Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: [privilege_group] It does not report error when input not existed db or collection when granting privileges #37977

Closed
1 task done
binbinlv opened this issue Nov 25, 2024 · 3 comments
Closed
1 task done

[Bug]: [privilege_group] It does not report error when input not existed db or collection when granting privileges #37977

binbinlv opened this issue Nov 25, 2024 · 3 comments
Assignees
@shaoting-huang
Labels
kind/bug Issues or changes related a bug needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@binbinlv
Copy link
Contributor

binbinlv commented Nov 25, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Environment

- Milvus version: master-20241125-0b9edb62-amd64
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):    all
- SDK version(e.g. pymilvus v2.0.0rc2): 2.5.0rc126
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

[privilege_group] It does not report error when input not existed db or collection when granting privileges

>>> role.grant_v2(privilege="CollectionReadWrite", db_name="not_existed", collection_name="binbin")
>>> role.list_grants(db_name="not_existed")
GrantInfo groups:
- GrantItem: <object:Global>, <object_name:binbin>, <db_name:not_existed>, <role_name:binbin_new>, <grantor_name:root>, <privilege:CollectionReadWrite>
>>> role.grant_v2(privilege="CollectionReadOnly", db_name="default", collection_name="not_existed")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Global>, <object_name:*>, <db_name:default>, <role_name:binbin_new>, <grantor_name:root>, <privilege:CollectionReadOnly>
- GrantItem: <object:Global>, <object_name:binbin>, <db_name:default>, <role_name:binbin_new>, <grantor_name:root>, <privilege:CollectionReadOnly>
- GrantItem: <object:Global>, <object_name:binbin>, <db_name:default>, <role_name:binbin_new>, <grantor_name:root>, <privilege:CollectionReadWrite>
- GrantItem: <object:Global>, <object_name:not_existed>, <db_name:default>, <role_name:binbin_new>, <grantor_name:root>, <privilege:CollectionReadOnly>
>>>

Expected Behavior

Report error

Steps To Reproduce

from pymilvus import connections
connections.connect(host="", user="", password="")
from pymilvus import Role
role = Role("binbin_new")
role.grant_v2(privilege="CollectionReadOnly", db_name="not_existed", collection_name="binbin")
role.grant_v2(privilege="CollectionReadOnly", db_name="default", collection_name="not_existed")

Milvus Log

No response

Anything else?

No response
@binbinlv binbinlv added kind/bug Issues or changes related a bug needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 25, 2024
@shaoting-huang
Copy link
Contributor

Check with rbac v1 author @SimFG. In grant v2, we will also skip the validation for whether a collection or database exists. We’ll adhere to the original design principle: permissions are associated only with names and are not concerned with the resource's existence.

@binbinlv
Copy link
Contributor Author

OK, so it is as designed, close it.

@binbinlv
Copy link
Contributor Author

/assign @shaoting-huang
/unassign @yanliang567

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shaoting-huang shaoting-huang

Labels
kind/bug Issues or changes related a bug needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yanliang567 @binbinlv @shaoting-huang