# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # import logging import nuvolaris.config as cfg from nuvolaris.milvus_simple_client import MilvusSimpleClient as MilvusClient class MilvusAdminClient: """ Simple Milvus Client used to perform Milvus administration Tasks """ def __init__(self, db_name="default"): self.admin_username = cfg.get("milvus.admin.user", "MILVUS_ROOT_USER", "root") self.milvus_api_host = cfg.get("milvus.host", "MILVUS_API_HOST", "nuvolaris-milvus") self.milvus_api_port = cfg.get("milvus.host", "MILVUS_API_PORT", "19530") self.admin_password = cfg.get("milvus.password.root", "MILVUS_ROOT_PASSWORD", "An0therPa55") self.milvus_url = f"http://{self.milvus_api_host}:{self.milvus_api_port}" self.milvus_admin_token = f"root:{self.admin_password}" #self.global_privileges_v1 = ['CreateCollection', 'DropCollection', 'DescribeCollection', 'ShowCollections', # 'RenameCollection'] self.global_privileges_v1 = [] # references: # https://milvus.io/docs/privilege_group.md # https://milvus.io/docs/grant_privileges.md#Grant-a-privilege-or-a-privilege-group-to-a-role self.global_privileges_v2 = ['CollectionAdmin','DatabaseAdmin'] def setup_user(self, username, password,database): """ Creates a user into MILVUS, creates a corresponding database param: username param: password param: database return: True if role has been successfully created """ role = f"{username}_role" try: # create the user and the database client = MilvusClient(uri=self.milvus_url,token=self.milvus_admin_token) client.create_user(username, password) client.create_database(db_name=database) client.close() # rest of action are performed specifying the database client = MilvusClient(uri=self.milvus_url,token=self.milvus_admin_token, db_name=database) client.create_role(role_name=role,db_name=database) for priv in self.global_privileges_v1: client.grant_privilege(role_name=role, object_type='Global', object_name='*', privilege=priv, db_name=database) for priv in self.global_privileges_v2: client.grant_privilege_v2(role_name=role, object_type='Global', object_name='*', collection_name='*', privilege=priv, db_name=database) client.grant_role(user_name=username,role_name=role,db_name=database) client.close() return True except Exception as ex: logging.error(f"Error adding MILVUS user {username}",ex) return False def remove_user(self, username, database): """ Removes a user from MILVUS, dropping corresponding database and roles param: username return: True if role has been successfully created """ role = f"{username}_role" try: # create the user and the database client = MilvusClient(uri=self.milvus_url,token=self.milvus_admin_token, db_name=database) collections = client.list_collections() for collection in collections: client.drop_collection(collection_name=collection) client.close() client = MilvusClient(uri=self.milvus_url,token=self.milvus_admin_token) for privilege in self.global_privileges_v1: client.revoke_privilege(role_name=role, object_type='Global', object_name='*', privilege=privilege, db_name=database) for privilege in self.global_privileges_v2: client.revoke_privilege_v2(role_name=role, object_type='Global', object_name='*', collection_name='*', privilege=privilege, db_name=database) client.drop_role(role_name=role,db_name=database) client.drop_user(user_name=username) client.drop_database(db_name=database) client.close() return True except Exception as ex: logging.error(f"Error removing MILVUS user {username}",ex) return False