mirror of
https://gitee.com/milvus-io/milvus.git
synced 2026-02-02 01:06:41 +08:00
ddf19de7f7
### **User description** add a new config to control meta batch to avoid too large fix: https://github.com/milvus-io/milvus/issues/44569 pr: https://github.com/milvus-io/milvus/pull/44645 ___ ### **PR Type** Enhancement ___ ### **Description** - Replace hardcoded `MaxEtcdTxnNum` constant with configurable parameter - Add new `maxEtcdTxnNum` configuration to `MetaStoreConfig` with default value 64 - Update all metastore catalog implementations to use dynamic config value - Remove hardcoded constant from `util/constant.go` and update test expectations ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Hardcoded MaxEtcdTxnNum<br/>constant 128"] -->|Replace with| B["MetaStoreConfig<br/>maxEtcdTxnNum param"] B -->|Default value| C["64 operations<br/>per transaction"] B -->|Used by| D["DataCoord<br/>Catalog"] B -->|Used by| E["RootCoord<br/>Catalog"] B -->|Used by| F["StreamingCoord<br/>Catalog"] B -->|Used by| G["StreamingNode<br/>Catalog"] B -->|Used by| H["SuffixSnapshot<br/>Catalog"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><details><summary>5 files</summary><table> <tr> <td><strong>kv_catalog.go</strong><dd><code>Use configurable MaxEtcdTxnNum in batch operations</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-21f10b97df37f264c572a5bea752c442a1933f1441f658c90c546740d529d536">+4/-2</a> </td> </tr> <tr> <td><strong>kv_catalog.go</strong><dd><code>Replace hardcoded constant with dynamic config parameter</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-ca605f818c1903caba7e8fdd022856403889ed63703161028a6cc0005418aa0b">+6/-6</a> </td> </tr> <tr> <td><strong>suffix_snapshot.go</strong><dd><code>Use dynamic config for etcd transaction batch limits</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-41ca5f1e7439335fbd3c198a612f93fb12268bd94e3dc988117f669e45fe462a">+4/-3</a> </td> </tr> <tr> <td><strong>kv_catalog.go</strong><dd><code>Replace util constant with paramtable configuration</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-5ddd0cfcc47a07c1f0a5246b63928f018e8267176a6d1d5780712fa986f508c4">+3/-2</a> </td> </tr> <tr> <td><strong>kv_catalog.go</strong><dd><code>Use configurable MaxEtcdTxnNum for batch operations</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-4cc762324a9c223f7276776ec29d0476bd70e94eca0e194a1b9e6ee67c7c15f5">+4/-3</a> </td> </tr> </table></details></td></tr><tr><td><strong>Tests</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>kv_catalog_test.go</strong><dd><code>Update test expectations for batch operation counts</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-52a66a32833546c9f5a39c02bf3ee2bd58099a1027e84179021c3e1e91afd6e6">+2/-2</a> </td> </tr> <tr> <td><strong>kv_catalog_test.go</strong><dd><code>Update tests to use configurable MaxEtcdTxnNum parameter</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-bbf08f8d1c8410ed63e07719efe937402b111a27a841f0098552a8a5d8d4574f">+4/-3</a> </td> </tr> </table></details></td></tr><tr><td><strong>Configuration changes</strong></td><td><details><summary>3 files</summary><table> <tr> <td><strong>constant.go</strong><dd><code>Remove hardcoded MaxEtcdTxnNum constant definition</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-9a2143fe538a654bdd5e1e0967e4e547faea75726e569376a6055bb837c6c683">+0/-3</a> </td> </tr> <tr> <td><strong>service_param.go</strong><dd><code>Add MaxEtcdTxnNum parameter to MetaStoreConfig</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-9ef00df6bb7232974dc09d15a0ce2719d977163f41789918e0e4ac7fa4742bf0">+10/-0</a> </td> </tr> <tr> <td><strong>milvus.yaml</strong><dd><code>Add maxEtcdTxnNum configuration with default value</code> </dd></td> <td><a href="https://github.com/milvus-io/milvus/pull/46514/files#diff-6e254e06f0f065af33ea15a45c6538bdb785c064a70f2cc9c7c7369d80065a06">+1/-0</a> </td> </tr> </table></details></td></tr></tbody></table> </details> ___ --------- Signed-off-by: bigsheeper <yihao.dai@zilliz.com> Co-authored-by: Xiaofan <83447078+xiaofan-luan@users.noreply.github.com> Co-authored-by: xiaofanluan <xiaofan.luan@zilliz.com>
502 lines
21 KiB
Go
502 lines
21 KiB
Go
// Licensed to the LF AI & Data foundation under one
|
|
// or more contributor license agreements. See the NOTICE file
|
|
// distributed with this work for additional information
|
|
// regarding copyright ownership. The ASF licenses this file
|
|
// to you under the Apache License, Version 2.0 (the
|
|
// "License"); you may not use this file except in compliance
|
|
// with the License. You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package util
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/samber/lo"
|
|
|
|
"github.com/milvus-io/milvus-proto/go-api/v2/commonpb"
|
|
"github.com/milvus-io/milvus-proto/go-api/v2/milvuspb"
|
|
"github.com/milvus-io/milvus/pkg/v2/common"
|
|
"github.com/milvus-io/milvus/pkg/v2/util/typeutil"
|
|
)
|
|
|
|
// Meta Prefix consts
|
|
const (
|
|
MetaStoreTypeEtcd = "etcd"
|
|
MetaStoreTypeTiKV = "tikv"
|
|
|
|
SegmentMetaPrefix = "queryCoord-segmentMeta"
|
|
ChangeInfoMetaPrefix = "queryCoord-sealedSegmentChangeInfo"
|
|
|
|
// FlushedSegmentPrefix TODO @cai.zhang: remove this
|
|
FlushedSegmentPrefix = "flushed-segment"
|
|
// HandoffSegmentPrefix TODO @cai.zhang: remove this
|
|
HandoffSegmentPrefix = "querycoord-handoff"
|
|
// SegmentReferPrefix TODO @cai.zhang: remove this
|
|
SegmentReferPrefix = "segmentRefer"
|
|
|
|
SegmentIndexPrefix = "segment-index"
|
|
FieldIndexPrefix = "field-index"
|
|
|
|
HeaderAuthorize = "authorization"
|
|
HeaderToken = "token"
|
|
CredentialSeperator = ":"
|
|
UserRoot = "root"
|
|
PasswordHolder = "___"
|
|
DefaultTenant = ""
|
|
RoleAdmin = "admin"
|
|
RolePublic = "public"
|
|
DefaultDBName = "default"
|
|
DefaultDBID = int64(1)
|
|
NonDBID = int64(0)
|
|
InvalidDBID = int64(-1)
|
|
|
|
PrivilegeWord = "Privilege"
|
|
PrivilegeGroupWord = "PrivilegeGroup"
|
|
AnyWord = "*"
|
|
|
|
IdentifierKey = "identifier"
|
|
|
|
HeaderUserAgent = "user-agent"
|
|
HeaderDBName = "dbName"
|
|
|
|
RoleConfigPrivileges = "privileges"
|
|
RoleConfigObjectType = "object_type"
|
|
RoleConfigObjectName = "object_name"
|
|
RoleConfigDBName = "db_name"
|
|
RoleConfigPrivilege = "privilege"
|
|
|
|
GB = 1024 * 1024 * 1024
|
|
)
|
|
|
|
const (
|
|
// ParamsKeyToParse is the key of the param to build index.
|
|
ParamsKeyToParse = common.IndexParamsKey
|
|
)
|
|
|
|
var (
|
|
DefaultRoles = []string{RoleAdmin, RolePublic}
|
|
BuiltinRoles = []string{}
|
|
|
|
ObjectPrivileges = map[string][]string{
|
|
commonpb.ObjectType_Collection.String(): {
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeLoad.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRelease.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCompaction.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeInsert.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDelete.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpsert.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetStatistics.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateIndex.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeIndexDetail.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropIndex.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSearch.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeFlush.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeQuery.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeLoadBalance.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeImport.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetLoadState.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreatePartition.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropPartition.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowPartitions.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeHasPartition.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetFlushState.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupReadOnly.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupReadWrite.String()),
|
|
},
|
|
commonpb.ObjectType_Global.String(): {
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeAll.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateCollection.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropCollection.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowCollections.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRenameCollection.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateOwnership.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropOwnership.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectOwnership.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeManageOwnership.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeBackupRBAC.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRestoreRBAC.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateResourceGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpdateResourceGroups.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropResourceGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeResourceGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListResourceGroups.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeTransferReplica.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeTransferNode.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeFlushAll.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateDatabase.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropDatabase.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListDatabases.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeAlterDatabase.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String()),
|
|
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateAlias.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropAlias.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListAliases.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupAdmin.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreatePrivilegeGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropPrivilegeGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListPrivilegeGroups.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeOperatePrivilegeGroup.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupClusterReadOnly.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupClusterReadWrite.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupClusterAdmin.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupDatabaseReadOnly.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupDatabaseReadWrite.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupDatabaseAdmin.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupCollectionReadOnly.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupCollectionReadWrite.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGroupCollectionAdmin.String()),
|
|
},
|
|
commonpb.ObjectType_User.String(): {
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpdateUser.String()),
|
|
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectUser.String()),
|
|
},
|
|
}
|
|
|
|
RelatedPrivileges = map[string][]string{
|
|
commonpb.ObjectPrivilege_PrivilegeLoad.String(): {
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String(),
|
|
},
|
|
commonpb.ObjectPrivilege_PrivilegeFlush.String(): {
|
|
commonpb.ObjectPrivilege_PrivilegeGetFlushState.String(),
|
|
},
|
|
}
|
|
|
|
ReadOnlyPrivilegeGroup = []string{
|
|
commonpb.ObjectPrivilege_PrivilegeQuery.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSearch.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeIndexDetail.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetFlushState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeHasPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowPartitions.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowCollections.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListAliases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListDatabases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetStatistics.String(),
|
|
}
|
|
ReadWritePrivilegeGroup = []string{
|
|
commonpb.ObjectPrivilege_PrivilegeQuery.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSearch.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeIndexDetail.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetFlushState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeHasPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowPartitions.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowCollections.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListAliases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListDatabases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetStatistics.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreatePartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeLoad.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRelease.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeInsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDelete.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeImport.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeFlush.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCompaction.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeLoadBalance.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRenameCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropAlias.String(),
|
|
}
|
|
AdminPrivilegeGroup = []string{
|
|
commonpb.ObjectPrivilege_PrivilegeCreateCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeQuery.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSearch.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeIndexDetail.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetFlushState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeHasPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowPartitions.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowCollections.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListAliases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListDatabases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetStatistics.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreatePartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeLoad.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRelease.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeInsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDelete.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeImport.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeFlush.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCompaction.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeLoadBalance.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRenameCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSelectOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeManageOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSelectUser.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpdateUser.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeBackupRBAC.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRestoreRBAC.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpdateResourceGroups.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListResourceGroups.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeTransferReplica.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeTransferNode.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeAlterDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeFlush.String(),
|
|
}
|
|
)
|
|
|
|
// rbac v2 uses privilege level to group privileges rather than object type
|
|
var (
|
|
CollectionReadOnlyPrivileges = ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeQuery.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSearch.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeIndexDetail.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetFlushState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadState.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeHasPartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeShowPartitions.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeGetStatistics.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListAliases.String(),
|
|
})
|
|
|
|
CollectionReadWritePrivileges = append(CollectionReadOnlyPrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeLoad.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRelease.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeInsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDelete.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpsert.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeImport.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeFlush.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCompaction.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeLoadBalance.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropIndex.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreatePartition.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropPartition.String(),
|
|
})...,
|
|
)
|
|
|
|
CollectionAdminPrivileges = append(CollectionReadWritePrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeCreateAlias.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropAlias.String(),
|
|
})...,
|
|
)
|
|
|
|
DatabaseReadOnlyPrivileges = ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeShowCollections.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String(),
|
|
})
|
|
|
|
DatabaseReadWritePrivileges = append(DatabaseReadOnlyPrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeAlterDatabase.String(),
|
|
})...,
|
|
)
|
|
|
|
DatabaseAdminPrivileges = append(DatabaseReadWritePrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeCreateCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropCollection.String(),
|
|
})...,
|
|
)
|
|
|
|
ClusterReadOnlyPrivileges = ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeListDatabases.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSelectOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeSelectUser.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDescribeResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListResourceGroups.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeListPrivilegeGroups.String(),
|
|
})
|
|
|
|
ClusterReadWritePrivileges = append(ClusterReadOnlyPrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeFlushAll.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeTransferNode.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeTransferReplica.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpdateResourceGroups.String(),
|
|
})...,
|
|
)
|
|
|
|
ClusterAdminPrivileges = append(ClusterReadWritePrivileges,
|
|
ConvertPrivileges([]string{
|
|
commonpb.ObjectPrivilege_PrivilegeBackupRBAC.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRestoreRBAC.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropDatabase.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeManageOwnership.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreateResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropResourceGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeUpdateUser.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeRenameCollection.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeCreatePrivilegeGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeDropPrivilegeGroup.String(),
|
|
commonpb.ObjectPrivilege_PrivilegeOperatePrivilegeGroup.String(),
|
|
})...,
|
|
)
|
|
)
|
|
|
|
// ConvertPrivileges converts each privilege from metastore format to API format.
|
|
func ConvertPrivileges(privileges []string) []string {
|
|
return lo.Map(privileges, func(name string, _ int) string {
|
|
return MetaStore2API(name)
|
|
})
|
|
}
|
|
|
|
func GetPrivilegeLevel(privilege string) string {
|
|
if lo.Contains(ClusterAdminPrivileges, privilege) {
|
|
return milvuspb.PrivilegeLevel_Cluster.String()
|
|
}
|
|
if lo.Contains(DatabaseAdminPrivileges, privilege) {
|
|
return milvuspb.PrivilegeLevel_Database.String()
|
|
}
|
|
if lo.Contains(CollectionAdminPrivileges, privilege) {
|
|
return milvuspb.PrivilegeLevel_Collection.String()
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// StringSet convert array to map for conveniently check if the array contains an element
|
|
func StringSet(strings []string) map[string]struct{} {
|
|
stringsMap := make(map[string]struct{})
|
|
for _, str := range strings {
|
|
stringsMap[str] = struct{}{}
|
|
}
|
|
return stringsMap
|
|
}
|
|
|
|
func StringList(stringMap map[string]struct{}) []string {
|
|
strs := make([]string, 0, len(stringMap))
|
|
for k := range stringMap {
|
|
strs = append(strs, k)
|
|
}
|
|
return strs
|
|
}
|
|
|
|
// MetaStore2API convert meta-store's privilege name to api's
|
|
// example: PrivilegeAll -> All
|
|
func MetaStore2API(name string) string {
|
|
if strings.HasPrefix(name, PrivilegeGroupWord) {
|
|
return name[len(PrivilegeGroupWord):]
|
|
}
|
|
if strings.HasPrefix(name, PrivilegeWord) {
|
|
return name[len(PrivilegeWord):]
|
|
}
|
|
return name
|
|
}
|
|
|
|
func PrivilegeNameForAPI(name string) string {
|
|
_, ok := commonpb.ObjectPrivilege_value[name]
|
|
if !ok {
|
|
if strings.HasPrefix(name, PrivilegeGroupWord) {
|
|
return typeutil.After(name, PrivilegeGroupWord)
|
|
}
|
|
return ""
|
|
}
|
|
return MetaStore2API(name)
|
|
}
|
|
|
|
func PrivilegeNameForMetastore(name string) string {
|
|
// check if name is single privilege
|
|
dbPrivilege := PrivilegeWord + name
|
|
_, ok := commonpb.ObjectPrivilege_value[dbPrivilege]
|
|
if !ok {
|
|
// check if name is privilege group
|
|
dbPrivilege := PrivilegeGroupWord + name
|
|
_, ok := commonpb.ObjectPrivilege_value[dbPrivilege]
|
|
if !ok {
|
|
return ""
|
|
}
|
|
return dbPrivilege
|
|
}
|
|
return dbPrivilege
|
|
}
|
|
|
|
// check if the name is defined by built in privileges or privilege groups in system
|
|
func IsPrivilegeNameDefined(name string) bool {
|
|
return PrivilegeNameForMetastore(name) != ""
|
|
}
|
|
|
|
func IsBuiltinPrivilegeGroup(name string) bool {
|
|
dbPrivilege := PrivilegeGroupWord + name
|
|
_, ok := commonpb.ObjectPrivilege_value[dbPrivilege]
|
|
return ok
|
|
}
|
|
|
|
func PrivilegeGroupNameForMetastore(name string) string {
|
|
return PrivilegeGroupWord + name
|
|
}
|
|
|
|
func IsAnyWord(word string) bool {
|
|
return word == AnyWord
|
|
}
|
|
|
|
func IsBuiltinRole(roleName string) bool {
|
|
for _, builtinRole := range BuiltinRoles {
|
|
if builtinRole == roleName {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func GetObjectType(privName string) string {
|
|
for objectType, privs := range ObjectPrivileges {
|
|
if lo.Contains(privs, privName) {
|
|
return objectType
|
|
}
|
|
}
|
|
return commonpb.ObjectType_Global.String()
|
|
}
|