feat: adding redis SSL and username authentification

[Yoann-tildev]

SUMMARY

Added compatibility with Redis 6 new authentification (SSL + ACL)

TESTING INSTRUCTIONS

Deploying Superset with Redis 6 (we use managed instance from OVH Cloud)

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[github-actions]

Congrats on making your first PR and thank you for contributing to Superset! 🎉 ❤️
We hope to see you in our Slack community too!

[dpgaspar]

Superset's base dependencies is loose by default on setup.py we don't pin or restrict Redis there, but our test suit and base requirements are pinned to 3.5.3 this could be a breaking change. I think that helm should be in sync with the rest of the repo.

[dpgaspar]

Can you add REDIS_SCHEME here to make it possible for an admin to choose between redis and rediss

[Yoann-tildev]

I am unsure of what you're asking. I introduced "redis_ssl" and I'm checking if the option is set in order to be able to choose between redis and rediss (ssl mode) already.

What's REDIS_SCHEME ?

[dpgaspar]

following this convention: https://www.rfc-editor.org/rfc/rfc3986.html#section-3 for scheme
optional but wouldn't be simpler to just create REDIS_SCHEME?

[dpgaspar]

our current base requirements is: https://github.com/apache/superset/blob/master/requirements/base.txt#L242

[dpgaspar]

we probably should change: https://github.com/apache/superset/blob/04dd8d414db6a3cddcd073ad74acb2a4b7a53b0b/docker/pythonpath_dev/superset_config.py

[Yoann-tildev]

this change was introduced in version 1.10.0 of flask-caching and is mandatory in version 2.X

as I'm using helm I didn't edit the docket-compose setup but it should be safe to do it I guess

[Yoann-tildev]

Superset's base dependencies is loose by default on setup.py we don't pin or restrict Redis there, but our test suit and base requirements are pinned to 3.5.3 this could be a breaking change. I think that helm should be in sync with the rest of the repo.

3.5.3 is more than 2 years old and doesn't support Redis 6 SSL authentication. Shouldn't it be the time to upgrade this dependency in the test suit ?

[Yoann-tildev]

Superset's base dependencies is loose by default on setup.py we don't pin or restrict Redis there, but our test suit and base requirements are pinned to 3.5.3 this could be a breaking change. I think that helm should be in sync with the rest of the repo.

3.5.3 is more than 2 years old and doesn't support Redis 6 SSL authentication. Shouldn't it be the time to upgrade this dependency in the test suit ?

I investigated : neither Flask-caching nor CacheLib are specifying a specific version of py-redis package. Actually Flask-caching wasn't even specifying a version for CacheLib before v2.0 which specify 0.9.0 https://github.com/pallets-eco/flask-caching/blob/v2.0.0/setup.py#L6

[dpgaspar]

Superset's base dependencies is loose by default on setup.py we don't pin or restrict Redis there, but our test suit and base requirements are pinned to 3.5.3 this could be a breaking change. I think that helm should be in sync with the rest of the repo.

3.5.3 is more than 2 years old and doesn't support Redis 6 SSL authentication. Shouldn't it be the time to upgrade this dependency in the test suit ?

Totally agree, can you please upgrade the versions on all the places I mentioned?

[moreiramarti]

👋
I'm interested about that.
Are there any news ?

[villebro]

@Yoann-tildev is this PR still relevant? I see the config properties are based on the old version e.g. BROKER_URL vs broker_url which is the new contvention etc. Happy to help review and get this merged if this is still needed, otherwise I propose closing this.