fix privilege group list and list collections

Signed-off-by: shaoting-huang <[email protected]>
milvus-io · Dec 24, 2024 · 8d3984d · 8d3984d
1 parent 7363a1c
commit 8d3984d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 14 deletions.
diff --git a/configs/milvus.yaml b/configs/milvus.yaml
@@ -801,7 +801,7 @@ common:
     superUsers: 
     defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
     rbac:
-      overrideBuiltInPrivilgeGroups:
+      overrideBuiltInPrivilegeGroups:
         enabled: false # Whether to override build-in privilege groups
       cluster:
         readonly:

diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go
@@ -3204,16 +3204,7 @@ func (c *Core) ListPrivilegeGroups(ctx context.Context, in *milvuspb.ListPrivile
 	metrics.RootCoordDDLReqLatency.WithLabelValues(method).Observe(float64(tr.ElapseSpan().Milliseconds()))
 
 	// append built in privilege groups
-	for groupName, privileges := range util.BuiltinPrivilegeGroups {
-		privGroups = append(privGroups, &milvuspb.PrivilegeGroupInfo{
-			GroupName: groupName,
-			Privileges: lo.Map(privileges, func(p string, _ int) *milvuspb.PrivilegeEntity {
-				return &milvuspb.PrivilegeEntity{
-					Name: p,
-				}
-			}),
-		})
-	}
+	privGroups = append(privGroups, c.initBuiltinPrivilegeGroups()...)
 	return &milvuspb.ListPrivilegeGroupsResponse{
 		Status:          merr.Success(),
 		PrivilegeGroups: privGroups,

diff --git a/internal/rootcoord/show_collection_task.go b/internal/rootcoord/show_collection_task.go
@@ -18,6 +18,7 @@ package rootcoord
 
 import (
 	"context"
+	"strings"
 
 	"github.com/samber/lo"
 	"go.uber.org/zap"
@@ -88,12 +89,15 @@ func (t *showCollectionTask) Execute(ctx context.Context) error {
 			}
 			for _, entity := range entities {
 				objectType := entity.GetObject().GetName()
+				priv := entity.GetGrantor().GetPrivilege().GetName()
 				if objectType == commonpb.ObjectType_Global.String() &&
-					entity.GetGrantor().GetPrivilege().GetName() == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) {
+					priv == util.PrivilegeNameForAPI(commonpb.ObjectPrivilege_PrivilegeAll.String()) {
 					privilegeColls.Insert(util.AnyWord)
 					return privilegeColls, nil
 				}
-				if objectType != commonpb.ObjectType_Collection.String() {
+				// should list collection level built-in privilege group objects
+				if objectType != commonpb.ObjectType_Collection.String() &&
+					!(util.IsBuiltinPrivilegeGroup(priv) && strings.HasPrefix(priv, "Collection")) {
 					continue
 				}
 				collectionName := entity.GetObjectName()

diff --git a/pkg/util/paramtable/rbac_param.go b/pkg/util/paramtable/rbac_param.go
@@ -23,7 +23,7 @@ type rbacConfig struct {
 
 func (p *rbacConfig) init(base *BaseTable) {
 	p.Enabled = ParamItem{
-		Key:          "common.security.rbac.overrideBuiltInPrivilgeGroups.enabled",
+		Key:          "common.security.rbac.overrideBuiltInPrivilegeGroups.enabled",
 		DefaultValue: "false",
 		Version:      "2.4.16",
 		Doc:          "Whether to override build-in privilege groups",