From 936f150b394bccb2ff3dc4c893cec0385bc00006 Mon Sep 17 00:00:00 2001 From: SimFG Date: Mon, 25 Nov 2024 14:28:07 +0800 Subject: [PATCH] fix: the too long default root password does not take effect Signed-off-by: SimFG --- configs/milvus.yaml | 2 +- internal/rootcoord/root_coord.go | 10 +++++++--- pkg/util/paramtable/component_param.go | 9 ++++++++- pkg/util/paramtable/component_param_test.go | 6 ++++++ 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/configs/milvus.yaml b/configs/milvus.yaml index a464e676c6b6d..9b37e8609b507 100644 --- a/configs/milvus.yaml +++ b/configs/milvus.yaml @@ -820,7 +820,7 @@ common: # The superusers will ignore some system check processes, # like the old password verification when updating the credential superUsers: - defaultRootPassword: Milvus # default password for root user + defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required. rbac: overrideBuiltInPrivilgeGroups: enabled: false # Whether to override build-in privilege groups diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go index d46bb318e2caf..0222d0caa52a6 100644 --- a/internal/rootcoord/root_coord.go +++ b/internal/rootcoord/root_coord.go @@ -552,9 +552,13 @@ func (c *Core) Init() error { func (c *Core) initCredentials() error { credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot) if credInfo == nil { - log.Debug("RootCoord init user root") - encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue()) - err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword}) + encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue()) + if err != nil { + log.Warn("RootCoord init user root failed", zap.Error(err)) + return err + } + log.Info("RootCoord init user root") + err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword}) return err } return nil diff --git a/pkg/util/paramtable/component_param.go b/pkg/util/paramtable/component_param.go index 93b5fb62191b3..6bf0172578604 100644 --- a/pkg/util/paramtable/component_param.go +++ b/pkg/util/paramtable/component_param.go @@ -1336,8 +1336,15 @@ func (p *proxyConfig) init(base *BaseTable) { p.MaxPasswordLength = ParamItem{ Key: "proxy.maxPasswordLength", - DefaultValue: "256", + DefaultValue: "72", // bcrypt max length Version: "2.0.0", + Formatter: func(v string) string { + n := getAsInt(v) + if n <= 0 || n > 72 { + return "72" + } + return v + }, PanicIfEmpty: true, } p.MaxPasswordLength.Init(base.mgr) diff --git a/pkg/util/paramtable/component_param_test.go b/pkg/util/paramtable/component_param_test.go index 529ec7a2d969b..d5205e0e6b872 100644 --- a/pkg/util/paramtable/component_param_test.go +++ b/pkg/util/paramtable/component_param_test.go @@ -214,6 +214,12 @@ func TestComponentParam(t *testing.T) { assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64()) assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64()) + + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) + params.Save("proxy.maxPasswordLength", "100") + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) + params.Save("proxy.maxPasswordLength", "-10") + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) }) // t.Run("test proxyConfig panic", func(t *testing.T) {