Skip to content

feat(cache): add support for Sentinel authentication

Stan Hu requested to merge sh-add-sentinel-auth into master

What does this MR do?

This adds a sentinelusername and sentinelpassword to support Redis Sentinel authentication.

Relates to #1269 (closed)

Testing

In my registry/config.yml, I added:

redis:
  cache:
    enabled: true
    mainname: mymaster
    password: mypass
    sentinelusername: testuser
    sentinelpassword: sentme
    addr: 0.0.0.0:26379

Then I configured sentinel.conf with:

port 26379
dir "/private/tmp"
sentinel monitor mymaster 127.0.0.1 6381 2
sentinel auth-pass mymaster mypass
user default off sanitize-payload resetchannels -@all
user testuser on >sentme +@all

Then I configured redis.conf with:

port 6381
requirepass mypass
masterauth mypass

When sentinelusername or sentinelpassword is wrong, registry serve config.yml fails:

redis: 2024/06/04 00:12:42 sentinel.go:558: sentinel: GetMasterAddrByName master="mymaster" failed: WRONGPASS invalid username-password pair or user is disabled.

Otherwise the binary starts up ifine.

Author checklist

  • Feature flags
    • Added feature flag:
    • This feature does not require a feature flag
  • I added unit tests or they are not required
  • I added documentation (or it's not required)
  • I followed code review guidelines
  • I followed Go Style guidelines
  • For database changes including schema migrations:
    • Manually run up and down migrations in a postgres.ai production database clone and post a screenshot of the result here.
    • If adding new queries, extract a query plan from postgres.ai and post the link here. If changing existing queries, also extract a query plan for the current version for comparison.
      • I do not have access to postgres.ai and have made a comment on this MR asking for these to be run on my behalf.
    • Do not include code that depends on the schema migrations in the same commit. Split the MR into two or more.
  • Ensured this change is safe to deploy to individual stages in the same environment (cny -> prod). State-related changes can be troublesome due to having parts of the fleet processing (possibly related) requests in different ways.

Reviewer checklist

  • Ensure the commit and MR tittle are still accurate.
  • If the change contains a breaking change, apply the breaking change label.
  • If the change is considered high risk, apply the label high-risk-change
  • Identify if the change can be rolled back safely. (note: all other reasons for not being able to rollback will be sufficiently captured by major version changes).

If the MR introduces database schema migrations:

  • Ensure the commit and MR tittle start with fix:, feat:, or perf: so that the change appears on the Changelog
If the changes cannot be rolled back follow these steps:
  • If not, apply the label cannot-rollback.
  • Add a section to the MR description that includes the following details:
    • The reasoning behind why a release containing the presented MR can not be rolled back (e.g. schema migrations or changes to the FS structure)
    • Detailed steps to revert/disable a feature introduced by the same change where a migration cannot be rolled back. (note: ideally MRs containing schema migrations should not contain feature changes.)
    • Ensure this MR does not add code that depends on these changes that cannot be rolled back.
Edited by Stan Hu

Merge request reports