Skip to content

[bitnami/redis] Allow grabbing sentinel acl configuration from userSecret #33546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[bitnami/redis] Allow grabbing sentinel acl configuration from userSecret #33546

wants to merge 5 commits into from

Conversation

jemand771
Copy link
Contributor

@jemand771 jemand771 commented May 7, 2025
edited
Loading

Description of the change

Allow grabbing sentinel acl configuration from auth.acl.userSecret

Benefits

Sentinel acl is in sync with redis acl

Possible drawbacks

I'm not sure what the correct way of handling users without passwords would be, so I'm keeping the previous behavior of just excluding users without a password.

This may be wrong, but at least it's less wrong than before.

Applicable issues

Additional information

test values excerpt 
auth:
  acl:
    enabled: true
    sentinel: true
    users:
      - username: alice
        # password: asdasd
        commands: +@all
      - username: bob
        # password: asdasd
        commands: +@all
      - username: hasnopass
        commands: +@all
      - username: passinvalues
        password: asd
        commands: +@all
    userSecret: acl-secret
resulting `users.acl` in `configuration` configmap 
user default on #c6427b12b085ca9963aa14b81f94b01c51848b0fbc065f8a2b6b5489a7a942ed ~* &* +@all
user alice on #2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae ~* &* +@all
user bob on #fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9 ~* &* +@all
user hasnopass on nopass ~* &* +@all
user passinvalues on #688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6 ~* &* +@all
resulting `sentinel.conf` in `configuration` configmap 
dir "/tmp"
port 26379
sentinel monitor redis-prod redis-test-node-0.redis-test-headless.redis-test.svc.cluster.local 6379 2
sentinel down-after-milliseconds redis-prod 60000
sentinel failover-timeout redis-prod 180000
sentinel parallel-syncs redis-prod 1# Sentinel ACL configuration, only for users with password

user alice on #2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae ~* &* +@all
sentinel sentinel-user alice
sentinel sentinel-pass foo

user bob on #fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9 ~* &* +@all
sentinel sentinel-user bob
sentinel sentinel-pass bar


user passinvalues on #688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6 ~* &* +@all
sentinel sentinel-user passinvalues
sentinel sentinel-pass asd
# User-supplied sentinel configuration:
# End of sentinel configuration

ping

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • (N/A) Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

@jemand771 @DSczyrba
[bitnami/redis] Allow grabbing sentinel acl configuration from userSe…
75da5bb 
…cret

This is an extension of bitnami#32434 which introduced this feature for non-sentinel acl configuration.

Note that I'm not sure what the correct way of handling users without passwords would be, so I'm keeping the previous behavior of just excluding users without a password.

Co-authored-by: DSczyrba <[email protected]>
Signed-off-by: Willy Hille <[email protected]>
@github-actions github-actions bot added redis triage Triage is needed labels May 7, 2025
@github-actions github-actions bot requested a review from carrodher May 7, 2025 19:14
@bitnami-bot
Update CHANGELOG.md
f270c1a 
Signed-off-by: Bitnami Bot <[email protected]>
@carrodher carrodher added verify Execute verification workflow for these changes in-progress labels May 8, 2025
@github-actions github-actions bot removed the triage Triage is needed label May 8, 2025
@github-actions github-actions bot removed the request for review from carrodher May 8, 2025 07:05
@github-actions github-actions bot requested a review from juan131 May 8, 2025 07:05
@bitnami-bot
Update CHANGELOG.md
3d85334 
Signed-off-by: Bitnami Bot <[email protected]>
@jemand771
Copy link
Contributor Author

not sure what's wrong with the tests - I can't seem to find any logs of what is actually being done other than

ginkgo action: failed » Tests: 0 passed, 0 skipped, 1 failed

juan131
juan131 requested changes May 8, 2025
View reviewed changes
@jemand771 @juan131
Apply suggestions from code review
8526f07 
Co-authored-by: Juan Ariza Toledano <[email protected]>
Signed-off-by: Willy <[email protected]>
@jemand771
Copy link
Contributor Author

GitHub is being funny with suggested changes, I'll rebase/squash later

@jemand771 @juan131
Update bitnami/redis/templates/configmap.yaml
5a11880 
Co-authored-by: Juan Ariza Toledano <[email protected]>
Signed-off-by: Willy <[email protected]>
juan131
juan131 approved these changes May 8, 2025
View reviewed changes
Copy link
Contributor

@juan131 juan131 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@juan131 juan131 enabled auto-merge (squash) May 8, 2025 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juan131 juan131 juan131 approved these changes

Assignees

@juan131 juan131

Labels
in-progress redis verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jemand771 @juan131 @carrodher @bitnami-bot