20241212 rbac patches

_includes/code/python/howto.configure.rbac.permissions.py

@@ -6,13 +6,18 @@
 # END-ANY
 from weaviate.classes.init import Auth
 
-admin_client = weaviate.connect_to_local(auth_credentials=Auth.api_key("admin-key"))
+admin_client = weaviate.connect_to_local(
+    # Use custom port defined in tests/docker-compose-rbac.yml (without showing the user)
+    port=8580,
+    grpc_port=50551,
+    auth_credentials=Auth.api_key("admin-key")
+)
 
 def reset_user(user: str):
     # Clean slate
     current_roles = admin_client.roles.by_user(user)  # check if user exists
     for k in current_roles.keys():
-        admin_client.roles.revoke(role_names=k, user=user)  # revoke all roles
+        admin_client.roles.revoke_from_user(role_names=k, user=user)  # revoke all roles
 
 # =================================================================
 # =============== EXAMPLE: READ + WRITE PERMISSIONS
@@ -46,7 +51,7 @@ def reset_user(user: str):
 
 # Create a new role and assign it to a user
 admin_client.roles.create(role_name="rw_role_target_collections", permissions=admin_permissions)
-admin_client.roles.assign(role_names="rw_role_target_collections", user="other-user")
+admin_client.roles.assign_to_user(role_names="rw_role_target_collections", user="other-user")
 # END ReadWritePermissionDefinition
 
 # ===== TEST ===== basic checks to see if the role was created
@@ -76,7 +81,7 @@ def reset_user(user: str):
 
 # Create a new role and assign it to a user
 admin_client.roles.create(role_name="viewer_role_target_collections", permissions=viewer_permissions)
-admin_client.roles.assign(role_names="viewer_role_target_collections", user="other-user")
+admin_client.roles.assign_to_user(role_names="viewer_role_target_collections", user="other-user")
 # END ViewerPermissionDefinition
 
 # ===== TEST ===== basic checks to see if the role was created

_includes/code/python/howto.configure.rbac.roles.py

@@ -3,7 +3,14 @@
 from weaviate.classes.init import Auth
 
 # Connect to Weaviate as Admin
-admin_client = weaviate.connect_to_local(auth_credentials=Auth.api_key("admin-key"))
+admin_client = weaviate.connect_to_local(
+    # END AdminClient
+    # Use custom port defined in tests/docker-compose-rbac.yml (without showing the user)
+    port=8580,
+    grpc_port=50551,
+    # START AdminClient
+    auth_credentials=Auth.api_key("admin-key")
+)
 # END AdminClient
 
 permissions_to_add = [

requirements.txt

@@ -100,7 +100,7 @@ uvloop==0.19.0
 validators==0.34.0
 watchfiles==0.22.0
 wcwidth==0.2.13
-weaviate-client==4.10.0b2
+weaviate-client==4.10.0
 weaviate-demo-datasets==0.6.0
 websockets==12.0
 wrapt==1.16.0

tests/docker-compose-anon-2.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     ports:
     - 8090:8080
     - 50061:50051

tests/docker-compose-anon-bind.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     ports:
     - 8380:8080
     - 50351:50051

tests/docker-compose-anon-clip.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     ports:
     - 8280:8080
     - 50251:50051

tests/docker-compose-anon.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     ports:
     - 8080:8080
     - 50051:50051

tests/docker-compose-rbac.yml

@@ -0,0 +1,35 @@
+---
+services:
+  weaviate_rbac:
+    command:
+    - --host
+    - 0.0.0.0
+    - --port
+    - '8080'
+    - --scheme
+    - http
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
+    ports:
+    - 8580:8080
+    - 50551:50051
+    restart: on-failure:0
+    environment:
+      QUERY_DEFAULTS_LIMIT: 25
+      PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
+      ASYNC_INDEXING: 'true'
+      ENABLE_MODULES: 'text2vec-ollama,generative-ollama,backup-filesystem,offload-s3'
+      ENABLE_API_BASED_MODULES: 'true'
+      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY:-}
+      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_KEY:-}
+      OFFLOAD_S3_BUCKET_AUTO_CREATE: 'true'
+      BACKUP_FILESYSTEM_PATH: '/var/lib/weaviate/backups'
+      CLUSTER_HOSTNAME: 'node1'
+      # AuthN and AuthZ settings
+      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'false'
+      AUTHENTICATION_APIKEY_ENABLED: 'true'
+      AUTHENTICATION_APIKEY_ALLOWED_KEYS: 'viewer-key,admin-key,other-user'
+      AUTHENTICATION_APIKEY_USERS: 'viewer-user,admin-user,other-user'
+      AUTHORIZATION_ENABLE_RBAC: 'true'
+      AUTHORIZATION_ADMIN_USERS: 'admin-user'
+      AUTHORIZATION_VIEWER_USERS: 'viewer-user'
+...

tests/docker-compose-three-nodes.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     restart: on-failure:0
     ports:
      - "8180:8080"
@@ -39,7 +39,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     restart: on-failure:0
     ports:
      - "8181:8080"
@@ -71,7 +71,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     restart: on-failure:0
     ports:
      - "8182:8080"

tests/docker-compose.yml

@@ -8,7 +8,7 @@ services:
     - '8080'
     - --scheme
     - http
-    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0-rc.0
+    image: cr.weaviate.io/semitechnologies/weaviate:1.28.0
     ports:
     - 8099:8080
     - 50052:50051

tests/start-weaviate.sh

@@ -2,6 +2,7 @@
 
 echo "Run Docker compose"
 nohup docker compose -f ./tests/docker-compose.yml up -d
+nohup docker compose -f ./tests/docker-compose-rbac.yml up -d
 nohup docker compose -f ./tests/docker-compose-anon.yml up -d
 nohup docker compose -f ./tests/docker-compose-anon-2.yml up -d
 nohup docker compose -f ./tests/docker-compose-anon-clip.yml up -d

tests/stop-weaviate.sh

@@ -2,6 +2,7 @@
 
 echo "Stop Docker compose"
 docker compose -f ./tests/docker-compose.yml down  --timeout 30
+docker compose -f ./tests/docker-compose-rbac.yml down  --timeout 30
 docker compose -f ./tests/docker-compose-anon.yml down  --timeout 30
 docker compose -f ./tests/docker-compose-anon-2.yml down  --timeout 30
 docker compose -f ./tests/docker-compose-anon-clip.yml down  --timeout 30

tests/test_configure.py

@@ -8,6 +8,7 @@
     "script_loc",
     [
         "./_includes/code/howto/configure.backups.py",
+        "./_includes/code/python/howto.configure.rbac.permissions.py",
     ],
 )
 def test_pyv4(empty_weaviates, script_loc):