From 96ea9dc51547ce0537126a7bfa7393820fbf0d80 Mon Sep 17 00:00:00 2001 From: Anup Chatterjee Date: Wed, 13 Mar 2024 22:13:06 -0700 Subject: [PATCH] Adding redis username support for clusters --- docs/documentation/advanced/redis.md | 32 +++++++++++++------ .../config/RedisClusterConfiguration.java | 13 +++++++- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/docs/documentation/advanced/redis.md b/docs/documentation/advanced/redis.md index ee96c6c08..c0c329f99 100644 --- a/docs/documentation/advanced/redis.md +++ b/docs/documentation/advanced/redis.md @@ -1,9 +1,9 @@ # Redis By default conductor runs with an in-memory Redis mock. However, you -can change the configuration by setting the properties `conductor.db.type` and `conductor.redis.hosts`. +can change the configuration by setting the properties mentioned below. -## `conductor.db.type` +## `conductor.db.type` and `conductor.queue.type` | Value | Description | |--------------------------------|----------------------------------------------------------------------------------------| @@ -13,8 +13,6 @@ can change the configuration by setting the properties `conductor.db.type` and ` | redis_sentinel | Redis Sentinel configuration. | | redis_standalone | Redis Standalone configuration. | - - ## `conductor.redis.hosts` Expected format is `host:port:rack` separated by semicolon, e.g.: @@ -23,16 +21,32 @@ Expected format is `host:port:rack` separated by semicolon, e.g.: conductor.redis.hosts=host0:6379:us-east-1c;host1:6379:us-east-1c;host2:6379:us-east-1c ``` -### Auth Support +## `conductor.redis.database` +Redis database value other than default of 0 is supported in sentinel and standalone configurations. +Redis cluster mode only uses database 0, and the configuration is ignored. + +```properties +conductor.redis.database=1 +``` + -Password authentication is supported. The password should be set as the 4th param of the first host `host:port:rack:password`, e.g.: +## `conductor.redis.username` +[Redis ACL](https://redis.io/docs/management/security/acl/) using username and password authentication is now supported. + +The username property should be set as `conductor.redis.username`, e.g.: ```properties -conductor.redis.hosts=host0:6379:us-east-1c:my_str0ng_pazz;host1:6379:us-east-1c;host2:6379:us-east-1c +conductor.redis.username=conductor ``` +If not set, the client uses `default` as the username. + +The password should be set as the 4th param of the first host `host:port:rack:password`, e.g.: +```properties +conductor.redis.hosts=host0:6379:us-east-1c:my_str0ng_pazz;host1:6379:us-east-1c;host2:6379:us-east-1c +``` **Notes** -- In a cluster, all nodes use the same password. -- In a sentinel configuration, sentinels and redis nodes use the same password. +- In a cluster, all nodes use the same username and password. +- In a sentinel configuration, sentinels and redis nodes use the same database index, username, and password. diff --git a/redis-persistence/src/main/java/com/netflix/conductor/redis/config/RedisClusterConfiguration.java b/redis-persistence/src/main/java/com/netflix/conductor/redis/config/RedisClusterConfiguration.java index 9aa823e1c..fed5e60b9 100644 --- a/redis-persistence/src/main/java/com/netflix/conductor/redis/config/RedisClusterConfiguration.java +++ b/redis-persistence/src/main/java/com/netflix/conductor/redis/config/RedisClusterConfiguration.java @@ -55,7 +55,18 @@ protected JedisCommands createJedisCommands( .collect(Collectors.toSet()); String password = getPassword(hostSupplier.getHosts()); - if (password != null) { + if (properties.getUsername() != null && password != null) { + log.info("Connecting to Redis Cluster with user AUTH"); + return new JedisCluster( + new redis.clients.jedis.JedisCluster( + hosts, + Protocol.DEFAULT_TIMEOUT, + Protocol.DEFAULT_TIMEOUT, + DEFAULT_MAX_ATTEMPTS, + properties.getUsername(), + password, + genericObjectPoolConfig)); + } else if (password != null) { log.info("Connecting to Redis Cluster with AUTH"); return new JedisCluster( new redis.clients.jedis.JedisCluster(