-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
INS-12991: Redis authentication support #101
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you move the name changes (e.g. RawFrame stuff) to a different PR
Another thing to add to the todo is to do a rough benchmark, e.g. redis auth enabled on against the examples/redis-passthrough and maybe examples/redis-cluster using the redis benchmark toolset (e.g. The real todo is to include the benchmarks in CI/CD... |
Regarding benchmarking this change. There is now a PR for benchmarking on PR via criterion and cargo bench. In addition, criterion now supports async function benchmarking, which should make writing micro benchs fairly easy. |
d408419
to
9348d6c
Compare
Can we pull the DockerComposeContext refactor into its own PR? |
To resolve the merge conflicts, at this point it might be easier to start from scratch on the latest main branch and copy over the changes manually. |
f0cb297
to
8cd8301
Compare
9c38b84
to
4c44b9e
Compare
args.get(streams_position + 1) | ||
.and_then(RoutingInfo::for_key) | ||
} | ||
b"AUTH" => Some(RoutingInfo::Other(Command::AUTH)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I'm confused here, wouldn't we want to route the auth command to all upstream redis nodes rather than a random one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AUTH needs special handling (try auth -> switch context -> new connection pool) instead of forwarding to any nodes. The RoutingInfo::Other
means this command needs to be handled outside. i.e. it's like Err(command) vs Ok(routes).
let sender = self.get_channels(&message.original).await; | ||
let command = match &message.original { | ||
RawFrame::Redis(Frame::Array(ref command)) => command, | ||
RawFrame::Redis(_) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Redis supports some form of inline commands (e.g. so it's easier for telnet clients to interact with). Iirc the codec should error out long before we get here, but it might be worth short circtuiting an error into responses with a helpful error message back to the client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I only added this to avoid unhandled panics. Not sure what was blocking me from short circuit, will try again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inline commands are unsupported and therefore blocked by the codec framing so we can't provide a better message from here. The connection gets killed if as much as a single unexpected byte is out of place.
Syntax errors which have valid framing will now report back to the client:
❯ echo -n -e "*1\r\n:1000\r\n" | nc 127.0.0.1 6379
-ERR transform error: syntax error: bad command name
~
❯ echo -n -e ":1000\r\n" | nc 127.0.0.1 6379
-ERR transform error: syntax error: bad command
shotover-proxy/src/transforms/redis_transforms/redis_cluster.rs
Outdated
Show resolved
Hide resolved
I'm really struggling to get my head around this PR. |
redis::cmd("GET").arg("{x}key3").query(&mut connection), | ||
Ok("food".to_string()) | ||
); | ||
// To reproduce the auth mixing issue caused by using PoolConnections: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this problem solved?
If so lets write a proper test for it instead of this comment.
If not lets raise an issue for us to follow up on it instead of this comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The underlying problem isn't solved - using the PoolConnections transform will violate assumptions that the auth implementation relies on. I'll raise an issue and remove this comment (but leave the test).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dont forget to raise the issue!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Raised #204
shotover-proxy/src/transforms/redis_transforms/redis_cluster.rs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I would like ben to give the second review as he has the redis domain knowledge.
LGTM Two minor fixes: Sort these out and we can merge :D :D :D |
TODO:
Closes #91