From 9720df0da7af92048a9a94324e1f4f3275d148df Mon Sep 17 00:00:00 2001
From: shaoting-huang <shaoting.huang@zilliz.com>
Date: Sun, 17 Nov 2024 09:12:28 +0800
Subject: [PATCH] add ut

Signed-off-by: shaoting-huang <shaoting.huang@zilliz.com>
---
 internal/rootcoord/root_coord.go              |  6 +--
 .../integration/rbac/privilege_group_test.go  | 52 ++++++++-----------
 2 files changed, 25 insertions(+), 33 deletions(-)

diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go
index 2969cd8a32125..2d7d8d3472de9 100644
--- a/internal/rootcoord/root_coord.go
+++ b/internal/rootcoord/root_coord.go
@@ -2573,7 +2573,6 @@ func (c *Core) isValidPrivilege(privilegeName string, object string) error {
 }
 
 func (c *Core) isValidPrivilegeV2(privilegeName, dbName, collectionName string) error {
-	fmt.Println("!!!privilegeName:", privilegeName, ", dbName:", dbName, ", collectionName: ", collectionName)
 	var privilegeLevel string
 	for group, privileges := range util.BuiltinPrivilegeGroups {
 		if privilegeName == group || lo.Contains(privileges, privilegeName) {
@@ -2581,7 +2580,6 @@ func (c *Core) isValidPrivilegeV2(privilegeName, dbName, collectionName string)
 			break
 		}
 	}
-	fmt.Println("!!!privilegeLevel:", privilegeLevel)
 	if privilegeLevel == "" {
 		customPrivGroup, err := c.meta.IsCustomPrivilegeGroup(privilegeName)
 		if err != nil {
@@ -2594,8 +2592,8 @@ func (c *Core) isValidPrivilegeV2(privilegeName, dbName, collectionName string)
 	}
 	switch {
 	case strings.HasPrefix(privilegeLevel, milvuspb.PrivilegeLevel_Cluster.String()):
-		if dbName != "" && dbName != util.AnyWord || collectionName != "" && collectionName != util.AnyWord {
-			return fmt.Errorf("dbName and collectionName should be empty or * for the cluster level privilege: %s", privilegeName)
+		if !util.IsAnyWord(dbName) || !util.IsAnyWord(collectionName) {
+			return fmt.Errorf("dbName and collectionName should be * for the cluster level privilege: %s", privilegeName)
 		}
 		return nil
 	case strings.HasPrefix(privilegeLevel, milvuspb.PrivilegeLevel_Database.String()):
diff --git a/tests/integration/rbac/privilege_group_test.go b/tests/integration/rbac/privilege_group_test.go
index a9b53fb7a57a5..8d8cbb273b10a 100644
--- a/tests/integration/rbac/privilege_group_test.go
+++ b/tests/integration/rbac/privilege_group_test.go
@@ -254,49 +254,43 @@ func (s *PrivilegeGroupTestSuite) TestGrantV2() {
 	s.NoError(err)
 	s.True(merr.Ok(createRoleResp))
 
-	resp, err := s.operatePrivilegeV2(ctx, roleName, "ClusterReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ := s.operatePrivilegeV2(ctx, roleName, "ClusterReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionReadOnly", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionReadWrite", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
 
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
+	s.False(merr.Ok(resp))
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "ClusterAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", util.AnyWord, milvuspb.OperatePrivilegeType_Grant)
-	s.NoError(err)
+	resp, _ = s.operatePrivilegeV2(ctx, roleName, "CollectionAdmin", util.AnyWord, "col1", milvuspb.OperatePrivilegeType_Grant)
 	s.True(merr.Ok(resp))
-	resp, err = s.operatePrivilegeV2(ctx, roleName, "DatabaseAdmin", "db1", "col1", milvuspb.OperatePrivilegeType_Grant)
-	s.Error(err)
-	s.False(merr.Ok(resp))
 }
 
 func (s *PrivilegeGroupTestSuite) operatePrivilege(ctx context.Context, role, privilege, objectType string, operateType milvuspb.OperatePrivilegeType) {