add new username/password fields

fffonion · Aug 13, 2024 · 3766433 · 3766433
1 parent 34bddd5
commit 3766433
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 13 deletions.
diff --git a/.github/workflows/redis.conf b/.github/workflows/redis.conf
@@ -0,0 +1,2 @@
+user kong allcommands allkeys on >passkong
+requirepass passdefault
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -49,7 +49,7 @@ jobs:
           lua_nginx_module: "v0.10.21"
           stream_lua_nginx_module: "v0.0.11"
           lua_resty_core: "v0.1.23"
-        
+
     env:
       JOBS: 3
       SH: bash
@@ -67,11 +67,12 @@ jobs:
       LUACHECK_VER: 0.21.1
       CC: gcc
       NGX_BUILD_CC: gcc
-  
+
       NGINX_CC_OPTS: ""
       LUAJIT_CC_OPTS: ""
 
     services:
+      # Redis with auth disabled
       redis:
         image: redis
         # Set health checks to wait until redis has started
@@ -82,11 +83,25 @@ jobs:
           --health-retries 5
         ports:
           - 6379:6379
+      # Redis with auth enabled
+      redis-auth:
+        image: redis
+        command: ["redis-server", "/etc/redis/redis.conf"]
+        volumes:
+          - ./redis.conf:/etc/redis/redis.conf
+        # Set health checks to wait until redis has started
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6380:6379
 
     steps:
     - name: Checkout source code
       uses: actions/checkout@v2
-    
+
     - name: Setup cache
       uses: actions/cache@v2
       with:

diff --git a/lib/resty/acme/storage/redis.lua b/lib/resty/acme/storage/redis.lua
@@ -22,6 +22,8 @@ function _M.new(conf)
       ssl_server_name = conf.ssl_server_name,
       namespace = conf.namespace or "",
       scan_count = conf.scan_count or 10,
+      username = conf.username,
+      password = conf.password,
     },
     mt
   )
@@ -43,13 +45,18 @@ local function op(self, op, ...)
     return nil, err
   end
 
-  if self.auth then
-    local _, err
-    if type(self.auth) == "table" then
-      _, err = client:auth(self.auth.username, self.auth.password)
-    else
-      _, err = client:auth(self.auth)
+  if self.username and self.password then
+    local _, err = client:auth(self.username, self.password)
+    if not ok then
+      return nil, "authentication failed " .. err
+    end
+  elseif self.password then
+    local _, err = client:auth(self.password)
+    if err then
+      return nil, "authentication failed " .. err
     end
+  elseif self.auth then
+    local _, err = client:auth(self.auth)
     if err then
       return nil, "authentication failed " .. err
     end

diff --git a/t/storage/redis.t b/t/storage/redis.t
@@ -556,12 +556,12 @@ test14:50
 --- no_error_log
 [error]
 
-=== TEST 15: Redis auth works with table
+=== TEST 15: Redis auth works with username and password
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
         content_by_lua_block {
-            local st = test_lib.new({auth = { username = "kong", password = "passkong" }, host = "172.27.0.2" })
+            local st = test_lib.new({ username = "kong", password = "passkong", port = 6380 })
             local err = st:set("key2", "3")
             ngx.say(err)
             local v, err = st:get("key2")
@@ -579,12 +579,12 @@ nil
 --- no_error_log
 [error]
 
-=== TEST 16: Redis auth works with string
+=== TEST 16: Redis auth works with single auth (backwards compatibility)
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
         content_by_lua_block {
-            local st = test_lib.new({auth = "passdefault", host = "172.27.0.2" })
+            local st = test_lib.new({auth = "passdefault", port = 6380 })
             local err = st:set("key2", "3")
             ngx.say(err)
             local v, err = st:get("key2")
@@ -601,3 +601,46 @@ nil
 "
 --- no_error_log
 [error]
+
+=== TEST 17: Redis auth works with just password
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ password = "passdefault", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"nil
+nil
+3
+"
+--- no_error_log
+[error]
+
+=== TEST 18: Redis auth fails with just username
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "kong", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"NOAUTH Authentication required"
+--- no_error_log
+[error]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		user kong allcommands allkeys on >passkong
		requirepass passdefault