Skip to content

Commit

Permalink
update redis cluster and tls setup for AWS DBaaS or self-signed certi…
Browse files Browse the repository at this point in the history 
…ficates, joeferner#160 joeferner#527
  • Loading branch information
@sseide
sseide committed Jul 3, 2023
1 parent b4a8045 commit 9a9e9e2
Show file tree
Hide file tree
Showing 7 changed files with 153 additions and 63 deletions.
5 changes: 4 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Options:
--sentinel-password The sentinel password to use. [string]
--clusters Comma separated list of redis cluster server with host:port. [string]
--is-cluster Flag to use parameter from redis-host and redis-port as Redis cluster member [boolean] [default: false]
--cluster-no-tls-validation Flag to disable tls host name validation within cluster setups (needed for AWS) [boolean] [default: false]
--redis-tls Use TLS for connection to redis server. Required for TLS connections. [boolean] [default: false]
--redis-tls-ca-cert Use PEM-style CA certificate key for connection to redis server. Requires "redis-tls=true" [string]
--redis-tls-ca-cert-file File path to PEM-style CA certificate key for connection to redis server. Requires "redis-tls=true", Overrides
Expand All @@ -79,6 +80,8 @@ Options:
"sentinel-tls-key" if set too. [string]
--sentinel-tls-server-name Server name to confirm client connection. Server name for the SNI (Server Name Indication) TLS extension. Requires
"sentinel-tls=true" [string]
--insecure-certificate Disable certificate check for all certificates (Redis, Sentinel, Cluster). Should not be used in
production! [boolean] [Standard: false]
--noload, --nl Do not load connections from config. [boolean]
--clear-config, --cc Clear configuration file. [boolean]
--migrate-config Migrate old configuration file in $HOME to new style. [boolean]
Expand All @@ -100,7 +103,7 @@ Options:
--root-pattern, --rp Default root pattern for redis keys. [string] [default: "*"]
--use-scan, --sc Use SCAN instead of KEYS. [boolean] [default: true]
--scan-count The size of each separate scan. [number] [default: 200]
-h, -?, --help Show help [boolean]
-h, -?, --help Show help [boolean]
```

The connection can be established either via direct connection to redis server or indirect
Expand Down
37 changes: 28 additions & 9 deletions bin/redis-commander.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,23 @@

'use strict';

let yargs = require('yargs');
let Redis = require('ioredis');
var isEqual = require('lodash.isequal');
let myUtils = require('../lib/util');
var fs = require('fs');
const yargs = require('yargs');
const Redis = require('ioredis');
const isEqual = require('lodash.isequal');
const myUtils = require('../lib/util');
const fs = require('fs');

// fix the cwd to project base dir for browserify and config loading
let path = require('path');
const path = require('path');
process.chdir( path.join(__dirname, '..') );

process.env.ALLOW_CONFIG_MUTATIONS = true;
let config = require('config');
const config = require('config');

const connectionWrapper = require('../lib/connections');
let redisConnections;

let args = yargs
const args = yargs
.alias('h', 'help')
.alias('h', '?')
.options('redis-port', {
Expand Down Expand Up @@ -83,6 +83,11 @@ let args = yargs
describe: 'Flag to use parameter from redis-host and redis-port as Redis cluster member',
default: false
})
.options('cluster-no-tls-validation', {
type: 'boolean',
describe: 'Flag to disable tls host name validation within cluster node communication (needed for AWS)',
default: false
})
.options('redis-tls', {
type: 'boolean',
describe: 'Use TLS for connection to redis server. Required for TLS connections.',
Expand Down Expand Up @@ -149,6 +154,11 @@ let args = yargs
type: 'string',
describe: 'Server name to confirm client connection. Server name for the SNI (Server Name Indication) TLS extension. Requires "sentinel-tls=true"',
})
.options('insecure-certificate', {
type: 'boolean',
describe: 'Disable certificate check for all certificates (Redis, Sentinel, Cluster). Should not be used in production!',
default: false
})
.options('noload', {
alias: 'nl',
type: 'boolean',
Expand Down Expand Up @@ -460,7 +470,8 @@ function createConnectionObjectFromArgs(argList) {
username: argList['redis-username'] || null,
password: argList['redis-password'] || '',
connectionName: config.get('redis.connectionName'),
optional: argList['redis-optional']
optional: argList['redis-optional'],
clusterNoTlsValidation: argList['clusterNoTlsValidation']
};

if (argList['redis-socket']) {
Expand Down Expand Up @@ -520,6 +531,10 @@ function createConnectionObjectFromArgs(argList) {
connObj.tls.servername = argList['redis-tls-server-name'];
}
}

if (argList['insecure-certificate']) {
connObj.tls.rejectUnauthorized = false;
}
}

// either set 'sentinel-tls' to a boolean value to reuse same tls settings as defined for Redis server
Expand Down Expand Up @@ -563,6 +578,10 @@ function createConnectionObjectFromArgs(argList) {
else {
// fallback if no special sentinel settings are defined - reuse redis one
connObj.sentinelTLS = connObj.tls;

if (argList['insecure-certificate']) {
connObj.sentinelTLS.rejectUnauthorized = false;
}
}
}
}
Expand Down
Loading

0 comments on commit 9a9e9e2

Please sign in to comment.