Skip to content

Commit

Permalink
fix privilege group list and list collections
Browse files Browse the repository at this point in the history
Signed-off-by: shaoting-huang <[email protected]>
  • Loading branch information
shaoting-huang committed Dec 24, 2024
1 parent 877cd80 commit 398f1b4
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 22 deletions.
16 changes: 8 additions & 8 deletions client/milvusclient/rbac_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -399,11 +399,11 @@ func TestRoleRBAC(t *testing.T) {
suite.Run(t, new(RoleSuite))
}

type PrivilgeGroupSuite struct {
type PrivilegeGroupSuite struct {
MockSuiteBase
}

func (s *PrivilgeGroupSuite) TestGrantV2() {
func (s *PrivilegeGroupSuite) TestGrantV2() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand Down Expand Up @@ -433,7 +433,7 @@ func (s *PrivilgeGroupSuite) TestGrantV2() {
})
}

func (s *PrivilgeGroupSuite) TestRevokeV2() {
func (s *PrivilegeGroupSuite) TestRevokeV2() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand Down Expand Up @@ -463,7 +463,7 @@ func (s *PrivilgeGroupSuite) TestRevokeV2() {
})
}

func (s *PrivilgeGroupSuite) TestCreatePrivilegeGroup() {
func (s *PrivilegeGroupSuite) TestCreatePrivilegeGroup() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand All @@ -487,7 +487,7 @@ func (s *PrivilgeGroupSuite) TestCreatePrivilegeGroup() {
})
}

func (s *PrivilgeGroupSuite) TestDropPrivilegeGroup() {
func (s *PrivilegeGroupSuite) TestDropPrivilegeGroup() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand All @@ -511,7 +511,7 @@ func (s *PrivilgeGroupSuite) TestDropPrivilegeGroup() {
})
}

func (s *PrivilgeGroupSuite) TestListPrivilegeGroups() {
func (s *PrivilegeGroupSuite) TestListPrivilegeGroups() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand Down Expand Up @@ -548,7 +548,7 @@ func (s *PrivilgeGroupSuite) TestListPrivilegeGroups() {
})
}

func (s *PrivilgeGroupSuite) TestOperatePrivilegeGroup() {
func (s *PrivilegeGroupSuite) TestOperatePrivilegeGroup() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

Expand All @@ -575,5 +575,5 @@ func (s *PrivilgeGroupSuite) TestOperatePrivilegeGroup() {
}

func TestPrivilegeGroup(t *testing.T) {
suite.Run(t, new(PrivilgeGroupSuite))
suite.Run(t, new(PrivilegeGroupSuite))
}
2 changes: 1 addition & 1 deletion configs/milvus.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ common:
superUsers:
defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
rbac:
overrideBuiltInPrivilgeGroups:
overrideBuiltInPrivilegeGroups:
enabled: false # Whether to override build-in privilege groups
cluster:
readonly:
Expand Down
11 changes: 1 addition & 10 deletions internal/rootcoord/root_coord.go
Original file line number Diff line number Diff line change
Expand Up @@ -3243,16 +3243,7 @@ func (c *Core) ListPrivilegeGroups(ctx context.Context, in *milvuspb.ListPrivile
metrics.RootCoordDDLReqLatency.WithLabelValues(method).Observe(float64(tr.ElapseSpan().Milliseconds()))

// append built in privilege groups
for groupName, privileges := range util.BuiltinPrivilegeGroups {
privGroups = append(privGroups, &milvuspb.PrivilegeGroupInfo{
GroupName: groupName,
Privileges: lo.Map(privileges, func(p string, _ int) *milvuspb.PrivilegeEntity {
return &milvuspb.PrivilegeEntity{
Name: p,
}
}),
})
}
privGroups = append(privGroups, c.initBuiltinPrivilegeGroups()...)
return &milvuspb.ListPrivilegeGroupsResponse{
Status: merr.Success(),
PrivilegeGroups: privGroups,
Expand Down
8 changes: 6 additions & 2 deletions internal/rootcoord/show_collection_task.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package rootcoord

import (
"context"
"strings"

"github.com/samber/lo"
"go.uber.org/zap"
Expand Down Expand Up @@ -88,12 +89,15 @@ func (t *showCollectionTask) Execute(ctx context.Context) error {
}
for _, entity := range entities {
objectType := entity.GetObject().GetName()
priv := entity.GetGrantor().GetPrivilege().GetName()
if objectType == commonpb.ObjectType_Global.String() &&
entity.GetGrantor().GetPrivilege().GetName() == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) {
priv == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) {
privilegeColls.Insert(util.AnyWord)
return privilegeColls, nil
}
if objectType != commonpb.ObjectType_Collection.String() {
// should list collection level built-in privilege group objects
if objectType != commonpb.ObjectType_Collection.String() &&
!(util.IsBuiltinPrivilegeGroup(priv) && strings.HasPrefix(priv, "Collection")) {
continue
}
collectionName := entity.GetObjectName()
Expand Down
2 changes: 1 addition & 1 deletion pkg/util/paramtable/rbac_param.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type rbacConfig struct {

func (p *rbacConfig) init(base *BaseTable) {
p.Enabled = ParamItem{
Key: "common.security.rbac.overrideBuiltInPrivilgeGroups.enabled",
Key: "common.security.rbac.overrideBuiltInPrivilegeGroups.enabled",
DefaultValue: "false",
Version: "2.4.16",
Doc: "Whether to override build-in privilege groups",
Expand Down

0 comments on commit 398f1b4

Please sign in to comment.