milvus icon indicating copy to clipboard operation
milvus copied to clipboard

Published 20 hours ago verified publisher icon milvus-io

[Bug]: [restful v2]db name is not a param in request body and does not take effective in role describe and grant privilege api

Open zhuwenxing opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Environment

- Milvus version:master/2.4/2.3
- Deployment mode(standalone or cluster):
- MQ type(rocksmq, pulsar or kafka):    
- SDK version(e.g. pymilvus v2.0.0rc2):
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

restful v2

image

image

Milvus client

image image

Under the current Restful V2 implementation, the permissions granted to users can only operate on the default database and cannot be used to operate on non-default databases.

Expected Behavior

Synchronize with the Milvus client, set dbName as a parameter in the request body, and make it take effect

Steps To Reproduce

No response

Milvus Log

No response

Anything else?

No response

zhuwenxing avatar May 21 '24 07:05 zhuwenxing

/assign @PowderLi

zhuwenxing avatar May 21 '24 07:05 zhuwenxing

  1. grant privilege already support dbName
  2. describe role will list all privilege entities, why we need dbName, should filter the privilege entities which belongs to the dbName?

PowderLi avatar May 21 '24 13:05 PowderLi

image tag: master-20240522-de790112-amd64

  1. seems like not take effective

as you can see, I already passed dbName testdb to payload in grant_privilege, but in the description, the db_name still is default

[2024-05-22 14:39:31 - DEBUG - ci_test]: 
method: post, 
url: http://10.104.24.79:19530/v2/vectordb/roles/grant_privilege, 
cost time: 0.03069901466369629, 
header: {'Content-Type': 'application/json', 'Authorization': 'Bearer root:Milvus', 'RequestId': '0bbc5b0a-1806-11ef-bcbf-acde48001122'}, 
payload: {"roleName": "role_GzbcEKbz", "objectType": "Global", "objectName": "*", "privilege": "All", "dbName": "testdb"}, 
response: {"code":200,"data":{}} (milvus.py:20)
[2024-05-22 14:39:31 - DEBUG - urllib3.connectionpool]: Starting new HTTP connection (1): 10.104.24.79:19530 (connectionpool.py:245)
[2024-05-22 14:39:31 - DEBUG - urllib3.connectionpool]: http://10.104.24.79:19530 "POST /v2/vectordb/roles/describe HTTP/1.1" 200 116 (connectionpool.py:473)
[2024-05-22 14:39:31 - DEBUG - ci_test]: 
method: post, 
url: http://10.104.24.79:19530/v2/vectordb/roles/describe, 
cost time: 0.033225297927856445, 
header: {'Content-Type': 'application/json', 'Authorization': 'Bearer root:Milvus', 'RequestId': '0bc13012-1806-11ef-bcbf-acde48001122'}, 
payload: {"roleName": "role_GzbcEKbz"}, 
response: {"code":200,"data":[{"dbName":"default","grantor":"root","objectName":"*","objectType":"Global","privilege":"All"}]} (milvus.py:20)
  1. I guess so.

when I use Milvus client to describe role, if dbName is different, the response is different

[2024-05-22 14:47:56 - INFO - ci_test]: role role_IJmCOTWV describe without db_name testdb: {'role': 'role_IJmCOTWV', 'privileges': [{'object_type': 'Global', 'object_name': '*', 'db_name': 'default', 'role_name': 'role_IJmCOTWV', 'privilege': 'All', 'grantor_name': 'root'}]} (test_user_operation.py:263)
[2024-05-22 14:47:56 - INFO - ci_test]: role role_IJmCOTWV describe with db_name testdb: {'role': 'role_IJmCOTWV', 'privileges': []} (test_user_operation.py:265)

but when I use restful to describe role, if dbName is different, the response is same, the db name in response is always default

[2024-05-22 14:47:56 - DEBUG - ci_test]: 
method: post, 
url: http://10.104.24.79:19530/v2/vectordb/roles/describe, 
cost time: 0.04890108108520508, 
header: {'Content-Type': 'application/json', 'Authorization': 'Bearer root:Milvus', 'RequestId': '3864dd7a-1807-11ef-afa8-acde48001122'}, 
payload: {"roleName": "role_IJmCOTWV", "dbName": "default"}, 
response: {"code":200,"data":[{"dbName":"default","grantor":"root","objectName":"*","objectType":"Global","privilege":"All"}]} (milvus.py:20)
[2024-05-22 14:47:56 - DEBUG - urllib3.connectionpool]: Starting new HTTP connection (1): 10.104.24.79:19530 (connectionpool.py:245)
[2024-05-22 14:47:56 - DEBUG - urllib3.connectionpool]: http://10.104.24.79:19530 "POST /v2/vectordb/roles/describe HTTP/1.1" 200 116 (connectionpool.py:473)
[2024-05-22 14:47:56 - DEBUG - ci_test]: 
method: post, 
url: http://10.104.24.79:19530/v2/vectordb/roles/describe, 
cost time: 0.04584813117980957, 
header: {'Content-Type': 'application/json', 'Authorization': 'Bearer root:Milvus', 'RequestId': '386c64e6-1807-11ef-afa8-acde48001122'}, 
payload: {"roleName": "role_IJmCOTWV", "dbName": "testdb"}, 
response: {"code":200,"data":[{"dbName":"default","grantor":"root","objectName":"*","objectType":"Global","privilege":"All"}]} (milvus.py:20)

zhuwenxing avatar May 22 '24 06:05 zhuwenxing

/assign @zhuwenxing

PowderLi avatar May 23 '24 02:05 PowderLi

verified and fixed in master-20240523-b9d71450-amd64 image

zhuwenxing avatar May 23 '24 02:05 zhuwenxing

cc @AnthonyTsu1984

please update the doc for v2/vectordb/roles/grant_privilege and v2/vectordb/roles/describe API. they can now accept dbName in the request payload

zhuwenxing avatar May 23 '24 02:05 zhuwenxing