Use go-redis UniversalOptions/Client for simpler config

andsens · andsens · commit 1335e4163cd2 · 2024-03-19T09:50:35.000+01:00
This implicitly adds support for redis sentinel HA configuration
diff --git a/auth_server/authn/tokendb_redis.go b/auth_server/authn/tokendb_redis.go
@@ -30,8 +30,7 @@ import (
 )
 
 type RedisStoreConfig struct {
-	ClientOptions  *redis.Options        `yaml:"redis_options,omitempty"`
-	ClusterOptions *redis.ClusterOptions `yaml:"redis_cluster_options,omitempty"`
+	ClientOptions  *redis.UniversalOptions `yaml:"redis_options,omitempty"`
 	TokenHashCost  int                   `yaml:"token_hash_cost,omitempty"`
 }
 
@@ -45,14 +44,7 @@ type RedisClient interface {
 //
 func NewRedisTokenDB(options *RedisStoreConfig) (TokenDB, error) {
 	var client RedisClient
-	if options.ClusterOptions != nil {
-		if options.ClientOptions != nil {
-			glog.Infof("Both redis_token_db.configs and redis_token_db.cluster_configs have been set. Only the latter will be used")
-		}
-		client = redis.NewClusterClient(options.ClusterOptions)
-	} else {
-		client = redis.NewClient(options.ClientOptions)
-	}
+	client = redis.NewUniversalClient(options.ClientOptions)
 	tokenHashCost := options.TokenHashCost
 	if tokenHashCost <= 0 {
 		tokenHashCost = bcrypt.DefaultCost
diff --git a/auth_server/server/config.go b/auth_server/server/config.go
@@ -201,7 +201,7 @@ func validate(c *Config) error {
 			return errors.New("google_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if gac.ClientId == "" || gac.ClientSecret == "" || (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil && gac.RedisTokenDB.ClusterOptions == nil) {
+		if gac.ClientId == "" || gac.ClientSecret == "" || (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("google_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -225,7 +225,7 @@ func validate(c *Config) error {
 			return errors.New("github_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if ghac.ClientId == "" || ghac.ClientSecret == "" || (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil && ghac.RedisTokenDB.ClusterOptions == nil) {
+		if ghac.ClientId == "" || ghac.ClientSecret == "" || (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("github_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -253,7 +253,7 @@ func validate(c *Config) error {
 			return errors.New("oidc_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if oidc.ClientId == "" || oidc.ClientSecret == "" || (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil && oidc.RedisTokenDB.ClusterOptions == nil) {
+		if oidc.ClientId == "" || oidc.ClientSecret == "" || (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("oidc_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -283,7 +283,7 @@ func validate(c *Config) error {
 			return errors.New("gitlab_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if glab.ClientId == "" || glab.ClientSecret == "" || (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil && glab.RedisTokenDB.ClusterOptions == nil) {
+		if glab.ClientId == "" || glab.ClientSecret == "" || (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("gitlab_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
diff --git a/examples/reference.yml b/examples/reference.yml
@@ -144,11 +144,13 @@ github_auth:
   # or Redis,
   redis_token_db:
     redis_options:
-        # with a single instance,
-        addr: localhost:6379
-    redis_cluster_options:
-        # or in the cluster mode.
-        addrs: ["localhost:7000"]
+      # with a single instance,
+      addrs: ["localhost:6379"]
+      # or in the cluster mode.
+      addrs: ["localhost:7000", "localhost:7001"]
+      # or in the failover mode with redis sentinel.
+      mastername: redis-ha
+      addrs: ["redis-sentinel:26379"]
   # How long to wait when talking to GitHub servers. Optional.
   http_timeout: "10s"
   # How long to wait before revalidating the GitHub token. Optional.
@@ -220,10 +222,12 @@ gitlab_auth:
   redis_token_db:
     redis_options:
       # with a single instance,
-      addr: localhost:6379
-    redis_cluster_options:
+      addrs: ["localhost:6379"]
       # or in the cluster mode.
-      addrs: ["localhost:7000"]
+      addrs: ["localhost:7000", "localhost:7001"]
+      # or in the failover mode with redis sentinel.
+      mastername: redis-ha
+      addrs: ["redis-sentinel:26379"]
   # How long to wait when talking to GitLab servers. Optional.
   http_timeout: "10s"
   # How long to wait before revalidating the Gitlab token. Optional.

Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ func validate(c *Config) error {`
`201`	`201`	`return errors.New("google_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")`
`202`	`202`	`}`
`203`	`203`
`204`		`- if gac.ClientId == "" \|\| gac.ClientSecret == "" \|\| (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil && gac.RedisTokenDB.ClusterOptions == nil) {`
	`204`	`+ if gac.ClientId == "" \|\| gac.ClientSecret == "" \|\| (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil) {`
`205`	`205`	`return errors.New("google_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")`
`206`	`206`	`}`
`207`	`207`
`@@ -225,7 +225,7 @@ func validate(c *Config) error {`
`225`	`225`	`return errors.New("github_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")`
`226`	`226`	`}`
`227`	`227`
`228`		`- if ghac.ClientId == "" \|\| ghac.ClientSecret == "" \|\| (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil && ghac.RedisTokenDB.ClusterOptions == nil) {`
	`228`	`+ if ghac.ClientId == "" \|\| ghac.ClientSecret == "" \|\| (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil) {`
`229`	`229`	`return errors.New("github_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")`
`230`	`230`	`}`
`231`	`231`
`@@ -253,7 +253,7 @@ func validate(c *Config) error {`
`253`	`253`	`return errors.New("oidc_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")`
`254`	`254`	`}`
`255`	`255`
`256`		`- if oidc.ClientId == "" \|\| oidc.ClientSecret == "" \|\| (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil && oidc.RedisTokenDB.ClusterOptions == nil) {`
	`256`	`+ if oidc.ClientId == "" \|\| oidc.ClientSecret == "" \|\| (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil) {`
`257`	`257`	`return errors.New("oidc_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")`
`258`	`258`	`}`
`259`	`259`
`@@ -283,7 +283,7 @@ func validate(c *Config) error {`
`283`	`283`	`return errors.New("gitlab_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")`
`284`	`284`	`}`
`285`	`285`
`286`		`- if glab.ClientId == "" \|\| glab.ClientSecret == "" \|\| (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil && glab.RedisTokenDB.ClusterOptions == nil) {`
	`286`	`+ if glab.ClientId == "" \|\| glab.ClientSecret == "" \|\| (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil) {`
`287`	`287`	`return errors.New("gitlab_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")`
`288`	`288`	`}`
`289`	`289`