Merge branch 'dev/1.30' of https://github.com/weaviate/weaviate-python-client into poc-separate-sync-and-async

tsmith023 · tsmith023 · commit 40dacae2d114 · 2025-04-03T15:54:18.000+01:00
diff --git a/integration/test_users.py b/integration/test_users.py
@@ -34,12 +34,12 @@ def test_get_user_roles_db(client_factory: ClientFactory) -> None:
     with client_factory(ports=RBAC_PORTS, auth_credentials=RBAC_AUTH_CREDS) as client:
         if client._connection._weaviate_version.is_lower_than(1, 30, 0):
             pytest.skip("This test requires Weaviate 1.30.0 or higher")
-        roles_base = client.users.db.get_assigned_roles("admin-user")
+        roles_base = client.users.db.get_assigned_roles(user_id="admin-user")
         names = list(roles_base.keys())
         assert len(roles_base) > 0
         assert isinstance(roles_base[names[0]], RoleBase)
 
-        roles = client.users.db.get_assigned_roles("admin-user", include_permissions=True)
+        roles = client.users.db.get_assigned_roles(user_id="admin-user", include_permissions=True)
         assert len(roles) > 0
         assert isinstance(roles[names[0]], Role)
 
@@ -48,12 +48,12 @@ def test_get_user_roles_oidc(client_factory: ClientFactory) -> None:
     with client_factory(ports=RBAC_PORTS, auth_credentials=RBAC_AUTH_CREDS) as client:
         if client._connection._weaviate_version.is_lower_than(1, 30, 0):
             pytest.skip("This test requires Weaviate 1.30.0 or higher")
-        roles_base = client.users.oidc.get_assigned_roles("admin-user")
+        roles_base = client.users.oidc.get_assigned_roles(user_id="admin-user")
         names = list(roles_base.keys())
         assert len(roles_base) > 0
         assert isinstance(roles_base[names[0]], RoleBase)
 
-        roles = client.users.oidc.get_assigned_roles("admin-user", include_permissions=True)
+        roles = client.users.oidc.get_assigned_roles(user_id="admin-user", include_permissions=True)
         assert len(roles) > 0
         assert isinstance(roles[names[0]], Role)
 
@@ -154,6 +154,42 @@ def test_de_activate(client_factory: ClientFactory) -> None:
         client.users.db.delete(user_id=randomUserName)
 
 
+def test_deactivate_and_revoke(client_factory: ClientFactory) -> None:
+    with client_factory(ports=RBAC_PORTS, auth_credentials=Auth.api_key("admin-key")) as client:
+        if client._connection._weaviate_version.is_lower_than(1, 30, 0):
+            pytest.skip("This test requires Weaviate 1.30.0 or higher")
+
+        randomUserName = "new-user" + str(random.randint(1, 1000))
+        apiKeyOld = client.users.db.create(user_id=randomUserName)
+        assert client.users.db.deactivate(user_id=randomUserName, revoke_key=True)
+
+        with pytest.raises(weaviate.exceptions.UnexpectedStatusCodeError):
+            weaviate.connect_to_local(
+                port=RBAC_PORTS[0],
+                grpc_port=RBAC_PORTS[1],
+                auth_credentials=Auth.api_key(apiKeyOld),
+            )
+
+        # re-activating is not enough
+        assert client.users.db.activate(user_id=randomUserName)
+        with pytest.raises(weaviate.exceptions.UnexpectedStatusCodeError):
+            weaviate.connect_to_local(
+                port=RBAC_PORTS[0],
+                grpc_port=RBAC_PORTS[1],
+                auth_credentials=Auth.api_key(apiKeyOld),
+            )
+
+        apiKeyNew = client.users.db.rotate_key(user_id=randomUserName)
+
+        with weaviate.connect_to_local(
+            port=RBAC_PORTS[0], grpc_port=RBAC_PORTS[1], auth_credentials=Auth.api_key(apiKeyNew)
+        ) as client2:
+            user = client2.users.get_my_user()
+            assert user.user_id == randomUserName
+
+        client.users.db.delete(user_id=randomUserName)
+
+
 def test_deprecated_syntax(client_factory: ClientFactory) -> None:
     with client_factory(ports=RBAC_PORTS, auth_credentials=Auth.api_key("admin-key")) as client:
         if client._connection._weaviate_version.is_lower_than(1, 30, 0):
diff --git a/weaviate/users/async_.pyi b/weaviate/users/async_.pyi
@@ -9,38 +9,38 @@ from typing_extensions import deprecated
 class _UsersOIDCAsync(_OIDCExecutor[ConnectionAsync]):
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[False] = False
+        self, *, user_id: str, include_permissions: Literal[False] = False
     ) -> Dict[str, RoleBase]: ...
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[True]
+        self, *, user_id: str, include_permissions: Literal[True]
     ) -> Dict[str, Role]: ...
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: bool = False
+        self, *, user_id: str, include_permissions: bool = False
     ) -> Union[Dict[str, Role], Dict[str, RoleBase]]: ...
     async def assign_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     async def revoke_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
 
 class _UsersDBAsync(_DBExecutor[ConnectionAsync]):
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[False] = False
+        self, *, user_id: str, include_permissions: Literal[False] = False
     ) -> Dict[str, RoleBase]: ...
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[True]
+        self, *, user_id: str, include_permissions: Literal[True]
     ) -> Dict[str, Role]: ...
     @overload
     async def get_assigned_roles(
-        self, user_id: str, include_permissions: bool = False
+        self, *, user_id: str, include_permissions: bool = False
     ) -> Union[Dict[str, Role], Dict[str, RoleBase]]: ...
     async def assign_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     async def revoke_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     async def create(self, *, user_id: str) -> str: ...
     async def delete(self, *, user_id: str) -> bool: ...
     async def rotate_key(self, *, user_id: str) -> str: ...
-    async def deactivate(self, *, user_id: str) -> bool: ...
+    async def deactivate(self, *, user_id: str, revoke_key: bool) -> bool: ...
     async def activate(self, *, user_id: str) -> bool: ...
     async def get(self, *, user_id: str) -> UserDB: ...
     async def list_all(self) -> List[UserDB]: ...
diff --git a/weaviate/users/executor.py b/weaviate/users/executor.py
@@ -219,6 +219,7 @@ def revoke_roles(
 class _OIDCExecutor(Generic[ConnectionType], _BaseExecutor[ConnectionType]):
     def get_assigned_roles(
         self,
+        *,
         user_id: str,
         include_permissions: bool = False,
     ) -> executor.Result[Union[Dict[str, Role], Dict[str, RoleBase]]]:
@@ -275,7 +276,7 @@ def revoke_roles(
 
 class _DBExecutor(Generic[ConnectionType], _BaseExecutor[ConnectionType]):
     def get_assigned_roles(
-        self, user_id: str, include_permissions: bool = False
+        self, *, user_id: str, include_permissions: bool = False
     ) -> executor.Result[Union[Dict[str, Role], Dict[str, RoleBase]]]:
         """Get the roles assigned to a user.
 
@@ -403,11 +404,12 @@ def resp(res: Response) -> bool:
             status_codes=_ExpectedStatusCodes(ok_in=[200, 409], error="Activate user"),
         )
 
-    def deactivate(self, *, user_id: str) -> executor.Result[bool]:
+    def deactivate(self, *, user_id: str, revoke_key: bool) -> executor.Result[bool]:
         """Deactivate an active user.
 
         Args:
             user_id: The id of the user.
+            revoke_key: If True, the old key will be revoked and needs to be rotated.
         """
 
         def resp(res: Response) -> bool:
@@ -417,7 +419,7 @@ def resp(res: Response) -> bool:
             response_callback=resp,
             method=self._connection.post,
             path=f"/users/db/{user_id}/deactivate",
-            weaviate_object={},
+            weaviate_object={"revoke_key": revoke_key},
             error_msg=f"Could not deactivate user '{user_id}'",
             status_codes=_ExpectedStatusCodes(ok_in=[200, 409], error="Deactivate user"),
         )
diff --git a/weaviate/users/sync.pyi b/weaviate/users/sync.pyi
@@ -9,38 +9,38 @@ from typing_extensions import deprecated
 class _UsersOIDC(_OIDCExecutor[ConnectionSync]):
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[False] = False
+        self, *, user_id: str, include_permissions: Literal[False] = False
     ) -> Dict[str, RoleBase]: ...
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[True]
+        self, *, user_id: str, include_permissions: Literal[True]
     ) -> Dict[str, Role]: ...
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: bool = False
+        self, *, user_id: str, include_permissions: bool = False
     ) -> Union[Dict[str, Role], Dict[str, RoleBase]]: ...
     def assign_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     def revoke_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
 
 class _UsersDB(_DBExecutor[ConnectionSync]):
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[False] = False
+        self, *, user_id: str, include_permissions: Literal[False] = False
     ) -> Dict[str, RoleBase]: ...
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: Literal[True]
+        self, *, user_id: str, include_permissions: Literal[True]
     ) -> Dict[str, Role]: ...
     @overload
     def get_assigned_roles(
-        self, user_id: str, include_permissions: bool = False
+        self, *, user_id: str, include_permissions: bool = False
     ) -> Union[Dict[str, Role], Dict[str, RoleBase]]: ...
     def assign_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     def revoke_roles(self, *, user_id: str, role_names: Union[str, List[str]]) -> None: ...
     def create(self, *, user_id: str) -> str: ...
     def delete(self, *, user_id: str) -> bool: ...
     def rotate_key(self, *, user_id: str) -> str: ...
-    def deactivate(self, *, user_id: str) -> bool: ...
+    def deactivate(self, *, user_id: str, revoke_key: bool = False) -> bool: ...
     def activate(self, *, user_id: str) -> bool: ...
     def get(self, *, user_id: str) -> UserDB: ...
     def list_all(self) -> List[UserDB]: ...
