New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adding redis SSL and username authentification #21287
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congrats on making your first PR and thank you for contributing to Superset! 🎉 ❤️
We hope to see you in our Slack community too!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Superset's base dependencies is loose by default on setup.py
we don't pin or restrict Redis there, but our test suit and base requirements are pinned to 3.5.3 this could be a breaking change. I think that helm should be in sync with the rest of the repo.
BROKER_URL = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" | ||
CELERY_RESULT_BACKEND = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" | ||
{{- if .Values.supersetNode.connections.redis_ssl }} | ||
BROKER_URL = f"rediss://{env('REDIS_USERNAME')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add REDIS_SCHEME
here to make it possible for an admin to choose between redis
and rediss
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am unsure of what you're asking. I introduced "redis_ssl" and I'm checking if the option is set in order to be able to choose between redis and rediss (ssl mode) already.
What's REDIS_SCHEME ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
following this convention: https://www.rfc-editor.org/rfc/rfc3986.html#section-3 for scheme
optional but wouldn't be simpler to just create REDIS_SCHEME
?
@@ -35,7 +35,7 @@ bootstrapScript: | | |||
rm -rf /var/lib/apt/lists/* && \ | |||
pip install \ | |||
psycopg2-binary==2.9.1 \ | |||
redis==3.5.3 && \ | |||
redis==4.3.4 && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
our current base requirements is: https://github.com/apache/superset/blob/master/requirements/base.txt#L242
@@ -69,14 +69,21 @@ def env(key, default=None): | |||
|
|||
MAPBOX_API_KEY = env('MAPBOX_API_KEY', '') | |||
CACHE_CONFIG = { | |||
'CACHE_TYPE': 'redis', | |||
'CACHE_TYPE': 'RedisCache', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this change was introduced in version 1.10.0 of flask-caching and is mandatory in version 2.X
as I'm using helm I didn't edit the docket-compose setup but it should be safe to do it I guess
3.5.3 is more than 2 years old and doesn't support Redis 6 SSL authentication. Shouldn't it be the time to upgrade this dependency in the test suit ? |
I investigated : neither Flask-caching nor CacheLib are specifying a specific version of py-redis package. Actually Flask-caching wasn't even specifying a version for CacheLib before v2.0 which specify 0.9.0 https://github.com/pallets-eco/flask-caching/blob/v2.0.0/setup.py#L6 |
Totally agree, can you please upgrade the versions on all the places I mentioned? |
👋 |
@Yoann-tildev is this PR still relevant? I see the config properties are based on the old version e.g. |
SUMMARY
Added compatibility with Redis 6 new authentification (SSL + ACL)
TESTING INSTRUCTIONS
Deploying Superset with Redis 6 (we use managed instance from OVH Cloud)
ADDITIONAL INFORMATION