add ut

Signed-off-by: shaoting-huang <[email protected]>
shaoting-huang · Nov 17, 2024 · 9720df0 · 9720df0
1 parent f0f60dd
commit 9720df0
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 33 deletions.
diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go
@@ -2573,15 +2573,13 @@ func (c *Core) isValidPrivilege(privilegeName string, object string) error {
 }
 
 func (c *Core) isValidPrivilegeV2(privilegeName, dbName, collectionName string) error {
-	fmt.Println("!!!privilegeName:", privilegeName, ", dbName:", dbName, ", collectionName: ", collectionName)
 	var privilegeLevel string
 	for group, privileges := range util.BuiltinPrivilegeGroups {
 		if privilegeName == group || lo.Contains(privileges, privilegeName) {
 			privilegeLevel = group
 			break
 		}
 	}
-	fmt.Println("!!!privilegeLevel:", privilegeLevel)
 	if privilegeLevel == "" {
 		customPrivGroup, err := c.meta.IsCustomPrivilegeGroup(privilegeName)
 		if err != nil {
@@ -2594,8 +2592,8 @@ func (c *Core) isValidPrivilegeV2(privilegeName, dbName, collectionName string)
 	}
 	switch {
 	case strings.HasPrefix(privilegeLevel, milvuspb.PrivilegeLevel_Cluster.String()):
-		if dbName != "" && dbName != util.AnyWord || collectionName != "" && collectionName != util.AnyWord {
-			return fmt.Errorf("dbName and collectionName should be empty or * for the cluster level privilege: %s", privilegeName)
+		if !util.IsAnyWord(dbName) || !util.IsAnyWord(collectionName) {
+			return fmt.Errorf("dbName and collectionName should be * for the cluster level privilege: %s", privilegeName)
 		}
 		return nil
 	case strings.HasPrefix(privilegeLevel, milvuspb.PrivilegeLevel_Database.String()):

diff --git a/tests/integration/rbac/privilege_group_test.go b/tests/integration/rbac/privilege_group_test.go
@@ -254,49 +254,43 @@ func (s *PrivilegeGroupTestSuite) TestGrantV2() {
 	s.NoError(err)
 	s.True(merr.Ok(createRoleResp))
 
-	resp, err := s.operatePrivilegeV2(ctx, roleName, "ClusterReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ := s.operatePrivilegeV2(ctx, roleName, "ClusterReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
 
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.Error(err)
-	s.False(merr.Ok(resp))
 }
 
 func (s *PrivilegeGroupTestSuite) operatePrivilege(ctx context.Context, role, privilege, objectType string, operateType milvuspb.OperatePrivilegeType) {