Skip to content

Commit

Permalink
fix: the too long default root password does not take effect (#37983)
Browse files Browse the repository at this point in the history
- issue: #36987

Signed-off-by: SimFG <[email protected]>
  • Loading branch information
SimFG authored Nov 26, 2024
1 parent 858eaa6 commit 2208b7c
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 7 deletions.
3 changes: 3 additions & 0 deletions cmd/tools/config/generate.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@ func collectRecursive(params *paramtable.ComponentParam, data *[]DocContent, val
item := subVal.Interface().(paramtable.ParamItem) //nolint:govet
refreshable := tag.Get("refreshable")
defaultValue := params.GetWithDefault(item.Key, item.DefaultValue)
if strings.HasPrefix(item.DefaultValue, "\"") && strings.HasSuffix(item.DefaultValue, "\"") {
defaultValue = fmt.Sprintf("\"%s\"", defaultValue)
}
log.Debug("got key", zap.String("key", item.Key), zap.Any("value", defaultValue), zap.String("variable", val.Type().Field(j).Name))
*data = append(*data, DocContent{item.Key, defaultValue, item.Version, refreshable, item.Export, item.Doc})
} else if t == "paramtable.ParamGroup" {
Expand Down
2 changes: 1 addition & 1 deletion configs/milvus.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -820,7 +820,7 @@ common:
# The superusers will ignore some system check processes,
# like the old password verification when updating the credential
superUsers:
defaultRootPassword: Milvus # default password for root user
defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
rbac:
overrideBuiltInPrivilgeGroups:
enabled: false # Whether to override build-in privilege groups
Expand Down
10 changes: 7 additions & 3 deletions internal/rootcoord/root_coord.go
Original file line number Diff line number Diff line change
Expand Up @@ -552,9 +552,13 @@ func (c *Core) Init() error {
func (c *Core) initCredentials() error {
credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot)
if credInfo == nil {
log.Debug("RootCoord init user root")
encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
if err != nil {
log.Warn("RootCoord init user root failed", zap.Error(err))
return err
}
log.Info("RootCoord init user root")
err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
return err
}
return nil
Expand Down
13 changes: 10 additions & 3 deletions pkg/util/paramtable/component_param.go
Original file line number Diff line number Diff line change
Expand Up @@ -659,8 +659,8 @@ like the old password verification when updating the credential`,
p.DefaultRootPassword = ParamItem{
Key: "common.security.defaultRootPassword",
Version: "2.4.7",
Doc: "default password for root user",
DefaultValue: "Milvus",
Doc: "default password for root user. The maximum length is 72 characters, and double quotes are required.",
DefaultValue: "\"Milvus\"",
Export: true,
}
p.DefaultRootPassword.Init(base.mgr)
Expand Down Expand Up @@ -1348,8 +1348,15 @@ func (p *proxyConfig) init(base *BaseTable) {

p.MaxPasswordLength = ParamItem{
Key: "proxy.maxPasswordLength",
DefaultValue: "256",
DefaultValue: "72", // bcrypt max length
Version: "2.0.0",
Formatter: func(v string) string {
n := getAsInt(v)
if n <= 0 || n > 72 {
return "72"
}
return v
},
PanicIfEmpty: true,
}
p.MaxPasswordLength.Init(base.mgr)
Expand Down
6 changes: 6 additions & 0 deletions pkg/util/paramtable/component_param_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,12 @@ func TestComponentParam(t *testing.T) {

assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64())
assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64())

assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
params.Save("proxy.maxPasswordLength", "100")
assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
params.Save("proxy.maxPasswordLength", "-10")
assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
})

// t.Run("test proxyConfig panic", func(t *testing.T) {
Expand Down

0 comments on commit 2208b7c

Please sign in to comment.