diff --git a/cmd/tools/config/generate.go b/cmd/tools/config/generate.go index 2c709539ec450..f09925c573206 100644 --- a/cmd/tools/config/generate.go +++ b/cmd/tools/config/generate.go @@ -68,6 +68,9 @@ func collectRecursive(params *paramtable.ComponentParam, data *[]DocContent, val item := subVal.Interface().(paramtable.ParamItem) //nolint:govet refreshable := tag.Get("refreshable") defaultValue := params.GetWithDefault(item.Key, item.DefaultValue) + if strings.HasPrefix(item.DefaultValue, "\"") && strings.HasSuffix(item.DefaultValue, "\"") { + defaultValue = fmt.Sprintf("\"%s\"", defaultValue) + } log.Debug("got key", zap.String("key", item.Key), zap.Any("value", defaultValue), zap.String("variable", val.Type().Field(j).Name)) *data = append(*data, DocContent{item.Key, defaultValue, item.Version, refreshable, item.Export, item.Doc}) } else if t == "paramtable.ParamGroup" { diff --git a/configs/milvus.yaml b/configs/milvus.yaml index d38c74cf9d114..4dd8e8a873b74 100644 --- a/configs/milvus.yaml +++ b/configs/milvus.yaml @@ -820,7 +820,7 @@ common: # The superusers will ignore some system check processes, # like the old password verification when updating the credential superUsers: - defaultRootPassword: Milvus # default password for root user + defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required. rbac: overrideBuiltInPrivilgeGroups: enabled: false # Whether to override build-in privilege groups diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go index d46bb318e2caf..0222d0caa52a6 100644 --- a/internal/rootcoord/root_coord.go +++ b/internal/rootcoord/root_coord.go @@ -552,9 +552,13 @@ func (c *Core) Init() error { func (c *Core) initCredentials() error { credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot) if credInfo == nil { - log.Debug("RootCoord init user root") - encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue()) - err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword}) + encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue()) + if err != nil { + log.Warn("RootCoord init user root failed", zap.Error(err)) + return err + } + log.Info("RootCoord init user root") + err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword}) return err } return nil diff --git a/pkg/util/paramtable/component_param.go b/pkg/util/paramtable/component_param.go index a27b5555262c5..edb216541e28d 100644 --- a/pkg/util/paramtable/component_param.go +++ b/pkg/util/paramtable/component_param.go @@ -659,8 +659,8 @@ like the old password verification when updating the credential`, p.DefaultRootPassword = ParamItem{ Key: "common.security.defaultRootPassword", Version: "2.4.7", - Doc: "default password for root user", - DefaultValue: "Milvus", + Doc: "default password for root user. The maximum length is 72 characters, and double quotes are required.", + DefaultValue: "\"Milvus\"", Export: true, } p.DefaultRootPassword.Init(base.mgr) @@ -1348,8 +1348,15 @@ func (p *proxyConfig) init(base *BaseTable) { p.MaxPasswordLength = ParamItem{ Key: "proxy.maxPasswordLength", - DefaultValue: "256", + DefaultValue: "72", // bcrypt max length Version: "2.0.0", + Formatter: func(v string) string { + n := getAsInt(v) + if n <= 0 || n > 72 { + return "72" + } + return v + }, PanicIfEmpty: true, } p.MaxPasswordLength.Init(base.mgr) diff --git a/pkg/util/paramtable/component_param_test.go b/pkg/util/paramtable/component_param_test.go index cfa0df8ae749c..f3f7597143093 100644 --- a/pkg/util/paramtable/component_param_test.go +++ b/pkg/util/paramtable/component_param_test.go @@ -218,6 +218,12 @@ func TestComponentParam(t *testing.T) { assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64()) assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64()) + + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) + params.Save("proxy.maxPasswordLength", "100") + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) + params.Save("proxy.maxPasswordLength", "-10") + assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt()) }) // t.Run("test proxyConfig panic", func(t *testing.T) {