From 8d3984d82f679a0dabedc266c09af6645f62a98a Mon Sep 17 00:00:00 2001 From: shaoting-huang Date: Tue, 24 Dec 2024 12:10:23 +0800 Subject: [PATCH] fix privilege group list and list collections Signed-off-by: shaoting-huang --- configs/milvus.yaml | 2 +- internal/rootcoord/root_coord.go | 11 +---------- internal/rootcoord/show_collection_task.go | 8 ++++++-- pkg/util/paramtable/rbac_param.go | 2 +- 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/configs/milvus.yaml b/configs/milvus.yaml index a8d10251b48f2..02f8da78cd0c7 100644 --- a/configs/milvus.yaml +++ b/configs/milvus.yaml @@ -801,7 +801,7 @@ common: superUsers: defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required. rbac: - overrideBuiltInPrivilgeGroups: + overrideBuiltInPrivilegeGroups: enabled: false # Whether to override build-in privilege groups cluster: readonly: diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go index f7ae2933f4fb0..3fff9006f576a 100644 --- a/internal/rootcoord/root_coord.go +++ b/internal/rootcoord/root_coord.go @@ -3204,16 +3204,7 @@ func (c *Core) ListPrivilegeGroups(ctx context.Context, in *milvuspb.ListPrivile metrics.RootCoordDDLReqLatency.WithLabelValues(method).Observe(float64(tr.ElapseSpan().Milliseconds())) // append built in privilege groups - for groupName, privileges := range util.BuiltinPrivilegeGroups { - privGroups = append(privGroups, &milvuspb.PrivilegeGroupInfo{ - GroupName: groupName, - Privileges: lo.Map(privileges, func(p string, _ int) *milvuspb.PrivilegeEntity { - return &milvuspb.PrivilegeEntity{ - Name: p, - } - }), - }) - } + privGroups = append(privGroups, c.initBuiltinPrivilegeGroups()...) return &milvuspb.ListPrivilegeGroupsResponse{ Status: merr.Success(), PrivilegeGroups: privGroups, diff --git a/internal/rootcoord/show_collection_task.go b/internal/rootcoord/show_collection_task.go index ab853266bbc36..11cb26ca13026 100644 --- a/internal/rootcoord/show_collection_task.go +++ b/internal/rootcoord/show_collection_task.go @@ -18,6 +18,7 @@ package rootcoord import ( "context" + "strings" "github.com/samber/lo" "go.uber.org/zap" @@ -88,12 +89,15 @@ func (t *showCollectionTask) Execute(ctx context.Context) error { } for _, entity := range entities { objectType := entity.GetObject().GetName() + priv := entity.GetGrantor().GetPrivilege().GetName() if objectType == commonpb.ObjectType_Global.String() && - entity.GetGrantor().GetPrivilege().GetName() == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) { + priv == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) { privilegeColls.Insert(util.AnyWord) return privilegeColls, nil } - if objectType != commonpb.ObjectType_Collection.String() { + // should list collection level built-in privilege group objects + if objectType != commonpb.ObjectType_Collection.String() && + !(util.IsBuiltinPrivilegeGroup(priv) && strings.HasPrefix(priv, "Collection")) { continue } collectionName := entity.GetObjectName() diff --git a/pkg/util/paramtable/rbac_param.go b/pkg/util/paramtable/rbac_param.go index 34e0bfb7dbc29..ba532a55eb666 100644 --- a/pkg/util/paramtable/rbac_param.go +++ b/pkg/util/paramtable/rbac_param.go @@ -23,7 +23,7 @@ type rbacConfig struct { func (p *rbacConfig) init(base *BaseTable) { p.Enabled = ParamItem{ - Key: "common.security.rbac.overrideBuiltInPrivilgeGroups.enabled", + Key: "common.security.rbac.overrideBuiltInPrivilegeGroups.enabled", DefaultValue: "false", Version: "2.4.16", Doc: "Whether to override build-in privilege groups",