add rbac test case (milvus-io#18787)

Signed-off-by: huangjincheng2022 <[email protected]>

Signed-off-by: huangjincheng2022 <[email protected]>

Author: huangjincheng2022

tests/python_client/base/utility_wrapper.py

@@ -7,6 +7,7 @@
 from check.func_check import ResponseChecker
 from utils.api_request import api_request
 from common.common_type import BulkLoadStates
+from pymilvus.orm.role import Role
 
 
 TIMEOUT = 20
@@ -16,6 +17,7 @@ class ApiUtilityWrapper:
     """ Method of encapsulating utility files """
 
     ut = utility
+    role = None
 
     def bulk_load(self, collection_name,  partition_name="", row_based=True, files="", timeout=None,
                   using="default", check_task=None, check_items=None, **kwargs):
@@ -251,3 +253,95 @@ def delete_user(self, user, using="default", check_task=None, check_items=None):
         check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
                                        using=using).run()
         return res, check_result
+
+    def init_role(self, name, using="default", check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, is_succ = api_request([Role, name, using], **kwargs)
+        self.role = res if is_succ else None
+        check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
+                                       name=name, **kwargs).run()
+        return res, check_result
+
+    def create_role(self, using="default", check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, is_succ = api_request([self.role.create], **kwargs)
+        res = res if is_succ else None
+        check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
+                                       **kwargs).run()
+        return res, check_result
+
+    def list_roles(self, include_user_info: bool, using="default", check_task=None, check_items=None):
+        func_name = sys._getframe().f_code.co_name
+        res, is_succ = api_request([self.ut.list_roles, include_user_info, using])
+        check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ, using=using).run()
+        return res, check_result
+
+    def list_user(self, username: str, include_role_info: bool, using="default", check_task=None, check_items=None):
+        func_name = sys._getframe().f_code.co_name
+        res, is_succ = api_request([self.ut.list_user, username, include_role_info, using])
+        check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ, using=using).run()
+        return res, check_result
+
+    def list_users(self, include_role_info: bool, using="default", check_task=None, check_items=None):
+        func_name = sys._getframe().f_code.co_name
+        res, is_succ = api_request([self.ut.list_users, include_role_info, using])
+        check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ, using=using).run()
+        return res, check_result
+
+    def role_drop(self, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.drop], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_is_exist(self, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.is_exist], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_add_user(self, username: str, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.add_user, username], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_remove_user(self, username: str, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.remove_user, username], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_get_users(self, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.get_users], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    @property
+    def role_name(self):
+        return self.role.name
+
+    def role_grant(self, object: str, object_name: str, privilege: str, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.grant, object, object_name, privilege], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_revoke(self, object: str, object_name: str, privilege: str, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.revoke, object, object_name, privilege], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_list_grant(self, object: str, object_name: str, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.list_grant, object, object_name], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result
+
+    def role_list_grants(self, check_task=None, check_items=None, **kwargs):
+        func_name = sys._getframe().f_code.co_name
+        res, check = api_request([self.role.list_grants], **kwargs)
+        check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
+        return res, check_result

tests/python_client/check/func_check.py

@@ -1,4 +1,5 @@
 from pymilvus.client.types import CompactionPlans
+from pymilvus.orm.role import Role
 
 from utils.util_log import test_log as log
 from common import common_type as ct
@@ -75,6 +76,10 @@ def run(self):
         elif self.check_task == CheckTasks.check_merge_compact:
             result = self.check_merge_compact_plan(self.response, self.func_name, self.check_items)
 
+        elif self.check_task == CheckTasks.check_role_property:
+            # Collection interface response check
+            result = self.check_role_property(self.response, self.func_name, self.check_items)
+
         # Add check_items here if something new need verify
 
         return result
@@ -373,3 +378,15 @@ def check_merge_compact_plan(compaction_plans, func_name, check_items):
         assert len(compaction_plans.plans[0].sources) == segment_num
         assert compaction_plans.plans[0].target not in compaction_plans.plans[0].sources
 
+    @staticmethod
+    def check_role_property(role, func_name, check_items):
+        exp_func_name = "create_role"
+        if func_name != exp_func_name:
+            log.warning("The function name is {} rather than {}".format(func_name, exp_func_name))
+        if not isinstance(role, Role):
+            raise Exception("The result to check isn't role type object")
+        if check_items is None:
+            raise Exception("No expect values found in the check task")
+        if check_items.get("name", None):
+            assert role.name == check_items["name"]
+        return True

tests/python_client/common/common_func.py

@@ -13,6 +13,7 @@
 
 """" Methods of processing data """
 
+
 class ParamInfo:
     def __init__(self):
         self.param_host = ""
@@ -54,11 +55,15 @@ def gen_bool_field(name=ct.default_bool_field_name, description=ct.default_desc,
                                                               is_primary=is_primary, **kwargs)
     return bool_field
 
-def gen_string_field(name=ct.default_string_field_name, description=ct.default_desc, is_primary=False, max_length=ct.default_length, **kwargs):
-    string_field, _ = ApiFieldSchemaWrapper().init_field_schema(name=name, dtype=DataType.VARCHAR, description=description, max_length=max_length, 
-                                                              is_primary=is_primary, **kwargs)
+
+def gen_string_field(name=ct.default_string_field_name, description=ct.default_desc, is_primary=False,
+                     max_length=ct.default_length, **kwargs):
+    string_field, _ = ApiFieldSchemaWrapper().init_field_schema(name=name, dtype=DataType.VARCHAR,
+                                                                description=description, max_length=max_length,
+                                                                is_primary=is_primary, **kwargs)
     return string_field
 
+
 def gen_int8_field(name=ct.default_int8_field_name, description=ct.default_desc, is_primary=False, **kwargs):
     int8_field, _ = ApiFieldSchemaWrapper().init_field_schema(name=name, dtype=DataType.INT8, description=description,
                                                               is_primary=is_primary, **kwargs)
@@ -118,6 +123,7 @@ def gen_default_collection_schema(description=ct.default_desc, primary_field=ct.
                                                                     primary_field=primary_field, auto_id=auto_id)
     return schema
 
+
 def gen_general_collection_schema(description=ct.default_desc, primary_field=ct.default_int64_field_name,
                                   auto_id=False, is_binary=False, dim=ct.default_dim):
     if is_binary:
@@ -128,8 +134,9 @@ def gen_general_collection_schema(description=ct.default_desc, primary_field=ct.
                                                                     primary_field=primary_field, auto_id=auto_id)
     return schema
 
+
 def gen_string_pk_default_collection_schema(description=ct.default_desc, primary_field=ct.default_string_field_name,
-                                  auto_id=False, dim=ct.default_dim):
+                                            auto_id=False, dim=ct.default_dim):
     fields = [gen_int64_field(), gen_float_field(), gen_string_field(), gen_float_vec_field(dim=dim)]
     schema, _ = ApiCollectionSchemaWrapper().init_collection_schema(fields=fields, description=description,
                                                                     primary_field=primary_field, auto_id=auto_id)
@@ -162,32 +169,33 @@ def gen_default_binary_collection_schema(description=ct.default_desc, primary_fi
 
 
 def gen_schema_multi_vector_fields(vec_fields):
-    fields = [gen_int64_field(), gen_float_field(),gen_string_field(), gen_float_vec_field()]
+    fields = [gen_int64_field(), gen_float_field(), gen_string_field(), gen_float_vec_field()]
     fields.extend(vec_fields)
     primary_field = ct.default_int64_field_name
     schema, _ = ApiCollectionSchemaWrapper().init_collection_schema(fields=fields, description=ct.default_desc,
                                                                     primary_field=primary_field, auto_id=False)
     return schema
 
+
 def gen_schema_multi_string_fields(string_fields):
-    fields =[gen_int64_field(), gen_float_field(),gen_string_field(),gen_float_vec_field()]
+    fields = [gen_int64_field(), gen_float_field(), gen_string_field(), gen_float_vec_field()]
     fields.extend(string_fields)
     primary_field = ct.default_int64_field_name
     schema, _ = ApiCollectionSchemaWrapper().init_collection_schema(fields=fields, description=ct.default_desc,
                                                                     primary_field=primary_field, auto_id=False)
     return schema
 
 
-
 def gen_vectors(nb, dim):
     vectors = [[random.random() for _ in range(dim)] for _ in range(nb)]
     vectors = preprocessing.normalize(vectors, axis=1, norm='l2')
     return vectors.tolist()
 
+
 def gen_string(nb):
     string_values = [str(random.random()) for _ in range(nb)]
     return string_values
-    
+
 
 def gen_binary_vectors(num, dim):
     raw_vectors = []
@@ -239,6 +247,7 @@ def gen_dataframe_multi_vec_fields(vec_fields, nb=ct.default_nb):
         df[field.name] = vec_values
     return df
 
+
 def gen_dataframe_multi_string_fields(string_fields, nb=ct.default_nb):
     """
     gen dataframe data for fields: int64, float, float_vec and vec_fields
@@ -495,17 +504,18 @@ def gen_normal_string_expressions(field):
         f"{field} == \"0\"|| {field} == \"1\"|| {field} ==\"2\"",
         f"{field} != \"0\"",
         f"{field} not in [\"0\", \"1\", \"2\"]",
-        f"{field} in [\"0\", \"1\", \"2\"]"    
+        f"{field} in [\"0\", \"1\", \"2\"]"
     ]
     return expressions
 
+
 def gen_invaild_string_expressions():
     expressions = [
         "varchar in [0,  \"1\"]",
-        "varchar not in [\"0\", 1, 2]"    
+        "varchar not in [\"0\", 1, 2]"
     ]
     return expressions
-    
+
 
 def gen_normal_expressions_field(field):
     expressions = [
@@ -705,6 +715,7 @@ def get_segment_distribution(res):
 
     return segment_distribution
 
+
 def percent_to_int(string):
     """
     transform percent(0%--100%) to int
@@ -720,3 +731,31 @@ def percent_to_int(string):
         new_int = int(string.strip("%"))
 
     return new_int
+
+
+def gen_grant_list(collection_name):
+    grant_list = [{"object": "Collection", "object_name": collection_name, "privilege": "Load"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Release"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Compaction"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Delete"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "GetStatistics"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "CreateIndex"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "IndexDetail"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "DropIndex"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Search"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Flush"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Query"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "LoadBalance"},
+                  {"object": "Collection", "object_name": collection_name, "privilege": "Import"},
+                  {"object": "Global", "object_name": "*", "privilege": "All"},
+                  {"object": "Global", "object_name": "*", "privilege": "CreateCollection"},
+                  {"object": "Global", "object_name": "*", "privilege": "DropCollection"},
+                  {"object": "Global", "object_name": "*", "privilege": "DescribeCollection"},
+                  {"object": "Global", "object_name": "*", "privilege": "ShowCollections"},
+                  {"object": "Global", "object_name": "*", "privilege": "CreateOwnership"},
+                  {"object": "Global", "object_name": "*", "privilege": "DropOwnership"},
+                  {"object": "Global", "object_name": "*", "privilege": "SelectOwnership"},
+                  {"object": "Global", "object_name": "*", "privilege": "ManageOwnership"},
+                  {"object": "User", "object_name": "*", "privilege": "UpdateUser"},
+                  {"object": "User", "object_name": "*", "privilege": "SelectUser"}]
+    return grant_list

tests/python_client/common/common_type.py

@@ -194,6 +194,7 @@ class CheckTasks:
     check_distance = "check_distance"
     check_delete_compact = "check_delete_compact"
     check_merge_compact = "check_merge_compact"
+    check_role_property = "check_role_property"
 
 
 class BulkLoadStates: