search

milvus-io / milvus

A cloud-native vector database, storage for next generation AI applications
https://milvus.io
Apache License 2.0
30.97k stars 2.95k forks source link

[Bug]: [privilege_group] The error message is not helpful when adding the valid privilege to the not exist privilege group #37843

Closed binbinlv closed 19 hours ago

binbinlv commented 6 days ago

Is there an existing issue for this?

Environment

- Milvus version: master-20241119-b6612e02-amd64
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):    all
- SDK version(e.g. pymilvus v2.0.0rc2): 2.5.0rc122
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

The error message is not helpful when adding the valid privilege to the not exist privilege group

>>> milvus_client.add_privileges_to_group("binbin", ["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:49:23.503606', 'RPC error': '2024-11-20 15:49:23.558232'}>

Expected Behavior

report errors like "not exist privilege group"

Steps To Reproduce

from pymilvus import MilvusClient
milvus_client = MilvusClient()
milvus_client.add_privileges_to_group("binbin", ["Insert"])

Milvus Log

No response

Anything else?

No response

binbinlv commented 6 days ago

And the same if adding the invalid privilege to the exist privilege group:

>>> milvus_client.add_privileges_to_group("_1", ["binbin"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:54:54.021095', 'RPC error': '2024-11-20 15:54:54.153747'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1225, in add_privileges_to_group
    conn.add_privileges_to_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2054, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>
binbinlv commented 6 days ago

And this issue exists in interface "remove_privileges_from_group":

>>> milvus_client.remove_privileges_from_group("binbin", ["Search"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:59:53.027441', 'RPC error': '2024-11-20 15:59:53.561812'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1247, in remove_privileges_from_group
    conn.remove_privileges_from_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2066, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

>>> milvus_client.remove_privileges_from_group("_1", ["binbin"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:59:07.312585', 'RPC error': '2024-11-20 15:59:07.554053'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1247, in remove_privileges_from_group
    conn.remove_privileges_from_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2066, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>
yanliang567 commented 6 days ago

/assign @shaoting-huang /unassign

sre-ci-robot commented 6 days ago

@yanliang567: GitHub didn't allow me to assign the following users: shaoting-huang.

Note that only milvus-io members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/milvus-io/milvus/issues/37843#issuecomment-2489885383): >/assign @shaoting-huang >/unassign Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
shaoting-huang commented 6 days ago

/assign

binbinlv commented 6 days ago

And when add/remove privileges to built-in privilege group, it report error:

(code=65535, message=fail to execute task when operate privilege group)

results:

>>> role.add_privileges_to_group(privilege_group="ClusterAdmin", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-21 12:26:23.005388', 'RPC error': '2024-11-21 12:26:23.044209'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>
>>>
>>>
>>>
>>> role.remove_privileges_from_group(privilege_group="ClusterAdmin", privileges=["Insert"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-21 12:26:49.126796', 'RPC error': '2024-11-21 12:26:49.161070'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 342, in remove_privileges_from_group
    return self._get_connection().remove_privileges_from_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2106, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

expect: error message is more useful for users to what happened, like "privilege group name [CollectionAdmin] is defined by built in privileges or privilege groups in system, could not add/remove privilege to it: invalid parameter"

shaoting-huang commented 1 day ago

after fix:

 message=there is no privilege group name [binbin] to operate: invalid parameter)>
binbinlv commented 21 hours ago

Fixed:

  1. not exist privilege role: role.add_privileges_to_group("binbin", ["Insert"])

    (code=1100, message=there is no privilege group name [binbin] to operate: invalid parameter)

  2. not exist privilege role: role.remove_privileges_from_group("binbin", ["Search"])

    (code=1100, message=there is no privilege group name [binbin] to operate: invalid parameter)
binbinlv commented 21 hours ago

Not Fixed: Operate built-in privilege group:

>>> role.add_privileges_to_group(privilege_group="CollectionReadOnly", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=1100, message=there is no privilege group name [CollectionReadOnly] to operate: invalid parameter)>, <Time:{'RPC start': '2024-11-26 17:47:13.918540', 'RPC error': '2024-11-26 17:47:13.962203'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=1100, message=there is no privilege group name [CollectionReadOnly] to operate: invalid parameter)>
shaoting-huang commented 20 hours ago 
the privilege group name [CollectionReadOnly] is defined by built in privilege groups in system: invalid parameter)
binbinlv commented 19 hours ago

Verified and fixed in latest dev image: milvus: shaoting-huang-rbacv2fix-99f4f88-20241126 pymilvus: 2.5.0rc126

>>> role.add_privileges_to_group(privilege_group="CollectionReadWrite", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=1100, message=the privilege group name [CollectionReadWrite] is defined by built in privilege groups in system: invalid parameter)>, <Time:{'RPC start': '2024-11-26 19:14:34.207327', 'RPC error': '2024-11-26 19:14:34.313626'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=1100, message=the privilege group name [CollectionReadWrite] is defined by built in privilege groups in system: invalid parameter)>
binbinlv commented 19 hours ago

Close it first, and will reopen it if there are any errors on the master image when the fix pr is merged.