Skip to content

Commit

Permalink
Adding redis username support for clusters
Browse files Browse the repository at this point in the history
  • Loading branch information
anupVMware committed Mar 14, 2024
1 parent e195ef6 commit e598744
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 10 deletions.
32 changes: 23 additions & 9 deletions docs/documentation/advanced/redis.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Redis

By default conductor runs with an in-memory Redis mock. However, you
can change the configuration by setting the properties `conductor.db.type` and `conductor.redis.hosts`.
can change the configuration by setting the properties mentioned below.

## `conductor.db.type`
## `conductor.db.type` and `conductor.queue.type`

| Value | Description |
|--------------------------------|----------------------------------------------------------------------------------------|
Expand All @@ -13,8 +13,6 @@ can change the configuration by setting the properties `conductor.db.type` and `
| redis_sentinel | Redis Sentinel configuration. |
| redis_standalone | Redis Standalone configuration. |



## `conductor.redis.hosts`

Expected format is `host:port:rack` separated by semicolon, e.g.:
Expand All @@ -23,16 +21,32 @@ Expected format is `host:port:rack` separated by semicolon, e.g.:
conductor.redis.hosts=host0:6379:us-east-1c;host1:6379:us-east-1c;host2:6379:us-east-1c
```

### Auth Support
## `conductor.redis.database`
Redis database value other than default of 0 is supported in sentinel and standalone configurations.
Redis cluster mode only uses database 0, and the configuration is ignored.

```properties
conductor.redis.database=1
```


Password authentication is supported. The password should be set as the 4th param of the first host `host:port:rack:password`, e.g.:
## `conductor.redis.username`

[Redis ACL](https://redis.io/docs/management/security/acl/) using username and password authentication is now supported.

The username property should be set as `conductor.redis.username`, e.g.:
```properties
conductor.redis.hosts=host0:6379:us-east-1c:my_str0ng_pazz;host1:6379:us-east-1c;host2:6379:us-east-1c
conductor.redis.username=conductor
```
If not set, the client uses `default` as the username.

The password should be set as the 4th param of the first host `host:port:rack:password`, e.g.:

```properties
conductor.redis.hosts=host0:6379:us-east-1c:my_str0ng_pazz;host1:6379:us-east-1c;host2:6379:us-east-1c
```

**Notes**

- In a cluster, all nodes use the same password.
- In a sentinel configuration, sentinels and redis nodes use the same password.
- In a cluster, all nodes use the same username and password.
- In a sentinel configuration, sentinels and redis nodes use the same database index, username, and password.
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import com.netflix.dyno.connectionpool.TokenMapSupplier;

import redis.clients.jedis.HostAndPort;
import redis.clients.jedis.JedisPool;
import redis.clients.jedis.Protocol;
import redis.clients.jedis.commands.JedisCommands;

Expand All @@ -55,7 +56,18 @@ protected JedisCommands createJedisCommands(
.collect(Collectors.toSet());
String password = getPassword(hostSupplier.getHosts());

if (password != null) {
if (properties.getUsername() != null && password != null) {
log.info("Connecting to Redis Cluster with user AUTH");
return new JedisCluster(
new redis.clients.jedis.JedisCluster(
hosts,
Protocol.DEFAULT_TIMEOUT,
Protocol.DEFAULT_TIMEOUT,
DEFAULT_MAX_ATTEMPTS,
properties.getUsername(),
password,
genericObjectPoolConfig));
} else if (password != null) {
log.info("Connecting to Redis Cluster with AUTH");
return new JedisCluster(
new redis.clients.jedis.JedisCluster(
Expand Down

0 comments on commit e598744

Please sign in to comment.