feat: add user specific redis auth (#19285)

2025-02-02 17:35:58 -05:00 · 2024-03-19 12:37:54 +08:00 · 2024-03-19 12:37:54 +08:00 · d7fb6fddf6
commit d7fb6fddf6
parent 7213bd7131
4 changed files with 32 additions and 3 deletions
--- a/internal/config/notify/help.go
+++ b/internal/config/notify/help.go
@ -674,6 +674,12 @@ var (
 			Sensitive:   true,
 			Secret:      true,
 		},
+		config.HelpKV{
+			Key:         target.RedisUser,
+			Description: "Redis server user for the auth",
+			Optional:    true,
+			Type:        "string",
+		},
 		config.HelpKV{
 			Key:         target.RedisQueueDir,
 			Description: queueDirComment,
--- a/internal/config/notify/legacy.go
+++ b/internal/config/notify/legacy.go
@ -250,6 +250,10 @@ func SetNotifyRedis(s config.Config, redisName string, cfg target.RedisArgs) err
 			Key:   target.RedisPassword,
 			Value: cfg.Password,
 		},
+		config.KV{
+			Key:   target.RedisUser,
+			Value: cfg.User,
+		},
 		config.KV{
 			Key:   target.RedisKey,
 			Value: cfg.Key,
--- a/internal/config/notify/parse.go
+++ b/internal/config/notify/parse.go
@ -1282,6 +1282,10 @@ var (
 			Key:   target.RedisPassword,
 			Value: "",
 		},
+		config.KV{
+			Key:   target.RedisUser,
+			Value: "",
+		},
 		config.KV{
 			Key:   target.RedisQueueDir,
 			Value: "",
@ -1334,6 +1338,10 @@ func GetNotifyRedis(redisKVS map[string]config.KVS) (map[string]target.RedisArgs
 		if k != config.Default {
 			passwordEnv = passwordEnv + config.Default + k
 		}
+		userEnv := target.EnvRedisUser
+		if k != config.Default {
+			userEnv = userEnv + config.Default + k
+		}
 		keyEnv := target.EnvRedisKey
 		if k != config.Default {
 			keyEnv = keyEnv + config.Default + k
@ -1347,6 +1355,7 @@ func GetNotifyRedis(redisKVS map[string]config.KVS) (map[string]target.RedisArgs
 			Format:     env.Get(formatEnv, kv.Get(target.RedisFormat)),
 			Addr:       *addr,
 			Password:   env.Get(passwordEnv, kv.Get(target.RedisPassword)),
+			User:       env.Get(userEnv, kv.Get(target.RedisUser)),
 			Key:        env.Get(keyEnv, kv.Get(target.RedisKey)),
 			QueueDir:   env.Get(queueDirEnv, kv.Get(target.RedisQueueDir)),
 			QueueLimit: uint64(queueLimit),
--- a/internal/event/target/redis.go
+++ b/internal/event/target/redis.go
@ -41,6 +41,7 @@ const (
 	RedisFormat     = "format"
 	RedisAddress    = "address"
 	RedisPassword   = "password"
+	RedisUser       = "user"
 	RedisKey        = "key"
 	RedisQueueDir   = "queue_dir"
 	RedisQueueLimit = "queue_limit"
@ -49,6 +50,7 @@ const (
 	EnvRedisFormat     = "MINIO_NOTIFY_REDIS_FORMAT"
 	EnvRedisAddress    = "MINIO_NOTIFY_REDIS_ADDRESS"
 	EnvRedisPassword   = "MINIO_NOTIFY_REDIS_PASSWORD"
+	EnvRedisUser       = "MINIO_NOTIFY_REDIS_USER"
 	EnvRedisKey        = "MINIO_NOTIFY_REDIS_KEY"
 	EnvRedisQueueDir   = "MINIO_NOTIFY_REDIS_QUEUE_DIR"
 	EnvRedisQueueLimit = "MINIO_NOTIFY_REDIS_QUEUE_LIMIT"
@ -60,6 +62,7 @@ type RedisArgs struct {
 	Format     string    `json:"format"`
 	Addr       xnet.Host `json:"address"`
 	Password   string    `json:"password"`
+	User       string    `json:"user"`
 	Key        string    `json:"key"`
 	QueueDir   string    `json:"queueDir"`
 	QueueLimit uint64    `json:"queueLimit"`
@ -334,9 +337,16 @@ func NewRedisTarget(id string, args RedisArgs, loggerOnce logger.LogOnce) (*Redi
 			}

 			if args.Password != "" {
-				if _, err = conn.Do("AUTH", args.Password); err != nil {
-					conn.Close()
-					return nil, err
+				if args.User != "" {
+					if _, err = conn.Do("AUTH", args.User, args.Password); err != nil {
+						conn.Close()
+						return nil, err
+					}
+				} else {
+					if _, err = conn.Do("AUTH", args.Password); err != nil {
+						conn.Close()
+						return nil, err
+					}
 				}
 			}