Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: [privilege_group] The error message is not helpful when adding the valid privilege to the not exist privilege group #37843

Closed
1 task done
binbinlv opened this issue Nov 20, 2024 · 12 comments
Assignees
Labels
kind/bug Issues or changes related a bug triage/accepted Indicates an issue or PR is ready to be actively worked on.
Milestone

Comments

@binbinlv
Copy link
Contributor

binbinlv commented Nov 20, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Environment

- Milvus version: master-20241119-b6612e02-amd64
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):    all
- SDK version(e.g. pymilvus v2.0.0rc2): 2.5.0rc122
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

The error message is not helpful when adding the valid privilege to the not exist privilege group

>>> milvus_client.add_privileges_to_group("binbin", ["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:49:23.503606', 'RPC error': '2024-11-20 15:49:23.558232'}>

Expected Behavior

report errors like "not exist privilege group"

Steps To Reproduce

from pymilvus import MilvusClient
milvus_client = MilvusClient()
milvus_client.add_privileges_to_group("binbin", ["Insert"])

Milvus Log

No response

Anything else?

No response

@binbinlv binbinlv added kind/bug Issues or changes related a bug triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Nov 20, 2024
@binbinlv
Copy link
Contributor Author

And the same if adding the invalid privilege to the exist privilege group:

>>> milvus_client.add_privileges_to_group("_1", ["binbin"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:54:54.021095', 'RPC error': '2024-11-20 15:54:54.153747'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1225, in add_privileges_to_group
    conn.add_privileges_to_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2054, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

@binbinlv
Copy link
Contributor Author

And this issue exists in interface "remove_privileges_from_group":

>>> milvus_client.remove_privileges_from_group("binbin", ["Search"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:59:53.027441', 'RPC error': '2024-11-20 15:59:53.561812'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1247, in remove_privileges_from_group
    conn.remove_privileges_from_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2066, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

>>> milvus_client.remove_privileges_from_group("_1", ["binbin"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-20 15:59:07.312585', 'RPC error': '2024-11-20 15:59:07.554053'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/milvus_client/milvus_client.py", line 1247, in remove_privileges_from_group
    conn.remove_privileges_from_group(group_name, privileges, timeout=timeout, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2066, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

@yanliang567
Copy link
Contributor

/assign @shaoting-huang
/unassign

@sre-ci-robot
Copy link
Contributor

@yanliang567: GitHub didn't allow me to assign the following users: shaoting-huang.

Note that only milvus-io members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @shaoting-huang
/unassign

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@yanliang567 yanliang567 added this to the 2.5.0 milestone Nov 21, 2024
@shaoting-huang
Copy link
Contributor

/assign

@binbinlv
Copy link
Contributor Author

binbinlv commented Nov 21, 2024

And when add/remove privileges to built-in privilege group, it report error:

(code=65535, message=fail to execute task when operate privilege group)

results:

>>> role.add_privileges_to_group(privilege_group="ClusterAdmin", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-21 12:26:23.005388', 'RPC error': '2024-11-21 12:26:23.044209'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>
>>>
>>>
>>>
>>> role.remove_privileges_from_group(privilege_group="ClusterAdmin", privileges=["Insert"])
RPC error: [remove_privileges_from_group], <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>, <Time:{'RPC start': '2024-11-21 12:26:49.126796', 'RPC error': '2024-11-21 12:26:49.161070'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 342, in remove_privileges_from_group
    return self._get_connection().remove_privileges_from_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2106, in remove_privileges_from_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=65535, message=fail to execute task when operate privilege group)>

expect:
error message is more useful for users to what happened, like "privilege group name [CollectionAdmin] is defined by built in privileges or privilege groups in system, could not add/remove privilege to it: invalid parameter"

sre-ci-robot pushed a commit that referenced this issue Nov 21, 2024
issue: #37031
also fix issues: #37843,
#37842,
#37887

Signed-off-by: shaoting-huang <[email protected]>
@shaoting-huang
Copy link
Contributor

after fix:

 message=there is no privilege group name [binbin] to operate: invalid parameter)>

@binbinlv
Copy link
Contributor Author

Fixed:

  1. not exist privilege role: role.add_privileges_to_group("binbin", ["Insert"])
(code=1100, message=there is no privilege group name [binbin] to operate: invalid parameter)
  1. not exist privilege role: role.remove_privileges_from_group("binbin", ["Search"])
(code=1100, message=there is no privilege group name [binbin] to operate: invalid parameter)

@binbinlv
Copy link
Contributor Author

Not Fixed:
Operate built-in privilege group:

>>> role.add_privileges_to_group(privilege_group="CollectionReadOnly", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=1100, message=there is no privilege group name [CollectionReadOnly] to operate: invalid parameter)>, <Time:{'RPC start': '2024-11-26 17:47:13.918540', 'RPC error': '2024-11-26 17:47:13.962203'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=1100, message=there is no privilege group name [CollectionReadOnly] to operate: invalid parameter)>

@shaoting-huang
Copy link
Contributor

the privilege group name [CollectionReadOnly] is defined by built in privilege groups in system: invalid parameter)

@binbinlv
Copy link
Contributor Author

Verified and fixed in latest dev image:
milvus: shaoting-huang-rbacv2fix-99f4f88-20241126
pymilvus: 2.5.0rc126

>>> role.add_privileges_to_group(privilege_group="CollectionReadWrite", privileges=["Insert"])
RPC error: [add_privileges_to_group], <MilvusException: (code=1100, message=the privilege group name [CollectionReadWrite] is defined by built in privilege groups in system: invalid parameter)>, <Time:{'RPC start': '2024-11-26 19:14:34.207327', 'RPC error': '2024-11-26 19:14:34.313626'}>
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/orm/role.py", line 325, in add_privileges_to_group
    return self._get_connection().add_privileges_to_group(privilege_group, privileges)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 141, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 116, in handler
    raise e from e
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/grpc_handler.py", line 2094, in add_privileges_to_group
    check_status(resp)
  File "/Users/binbin/milvus_latest/lib/python3.8/site-packages/pymilvus/client/utils.py", line 63, in check_status
    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=1100, message=the privilege group name [CollectionReadWrite] is defined by built in privilege groups in system: invalid parameter)>

@binbinlv
Copy link
Contributor Author

Close it first, and will reopen it if there are any errors on the master image when the fix pr is merged.

JsDove pushed a commit to JsDove/milvus that referenced this issue Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Issues or changes related a bug triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Development

No branches or pull requests

4 participants