Skip to content

feat: Introducing StreamingCredentialsProvider for token based authentication #3320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

feat: Introducing StreamingCredentialsProvider for token based authentication #3320

wants to merge 21 commits into from
+1,081 −134

Conversation

ndyakov
Copy link
Member

@ndyakov ndyakov commented Mar 24, 2025
edited
Loading

Implementation Details and Key Changes

  1. New Authentication Package

    • Introduced auth package to hold types related to authentication
    • Added auth.Credentials interface to facilitate integration with external credential sources
    • Implemented basicAuth for username/password credentials

  2. Streaming Credentials Provider

    • Introduced StreamingCredentialsProvider interface for dynamic credential updates
    • Added support for managed identity scenarios where credentials are retrieved from external sources
    • Implemented ReAuthCredentialsListener for handling credential updates
    • Added comprehensive test coverage for all authentication components

  3. Documentation Updates

    • Added detailed Authentication section to README.md
    • Documented all credential provider types and their priority order:
      • Streaming Credentials Provider (highest priority)
      • Context-based Credentials Provider
      • Regular Credentials Provider
      • Username/Password fields (lowest priority)
    • Added example of Entra ID (Azure AD) authentication integration

  4. Hooks System Enhancement

    • Refactored hooksMixin to propagate hooks to child connections
    • Hooks are now triggered prior to the initialization process
    • This change addresses reported issues with hook propagation

  5. Testing

    • Added unit tests for all authentication components
    • Tested credential provider priority order
    • Tested streaming credentials provider with mock implementation
    • Tested error handling and edge cases

Security Considerations

Important Note: The hooksMixin refactor will now propagate hooks to child connections and trigger them prior to the initialization process. This change may have security implications, particularly regarding the visibility of authentication commands. For example, Redis MONITOR doesn't report AUTH commands, and this change could potentially expose sensitive authentication information through hooks. This should be carefully considered and potentially documented for users implementing custom hooks.

Related Issues

@ndyakov ndyakov self-assigned this Mar 24, 2025
ndyakov added 2 commits March 24, 2025 16:29
@ndyakov
update documentation
Loading
Loading status checks…
df9bfce
@ndyakov
add streamingcredentialsprovider in options
Loading
Loading status checks…
140a278
@ndyakov ndyakov requested a review from htemelski March 24, 2025 15:22
@ndyakov ndyakov marked this pull request as ready for review March 24, 2025 15:22
@ndyakov
Merge branch 'master' into ndyakov/token-based-auth

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
Loading
Loading status checks…
d3a25f9
vladvildanov
vladvildanov reviewed Mar 24, 2025
View reviewed changes
ndyakov added 2 commits March 24, 2025 18:11
@ndyakov
fix: put back option in pool creation
Loading
Loading status checks…
7f5d87b
@ndyakov
add package level comment
Loading
Loading status checks…
fa59cce
vladvildanov
vladvildanov previously approved these changes Mar 24, 2025
View reviewed changes
@ndyakov ndyakov mentioned this pull request Mar 24, 2025
Open
elena-kolevska
elena-kolevska reviewed Mar 24, 2025
View reviewed changes
Copy link
Contributor

@elena-kolevska elena-kolevska left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I think the PR title is misleading. From what I understand, this PR doesn't provide the possibility for authentication with a StreamingCredentialsProvider just yet, instead it introduces the necessary interfaces and already prepares the ground by refactoring the basic auth we were using to use the new Credentials interface.

@ndyakov ndyakov marked this pull request as draft March 25, 2025 12:11
@ndyakov
Copy link
Member Author

ndyakov commented Mar 25, 2025

Reverting this back to Draft, will continue working on it before v9.8.0-beta.2

ndyakov added 3 commits April 1, 2025 00:27
@ndyakov
Merge branch 'master' into ndyakov/token-based-auth
Loading
Loading status checks…
c248425
@ndyakov
Merge branch 'master' into ndyakov/token-based-auth
Loading
Loading status checks…
847f1f9
@ndyakov
Initial re authentication implementation
Loading
Loading status checks…
40a89c5 
Introduces the StreamingCredentialsProvider as the CredentialsProvider
with the highest priority.

TODO: needs to be tested
ndyakov and others added 2 commits April 16, 2025 12:12
@ndyakov
Change function type name
Loading
Loading status checks…
d0a8c76 
Change CancelProviderFunc to UnsubscribeFunc
@ndyakov
Merge branch 'master' into ndyakov/token-based-auth
Loading
Loading status checks…
e0c224d
@ndyakov ndyakov marked this pull request as ready for review April 22, 2025 09:05
@ndyakov
add tests
Loading
Loading status checks…
44628c5
@ndyakov ndyakov force-pushed the ndyakov/token-based-auth branch from ff04986 to 44628c5 Compare April 22, 2025 12:41
ndyakov added 3 commits April 22, 2025 15:47
@ndyakov
fix race in tests
Loading
Loading status checks…
4ab4980
@ndyakov
fix example tests
Loading
Loading status checks…
420c4fb
@ndyakov
wip, hooks refactor
Loading
Loading status checks…
5fac913
@ndyakov ndyakov force-pushed the ndyakov/token-based-auth branch from 8fd3bd5 to 5fac913 Compare April 22, 2025 18:11
@ndyakov
fix build
Loading
Loading status checks…
2a97f2e
ndyakov and others added 3 commits April 22, 2025 23:07
@ndyakov
update README.md
Loading
Loading status checks…
f103a7d
@ndyakov
Merge branch 'master' into ndyakov/token-based-auth
Loading
Loading status checks…
6e17fb4
@ndyakov
update wordlist
Loading
Loading status checks…
3acfb1c
@ndyakov ndyakov force-pushed the ndyakov/token-based-auth branch from f7770ce to 036e1ac Compare April 22, 2025 20:27
@ndyakov
update README.md
Loading
Loading status checks…
7eea9e7
@ndyakov ndyakov force-pushed the ndyakov/token-based-auth branch from 036e1ac to 7eea9e7 Compare April 22, 2025 20:28
@ndyakov ndyakov requested a review from monkey92t April 22, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@htemelski htemelski

@bobymicroby bobymicroby

@elena-kolevska elena-kolevska

@vladvildanov vladvildanov

@monkey92t monkey92t

At least 1 approving review is required to merge this pull request.

Assignees

@ndyakov ndyakov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ndyakov @elena-kolevska @vladvildanov