Skip to content

Commit

Permalink
fix: the too long default root password does not take effect
Browse files Browse the repository at this point in the history
Signed-off-by: SimFG <[email protected]>
  • Loading branch information
SimFG committed Nov 25, 2024
1 parent fbb68ca commit e5b8dea
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 6 deletions.
2 changes: 1 addition & 1 deletion configs/milvus.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -820,7 +820,7 @@ common:
# The superusers will ignore some system check processes,
# like the old password verification when updating the credential
superUsers:
defaultRootPassword: Milvus # default password for root user
defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
rbac:
overrideBuiltInPrivilgeGroups:
enabled: false # Whether to override build-in privilege groups
Expand Down
10 changes: 7 additions & 3 deletions internal/rootcoord/root_coord.go
Original file line number Diff line number Diff line change
Expand Up @@ -552,9 +552,13 @@ func (c *Core) Init() error {
func (c *Core) initCredentials() error {
credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot)
if credInfo == nil {
log.Debug("RootCoord init user root")
encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
if err != nil {
log.Warn("RootCoord init user root failed", zap.Error(err))
return err
}
log.Info("RootCoord init user root")
err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
return err
}
return nil
Expand Down
11 changes: 9 additions & 2 deletions pkg/util/paramtable/component_param.go
Original file line number Diff line number Diff line change
Expand Up @@ -656,7 +656,7 @@ like the old password verification when updating the credential`,
p.DefaultRootPassword = ParamItem{
Key: "common.security.defaultRootPassword",
Version: "2.4.7",
Doc: "default password for root user",
Doc: "default password for root user. The maximum length is 72 characters, and double quotes are required.",
DefaultValue: "Milvus",
Export: true,
}
Expand Down Expand Up @@ -1336,8 +1336,15 @@ func (p *proxyConfig) init(base *BaseTable) {

p.MaxPasswordLength = ParamItem{
Key: "proxy.maxPasswordLength",
DefaultValue: "256",
DefaultValue: "72", // bcrypt max length
Version: "2.0.0",
Formatter: func(v string) string {
n := getAsInt(v)
if n <= 0 || n > 72 {
return "72"
}
return v
},
PanicIfEmpty: true,
}
p.MaxPasswordLength.Init(base.mgr)
Expand Down
6 changes: 6 additions & 0 deletions pkg/util/paramtable/component_param_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,12 @@ func TestComponentParam(t *testing.T) {

assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64())
assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64())

assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
params.Save("proxy.maxPasswordLength", "100")
assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
params.Save("proxy.maxPasswordLength", "-10")
assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
})

// t.Run("test proxyConfig panic", func(t *testing.T) {
Expand Down

0 comments on commit e5b8dea

Please sign in to comment.