feat: enable dynamic user management, add db/oidc namespaces

Author: bevzzz

src/classifications/scheduler.ts

@@ -101,7 +101,7 @@ export default class ClassificationsScheduler extends CommandBase {
         reject(
           new Error(
             "classification didn't finish within configured timeout, " +
-              'set larger timeout with .withWaitTimeout(timeout)'
+            'set larger timeout with .withWaitTimeout(timeout)'
           )
         );
       }, this.waitTimeout);

src/connection/http.ts

@@ -116,10 +116,14 @@ export default class ConnectionREST {
   postReturn = <B, T>(path: string, payload: B): Promise<T> => {
     if (this.authEnabled) {
       return this.login().then((token) =>
-        this.http.post<B, T>(path, payload, true, token).then((res) => res as T)
+        this.http.post<B, T>(path, payload, true, token) as T
       );
     }
-    return this.http.post<B, T>(path, payload, true, '').then((res) => res as T);
+    return this.http.post<B, T>(path, payload, true, '') as Promise<T>;
+  };
+
+  postNoBody = <T>(path: string): Promise<T> => {
+    return this.postReturn<null, T>(path, null);
   };
 
   postEmpty = <B>(path: string, payload: B): Promise<void> => {
@@ -372,46 +376,46 @@ const makeUrl = (basePath: string) => (path: string) => basePath + path;
 
 const checkStatus =
   <T>(expectResponseBody: boolean) =>
-  (res: Response) => {
-    if (res.status >= 400) {
-      return res.text().then((errText: string) => {
-        let err: string;
-        try {
-          // in case of invalid json response (like empty string)
-          err = JSON.stringify(JSON.parse(errText));
-        } catch (e) {
-          err = errText;
-        }
-        if (res.status === 401) {
-          return Promise.reject(new WeaviateUnauthenticatedError(err));
-        } else if (res.status === 403) {
-          return Promise.reject(new WeaviateInsufficientPermissionsError(403, err));
-        } else {
-          return Promise.reject(new WeaviateUnexpectedStatusCodeError(res.status, err));
-        }
-      });
-    }
-    if (expectResponseBody) {
-      return res.json() as Promise<T>;
-    }
-    return Promise.resolve(undefined);
-  };
+    (res: Response) => {
+      if (res.status >= 400) {
+        return res.text().then((errText: string) => {
+          let err: string;
+          try {
+            // in case of invalid json response (like empty string)
+            err = JSON.stringify(JSON.parse(errText));
+          } catch (e) {
+            err = errText;
+          }
+          if (res.status === 401) {
+            return Promise.reject(new WeaviateUnauthenticatedError(err));
+          } else if (res.status === 403) {
+            return Promise.reject(new WeaviateInsufficientPermissionsError(403, err));
+          } else {
+            return Promise.reject(new WeaviateUnexpectedStatusCodeError(res.status, err));
+          }
+        });
+      }
+      if (expectResponseBody) {
+        return res.json() as Promise<T>;
+      }
+      return Promise.resolve(undefined);
+    };
 
 const handleHeadResponse =
   <T>(expectResponseBody: boolean) =>
-  (res: Response) => {
-    if (res.status == 200 || res.status == 204 || res.status == 404) {
-      return Promise.resolve(res.status == 200 || res.status == 204);
-    }
-    return checkStatus<T>(expectResponseBody)(res);
-  };
+    (res: Response) => {
+      if (res.status == 200 || res.status == 204 || res.status == 404) {
+        return Promise.resolve(res.status == 200 || res.status == 204);
+      }
+      return checkStatus<T>(expectResponseBody)(res);
+    };
 
 const getAuthHeaders = (config: InternalConnectionParams, bearerToken: string) =>
   bearerToken
     ? {
-        Authorization: `Bearer ${bearerToken}`,
-        'X-Weaviate-Cluster-Url': config.host,
-        //  keeping for backwards compatibility for older clusters for now. On newer clusters, Embedding Service reuses Authorization header.
-        'X-Weaviate-Api-Key': bearerToken,
-      }
+      Authorization: `Bearer ${bearerToken}`,
+      'X-Weaviate-Cluster-Url': config.host,
+      //  keeping for backwards compatibility for older clusters for now. On newer clusters, Embedding Service reuses Authorization header.
+      'X-Weaviate-Api-Key': bearerToken,
+    }
     : undefined;

src/openapi/schema.ts

@@ -386,30 +386,30 @@ export interface definitions {
      * @enum {string}
      */
     action:
-      | 'manage_backups'
-      | 'read_cluster'
-      | 'create_data'
-      | 'read_data'
-      | 'update_data'
-      | 'delete_data'
-      | 'read_nodes'
-      | 'create_roles'
-      | 'read_roles'
-      | 'update_roles'
-      | 'delete_roles'
-      | 'create_collections'
-      | 'read_collections'
-      | 'update_collections'
-      | 'delete_collections'
-      | 'assign_and_revoke_users'
-      | 'create_users'
-      | 'read_users'
-      | 'update_users'
-      | 'delete_users'
-      | 'create_tenants'
-      | 'read_tenants'
-      | 'update_tenants'
-      | 'delete_tenants';
+    | 'manage_backups'
+    | 'read_cluster'
+    | 'create_data'
+    | 'read_data'
+    | 'update_data'
+    | 'delete_data'
+    | 'read_nodes'
+    | 'create_roles'
+    | 'read_roles'
+    | 'update_roles'
+    | 'delete_roles'
+    | 'create_collections'
+    | 'read_collections'
+    | 'update_collections'
+    | 'delete_collections'
+    | 'assign_and_revoke_users'
+    | 'create_users'
+    | 'read_users'
+    | 'update_users'
+    | 'delete_users'
+    | 'create_tenants'
+    | 'read_tenants'
+    | 'update_tenants'
+    | 'delete_tenants';
   };
   /** @description list of roles */
   RolesListResponse: definitions['Role'][];
@@ -787,15 +787,15 @@ export interface definitions {
      * @enum {string}
      */
     tokenization?:
-      | 'word'
-      | 'lowercase'
-      | 'whitespace'
-      | 'field'
-      | 'trigram'
-      | 'gse'
-      | 'kagome_kr'
-      | 'kagome_ja'
-      | 'gse_ch';
+    | 'word'
+    | 'lowercase'
+    | 'whitespace'
+    | 'field'
+    | 'trigram'
+    | 'gse'
+    | 'kagome_kr'
+    | 'kagome_ja'
+    | 'gse_ch';
     /** @description The properties of the nested object(s). Applies to object and object[] data types. */
     nestedProperties?: definitions['NestedProperty'][];
   };
@@ -816,15 +816,15 @@ export interface definitions {
     indexRangeFilters?: boolean;
     /** @enum {string} */
     tokenization?:
-      | 'word'
-      | 'lowercase'
-      | 'whitespace'
-      | 'field'
-      | 'trigram'
-      | 'gse'
-      | 'kagome_kr'
-      | 'kagome_ja'
-      | 'gse_ch';
+    | 'word'
+    | 'lowercase'
+    | 'whitespace'
+    | 'field'
+    | 'trigram'
+    | 'gse'
+    | 'kagome_kr'
+    | 'kagome_ja'
+    | 'gse_ch';
     /** @description The properties of the nested object(s). Applies to object and object[] data types. */
     nestedProperties?: definitions['NestedProperty'][];
   };
@@ -1505,19 +1505,19 @@ export interface definitions {
      * @enum {string}
      */
     operator?:
-      | 'And'
-      | 'Or'
-      | 'Equal'
-      | 'Like'
-      | 'NotEqual'
-      | 'GreaterThan'
-      | 'GreaterThanEqual'
-      | 'LessThan'
-      | 'LessThanEqual'
-      | 'WithinGeoRange'
-      | 'IsNull'
-      | 'ContainsAny'
-      | 'ContainsAll';
+    | 'And'
+    | 'Or'
+    | 'Equal'
+    | 'Like'
+    | 'NotEqual'
+    | 'GreaterThan'
+    | 'GreaterThanEqual'
+    | 'LessThan'
+    | 'LessThanEqual'
+    | 'WithinGeoRange'
+    | 'IsNull'
+    | 'ContainsAny'
+    | 'ContainsAll';
     /**
      * @description path to the property currently being filtered
      * @example [
@@ -1618,16 +1618,16 @@ export interface definitions {
      * @enum {string}
      */
     activityStatus?:
-      | 'ACTIVE'
-      | 'INACTIVE'
-      | 'OFFLOADED'
-      | 'OFFLOADING'
-      | 'ONLOADING'
-      | 'HOT'
-      | 'COLD'
-      | 'FROZEN'
-      | 'FREEZING'
-      | 'UNFREEZING';
+    | 'ACTIVE'
+    | 'INACTIVE'
+    | 'OFFLOADED'
+    | 'OFFLOADING'
+    | 'ONLOADING'
+    | 'HOT'
+    | 'COLD'
+    | 'FROZEN'
+    | 'FREEZING'
+    | 'UNFREEZING';
   };
   /** @description attributes representing a single tenant response within weaviate */
   TenantResponse: definitions['Tenant'] & {
@@ -4187,4 +4187,4 @@ export interface operations {
   };
 }
 
-export interface external {}
+export interface external { }

src/openapi/types.ts

@@ -55,6 +55,10 @@ export type WeaviateReplicationConfig = WeaviateClass['replicationConfig'];
 export type WeaviateShardingConfig = WeaviateClass['shardingConfig'];
 export type WeaviateShardStatus = definitions['ShardStatusGetResponse'];
 export type WeaviateUser = definitions['UserOwnInfo'];
+export type WeaviateDBUser = definitions['DBUserInfo'];
+export type WeaviateUserType = definitions['UserTypeOutput'];
+export type WeaviateUserTypeInternal = definitions['UserTypeInput'];
+export type WeaviateUserTypeDB = definitions['DBUserInfo']['dbUserType'];
 export type WeaviateVectorIndexConfig = WeaviateClass['vectorIndexConfig'];
 export type WeaviateVectorsConfig = WeaviateClass['vectorConfig'];
 export type WeaviateVectorConfig = definitions['VectorConfig'];

src/roles/util.ts

@@ -1,5 +1,5 @@
-import { Permission as WeaviatePermission, Role as WeaviateRole, WeaviateUser } from '../openapi/types.js';
-import { User } from '../users/types.js';
+import { WeaviateDBUser, Permission as WeaviatePermission, Role as WeaviateRole, WeaviateUser } from '../openapi/types.js';
+import { User, UserDB } from '../users/types.js';
 import {
   BackupsAction,
   BackupsPermission,
@@ -136,7 +136,19 @@ export class Map {
   static user = (user: WeaviateUser): User => ({
     id: user.username,
     roles: user.roles?.map(Map.roleFromWeaviate),
-  });
+  })
+  static dbUser = (user: WeaviateDBUser): UserDB => ({
+    userType: user.dbUserType,
+    id: user.userId,
+    roleNames: user.roles,
+    active: user.active,
+  })
+  static dbUsers = (users: WeaviateDBUser[]): UserDB[] =>
+    users.reduce((acc, user) => {
+      acc.push(Map.dbUser(user));
+      return acc;
+    }, [] as UserDB[])
+    ;
 }
 
 class PermissionsMapping {