Datanode: ensure password_secret meets length requirement (#17719)

* ensure password_secret meets length requirement * update CL * update test * adjusted wording so it references the data node --------- Co-authored-by: Jan Heise <jan.heise@graylog.com>
Graylog2 · Dec 15, 2023 · a247edc · a247edc
1 parent be7df67
commit a247edc
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/changelog/unreleased/issue-17523.toml b/changelog/unreleased/issue-17523.toml
@@ -0,0 +1,5 @@
+type = "c"
+message = "Ensure password secret meets the minimum length requirement if using/for the DataNode."
+
+issues = ["17523"]
+pulls = ["17719"]
diff --git a/data-node/src/main/java/org/graylog/datanode/Configuration.java b/data-node/src/main/java/org/graylog/datanode/Configuration.java
@@ -288,8 +288,8 @@ public Duration getIndexerJwtAuthTokenExpirationDuration() {
     @ValidatorMethod
     @SuppressWarnings("unused")
     public void validatePasswordSecret() throws ValidationException {
-        if (passwordSecret == null || passwordSecret.length() < 16) {
-            throw new ValidationException("The minimum length for \"password_secret\" is 16 characters.");
+        if (passwordSecret == null || passwordSecret.length() < 64) {
+            throw new ValidationException("The minimum length for \"password_secret\" is 64 characters.");
         }
     }
 

diff --git a/...server/src/test/java/org/graylog/testing/completebackend/ContainerizedGraylogBackend.java b/...server/src/test/java/org/graylog/testing/completebackend/ContainerizedGraylogBackend.java
@@ -20,7 +20,6 @@
 import org.apache.commons.lang3.StringUtils;
 import org.graylog.testing.completebackend.ContainerizedGraylogBackendServicesProvider.Services;
 import org.graylog.testing.containermatrix.MongodbServer;
-import org.graylog.testing.containermatrix.annotations.ContainerMatrixTestsConfiguration;
 import org.graylog.testing.elasticsearch.SearchServerInstance;
 import org.graylog.testing.graylognode.MavenPackager;
 import org.graylog.testing.graylognode.NodeContainerConfig;
@@ -37,12 +36,11 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.ServiceLoader;
-import java.util.Set;
 import java.util.stream.Collectors;
 
 public class ContainerizedGraylogBackend implements GraylogBackend, AutoCloseable {
     private static final Logger LOG = LoggerFactory.getLogger(ContainerizedGraylogBackend.class);
-    public static final String PASSWORD_SECRET = "M4lteserKreuzHerrStrack?-warZuKurzDeshalbMussdaNochWasdran";
+    public static final String PASSWORD_SECRET = "M4lteserKreuzHerrStrack?-warZuKurzDeshalbMussdaNochWasdranHasToBeAtLeastSixtyFourCharactersInLength";
     public static final String ROOT_PASSWORD_PLAINTEXT = "admin";
     public static final String ROOT_PASSWORD_SHA_2 = DigestUtils.sha256Hex(ROOT_PASSWORD_PLAINTEXT);