
CheckIfPrivilegeGroupAlterable(ctx context.Context, req *milvuspb.OperatePrivilegeGroupRequest) error
|
|
|
|
// CheckIfPrivilegeGroupDropable checks if the privilege group can be dropped.
|
|
CheckIfPrivilegeGroupDropable(ctx context.Context, req *milvuspb.DropPrivilegeGroupRequest) error
|
|
|
|
// CheckIfRBACRestorable checks if the rbac meta data can be restored.
|
|
CheckIfRBACRestorable(ctx context.Context, req *milvuspb.RestoreRBACMetaRequest) error
|
|
}
|