milvus icon indicating copy to clipboard operation
milvus copied to clipboard

Published 20 hours ago verified publisher icon milvus-io

[Bug]: When setting a password for the root of Milvus, it does not work. The root user can log in with any password

Open 1041787154 opened this issue 1 year ago • 18 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Environment

- Milvus version:2.3.0-gpu-beta
- Deployment mode(standalone or cluster):standalone 
- MQ type(rocksmq, pulsar or kafka):    
- SDK version(e.g. pymilvus v2.0.0rc2):
- OS(Ubuntu or CentOS): Ubuntu 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

1、When setting a password for the root of Milvus, it does not work. The root user can log in with any password; image

2、The created sub users cannot use the search function, as they do not have permission; image

Expected Behavior

No response

Steps To Reproduce

No response

Milvus Log

No response

Anything else?

No response

1041787154 avatar Apr 24 '23 10:04 1041787154

/assign @binbinlv could you please check this issue? /unassign

yanliang567 avatar Apr 24 '23 10:04 yanliang567

/assign @binbinlv could you please check this issue? /unassign

checked,but the problem still exists,here are a few code screenshots:

image image

1041787154 avatar Apr 25 '23 03:04 1041787154

Reproduced on master latest image: master-20230425-4fb8919a: enabled authorization function:

root@binbin-user-pwd-vsnkk-milvus-standalone-6f7f8b88-g6tcr:/milvus/configs# cat milvus.yaml |grep authorizationEnabled
    authorizationEnabled: true
  1. root:
>>> connections.connect(alias='default',
...     host='',
...     port='19530',
...     user='root',
...     password='2',
...   )
>>>
>>> utility.list_collections()
['test_search_collection_binbin_tmp_0']
  1. create another user, it is OK:
>>> utility.create_user('binbin', 'binbin123', using='default')
>>> connections.connect(alias='default',
...     host='',
...     port='19530',
...     user='binbin',
...     password='2',
...   )
>>> utility.list_collections()
RPC error: [list_collections], <MilvusException: (code=1, message=<_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: binbin, password: 2: invalid parameter"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.6.16:19530 {created_time:"2023-04-25T17:20:47.951504+08:00", grpc_status:2, grpc_message:"auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: binbin, password: 2: invalid parameter"}"
>)>, <Time:{'RPC start': '2023-04-25 17:20:47.860622', 'RPC error': '2023-04-25 17:20:47.952829'}>
Traceback (most recent call last):
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 50, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 269, in list_collections
    response = rf.result()
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/grpc/_channel.py", line 797, in result
    raise self
grpc._channel._MultiThreadedRendezvous: <_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: binbin, password: 2: invalid parameter"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.6.16:19530 {created_time:"2023-04-25T17:20:47.951504+08:00", grpc_status:2, grpc_message:"auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: binbin, password: 2: invalid parameter"}"

log: 23664.log

binbinlv avatar Apr 25 '23 09:04 binbinlv

@jaime0815

Hello, could you have a look? Thanks.

binbinlv avatar Apr 25 '23 09:04 binbinlv

This issue Only exists on master branch, it is good on 2.2.0 and 2.2.6 branch:

2.2.6 and 2.2.0:

>>> connections.connect(alias='default',
...    host='',
...    port='19530',
...     user='root',
...    password='2',
...   )
>>>
>>> utility.list_collections()
RPC error: [list_collections], <MilvusException: (code=1, message=<_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.9.72:19530 {grpc_message:"auth check failure, please check username and password are correct", grpc_status:2, created_time:"2023-04-25T18:00:36.397956+08:00"}"
>)>, <Time:{'RPC start': '2023-04-25 18:00:36.308335', 'RPC error': '2023-04-25 18:00:36.399194'}>
Traceback (most recent call last):
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 50, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 269, in list_collections
    response = rf.result()
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/grpc/_channel.py", line 797, in result
    raise self
grpc._channel._MultiThreadedRendezvous: <_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.9.72:19530 {grpc_message:"auth check failure, please check username and password are correct", grpc_status:2, created_time:"2023-04-25T18:00:36.397956+08:00"}"
>

binbinlv avatar Apr 25 '23 10:04 binbinlv

@binbinlv the root user's default password is Milvus. And the reason of listing collection is incorrect password, because new user's password is binbin123, not 2. image image

SimFG avatar Apr 25 '23 11:04 SimFG

@1041787154 The root user's default password is Milvus. And if you want to update the root password, you should use the update_password api in the pymilvus, like:

utility.update_password(user, old_password, new_password, using=connection_name)

And when you create a new user, the user don't have the search privilege, maybe the doc will help you a lot. reference: https://milvus.io/docs/users_and_roles.md, https://milvus.io/docs/rbac.md

SimFG avatar Apr 25 '23 11:04 SimFG

@binbinlv the root user's default password is Milvus. And the reason of listing collection is incorrect password, because new user's password is binbin123, not 2. image image

@SimFG this is not the problem addressed by this issue. The problem is why milvus is available (not report errors) when input wrong password for "root" user in master branch.

The 2.2.0 and 2.2.6 branch is OK.

The behavior for the new user is right (input wrong password for "binbin" user, auth check failure), which I want to say the behavior for "root" user is not right.

binbinlv avatar Apr 26 '23 02:04 binbinlv

@binbinlv got it, I found out that this is caused by superUser config. When you set the root user is super user, it will skip the password verification.

SimFG avatar Apr 26 '23 02:04 SimFG

I will change the default config in the master branch image

SimFG avatar Apr 26 '23 02:04 SimFG

@binbinlv please help to checkout it

SimFG avatar May 05 '23 07:05 SimFG

verifying.

binbinlv avatar May 05 '23 07:05 binbinlv

Verified, it is fixed. milvus: master-20230505-38f45c37

result:

>>> connections.connect(alias='default',
...   host='10.102.9.95',
...   port='19530',
...  user='root',
...   password='2',
... )
>>>
>>> utility.list_collections()
RPC error: [list_collections], <MilvusException: (code=1, message=<_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.9.95:19530 {created_time:"2023-05-05T16:39:53.746305+08:00", grpc_status:2, grpc_message:"auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"}"
>)>, <Time:{'RPC start': '2023-05-05 16:39:53.624542', 'RPC error': '2023-05-05 16:39:53.747688'}>
Traceback (most recent call last):
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 50, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 270, in list_collections
    response = rf.result()
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/grpc/_channel.py", line 797, in result
    raise self
grpc._channel._MultiThreadedRendezvous: <_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.9.95:19530 {created_time:"2023-05-05T16:39:53.746305+08:00", grpc_status:2, grpc_message:"auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/orm/utility.py", line 501, in list_collections
    return _get_connection(using).list_collections(timeout=timeout)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 109, in handler
    raise e
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 105, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 136, in handler
    ret = func(self, *args, **kwargs)
  File "/Users/binbin/milvus-test-env-3.8/lib/python3.8/site-packages/pymilvus/decorators.py", line 56, in handler
    raise MilvusException(message=str(e)) from e
pymilvus.exceptions.MilvusException: <MilvusException: (code=1, message=<_MultiThreadedRendezvous of RPC that terminated with:
	status = StatusCode.UNKNOWN
	details = "auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"
	debug_error_string = "UNKNOWN:Error received from peer ipv4:10.102.9.95:19530 {created_time:"2023-05-05T16:39:53.746305+08:00", grpc_status:2, grpc_message:"auth check failure, please check username and password are correct: expected=vaild username and password, actual=username: root, password: 2: invalid parameter"}"

And using the correct password, it is connected successfully.

binbinlv avatar May 05 '23 08:05 binbinlv

@1041787154 hello, it is verified on my side and fixed now, could you have a verification on your side?

And you could close this issue if verified. Thanks.

binbinlv avatar May 05 '23 08:05 binbinlv

/assign @1041787154

binbinlv avatar May 05 '23 08:05 binbinlv

/unassign

binbinlv avatar May 05 '23 08:05 binbinlv

/unassign

SimFG avatar May 05 '23 08:05 SimFG

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Rotten issues close after 30d of inactivity. Reopen the issue with /reopen.

stale[bot] avatar Jun 08 '23 17:06 stale[bot]