Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: rbac revoke check if there is same privilege in other privilege groups granted #38558

Merged
merged 1 commit into from
Dec 18, 2024
Merged

fix: rbac revoke check if there is same privilege in other privilege groups granted #38558

merged 1 commit into from
Dec 18, 2024

Conversation

shaoting-huang
Copy link
Contributor

@shaoting-huang shaoting-huang commented Dec 18, 2024
edited
Loading

related: #38557, #37031

@sre-ci-robot sre-ci-robot added the size/S Denotes a PR that changes 10-29 lines. label Dec 18, 2024
@shaoting-huang
Copy link
Contributor Author

after fix:

>>> from pymilvus import connections, db
>>> from pymilvus import CollectionSchema, FieldSchema
>>> from pymilvus import Collection
>>> from pymilvus import connections
>>> from pymilvus import DataType
>>> from pymilvus import Partition
>>> from pymilvus import utility
>>> from pymilvus import MilvusClient
>>> from pymilvus import Role
>>>
>>> connections.connect(host="localhost", user="root", password="Milvus")
>>> client = MilvusClient(uri="http://localhost:19530", user="root", password="Milvus")
>>> client.create_collection("col1", dimension=128)

>>> db.create_database("db1")
>>> role = Role("role")
>>> role.create()
>>> utility.list_roles(True)
RoleInfo groups:
- RoleItem: <role_name:admin>, <users:()>
- RoleItem: <role_name:public>, <users:()>
- RoleItem: <role_name:role>, <users:()>
>>> utility.create_user(user="user1", password="Milvus")
>>> role.add_user("user1")
>>> utility.list_roles(True)
RoleInfo groups:
- RoleItem: <role_name:admin>, <users:()>
- RoleItem: <role_name:public>, <users:()>
- RoleItem: <role_name:role>, <users:('user1',)>
>>> role.list_grants()
GrantInfo groups:
>>>
>>>
>>> role.grant_v2("ClusterAdmin", "*", db_name="*")
>>> role.grant_v2("CreatePrivilegeGroup", "*", db_name="*")
>>>
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Global>, <object_name:*>, <db_name:*>, <role_name:role>, <grantor_name:root>, <privilege:CreatePrivilegeGroup>
- GrantItem: <object:Global>, <object_name:*>, <db_name:*>, <role_name:role>, <grantor_name:root>, <privilege:ClusterAdmin>
>>>
>>> role.revoke_v2("CreatePrivilegeGroup", "*", db_name="*")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Global>, <object_name:*>, <db_name:*>, <role_name:role>, <grantor_name:root>, <privilege:ClusterAdmin>
>>> connections.disconnect('default')
>>> connections.connect(host="localhost", user="user1", password="Milvus")
>>>
>>> role.create_privilege_group("pg")
>>>
>>>

@mergify mergify bot added dco-passed DCO check passed. kind/bug Issues or changes related a bug labels Dec 18, 2024
@weiliu1031
Copy link
Contributor

/lgtm

@shaoting-huang shaoting-huang mentioned this pull request Dec 18, 2024
Merged
@shaoting-huang
rbac revoke check with meta
01b5b06 
Signed-off-by: shaoting-huang <[email protected]>
@sre-ci-robot sre-ci-robot removed the lgtm label Dec 18, 2024
@weiliu1031
Copy link
Contributor

/lgtm

@tedxu
Copy link
Contributor

tedxu commented Dec 18, 2024

/approve

@sre-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: shaoting-huang, tedxu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov Codecov
Copy link

codecov bot commented Dec 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.32%. Comparing base (87056be) to head (01b5b06).
Report is 4 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (87056be) and HEAD (01b5b06). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (87056be) HEAD (01b5b06)
2 1
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           master   #38558       +/-   ##
===========================================
- Coverage   80.98%   69.32%   -11.66%     
===========================================
  Files        1379      292     -1087     
  Lines      194361    26184   -168177     
===========================================
- Hits       157404    18153   -139251     
+ Misses      31411     8031    -23380     
+ Partials     5546        0     -5546
Components Coverage Δ
Client ∅ <ø> (∅)
Core 69.32% <ø> (ø)
Go ∅ <ø> (∅)

see 1087 files with indirect coverage changes

@mergify mergify bot added the ci-passed label Dec 18, 2024
@sre-ci-robot sre-ci-robot merged commit de88589 into milvus-io:master Dec 18, 2024
19 of 20 checks passed
sre-ci-robot pushed a commit that referenced this pull request Dec 18, 2024
@shaoting-huang
fix: [2.4] rbac revoke check if there is same privilege in other priv…
d84e4f6 
…ilege groups granted (#38559)

cherry-pick from master: #38558
related: #38557

Signed-off-by: shaoting-huang <[email protected]>
@shaoting-huang shaoting-huang mentioned this pull request Dec 19, 2024
Open
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bigsheeper bigsheeper Awaiting requested review from bigsheeper

@yhmo yhmo Awaiting requested review from yhmo

Assignees

@weiliu1031 weiliu1031

Labels
approved ci-passed dco-passed DCO check passed. kind/bug Issues or changes related a bug lgtm size/S Denotes a PR that changes 10-29 lines.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shaoting-huang @weiliu1031 @tedxu @sre-ci-robot