Skip to content

Allow Redis password to be specified in Workhorse URL

Stan Hurequested to merge
sh-allow-redis-password-in-url-workhorse into master

What does this MR do and why?

Previously the Workhorse config allowed a Redis URL to be used, but the password component had to be specified inside the Password config field. However, it's common for the URL to contain both the username and password, so we should allow that. The Password field takes precedence if both are specified, however.

Relates to gitlab-org/charts/gitlab#5681 (closed)

How to set up and validate locally

  1. Check out this branch, go into workhorse directory, and run make.
  2. Add a password to your Redis server by adding requirepass somepassword in /tmp/redis.conf. You could spin up a separate Redis server for testing:
port 9999
requirepass somepassword
  1. Run redis-server /tmp/redis.conf
  2. In config.toml, comment out the existing URL and replace it with:
URL = "redis://:somepassword@localhost:9999"

  1. Run gdk stop gitlab-workhorse and run it manually via ./gitlab-workhorse -config config.toml

  2. With the password, you will see a normal startup:

INFO[0000] Starting                                      build_time=20240809.174855 version=v12.3.0.pre-311250-g944b6fab7ea9
INFO[0000] Using redis/go-redis
INFO[0000] keywatcher: starting process loop
INFO[0000] Running upstream server with tls              address="host.docker.internal:3333" network=tcp
INFO[0000] Running upstream server                       address="localhost:8181" network=tcp
  1. If you remove the :somepassword@ from the URL, you'll see auth failures:
ERRO[0000]                                               error="keywatcher: pubsub receive: NOAUTH Authentication required."
Edited by Stan Hu

Merge request reports