search

milvus-io / milvus

A cloud-native vector database, storage for next generation AI applications
https://milvus.io
Apache License 2.0
30.94k stars 2.95k forks source link

[Bug]: [privilege_group] The privilege granted by interface "grant" could not be revoked by interface "revoke_v2" #38008

Open binbinlv opened 5 hours ago

binbinlv commented 5 hours ago

Is there an existing issue for this?

Environment

- Milvus version: master-20241125-0b9edb62-amd64
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):    all
- SDK version(e.g. pymilvus v2.0.0rc2): 2.5.0rc126
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

The privilege granted by interface "grant" could not be revoked by interface "revoke_v2"

>>> role.grant(object="Collection", object_name="binbin_new", privilege="Insert")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Collection>, <object_name:binbin_new>, <db_name:default>, <role_name:binbin>, <grantor_name:root>, <privilege:Insert>
>>> role.revoke_v2(privilege="Insert", db_name="default", collection_name="binbin_new")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Collection>, <object_name:binbin_new>, <db_name:default>, <role_name:binbin>, <grantor_name:root>, <privilege:Insert>
>>>

using revoke v1 , the privilege could be revoked successfully

>>> role.revoke_v2(privilege="Insert", db_name="default", collection_name="binbin_new")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Collection>, <object_name:binbin_new>, <db_name:default>, <role_name:binbin>, <grantor_name:root>, <privilege:Insert>
>>>
>>> role.revoke(object="Collection", object_name="binbin_new", privilege="Insert")
>>> role.list_grants()
GrantInfo groups:
>>>

Expected Behavior

No response

Steps To Reproduce

from pymilvus import connections
from pymilvus import MilvusClient
from pymilvus import Role
from pymilvus import utility

connections.connect(host="", user="root", password="Milvus")
client = MilvusClient(uri="", user="root", password="Milvus")
client.create_collection("binbin_new", dimension=128)
utility.list_roles(True)
role = Role("binbin")
role.create()
utility.list_roles(True)
utility.create_user(user="user1", password="Milvus")
role.add_user("user1")
utility.list_roles(True)
role.list_grants()
role.grant(object="Collection", object_name="binbin_new", privilege="Insert")
role.list_grants()
role.revoke_v2(privilege="Insert", db_name="default", collection_name="binbin_new")
role.list_grants()

Milvus Log

No response

Anything else?

No response

binbinlv commented 4 hours ago

/assign @shaoting-huang

sre-ci-robot commented 4 hours ago

@binbinlv: GitHub didn't allow me to assign the following users: shaoting-huang.

Note that only milvus-io members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/milvus-io/milvus/issues/38008#issuecomment-2498128696): >/assign @shaoting-huang Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.