feature: support authenticated redis connection

entur · Jun 17, 2024 · c5b6e73 · c5b6e73
1 parent 49c29d0
commit c5b6e73
Showing 1 changed file with 46 additions and 7 deletions.
diff --git a/src/main/java/org/entur/lamassu/config/cache/RedissonCacheConfig.java b/src/main/java/org/entur/lamassu/config/cache/RedissonCacheConfig.java
@@ -1,5 +1,7 @@
 package org.entur.lamassu.config.cache;
 
+import java.io.File;
+import java.net.MalformedURLException;
 import java.util.Set;
 import org.entur.gbfs.validation.model.ValidationResult;
 import org.entur.lamassu.cache.StationSpatialIndexId;
@@ -15,7 +17,10 @@
 import org.redisson.api.RMapCache;
 import org.redisson.api.RedissonClient;
 import org.redisson.codec.Kryo5Codec;
+import org.redisson.config.BaseConfig;
 import org.redisson.config.Config;
+import org.redisson.config.MasterSlaveServersConfig;
+import org.redisson.config.SingleServerConfig;
 import org.redisson.spring.data.connection.RedissonConnectionFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -42,10 +47,17 @@ public RedissonCacheConfig(
     @Value("${org.entur.lamassu.redis.master.host}") String masterHost,
     @Value("${org.entur.lamassu.redis.master.port}") String masterPort,
     @Value("${org.entur.lamassu.redis.slave.enabled:false}") boolean slaveEnabled,
-    @Value("${org.entur.lamassu.redis.slave.host:na}") String slaveHost,
-    @Value("${org.entur.lamassu.redis.slave.port:na}") String slavePort,
+    @Value("${org.entur.lamassu.redis.slave.host:}") String slaveHost,
+    @Value("${org.entur.lamassu.redis.slave.port:}") String slavePort,
+    @Value("${org.entur.lamassu.redis.server.trust.store.file:}") String trustStoreFile,
+    @Value(
+      "${org.entur.lamassu.redis.server.trust.store.password:}"
+    ) String trustStorePassword,
+    @Value(
+      "${org.entur.lamassu.redis.authentication.string:}"
+    ) String authenticationString,
     LamassuProjectInfoConfiguration lamassuProjectInfoConfiguration
-  ) {
+  ) throws MalformedURLException {
     serializationVersion = lamassuProjectInfoConfiguration.getSerializationVersion();
 
     redissonConfig = new Config();
@@ -58,13 +70,40 @@ public RedissonCacheConfig(
 
     if (slaveEnabled) {
       var slaveAddress = String.format("redis://%s:%s", slaveHost, slavePort);
-
-      redissonConfig
-        .useMasterSlaveServers()
+      MasterSlaveServersConfig masterSlaveServersConfig =
+        redissonConfig.useMasterSlaveServers();
+      masterSlaveServersConfig
         .setMasterAddress(masterAddress)
         .setSlaveAddresses(Set.of(slaveAddress));
+      configureRedisAuthentication(
+        masterSlaveServersConfig,
+        trustStoreFile,
+        trustStorePassword,
+        authenticationString
+      );
     } else {
-      redissonConfig.useSingleServer().setAddress(masterAddress);
+      SingleServerConfig singleServerConfig = redissonConfig.useSingleServer();
+      singleServerConfig.setAddress(masterAddress);
+      configureRedisAuthentication(
+        singleServerConfig,
+        trustStoreFile,
+        trustStorePassword,
+        authenticationString
+      );
+    }
+  }
+
+  private <T extends BaseConfig<T>> void configureRedisAuthentication(
+    BaseConfig<T> config,
+    String trustStoreFile,
+    String trustStorePassword,
+    String authenticationString
+  ) throws MalformedURLException {
+    if (!trustStoreFile.isEmpty()) {
+      config
+        .setSslTruststore(new File(trustStoreFile).toURI().toURL())
+        .setSslTruststorePassword(trustStorePassword)
+        .setPassword(authenticationString);
     }
   }