From 6799549065de432375ac550600eede638d3b9449 Mon Sep 17 00:00:00 2001 From: ianhundere <138915+ianhundere@users.noreply.github.com> Date: Fri, 27 Oct 2023 11:45:56 -0400 Subject: [PATCH] adds redis_auth Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com> --- cmd/backfill-redis/main.go | 8 +++++--- cmd/rekor-server/app/root.go | 1 + docker-compose.test.yml | 1 + docker-compose.yml | 7 +++++-- pkg/api/api.go | 7 ++++--- pkg/indexstorage/indexstorage.go | 2 +- pkg/indexstorage/redis/redis.go | 9 +++++---- 7 files changed, 22 insertions(+), 13 deletions(-) diff --git a/cmd/backfill-redis/main.go b/cmd/backfill-redis/main.go index 14e127a3b..718d6c5c7 100644 --- a/cmd/backfill-redis/main.go +++ b/cmd/backfill-redis/main.go @@ -66,6 +66,7 @@ import ( var ( redisHostname = flag.String("hostname", "", "Hostname for Redis application") redisPort = flag.String("port", "", "Port to Redis application") + redisPassword = flag.String("password", "", "Password for Redis authentication") startIndex = flag.Int("start", -1, "First index to backfill") endIndex = flag.Int("end", -1, "Last index to backfill") rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") @@ -102,9 +103,10 @@ func main() { log.Printf("running backfill redis Version: %s GitCommit: %s BuildDate: %s", versionInfo.GitVersion, versionInfo.GitCommit, versionInfo.BuildDate) redisClient := redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), + Password: *redisPassword, + Network: "tcp", + DB: 0, // default DB }) rekorClient, err := client.GetRekorClient(*rekorAddress) diff --git a/cmd/rekor-server/app/root.go b/cmd/rekor-server/app/root.go index 36584f8f3..14f48b473 100644 --- a/cmd/rekor-server/app/root.go +++ b/cmd/rekor-server/app/root.go @@ -113,6 +113,7 @@ Memory and file-based signers should only be used for testing.`) `Index Storage provider to use. Valid options are: [redis].`) rootCmd.PersistentFlags().String("redis_server.address", "127.0.0.1", "Redis server address") rootCmd.PersistentFlags().Uint16("redis_server.port", 6379, "Redis server port") + rootCmd.PersistentFlags().String("redis_server.password", "", "Redis server password") rootCmd.PersistentFlags().Bool("enable_attestation_storage", false, "enables rich attestation storage") rootCmd.PersistentFlags().String("attestation_storage_bucket", "", "url for attestation storage bucket") diff --git a/docker-compose.test.yml b/docker-compose.test.yml index f1b8d712d..f0df4b1f9 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -30,6 +30,7 @@ services: "--trillian_log_server.port=8090", "--redis_server.address=redis-server", "--redis_server.port=6379", + "--redis_server.password=test", "--rekor_server.address=0.0.0.0", "--rekor_server.signer=memory", "--enable_attestation_storage", diff --git a/docker-compose.yml b/docker-compose.yml index d5bb5afd4..9a761dc87 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,13 +36,15 @@ services: "--bind", "0.0.0.0", "--appendonly", - "yes" + "yes", + "--requirepass", + "test" ] ports: - "6379:6379" restart: always # keep the redis server running healthcheck: - test: ["CMD", "redis-cli", "ping"] + test: ["CMD", "redis-cli", "-a", "test", "ping"] interval: 10s timeout: 3s retries: 3 @@ -91,6 +93,7 @@ services: "--trillian_log_server.address=trillian-log-server", "--trillian_log_server.port=8090", "--redis_server.address=redis-server", + "--redis_server.password=test", "--redis_server.port=6379", "--rekor_server.address=0.0.0.0", "--rekor_server.signer=memory", diff --git a/pkg/api/api.go b/pkg/api/api.go index fdbdb9549..562d10b6a 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -176,9 +176,10 @@ func ConfigureAPI(treeID uint) { if viper.GetBool("enable_stable_checkpoint") { redisClient = redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Password: viper.GetString("redis_server.password"), + Network: "tcp", + DB: 0, // default DB }) checkpointPublisher := witness.NewCheckpointPublisher(context.Background(), api.logClient, api.logRanges.ActiveTreeID(), viper.GetString("rekor_server.hostname"), api.signer, redisClient, viper.GetUint("publish_frequency"), CheckpointPublishCount) diff --git a/pkg/indexstorage/indexstorage.go b/pkg/indexstorage/indexstorage.go index 3921fbf6d..0a68b058f 100644 --- a/pkg/indexstorage/indexstorage.go +++ b/pkg/indexstorage/indexstorage.go @@ -31,7 +31,7 @@ type IndexStorage interface { func NewIndexStorage(providerType string) (IndexStorage, error) { switch providerType { case redis.ProviderType: - return redis.NewProvider(viper.GetString("redis_server.address"), viper.GetString("redis_server.port")) + return redis.NewProvider(viper.GetString("redis_server.address"), viper.GetString("redis_server.port"), viper.GetString("redis_server.password")) default: return nil, fmt.Errorf("invalid index storage provider type: %v", providerType) } diff --git a/pkg/indexstorage/redis/redis.go b/pkg/indexstorage/redis/redis.go index bdf42e396..44168ade6 100644 --- a/pkg/indexstorage/redis/redis.go +++ b/pkg/indexstorage/redis/redis.go @@ -30,12 +30,13 @@ type IndexStorageProvider struct { client *redis.Client } -func NewProvider(address, port string) (*IndexStorageProvider, error) { +func NewProvider(address, port, password string) (*IndexStorageProvider, error) { provider := &IndexStorageProvider{} provider.client = redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%v:%v", address, port), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%v:%v", address, port), + Network: "tcp", + Password: password, + DB: 0, // default DB }) return provider, nil }