From 12951e00f49290008e62499fb63eee160a321236 Mon Sep 17 00:00:00 2001 From: Nicolas Ledez Date: Tue, 17 Sep 2024 16:06:58 +0200 Subject: [PATCH] Add authentication for Redis --- zou/app/blueprints/index/resources.py | 7 ++++++- zou/app/config.py | 1 + zou/app/stores/auth_tokens_store.py | 1 + zou/app/stores/publisher_store.py | 12 ++++++++++-- zou/app/stores/queue_store.py | 1 + zou/app/utils/cache.py | 2 ++ zou/event_stream.py | 11 ++++++++++- zou/job_settings.py | 1 + 8 files changed, 32 insertions(+), 4 deletions(-) diff --git a/zou/app/blueprints/index/resources.py b/zou/app/blueprints/index/resources.py index 739a59fa87..a2de443450 100644 --- a/zou/app/blueprints/index/resources.py +++ b/zou/app/blueprints/index/resources.py @@ -42,6 +42,7 @@ def get_status(self): host=config.KEY_VALUE_STORE["host"], port=config.KEY_VALUE_STORE["port"], db=config.AUTH_TOKEN_BLACKLIST_KV_INDEX, + password=config.KEY_VALUE_STORE["password"], decode_responses=True, ) store.get("test") @@ -64,7 +65,11 @@ def get_status(self): host = config.KEY_VALUE_STORE["host"] port = config.KEY_VALUE_STORE["port"] db = config.KV_JOB_DB_INDEX - url = "redis://%s:%s/%s" % (host, port, db) + password = (config.KEY_VALUE_STORE["password"],) + if password: + url = "redis://:%s@%s:%s/%s" % (password, host, port, db) + else: + url = "redis://%s:%s/%s" % (host, port, db) args = ["rq", "info", "--url", url] out = shell.run_command(args) is_jq_up = b"0 workers" not in out diff --git a/zou/app/config.py b/zou/app/config.py index 8fd8d9a15f..e737b12303 100644 --- a/zou/app/config.py +++ b/zou/app/config.py @@ -19,6 +19,7 @@ KEY_VALUE_STORE = { "host": os.getenv("KV_HOST", "localhost"), "port": os.getenv("KV_PORT", "6379"), + "password": os.getenv("KV_PASSWORD", None), } AUTH_TOKEN_BLACKLIST_KV_INDEX = 0 MEMOIZE_DB_INDEX = 1 diff --git a/zou/app/stores/auth_tokens_store.py b/zou/app/stores/auth_tokens_store.py index d8c6f44cbc..ce9d984872 100644 --- a/zou/app/stores/auth_tokens_store.py +++ b/zou/app/stores/auth_tokens_store.py @@ -9,6 +9,7 @@ host=config.KEY_VALUE_STORE["host"], port=config.KEY_VALUE_STORE["port"], db=config.AUTH_TOKEN_BLACKLIST_KV_INDEX, + password=config.KEY_VALUE_STORE["password"], decode_responses=True, ) revoked_tokens_store.ping() diff --git a/zou/app/stores/publisher_store.py b/zou/app/stores/publisher_store.py index ab68a50a40..6eafc8e2ff 100644 --- a/zou/app/stores/publisher_store.py +++ b/zou/app/stores/publisher_store.py @@ -7,7 +7,11 @@ host = config.KEY_VALUE_STORE["host"] port = config.KEY_VALUE_STORE["port"] redis_db = config.KV_EVENTS_DB_INDEX -redis_url = "redis://%s:%s/%s" % (host, port, redis_db) +password = config.KEY_VALUE_STORE["password"] +if password: + redis_url = "redis://:%s@%s:%s/%s" % (password, host, port, redis_db) +else: + redis_url = "redis://%s:%s/%s" % (host, port, redis_db) socketio = None @@ -27,7 +31,11 @@ def init(): try: publisher_store = redis.StrictRedis( - host=host, port=port, db=redis_db, decode_responses=True + host=host, + port=port, + db=redis_db, + password=password, + decode_responses=True, ) publisher_store.get("test") socketio = SocketIO( diff --git a/zou/app/stores/queue_store.py b/zou/app/stores/queue_store.py index 778c468300..0679e88177 100644 --- a/zou/app/stores/queue_store.py +++ b/zou/app/stores/queue_store.py @@ -11,6 +11,7 @@ host=config.KEY_VALUE_STORE["host"], port=config.KEY_VALUE_STORE["port"], db=config.KV_JOB_DB_INDEX, + password=config.KEY_VALUE_STORE["password"], decode_responses=True, ) queue_store.get("test") diff --git a/zou/app/utils/cache.py b/zou/app/utils/cache.py index b3f283ae72..2d6aff1c17 100644 --- a/zou/app/utils/cache.py +++ b/zou/app/utils/cache.py @@ -17,6 +17,7 @@ host=config.KEY_VALUE_STORE["host"], port=config.KEY_VALUE_STORE["port"], db=config.MEMOIZE_DB_INDEX, + password=config.KEY_VALUE_STORE["password"], decode_responses=True, ) redis_cache.get("test") @@ -26,6 +27,7 @@ "CACHE_REDIS_HOST": config.KEY_VALUE_STORE["host"], "CACHE_REDIS_PORT": config.KEY_VALUE_STORE["port"], "CACHE_REDIS_DB": config.MEMOIZE_DB_INDEX, + "CACHE_REDIS_PASSWORD": config.KEY_VALUE_STORE["password"], } ) diff --git a/zou/event_stream.py b/zou/event_stream.py index c86bc10b0d..ed07a25a05 100644 --- a/zou/event_stream.py +++ b/zou/event_stream.py @@ -86,7 +86,16 @@ def get_redis_url(): redis_host = config.KEY_VALUE_STORE["host"] redis_port = config.KEY_VALUE_STORE["port"] db_index = config.KV_EVENTS_DB_INDEX - return "redis://%s:%s/%s" % (redis_host, redis_port, db_index) + redis_password = config.KEY_VALUE_STORE["password"] + if redis_password: + return "redis://:%s@%s:%s/%s" % ( + redis_password, + redis_host, + redis_port, + db_index, + ) + else: + return "redis://%s:%s/%s" % (redis_host, redis_port, db_index) # Routes diff --git a/zou/job_settings.py b/zou/job_settings.py index 72f9b91efe..9a71044d7d 100644 --- a/zou/job_settings.py +++ b/zou/job_settings.py @@ -3,3 +3,4 @@ REDIS_HOST = config.KEY_VALUE_STORE["host"] REDIS_PORT = config.KEY_VALUE_STORE["port"] REDIS_DB = config.KV_JOB_DB_INDEX +REDIS_PASSWORD = config.KEY_VALUE_STORE["password"]