mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
feat(session): add support for acl-based sentinel auth against redis (#2516)
Implements the sentinel username parameter which can be different to the redis username.
This commit is contained in:
parent
fcc2502dc9
commit
04831c2433
|
@ -30,6 +30,9 @@ session:
|
|||
minimum_version: TLS1.2
|
||||
high_availability:
|
||||
sentinel_name: mysentinel
|
||||
# If `sentinel_username` is supplied, Authelia will connect using ACL-based
|
||||
# authentication. Otherwise, it will use traditional `requirepass` auth.
|
||||
sentinel_username: sentinel_user
|
||||
sentinel_password: sentinel_specific_pass
|
||||
nodes:
|
||||
- host: sentinel-node1
|
||||
|
@ -148,7 +151,7 @@ required: yes
|
|||
The [redis sentinel] master name. This is defined in your [redis sentinel] configuration, it is not a hostname. This
|
||||
must be defined currently for a high availability configuration.
|
||||
|
||||
#### sentinel_password
|
||||
#### sentinel_username
|
||||
<div markdown="1">
|
||||
type: string
|
||||
{: .label .label-config .label-purple }
|
||||
|
@ -156,8 +159,21 @@ required: no
|
|||
{: .label .label-config .label-green }
|
||||
</div>
|
||||
|
||||
The password for the [redis sentinel] connection. A [redis sentinel] username is not supported at this time due to the
|
||||
upstream library not supporting it.
|
||||
The username for the [redis sentinel] connection. If this is provided, it will be used along with the sentinel_password
|
||||
for ACL-based authentication to the Redis Sentinel. If only a password is provided, the [redis sentinel] connection will
|
||||
be authenticated with traditional requirepass authentication.
|
||||
|
||||
#### sentinel_password
|
||||
<div markdown="1">
|
||||
type: string
|
||||
{: .label .label-config .label-purple }
|
||||
required: no (yes if sentinel_username is supplied)
|
||||
{: .label .label-config .label-green }
|
||||
</div>
|
||||
|
||||
The password for the [redis sentinel] connection. If specified with sentinel_username, configures Authelia to
|
||||
authenticate to the Redis Sentinel with ACL-based authentication. Otherwise, this is used for requirepass
|
||||
authentication.
|
||||
|
||||
#### nodes
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ type RedisNode struct {
|
|||
// RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
|
||||
type RedisHighAvailabilityConfiguration struct {
|
||||
SentinelName string `koanf:"sentinel_name"`
|
||||
SentinelUsername string `koanf:"sentinel_username"`
|
||||
SentinelPassword string `koanf:"sentinel_password"`
|
||||
Nodes []RedisNode `koanf:"nodes"`
|
||||
RouteByLatency bool `koanf:"route_by_latency"`
|
||||
|
|
|
@ -88,6 +88,7 @@ func NewProviderConfig(configuration schema.SessionConfiguration, certPool *x509
|
|||
Logger: &redisLogger{logger: logging.Logger()},
|
||||
MasterName: configuration.Redis.HighAvailability.SentinelName,
|
||||
SentinelAddrs: addrs,
|
||||
SentinelUsername: configuration.Redis.HighAvailability.SentinelUsername,
|
||||
SentinelPassword: configuration.Redis.HighAvailability.SentinelPassword,
|
||||
RouteByLatency: configuration.Redis.HighAvailability.RouteByLatency,
|
||||
RouteRandomly: configuration.Redis.HighAvailability.RouteRandomly,
|
||||
|
|
Loading…
Reference in New Issue
Block a user