Skip to content

Commit

Permalink
Feat: use username and passport for Redis Sentinel auth
Browse files Browse the repository at this point in the history
  • Loading branch information
ivard committed Nov 20, 2023
1 parent b3a4253 commit 7b7fb4d
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 5 deletions.
2 changes: 2 additions & 0 deletions irma/cmd/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ func configureIRMAServer() (*server.Configuration, error) {
if conf.RedisSettings.Password = viper.GetString("redis_pw"); conf.RedisSettings.Password == "" && !viper.GetBool("redis_allow_empty_password") {
return nil, errors.New("When Redis is used as session data store, a non-empty Redis password must be specified with the --redis-pw flag. This restriction can be relaxed by setting the --redis-allow-empty-password flag to true.")
}
conf.RedisSettings.SentinelUsername = viper.GetString("redis_sentinel_username")
conf.RedisSettings.SentinelPassword = viper.GetString("redis_sentinel_pw")
conf.RedisSettings.ACLUseKeyPrefixes = viper.GetBool("redis_acl_use_key_prefixes")

conf.RedisSettings.DB = viper.GetInt("redis_db")
Expand Down
2 changes: 2 additions & 0 deletions irma/cmd/keyshare-myirma.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ func init() {
flags.Bool("redis-accept-inconsistency-risk", false, "accept the risk of inconsistent session state when using Redis Sentinel")
flags.String("redis-username", "", "Redis server username (when using ACLs)")
flags.String("redis-pw", "", "Redis server password")
flags.String("redis-sentinel-username", "", "Redis Sentinel username (when using ACLs)")
flags.String("redis-sentinel-pw", "", "Redis Sentinel password")
flags.Bool("redis-allow-empty-password", false, "explicitly allow an empty string as Redis password")
flags.Bool("redis-acl-use-key-prefixes", false, "if enabled all Redis keys will be prefixed with the username for ACLs (username:key)")
flags.Int("redis-db", 0, "database to be selected after connecting to the server (default 0)")
Expand Down
2 changes: 2 additions & 0 deletions irma/cmd/keyshare-server.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ func init() {
flags.Bool("redis-accept-inconsistency-risk", false, "accept the risk of inconsistent session state when using Redis Sentinel")
flags.String("redis-username", "", "Redis server username (when using ACLs)")
flags.String("redis-pw", "", "Redis server password")
flags.String("redis-sentinel-username", "", "Redis Sentinel username (when using ACLs)")
flags.String("redis-sentinel-pw", "", "Redis Sentinel password")
flags.Bool("redis-allow-empty-password", false, "explicitly allow an empty string as Redis password")
flags.Bool("redis-acl-use-key-prefixes", false, "if enabled all Redis keys will be prefixed with the username for ACLs (username:key)")
flags.Int("redis-db", 0, "database to be selected after connecting to the server (default 0)")
Expand Down
2 changes: 2 additions & 0 deletions irma/cmd/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ func setFlags(cmd *cobra.Command, production bool) error {
flags.Bool("redis-accept-inconsistency-risk", false, "accept the risk of inconsistent session state when using Redis Sentinel")
flags.String("redis-username", "", "Redis server username (when using ACLs)")
flags.String("redis-pw", "", "Redis server password")
flags.String("redis-sentinel-username", "", "Redis Sentinel username (when using ACLs)")
flags.String("redis-sentinel-pw", "", "Redis Sentinel password")
flags.Bool("redis-allow-empty-password", false, "explicitly allow an empty string as Redis password")
flags.Bool("redis-acl-use-key-prefixes", false, "if enabled all Redis keys will be prefixed with the username for ACLs (username:key)")
flags.Int("redis-db", 0, "database to be selected after connecting to the server (default 0)")
Expand Down
19 changes: 14 additions & 5 deletions server/conf.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,11 @@ type RedisSettings struct {
// This can be used for key permissions in the Redis ACL system. If ACLUseKeyPrefixes is false, no prefix is used.
ACLUseKeyPrefixes bool `json:"acl_use_key_prefixes,omitempty" mapstructure:"acl_use_key_prefixes"`

// SentinelUsername for Redis Sentinel authentication. If sentinel_username is empty, the default user is used.
SentinelUsername string `json:"sentinel_username,omitempty" mapstructure:"sentinel_username"`
// SentinelPassword for Redis Sentinel authentication.
SentinelPassword string `json:"sentinel_password,omitempty" mapstructure:"sentinel_password"`

DB int `json:"db,omitempty" mapstructure:"db"`

TLSCertificate string `json:"tls_cert,omitempty" mapstructure:"tls_cert"`
Expand Down Expand Up @@ -454,15 +459,19 @@ func (conf *Configuration) RedisClient() (*RedisClient, error) {
var cl *redis.Client
if len(conf.RedisSettings.SentinelAddrs) > 0 {
cl = redis.NewFailoverClient(&redis.FailoverOptions{
MasterName: conf.RedisSettings.SentinelMasterName,
SentinelAddrs: conf.RedisSettings.SentinelAddrs,
Password: conf.RedisSettings.Password,
DB: conf.RedisSettings.DB,
TLSConfig: tlsConfig,
MasterName: conf.RedisSettings.SentinelMasterName,
SentinelAddrs: conf.RedisSettings.SentinelAddrs,
Username: conf.RedisSettings.Username,
Password: conf.RedisSettings.Password,
SentinelUsername: conf.RedisSettings.SentinelUsername,
SentinelPassword: conf.RedisSettings.SentinelPassword,
DB: conf.RedisSettings.DB,
TLSConfig: tlsConfig,
})
} else {
cl = redis.NewClient(&redis.Options{
Addr: conf.RedisSettings.Addr,
Username: conf.RedisSettings.Username,
Password: conf.RedisSettings.Password,
DB: conf.RedisSettings.DB,
TLSConfig: tlsConfig,
Expand Down

0 comments on commit 7b7fb4d

Please sign in to comment.