feat(breaking): include user types in user assignments

Author: bevzzz

src/openapi/types.ts

@@ -1,4 +1,4 @@
-import { definitions } from './schema.js';
+import { definitions, operations } from './schema.js';
 
 type Override<T1, T2> = Omit<T1, keyof T2> & T2;
 type DefaultProperties = { [key: string]: unknown };
@@ -54,11 +54,6 @@ export type WeaviateMultiTenancyConfig = WeaviateClass['multiTenancyConfig'];
 export type WeaviateReplicationConfig = WeaviateClass['replicationConfig'];
 export type WeaviateShardingConfig = WeaviateClass['shardingConfig'];
 export type WeaviateShardStatus = definitions['ShardStatusGetResponse'];
-export type WeaviateUser = definitions['UserOwnInfo'];
-export type WeaviateDBUser = definitions['DBUserInfo'];
-export type WeaviateUserType = definitions['UserTypeOutput'];
-export type WeaviateUserTypeInternal = definitions['UserTypeInput'];
-export type WeaviateUserTypeDB = definitions['DBUserInfo']['dbUserType'];
 export type WeaviateVectorIndexConfig = WeaviateClass['vectorIndexConfig'];
 export type WeaviateVectorsConfig = WeaviateClass['vectorConfig'];
 export type WeaviateVectorConfig = definitions['VectorConfig'];
@@ -73,3 +68,9 @@ export type Meta = definitions['Meta'];
 export type Role = definitions['Role'];
 export type Permission = definitions['Permission'];
 export type Action = definitions['Permission']['action'];
+export type WeaviateUser = definitions['UserOwnInfo'];
+export type WeaviateDBUser = definitions['DBUserInfo'];
+export type WeaviateUserType = definitions['UserTypeOutput'];
+export type WeaviateUserTypeInternal = definitions['UserTypeInput'];
+export type WeaviateUserTypeDB = definitions['DBUserInfo']['dbUserType'];
+export type WeaviateAssignedUser = operations['getUsersForRole']['responses']['200']['schema'][0];

src/roles/index.ts

@@ -1,5 +1,9 @@
 import { ConnectionREST } from '../index.js';
-import { Permission as WeaviatePermission, Role as WeaviateRole } from '../openapi/types.js';
+import {
+  WeaviateAssignedUser,
+  Permission as WeaviatePermission,
+  Role as WeaviateRole,
+} from '../openapi/types.js';
 import {
   BackupsPermission,
   ClusterPermission,
@@ -11,6 +15,7 @@ import {
   Role,
   RolesPermission,
   TenantsPermission,
+  UserAssignment,
   UsersPermission,
 } from './types.js';
 import { Map } from './util.js';
@@ -35,7 +40,7 @@ export interface Roles {
    * @param {string} roleName The name of the role to retrieve the assigned user IDs for.
    * @returns {Promise<string[]>} The user IDs assigned to the role.
    */
-  assignedUserIds: (roleName: string) => Promise<string[]>;
+  userAssignments: (roleName: string) => Promise<UserAssignment[]>;
   /**
    * Delete a role by its name.
    *
@@ -89,7 +94,10 @@ const roles = (connection: ConnectionREST): Roles => {
     listAll: () => connection.get<WeaviateRole[]>('/authz/roles').then(Map.roles),
     byName: (roleName: string) =>
       connection.get<WeaviateRole>(`/authz/roles/${roleName}`).then(Map.roleFromWeaviate),
-    assignedUserIds: (roleName: string) => connection.get<string[]>(`/authz/roles/${roleName}/users`),
+    userAssignments: (roleName: string) =>
+      connection
+        .get<WeaviateAssignedUser[]>(`/authz/roles/${roleName}/user-assignments`, true)
+        .then(Map.assignedUsers),
     create: (roleName: string, permissions?: PermissionsInput) => {
       const perms = permissions
         ? Map.flattenPermissions(permissions).flatMap(Map.permissionToWeaviate)

src/roles/integration.test.ts

@@ -7,9 +7,10 @@ import weaviate, {
   RolesAction,
   TenantsAction,
   WeaviateClient,
+  UserAssignment,
 } from '..';
+import { requireAtLeast } from '../../test/version';
 import { WeaviateStartUpError, WeaviateUnexpectedStatusCodeError } from '../errors';
-import { DbVersion } from '../utils/dbVersion';
 
 type TestCase = {
   roleName: string;
@@ -278,11 +279,11 @@ const testCases: TestCase[] = [
   },
 ];
 
-const maybe = DbVersion.fromString(`v${process.env.WEAVIATE_VERSION!}`).isAtLeast(1, 29, 0)
-  ? describe
-  : describe.skip;
-
-maybe('Integration testing of the roles namespace', () => {
+requireAtLeast(
+  1,
+  29,
+  0
+)('Integration testing of the roles namespace', () => {
   let client: WeaviateClient;
 
   beforeAll(async () => {
@@ -316,6 +317,37 @@ maybe('Integration testing of the roles namespace', () => {
     expect(exists).toBeFalsy();
   });
 
+  requireAtLeast(
+    1,
+    30,
+    0
+  )('namespaced users', () => {
+    it('retrieves assigned users with namespace', async () => {
+      await client.roles.create('landlord', {
+        collection: 'Buildings',
+        tenant: 'john doe',
+        actions: ['create_tenants', 'delete_tenants'],
+      });
+
+      await client.users.db.create('Innkeeper').catch((res) => expect(res.code).toEqual(409));
+
+      await client.users.db.assignRoles('landlord', 'custom-user');
+      await client.users.db.assignRoles('landlord', 'Innkeeper');
+
+      const assignments = await client.roles.userAssignments('landlord');
+
+      expect(assignments).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining<UserAssignment>({ id: 'custom-user', userType: 'db_env_user' }),
+          expect.objectContaining<UserAssignment>({ id: 'Innkeeper', userType: 'db_user' }),
+        ])
+      );
+
+      await client.users.db.delete('Innkeeper');
+      await client.roles.delete('landlord');
+    });
+  });
+
   describe('should be able to create roles using the permissions factory', () => {
     testCases.forEach((testCase) => {
       it(`with ${testCase.roleName} permissions`, async () => {

src/roles/types.ts

@@ -1,4 +1,4 @@
-import { Action } from '../openapi/types.js';
+import { Action, WeaviateUserType } from '../openapi/types.js';
 
 export type BackupsAction = Extract<Action, 'manage_backups'>;
 export type ClusterAction = Extract<Action, 'read_cluster'>;
@@ -22,6 +22,11 @@ export type TenantsAction = Extract<
 >;
 export type UsersAction = Extract<Action, 'read_users' | 'assign_and_revoke_users'>;
 
+export type UserAssignment = {
+  id: string;
+  userType: WeaviateUserType;
+};
+
 export type BackupsPermission = {
   collection: string;
   actions: BackupsAction[];

src/roles/util.ts

@@ -1,4 +1,5 @@
 import {
+  WeaviateAssignedUser,
   WeaviateDBUser,
   Permission as WeaviatePermission,
   Role as WeaviateRole,
@@ -23,6 +24,7 @@ import {
   RolesPermission,
   TenantsAction,
   TenantsPermission,
+  UserAssignment,
   UsersAction,
   UsersPermission,
 } from './types.js';
@@ -153,6 +155,15 @@ export class Map {
       acc.push(Map.dbUser(user));
       return acc;
     }, [] as UserDB[]);
+
+  static assignedUsers = (users: WeaviateAssignedUser[]): UserAssignment[] =>
+    users.reduce((acc, user) => {
+      acc.push({
+        id: user.userId || '',
+        userType: user.userType,
+      });
+      return acc;
+    }, [] as UserAssignment[]);
 }
 
 class PermissionsMapping {

src/users/integration.test.ts

@@ -1,14 +1,8 @@
 import weaviate, { ApiKey } from '..';
-import { DbVersion } from '../utils/dbVersion';
+import { requireAtLeast } from '../../test/version.js';
 import { WeaviateUserTypeDB } from '../v2';
 import { UserDB } from './types.js';
 
-const version = DbVersion.fromString(`v${process.env.WEAVIATE_VERSION!}`);
-
-/** Run the suite / test only for Weaviate version above this. */
-const requireAtLeast = (...semver: [...Parameters<DbVersion['isAtLeast']>]) =>
-  version.isAtLeast(...semver) ? describe : describe.skip;
-
 requireAtLeast(
   1,
   29,

test/version.ts

@@ -0,0 +1,7 @@
+import { DbVersion } from '../src/utils/dbVersion';
+
+const version = DbVersion.fromString(`v${process.env.WEAVIATE_VERSION!}`);
+
+/** Run the suite / test only for Weaviate version above this. */
+export const requireAtLeast = (...semver: [...Parameters<DbVersion['isAtLeast']>]) =>
+  version.isAtLeast(...semver) ? describe : describe.skip;