Skip to content

Commit ca1cb88

Browse files
tsmith023tsmith023
authored
Merge pull request #2010 from weaviate/mcp-rbac
Add MCP permission
2 parents 7e5b1be + 0955364 commit ca1cb88

3 files changed

Lines changed: 109 additions & 1 deletion

File tree

.github/workflows/main.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ env:
2828
WEAVIATE_134: 1.34.19
2929
WEAVIATE_135: 1.35.16-efdedfa
3030
WEAVIATE_136: 1.36.9-d905e6c
31-
WEAVIATE_137: 1.37.0-rc.1-bc3891e
31+
WEAVIATE_137: 1.37.1
3232

3333
jobs:
3434
lint-and-format:

integration/test_rbac.py

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
CollectionsPermissionOutput,
1515
DataPermissionOutput,
1616
GroupsPermissionOutput,
17+
MCPPermissionOutput,
1718
NodesPermissionOutput,
1819
Role,
1920
ReplicatePermissionOutput,
@@ -44,6 +45,7 @@
4445
backups_permissions=[
4546
BackupsPermissionOutput(collection="Test", actions={Actions.Backups.MANAGE})
4647
],
48+
mcp_permissions=[],
4749
nodes_permissions=[],
4850
tenants_permissions=[],
4951
replicate_permissions=[],
@@ -62,6 +64,7 @@
6264
roles_permissions=[],
6365
data_permissions=[],
6466
backups_permissions=[],
67+
mcp_permissions=[],
6568
nodes_permissions=[],
6669
tenants_permissions=[],
6770
replicate_permissions=[],
@@ -84,6 +87,7 @@
8487
roles_permissions=[],
8588
data_permissions=[],
8689
backups_permissions=[],
90+
mcp_permissions=[],
8791
nodes_permissions=[],
8892
tenants_permissions=[],
8993
replicate_permissions=[],
@@ -104,6 +108,7 @@
104108
DataPermissionOutput(collection="*", tenant="*", actions={Actions.Data.CREATE})
105109
],
106110
backups_permissions=[],
111+
mcp_permissions=[],
107112
nodes_permissions=[],
108113
tenants_permissions=[],
109114
replicate_permissions=[],
@@ -137,6 +142,7 @@
137142
),
138143
],
139144
backups_permissions=[],
145+
mcp_permissions=[],
140146
nodes_permissions=[],
141147
tenants_permissions=[],
142148
replicate_permissions=[],
@@ -155,6 +161,7 @@
155161
roles_permissions=[],
156162
data_permissions=[],
157163
backups_permissions=[],
164+
mcp_permissions=[],
158165
nodes_permissions=[
159166
NodesPermissionOutput(
160167
verbosity="verbose", actions={Actions.Nodes.READ}, collection="Test"
@@ -177,6 +184,7 @@
177184
roles_permissions=[],
178185
data_permissions=[],
179186
backups_permissions=[],
187+
mcp_permissions=[],
180188
nodes_permissions=[
181189
NodesPermissionOutput(
182190
verbosity="minimal", actions={Actions.Nodes.READ}, collection="*"
@@ -203,6 +211,7 @@
203211
],
204212
data_permissions=[],
205213
backups_permissions=[],
214+
mcp_permissions=[],
206215
nodes_permissions=[],
207216
tenants_permissions=[],
208217
replicate_permissions=[],
@@ -221,6 +230,7 @@
221230
roles_permissions=[],
222231
data_permissions=[],
223232
backups_permissions=[],
233+
mcp_permissions=[],
224234
nodes_permissions=[],
225235
tenants_permissions=[
226236
TenantsPermissionOutput(
@@ -247,6 +257,7 @@
247257
roles_permissions=[],
248258
data_permissions=[],
249259
backups_permissions=[],
260+
mcp_permissions=[],
250261
nodes_permissions=[],
251262
tenants_permissions=[
252263
TenantsPermissionOutput(
@@ -290,6 +301,7 @@
290301
roles_permissions=[],
291302
data_permissions=[],
292303
backups_permissions=[],
304+
mcp_permissions=[],
293305
nodes_permissions=[],
294306
tenants_permissions=[],
295307
replicate_permissions=[],
@@ -310,6 +322,7 @@
310322
roles_permissions=[],
311323
data_permissions=[],
312324
backups_permissions=[],
325+
mcp_permissions=[],
313326
nodes_permissions=[],
314327
tenants_permissions=[],
315328
replicate_permissions=[
@@ -355,6 +368,7 @@
355368
roles_permissions=[],
356369
data_permissions=[],
357370
backups_permissions=[],
371+
mcp_permissions=[],
358372
nodes_permissions=[],
359373
tenants_permissions=[],
360374
replicate_permissions=[],
@@ -379,6 +393,7 @@
379393
roles_permissions=[],
380394
data_permissions=[],
381395
backups_permissions=[],
396+
mcp_permissions=[],
382397
nodes_permissions=[],
383398
tenants_permissions=[],
384399
replicate_permissions=[],
@@ -403,13 +418,56 @@
403418
roles_permissions=[],
404419
data_permissions=[],
405420
backups_permissions=[],
421+
mcp_permissions=[],
406422
nodes_permissions=[],
407423
tenants_permissions=[],
408424
replicate_permissions=[],
409425
groups_permissions=[],
410426
),
411427
32, # Minimum version for alias permissions
412428
),
429+
(
430+
Permissions.mcp(create=True, read=True, update=True),
431+
Role(
432+
name="MCPAll",
433+
alias_permissions=[],
434+
cluster_permissions=[],
435+
users_permissions=[],
436+
collections_permissions=[],
437+
roles_permissions=[],
438+
data_permissions=[],
439+
backups_permissions=[],
440+
mcp_permissions=[
441+
MCPPermissionOutput(
442+
actions={Actions.MCP.CREATE, Actions.MCP.READ, Actions.MCP.UPDATE}
443+
)
444+
],
445+
nodes_permissions=[],
446+
tenants_permissions=[],
447+
replicate_permissions=[],
448+
groups_permissions=[],
449+
),
450+
37, # Minimum version for MCP permissions
451+
),
452+
(
453+
Permissions.mcp(read=True),
454+
Role(
455+
name="MCPRead",
456+
alias_permissions=[],
457+
cluster_permissions=[],
458+
users_permissions=[],
459+
collections_permissions=[],
460+
roles_permissions=[],
461+
data_permissions=[],
462+
backups_permissions=[],
463+
mcp_permissions=[MCPPermissionOutput(actions={Actions.MCP.READ})],
464+
nodes_permissions=[],
465+
tenants_permissions=[],
466+
replicate_permissions=[],
467+
groups_permissions=[],
468+
),
469+
37, # Minimum version for MCP permissions
470+
),
413471
(
414472
Permissions.Groups.oidc(group="MyGroup", read=True),
415473
Role(
@@ -421,6 +479,7 @@
421479
roles_permissions=[],
422480
data_permissions=[],
423481
backups_permissions=[],
482+
mcp_permissions=[],
424483
nodes_permissions=[],
425484
tenants_permissions=[],
426485
replicate_permissions=[],

weaviate/rbac/models.py

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -252,6 +252,16 @@ def values() -> List[str]:
252252
return [action.value for action in BackupsAction]
253253

254254

255+
class MCPAction(str, _Action, Enum):
256+
CREATE = "create_mcp"
257+
READ = "read_mcp"
258+
UPDATE = "update_mcp"
259+
260+
@staticmethod
261+
def values() -> List[str]:
262+
return [action.value for action in MCPAction]
263+
264+
255265
class ReplicateAction(str, _Action, Enum):
256266
CREATE = "create_replicate"
257267
READ = "read_replicate"
@@ -407,6 +417,16 @@ def _to_weaviate(self) -> List[WeaviatePermission]:
407417
]
408418

409419

420+
class _MCPPermission(_Permission[MCPAction]):
421+
def _to_weaviate(self) -> List[WeaviatePermission]:
422+
return [
423+
{
424+
"action": action,
425+
}
426+
for action in self.actions
427+
]
428+
429+
410430
class _ClusterPermission(_Permission[ClusterAction]):
411431
def _to_weaviate(self) -> List[WeaviatePermission]:
412432
return [
@@ -470,6 +490,10 @@ class BackupsPermissionOutput(_BackupsPermission):
470490
pass
471491

472492

493+
class MCPPermissionOutput(_MCPPermission):
494+
pass
495+
496+
473497
class NodesPermissionOutput(_NodesPermission):
474498
pass
475499

@@ -486,6 +510,7 @@ class TenantsPermissionOutput(_TenantsPermission):
486510
RolesPermissionOutput,
487511
UsersPermissionOutput,
488512
BackupsPermissionOutput,
513+
MCPPermissionOutput,
489514
NodesPermissionOutput,
490515
TenantsPermissionOutput,
491516
ReplicatePermissionOutput,
@@ -507,6 +532,7 @@ class Role(RoleBase):
507532
roles_permissions: List[RolesPermissionOutput]
508533
users_permissions: List[UsersPermissionOutput]
509534
backups_permissions: List[BackupsPermissionOutput]
535+
mcp_permissions: List[MCPPermissionOutput]
510536
nodes_permissions: List[NodesPermissionOutput]
511537
tenants_permissions: List[TenantsPermissionOutput]
512538
replicate_permissions: List[ReplicatePermissionOutput]
@@ -522,6 +548,7 @@ def permissions(self) -> List[PermissionsOutputType]:
522548
permissions.extend(self.roles_permissions)
523549
permissions.extend(self.users_permissions)
524550
permissions.extend(self.backups_permissions)
551+
permissions.extend(self.mcp_permissions)
525552
permissions.extend(self.nodes_permissions)
526553
permissions.extend(self.tenants_permissions)
527554
permissions.extend(self.replicate_permissions)
@@ -537,6 +564,7 @@ def _from_weaviate_role(cls, role: WeaviateRole) -> "Role":
537564
roles_permissions: List[RolesPermissionOutput] = []
538565
data_permissions: List[DataPermissionOutput] = []
539566
backups_permissions: List[BackupsPermissionOutput] = []
567+
mcp_permissions: List[MCPPermissionOutput] = []
540568
nodes_permissions: List[NodesPermissionOutput] = []
541569
tenants_permissions: List[TenantsPermissionOutput] = []
542570
replicate_permissions: List[ReplicatePermissionOutput] = []
@@ -605,6 +633,10 @@ def _from_weaviate_role(cls, role: WeaviateRole) -> "Role":
605633
actions={BackupsAction(permission["action"])},
606634
)
607635
)
636+
elif permission["action"] in MCPAction.values():
637+
mcp_permissions.append(
638+
MCPPermissionOutput(actions={MCPAction(permission["action"])})
639+
)
608640
elif permission["action"] in NodesAction.values():
609641
nodes = permission.get("nodes")
610642
if nodes is not None:
@@ -658,6 +690,7 @@ def _from_weaviate_role(cls, role: WeaviateRole) -> "Role":
658690
groups_permissions=_join_permissions(groups_permissions),
659691
data_permissions=_join_permissions(data_permissions),
660692
backups_permissions=_join_permissions(backups_permissions),
693+
mcp_permissions=_join_permissions(mcp_permissions),
661694
nodes_permissions=_join_permissions(nodes_permissions),
662695
tenants_permissions=_join_permissions(tenants_permissions),
663696
replicate_permissions=_join_permissions(replicate_permissions),
@@ -710,6 +743,7 @@ class Actions:
710743
Cluster = ClusterAction
711744
Nodes = NodesAction
712745
Backups = BackupsAction
746+
MCP = MCPAction
713747
Tenants = TenantsAction
714748
Users = UsersAction
715749
Replicate = ReplicateAction
@@ -1020,6 +1054,21 @@ def backup(
10201054
permissions.append(permission)
10211055
return permissions
10221056

1057+
@staticmethod
1058+
def mcp(
1059+
*, create: bool = False, read: bool = False, update: bool = False
1060+
) -> PermissionsCreateType:
1061+
actions: Set[MCPAction] = set()
1062+
if create:
1063+
actions.add(MCPAction.CREATE)
1064+
if read:
1065+
actions.add(MCPAction.READ)
1066+
if update:
1067+
actions.add(MCPAction.UPDATE)
1068+
if len(actions) > 0:
1069+
return [_MCPPermission(actions=actions)]
1070+
return []
1071+
10231072
@staticmethod
10241073
def cluster(*, read: bool = False) -> PermissionsCreateType:
10251074
if read:

0 commit comments

Comments
 (0)