Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Credentials Provider-like mechanism with Redis clients #16284

Closed
abutic opened this issue Apr 6, 2021 · 9 comments · Fixed by #16296
Closed

Use Credentials Provider-like mechanism with Redis clients #16284

abutic opened this issue Apr 6, 2021 · 9 comments · Fixed by #16296
Assignees
@machi1990
Labels
area/redis kind/enhancement New feature or request
Milestone
2.0.0.Alpha1

Comments

@abutic
Copy link

abutic commented Apr 6, 2021

Description

It would be nice to be able to use Credentials Provider-like mechanism (or something similar), available with DB data sources, with Redis clients/connections as well. This way, one could retrieve Redis password from some other source and then use it, without setting it in quarkus.redis.hosts configuration property.

Alternative?

Is there any way to configure Redis password programmatically and make a RedisClient used like this

    @Inject
    RedisClient redisClient;

pick it up?
@abutic abutic added the kind/enhancement New feature or request label Apr 6, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented Apr 6, 2021

/cc @cescoffier, @gsmet, @machi1990

@machi1990
Copy link
Member

Description

It would be nice to be able to use Credentials Provider-like mechanism (or something similar), available with DB data sources, with Redis clients/connections as well. This way, one could retrieve Redis password from some other source and then use it, without setting it in quarkus.redis.hosts configuration property.

This is a good enhancement.

Alternative?

Is there any way to configure Redis password programmatically and make a RedisClient used like this

    @Inject
    RedisClient redisClient;

pick it up?

No, at the moment we do not have a programmatic way of configuring the Redis client. Why do you need this, can't the password be supplied per environment?

@abutic
Copy link
Author

abutic commented Apr 6, 2021

No, at the moment we do not have a programmatic way of configuring the Redis client. Why do you need this, can't the password be supplied per environment?

We'd like to be able to get and use a password from our sensitive data storage, without having to write it down either to application.properties, system property or environment variable. If you have any advice on how to do this, we'd really appreciate it.

@machi1990
Copy link
Member

No, at the moment we do not have a programmatic way of configuring the Redis client. Why do you need this, can't the password be supplied per environment?

We'd like to be able to get and use a password from our sensitive data storage, without having to write it down either to application.properties, system property or environment variable. If you have any advice on how to do this, we'd really appreciate it.

Okay, having a Credentials Provider and store it somewhere like Vault just like datasources will be a useful addition.
As a workaround, have you tried to supply the password via ConfigSource?

@gsmet
Copy link
Member

gsmet commented Apr 6, 2021

I think the easiest way would be to implement it in Quarkus with the credential provider contract we already have. I don't think that would be that hard.

@abutic
Copy link
Author

abutic commented Apr 6, 2021

As a workaround, have you tried to supply the password via ConfigSource?

Hm, in order to get the password from a sensitive data storage, we need our custom @ApplicationScoped bean, which I think is not available for injection before ConfigSource methods get called. This could be an issue for us, but your suggestion is definitely worth investigating. Thanks!

@machi1990
Copy link
Member

As a workaround, have you tried to supply the password via ConfigSource?

Hm, in order to get the password from a sensitive data storage, we need our custom @ApplicationScoped bean, which I think is not available for injection before ConfigSource methods get called. This could be an issue for us, but your suggestion is definitely worth investigating. Thanks!

Thanks for looking. Well then, I think the CredentialsProvider is a very good is something you really need here. I'll open a PR for this enhancement. Until then, let me know how the ConfigSource option goes.

@machi1990 machi1990 self-assigned this Apr 6, 2021
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 6, 2021
@machi1990
feat(redia): provide Redis hosts programmatically
db68b19 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 6, 2021
@machi1990
feat(redis): provide Redis hosts programmatically
6e7c49e 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
@machi1990 machi1990 mentioned this issue Apr 6, 2021
Merged
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 7, 2021
@machi1990
feat(redis): provide Redis hosts programmatically
e5ba0a0 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 7, 2021
@machi1990
feat(redis): provide Redis hosts programmatically
7207bd1 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 7, 2021
@machi1990
feat(redis): provide Redis hosts programmatically
4e6ca57 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
machi1990 added a commit to machi1990/quarkus that referenced this issue Apr 8, 2021
@machi1990
feat(redis): provide Redis hosts programmatically
f544fc9 
This allows for configuration of properties like redis connection password coming from other
sources.

Closes quarkusio#16284
@quarkus-bot quarkus-bot bot added this to the 2.0 - main milestone Apr 14, 2021
@SebaLopez94
Copy link

Is there any documentation or example about this? Thanks

@machi1990
Copy link
Member

Is there any documentation or example about this? Thanks

We do not have an example (we should have one).

To get you going, the host provider may look like

@ApplicationScoped
@Named("hosts-provider")
public class ExampleRedisHostProvider implements RedisHostsProvider {
    @Override
    public Set<URI> getHosts() {
        // do stuff to get the host
        String host = "redis://localhost:6379/3"
        return Collections.singleton(URI.create(host));
    }
}

and in your application.properties

quarkus.redis.hosts-provider-name=hosts-provider

@machi1990 machi1990 mentioned this issue Feb 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@machi1990 machi1990

Labels
area/redis kind/enhancement New feature or request
Projects
None yet
Milestone
2.0.0.Alpha1
Development

Successfully merging a pull request may close this issue.

Provide Redis hosts programmatically machi1990/quarkus
4 participants
@gsmet @abutic @machi1990 @SebaLopez94