From 47a1c9e5c913bf2c8034c44571135c107ab4e514 Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Fri, 28 Jun 2019 12:05:19 +0200 Subject: [PATCH 1/2] DATAREDIS-990 - Prepare issue branch. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9d60cefa32..9fd2dadf35 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.data spring-data-redis - 2.2.0.BUILD-SNAPSHOT + 2.2.0.DATAREDIS-990-SNAPSHOT Spring Data Redis From 3b8c7b06fced20d56db0fa01f0cb5356d8bf0cca Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Fri, 28 Jun 2019 12:10:07 +0200 Subject: [PATCH 2/2] DATAREDIS-990 - Propagate SSL configuration to Lettuce driver when using Redis Sentinel. We now appropriately set SSL configuration when using the Lettuce driver with Redis Sentinel to enable Sentinel usage with SSL. Using Sentinel with SSL requires Lettuce 5.2 or newer. --- .../lettuce/LettuceConnectionFactory.java | 4 ++ .../LettuceConnectionFactoryUnitTests.java | 62 +++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java index 44d70afe9e..74e24db755 100644 --- a/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java +++ b/src/main/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactory.java @@ -1031,6 +1031,10 @@ private RedisURI getSentinelRedisURI() { getRedisPassword().toOptional().ifPresent(redisUri::setPassword); clientConfiguration.getClientName().ifPresent(redisUri::setClientName); + + redisUri.setSsl(clientConfiguration.isUseSsl()); + redisUri.setVerifyPeer(clientConfiguration.isVerifyPeer()); + redisUri.setStartTls(clientConfiguration.isStartTls()); redisUri.setTimeout(clientConfiguration.getCommandTimeout()); redisUri.setDatabase(getDatabase()); diff --git a/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java b/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java index 7b40ada1ab..8f73f39208 100644 --- a/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java +++ b/src/test/java/org/springframework/data/redis/connection/lettuce/LettuceConnectionFactoryUnitTests.java @@ -285,6 +285,68 @@ public void startTLSOptionShouldBeSetCorrectlyOnClient() { assertThat(connectionFactory.isStartTls()).isTrue(); } + @Test // DATAREDIS-990 + public void sslShouldBeSetCorrectlyOnSentinelClient() { + + RedisSentinelConfiguration sentinelConfiguration = new RedisSentinelConfiguration("myMaster", + Collections.singleton("localhost:1234")); + LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory(sentinelConfiguration); + connectionFactory.setClientResources(getSharedClientResources()); + connectionFactory.setUseSsl(true); + connectionFactory.afterPropertiesSet(); + ConnectionFactoryTracker.add(connectionFactory); + + AbstractRedisClient client = (AbstractRedisClient) getField(connectionFactory, "client"); + assertThat(client).isInstanceOf(RedisClient.class); + + RedisURI redisUri = (RedisURI) getField(client, "redisURI"); + + assertThat(redisUri.isSsl()).isTrue(); + assertThat(connectionFactory.isUseSsl()).isTrue(); + assertThat(redisUri.isVerifyPeer()).isTrue(); + assertThat(connectionFactory.isVerifyPeer()).isTrue(); + } + + @Test // DATAREDIS-990 + public void verifyPeerOptionShouldBeSetCorrectlyOnSentinelClient() { + + RedisSentinelConfiguration sentinelConfiguration = new RedisSentinelConfiguration("myMaster", + Collections.singleton("localhost:1234")); + LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory(sentinelConfiguration); + connectionFactory.setClientResources(getSharedClientResources()); + connectionFactory.setVerifyPeer(false); + connectionFactory.afterPropertiesSet(); + ConnectionFactoryTracker.add(connectionFactory); + + AbstractRedisClient client = (AbstractRedisClient) getField(connectionFactory, "client"); + assertThat(client).isInstanceOf(RedisClient.class); + + RedisURI redisUri = (RedisURI) getField(client, "redisURI"); + + assertThat(redisUri.isVerifyPeer()).isFalse(); + assertThat(connectionFactory.isVerifyPeer()).isFalse(); + } + + @Test // DATAREDIS-990 + public void startTLSOptionShouldBeSetCorrectlyOnSentinelClient() { + + RedisSentinelConfiguration sentinelConfiguration = new RedisSentinelConfiguration("myMaster", + Collections.singleton("localhost:1234")); + LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory(sentinelConfiguration); + connectionFactory.setClientResources(getSharedClientResources()); + connectionFactory.setStartTls(true); + connectionFactory.afterPropertiesSet(); + ConnectionFactoryTracker.add(connectionFactory); + + AbstractRedisClient client = (AbstractRedisClient) getField(connectionFactory, "client"); + assertThat(client).isInstanceOf(RedisClient.class); + + RedisURI redisUri = (RedisURI) getField(client, "redisURI"); + + assertThat(redisUri.isStartTls()).isTrue(); + assertThat(connectionFactory.isStartTls()).isTrue(); + } + @Test // DATAREDIS-537 public void sslShouldBeSetCorrectlyOnClusterClient() {