Add support for permissions on v1/nodes endpoint

.github/workflows/main.yaml

@@ -17,7 +17,7 @@ env:
   WEAVIATE_125: 1.25.24
   WEAVIATE_126: 1.26.8
   WEAVIATE_127: 1.27.1
-  WEAVIATE_128: 1.28.0-dev-a6402ab
+  WEAVIATE_128: 1.28.0-dev-eb31615
 
 jobs:
   lint-and-format:

ci/docker-compose-rbac.yml

@@ -20,7 +20,7 @@ services:
       AUTHENTICATION_APIKEY_ENABLED: "true"
       AUTHENTICATION_APIKEY_ALLOWED_KEYS: "existing-key"
       AUTHENTICATION_APIKEY_USERS: "existing-user"
-      AUTHENTICATION_APIKEY_ROLES: "admin"
+      AUTHORIZATION_ADMIN_USERS: "existing-user"
       PERSISTENCE_DATA_PATH: "./data-weaviate-0"
       CLUSTER_IN_LOCALHOST: "true"
       CLUSTER_GOSSIP_BIND_PORT: "7100"

integration/test_rbac.py

@@ -6,8 +6,10 @@
     RBAC,
     Role,
     ConfigPermission,
+    DataPermission,
     RolesPermission,
     BackupsPermission,
+    NodesPermission,
 )
 
 RBAC_PORTS = (8092, 50063)
@@ -17,6 +19,34 @@
 @pytest.mark.parametrize(
     "permissions,expected",
     [
+        (
+            RBAC.permissions.backups.manage(collection="Test"),
+            Role(
+                name="ManageAllBackups",
+                cluster_actions=None,
+                users_permissions=None,
+                config_permissions=None,
+                roles_permissions=None,
+                data_permissions=None,
+                backups_permissions=[
+                    BackupsPermission(collection="Test", action=RBAC.actions.backups.MANAGE)
+                ],
+                nodes_permissions=None,
+            ),
+        ),
+        (
+            RBAC.permissions.cluster.read(),
+            Role(
+                name="ReadCluster",
+                cluster_actions=[RBAC.actions.cluster.READ],
+                users_permissions=None,
+                config_permissions=None,
+                roles_permissions=None,
+                data_permissions=None,
+                backups_permissions=None,
+                nodes_permissions=None,
+            ),
+        ),
         (
             RBAC.permissions.config.create(),
             Role(
@@ -29,34 +59,69 @@
                 roles_permissions=None,
                 data_permissions=None,
                 backups_permissions=None,
+                nodes_permissions=None,
             ),
         ),
         (
-            RBAC.permissions.roles.manage(),
+            RBAC.permissions.data.create(collection="*"),
             Role(
-                name="ManageAllRoles",
+                name="CreateAllData",
                 cluster_actions=None,
                 users_permissions=None,
                 config_permissions=None,
-                roles_permissions=[RolesPermission(role="*", action=RBAC.actions.roles.MANAGE)],
+                roles_permissions=None,
+                data_permissions=[DataPermission(collection="*", action=RBAC.actions.data.CREATE)],
+                backups_permissions=None,
+                nodes_permissions=None,
+            ),
+        ),
+        (
+            RBAC.permissions.nodes.read(verbosity="minimal"),
+            Role(
+                name="MinimalNodes",
+                cluster_actions=None,
+                users_permissions=None,
+                config_permissions=None,
+                roles_permissions=None,
                 data_permissions=None,
                 backups_permissions=None,
+                nodes_permissions=[
+                    NodesPermission(
+                        verbosity="minimal", action=RBAC.actions.nodes.READ, collection=None
+                    )
+                ],
             ),
         ),
         (
-            RBAC.permissions.backups.manage(collection="Test"),
+            RBAC.permissions.nodes.read(verbosity="verbose", collection="Test"),
             Role(
-                name="ManageAllBackups",
+                name="VerboseNodes",
                 cluster_actions=None,
                 users_permissions=None,
                 config_permissions=None,
                 roles_permissions=None,
                 data_permissions=None,
-                backups_permissions=[
-                    BackupsPermission(collection="Test", action=RBAC.actions.backups.MANAGE)
+                backups_permissions=None,
+                nodes_permissions=[
+                    NodesPermission(
+                        verbosity="verbose", action=RBAC.actions.nodes.READ, collection="Test"
+                    )
                 ],
             ),
         ),
+        (
+            RBAC.permissions.roles.manage(),
+            Role(
+                name="ManageAllRoles",
+                cluster_actions=None,
+                users_permissions=None,
+                config_permissions=None,
+                roles_permissions=[RolesPermission(role="*", action=RBAC.actions.roles.MANAGE)],
+                data_permissions=None,
+                backups_permissions=None,
+                nodes_permissions=None,
+            ),
+        ),
     ],
 )
 def test_create_role(client_factory: ClientFactory, permissions, expected) -> None:

weaviate/cluster/cluster.py

@@ -2,11 +2,11 @@
 Cluster class definition.
 """
 
-from typing import List, Literal, Optional, cast
+from typing import List, Optional, cast
 
 from requests.exceptions import ConnectionError as RequestsConnectionError
 
-from weaviate.cluster.types import Node
+from weaviate.cluster.types import Node, Verbosity
 from weaviate.connect import Connection
 from weaviate.exceptions import (
     EmptyResponseException,
@@ -34,7 +34,7 @@ def __init__(self, connection: Connection):
     def get_nodes_status(
         self,
         class_name: Optional[str] = None,
-        output: Optional[Literal["minimal", "verbose"]] = None,
+        output: Optional[Verbosity] = None,
     ) -> List[Node]:
         """
         Get the nodes status.

weaviate/cluster/types.py

@@ -34,3 +34,6 @@ class Node(TypedDict):
     stats: Stats
     status: str
     version: str
+
+
+Verbosity = Literal["minimal", "verbose"]

weaviate/collections/cluster/cluster.py

@@ -3,6 +3,7 @@
 
 from typing import List, Literal, Optional, Union, overload
 
+from weaviate.cluster.types import Verbosity
 from weaviate.collections.classes.cluster import Node, Shards, _ConvertFromREST, Stats
 from weaviate.exceptions import (
     EmptyResponseError,
@@ -45,13 +46,13 @@ async def nodes(
     async def nodes(
         self,
         collection: Optional[str] = None,
-        output: Optional[Literal["minimal", "verbose"]] = None,
+        output: Optional[Verbosity] = None,
     ) -> Union[List[Node[None, None]], List[Node[Shards, Stats]]]: ...
 
     async def nodes(
         self,
         collection: Optional[str] = None,
-        output: Optional[Literal["minimal", "verbose"]] = None,
+        output: Optional[Verbosity] = None,
     ) -> Union[List[Node[None, None]], List[Node[Shards, Stats]]]:
         """
         Get the status of all nodes in the cluster.