From 9b304600d326124cd593983b80e45efe3d3fed2f Mon Sep 17 00:00:00 2001
From: SimFG <bang.fu@zilliz.com>
Date: Mon, 25 Nov 2024 14:28:07 +0800
Subject: [PATCH] fix: the too long default root password does not take effect

Signed-off-by: SimFG <bang.fu@zilliz.com>
---
 cmd/tools/config/generate.go                |  3 +++
 configs/milvus.yaml                         |  2 +-
 internal/rootcoord/root_coord.go            | 10 +++++++---
 pkg/util/paramtable/component_param.go      | 13 ++++++++++---
 pkg/util/paramtable/component_param_test.go |  6 ++++++
 5 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/cmd/tools/config/generate.go b/cmd/tools/config/generate.go
index 2c709539ec450..f09925c573206 100644
--- a/cmd/tools/config/generate.go
+++ b/cmd/tools/config/generate.go
@@ -68,6 +68,9 @@ func collectRecursive(params *paramtable.ComponentParam, data *[]DocContent, val
 			item := subVal.Interface().(paramtable.ParamItem) //nolint:govet
 			refreshable := tag.Get("refreshable")
 			defaultValue := params.GetWithDefault(item.Key, item.DefaultValue)
+			if strings.HasPrefix(item.DefaultValue, "\"") && strings.HasSuffix(item.DefaultValue, "\"") {
+				defaultValue = fmt.Sprintf("\"%s\"", defaultValue)
+			}
 			log.Debug("got key", zap.String("key", item.Key), zap.Any("value", defaultValue), zap.String("variable", val.Type().Field(j).Name))
 			*data = append(*data, DocContent{item.Key, defaultValue, item.Version, refreshable, item.Export, item.Doc})
 		} else if t == "paramtable.ParamGroup" {
diff --git a/configs/milvus.yaml b/configs/milvus.yaml
index a464e676c6b6d..9b37e8609b507 100644
--- a/configs/milvus.yaml
+++ b/configs/milvus.yaml
@@ -820,7 +820,7 @@ common:
     # The superusers will ignore some system check processes,
     # like the old password verification when updating the credential
     superUsers: 
-    defaultRootPassword: Milvus # default password for root user
+    defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
     rbac:
       overrideBuiltInPrivilgeGroups:
         enabled: false # Whether to override build-in privilege groups
diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go
index d46bb318e2caf..0222d0caa52a6 100644
--- a/internal/rootcoord/root_coord.go
+++ b/internal/rootcoord/root_coord.go
@@ -552,9 +552,13 @@ func (c *Core) Init() error {
 func (c *Core) initCredentials() error {
 	credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot)
 	if credInfo == nil {
-		log.Debug("RootCoord init user root")
-		encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
-		err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
+		encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
+		if err != nil {
+			log.Warn("RootCoord init user root failed", zap.Error(err))
+			return err
+		}
+		log.Info("RootCoord init user root")
+		err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
 		return err
 	}
 	return nil
diff --git a/pkg/util/paramtable/component_param.go b/pkg/util/paramtable/component_param.go
index 93b5fb62191b3..2c831f3b03a87 100644
--- a/pkg/util/paramtable/component_param.go
+++ b/pkg/util/paramtable/component_param.go
@@ -656,8 +656,8 @@ like the old password verification when updating the credential`,
 	p.DefaultRootPassword = ParamItem{
 		Key:          "common.security.defaultRootPassword",
 		Version:      "2.4.7",
-		Doc:          "default password for root user",
-		DefaultValue: "Milvus",
+		Doc:          "default password for root user. The maximum length is 72 characters, and double quotes are required.",
+		DefaultValue: "\"Milvus\"",
 		Export:       true,
 	}
 	p.DefaultRootPassword.Init(base.mgr)
@@ -1336,8 +1336,15 @@ func (p *proxyConfig) init(base *BaseTable) {
 
 	p.MaxPasswordLength = ParamItem{
 		Key:          "proxy.maxPasswordLength",
-		DefaultValue: "256",
+		DefaultValue: "72", // bcrypt max length
 		Version:      "2.0.0",
+		Formatter: func(v string) string {
+			n := getAsInt(v)
+			if n <= 0 || n > 72 {
+				return "72"
+			}
+			return v
+		},
 		PanicIfEmpty: true,
 	}
 	p.MaxPasswordLength.Init(base.mgr)
diff --git a/pkg/util/paramtable/component_param_test.go b/pkg/util/paramtable/component_param_test.go
index 529ec7a2d969b..d5205e0e6b872 100644
--- a/pkg/util/paramtable/component_param_test.go
+++ b/pkg/util/paramtable/component_param_test.go
@@ -214,6 +214,12 @@ func TestComponentParam(t *testing.T) {
 
 		assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64())
 		assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64())
+
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
+		params.Save("proxy.maxPasswordLength", "100")
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
+		params.Save("proxy.maxPasswordLength", "-10")
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
 	})
 
 	// t.Run("test proxyConfig panic", func(t *testing.T) {