add privilege group orm

Signed-off-by: shaoting-huang <[email protected]>
milvus-io · Nov 18, 2024 · 26c8b74 · 26c8b74
1 parent 016ff55
commit 26c8b74
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 0 deletions.
diff --git a/pymilvus/client/check.py b/pymilvus/client/check.py
@@ -275,6 +275,12 @@ def is_legal_operate_privilege_type(operate_privilege_type: Any) -> bool:
         milvus_types.OperatePrivilegeType.Revoke,
     )
 
+def is_legal_privilege_group(privilege_group: Any) -> bool:
+    return privilege_group and isinstance(privilege_group, str)
+
+def is_legal_privileges(privileges: Any) -> bool:
+    return privileges and isinstance(privileges, list) and all(is_legal_privilege(p) for p in privileges)
+
 
 class ParamChecker(metaclass=Singleton):
     def __init__(self) -> None:
@@ -320,6 +326,8 @@ def __init__(self) -> None:
             "timeout": is_legal_timeout,
             "drop_ratio_build": is_legal_drop_ratio,
             "drop_ratio_search": is_legal_drop_ratio,
+            "privilege_group": is_legal_privilege_group,
+            "privileges": is_legal_privileges,
         }
 
     def check(self, key: str, value: Callable):

diff --git a/pymilvus/orm/role.py b/pymilvus/orm/role.py
@@ -221,3 +221,81 @@ def list_grants(self, db_name: str = ""):
             >>> role.list_grants()
         """
         return self._get_connection().select_grant_for_one_role(self._name, db_name)
+
+    def create_privilege_group(self, group_name: str):
+        """Create a privilege group for the role
+            :param group_name: privilege group name.
+            :type  group_name: str
+
+        :example:
+            >>> from pymilvus import connections
+            >>> from pymilvus.orm.role import Role
+            >>> connections.connect()
+            >>> role = Role(role_name)
+            >>> role.create_privilege_group(group_name)
+        """
+        return self._get_connection().create_privilege_group(self._name, group_name)
+
+    def drop_privilege_group(self, group_name: str):
+        """Drop a privilege group for the role
+            :param group_name: privilege group name.
+            :type  group_name: str
+
+        :example:
+            >>> from pymilvus import connections
+            >>> from pymilvus.orm.role import Role
+            >>> connections.connect()
+            >>> role = Role(role_name)
+            >>> role.drop_privilege_group(group_name)
+        """
+        return self._get_connection().drop_privilege_group(self._name, group_name)
+
+    def list_privilege_groups(self):
+        """List all privilege groups for the role
+            :return a PrivilegeGroupInfo object
+            :rtype PrivilegeGroupInfo
+
+            PrivilegeGroupInfo groups:
+            - PrivilegeGroupItem: <group_name:group1>, <privileges:['Insert', 'Select']>
+
+        :example:
+            >>> from pymilvus import connections
+            >>> from pymilvus.orm.role import Role
+            >>> connections.connect()
+            >>> role = Role(role_name)
+            >>> role.list_privilege_groups()
+        """
+        return self._get_connection().list_privilege_groups(self._name)
+
+    def add_privileges_to_group(self, group_name: str, privileges: list):
+        """Add privileges to a privilege group for the role
+            :param group_name: privilege group name.
+            :type  group_name: str
+            :param privileges: a list of privilege names.
+            :type  privileges: list
+
+        :example:
+            >>> from pymilvus import connections
+            >>> from pymilvus.orm.role import Role
+            >>> connections.connect()
+            >>> role = Role(role_name)
+            >>> role.add_privileges_to_group(group_name, ["Insert", "Select"])
+        """
+        return self._get_connection().add_privileges_to_group(self._name, group_name, privileges)
+
+    def remove_privileges_from_group(self, group_name: str, privileges: list):
+        """Remove privileges from a privilege group for the role
+            :param group_name: privilege group name.
+            :type  group_name: str
+            :param privileges: a list of privilege names.
+            :type  privileges: list
+
+        :example:
+            >>> from pymilvus import connections
+            >>> from pymilvus.orm.role import Role
+            >>> connections.connect()
+            >>> role = Role(role_name)
+            >>> role.remove_privileges_from_group(group_name, ["Insert", "Select"])
+        """
+        return self._get_connection().remove_privileges_from_group(self._name, group_name, privileges)
+