From db9bd876cd396b1b7c224c8f6a67434810a2164a Mon Sep 17 00:00:00 2001 From: Brian Scholer <1260690+briantist@users.noreply.github.com> Date: Sun, 24 May 2020 23:03:03 -0400 Subject: [PATCH 1/4] Add encryption in transit support for redis cache --- plugins/cache/redis.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/plugins/cache/redis.py b/plugins/cache/redis.py index 5a92c66324f..d82572a4d32 100644 --- a/plugins/cache/redis.py +++ b/plugins/cache/redis.py @@ -16,6 +16,7 @@ description: - A colon separated string of connection information for Redis. - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme). + - To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme). required: True env: - name: ANSIBLE_CACHE_PLUGIN_CONNECTION @@ -73,19 +74,26 @@ def __init__(self, *args, **kwargs): try: super(CacheModule, self).__init__(*args, **kwargs) if self.get_option('_uri'): - connection = self.get_option('_uri').split(':') + uri = self.get_option('_uri') self._timeout = float(self.get_option('_timeout')) self._prefix = self.get_option('_prefix') except KeyError: display.deprecated('Rather than importing CacheModules directly, ' 'use ansible.plugins.loader.cache_loader', version='2.12') if C.CACHE_PLUGIN_CONNECTION: - connection = C.CACHE_PLUGIN_CONNECTION.split(':') + uri = C.CACHE_PLUGIN_CONNECTION self._timeout = float(C.CACHE_PLUGIN_TIMEOUT) self._prefix = C.CACHE_PLUGIN_PREFIX self._cache = {} - self._db = StrictRedis(*connection) + kw = {} + tlsprefix = 'tls://' + if uri.startswith(tlsprefix): + kw['ssl'] = True + uri = uri[len(tlsprefix):] + + connection = uri.split(':') + self._db = StrictRedis(*connection, **kw) self._keys_set = 'ansible_cache_keys' def _make_key(self, key): From 88e5efeb7400939e686d6d8cbea31e469c1c0c06 Mon Sep 17 00:00:00 2001 From: Brian Scholer <1260690+briantist@users.noreply.github.com> Date: Mon, 25 May 2020 11:29:44 -0400 Subject: [PATCH 2/4] Fix missed connection/uri switch --- plugins/cache/redis.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/cache/redis.py b/plugins/cache/redis.py index d82572a4d32..0f13e3a96d1 100644 --- a/plugins/cache/redis.py +++ b/plugins/cache/redis.py @@ -69,7 +69,7 @@ class CacheModule(BaseCacheModule): performance. """ def __init__(self, *args, **kwargs): - connection = [] + uri = '' try: super(CacheModule, self).__init__(*args, **kwargs) @@ -89,8 +89,8 @@ def __init__(self, *args, **kwargs): kw = {} tlsprefix = 'tls://' if uri.startswith(tlsprefix): - kw['ssl'] = True - uri = uri[len(tlsprefix):] + kw['ssl'] = True + uri = uri[len(tlsprefix):] connection = uri.split(':') self._db = StrictRedis(*connection, **kw) From c27d546809672ccdf7e815a8125bc08752ff1c4e Mon Sep 17 00:00:00 2001 From: Brian Scholer <1260690+briantist@users.noreply.github.com> Date: Mon, 25 May 2020 11:29:55 -0400 Subject: [PATCH 3/4] Add changelog --- changelogs/fragments/410-redis_cache-add_tls_support.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/410-redis_cache-add_tls_support.yaml diff --git a/changelogs/fragments/410-redis_cache-add_tls_support.yaml b/changelogs/fragments/410-redis_cache-add_tls_support.yaml new file mode 100644 index 00000000000..82bdfc10e98 --- /dev/null +++ b/changelogs/fragments/410-redis_cache-add_tls_support.yaml @@ -0,0 +1,2 @@ +minor_changes: + - redis - add TLS support to redis cache plugin From f92b13f246f2b3448c4d00bb3cc073d84aa8890c Mon Sep 17 00:00:00 2001 From: Brian Scholer <1260690+briantist@users.noreply.github.com> Date: Tue, 26 May 2020 18:11:26 -0400 Subject: [PATCH 4/4] Update changelogs/fragments/410-redis_cache-add_tls_support.yaml Co-authored-by: Felix Fontein --- changelogs/fragments/410-redis_cache-add_tls_support.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/410-redis_cache-add_tls_support.yaml b/changelogs/fragments/410-redis_cache-add_tls_support.yaml index 82bdfc10e98..b00fc786de5 100644 --- a/changelogs/fragments/410-redis_cache-add_tls_support.yaml +++ b/changelogs/fragments/410-redis_cache-add_tls_support.yaml @@ -1,2 +1,2 @@ minor_changes: - - redis - add TLS support to redis cache plugin + - redis - add TLS support to redis cache plugin (https://github.com/ansible-collections/community.general/pull/410).