Skip to content

Support custom Redis usernames

Stan Hurequested to merge
sh-fix-redis-acl-usernames into master

What does this MR do and why?

This commit adds support for customizing Redis usernames for Redis ACL. Currently even if the Redis URL contained the username, Redis::Store::Factory.extract_host_options_from_uri did not return a username. As a result, the default Redis username was always used.

This commit patches this code until the upstream fix has been merged: https://github.com/redis-store/redis-store/pull/373.

Relates to:

How to set up and validate locally

  1. Create a custom /tmp/redis.conf:
port 6999
user default off
user redis-user on >mypassword  ~* +@all allchannels
  1. Run Redis:
redis-server /tmp/redis.conf
  1. Back up your redis.cache.yml:
cp config/redis.cache.yml redis.cache.yml.orig
  1. Edit config/redis.cache.yml:
---
development: redis://redis-user:mypassword@localhost:6999?db=0
test: redis://redis-user:mypassword@localhost:6999?db=10
  1. With this branch, run some tests with bin/rails c:
[1] pry(main)> Gitlab::Redis::Cache.with { |redis| redis.instance_variable_get(:@client).config }
=> #<RedisClient::Config:0x0000000169872598
 @circuit_breaker=nil,
 @client_implementation=Redis::Client,
 @command_builder=Gitlab::Redis::CommandBuilder,
 @connect_timeout=1.0,
 @connection_prelude=[["AUTH", "redis-user", "mypassword"]],
 @custom={:instrumentation_class=>"Cache"},
 @db=0,
 @driver=RedisClient::RubyConnection,
 @host="localhost",
 @id=nil,
 @inherit_socket=false,
 @middlewares_stack=RedisClient::Middlewares,
 @password="mypassword",
 @path=nil,
 @port=6999,
 @protocol=2,
 @read_timeout=1.0,
 @reconnect_attempts=[0],
 @ssl=false,
 @ssl_params=nil,
 @username="redis-user",
 @write_timeout=1.0>
[2] pry(main)> Gitlab::Redis::Cache.with { |redis| redis.ping }
=> "PONG"
  1. On master, notice this fails:
[1] pry(main)> Gitlab::Redis::Cache.with { |redis| redis.ping }
Redis::CannotConnectError: WRONGPASS invalid username-password pair or user is disabled. (redis://localhost:6999)
from /Users/stanhu/.asdf/installs/ruby/3.2.4/lib/ruby/gems/3.2.0/gems/redis-client-0.22.2/lib/redis_client/connection_mixin.rb:71:in `call_pipelined'
Caused by RedisClient::AuthenticationError: WRONGPASS invalid username-password pair or user is disabled.
from /Users/stanhu/.asdf/installs/ruby/3.2.4/lib/ruby/gems/3.2.0/gems/redis-client-0.22.2/lib/redis_client/connection_mixin.rb:71:in `call_pipelined'
  1. Restore your redis.cache.yml:
cp config/redis.cache.yml.orig redis.cache.yml
Edited by Stan Hu

Merge request reports