feat(session): add support for acl-based sentinel auth against redis (#2516)

Implements the sentinel username parameter which can be different to the redis username.
This commit is contained in:
Justin Sievenpiper 2021-10-30 17:49:27 -07:00 committed by GitHub
parent fcc2502dc9
commit 04831c2433
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 3 deletions

View File

@ -30,6 +30,9 @@ session:
minimum_version: TLS1.2
high_availability:
sentinel_name: mysentinel
# If `sentinel_username` is supplied, Authelia will connect using ACL-based
# authentication. Otherwise, it will use traditional `requirepass` auth.
sentinel_username: sentinel_user
sentinel_password: sentinel_specific_pass
nodes:
- host: sentinel-node1
@ -148,7 +151,7 @@ required: yes
The [redis sentinel] master name. This is defined in your [redis sentinel] configuration, it is not a hostname. This
must be defined currently for a high availability configuration.
#### sentinel_password
#### sentinel_username
<div markdown="1">
type: string
{: .label .label-config .label-purple }
@ -156,8 +159,21 @@ required: no
{: .label .label-config .label-green }
</div>
The password for the [redis sentinel] connection. A [redis sentinel] username is not supported at this time due to the
upstream library not supporting it.
The username for the [redis sentinel] connection. If this is provided, it will be used along with the sentinel_password
for ACL-based authentication to the Redis Sentinel. If only a password is provided, the [redis sentinel] connection will
be authenticated with traditional requirepass authentication.
#### sentinel_password
<div markdown="1">
type: string
{: .label .label-config .label-purple }
required: no (yes if sentinel_username is supplied)
{: .label .label-config .label-green }
</div>
The password for the [redis sentinel] connection. If specified with sentinel_username, configures Authelia to
authenticate to the Redis Sentinel with ACL-based authentication. Otherwise, this is used for requirepass
authentication.
#### nodes

View File

@ -9,6 +9,7 @@ type RedisNode struct {
// RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
type RedisHighAvailabilityConfiguration struct {
SentinelName string `koanf:"sentinel_name"`
SentinelUsername string `koanf:"sentinel_username"`
SentinelPassword string `koanf:"sentinel_password"`
Nodes []RedisNode `koanf:"nodes"`
RouteByLatency bool `koanf:"route_by_latency"`

View File

@ -88,6 +88,7 @@ func NewProviderConfig(configuration schema.SessionConfiguration, certPool *x509
Logger: &redisLogger{logger: logging.Logger()},
MasterName: configuration.Redis.HighAvailability.SentinelName,
SentinelAddrs: addrs,
SentinelUsername: configuration.Redis.HighAvailability.SentinelUsername,
SentinelPassword: configuration.Redis.HighAvailability.SentinelPassword,
RouteByLatency: configuration.Redis.HighAvailability.RouteByLatency,
RouteRandomly: configuration.Redis.HighAvailability.RouteRandomly,