DATAREDIS-1046 - Use ACL authentication when username is configured.

Upgrade to Redis 6 for tests. Introduce support for username in configurations that support authentication.

Original Pull Request: #558

Author: mp911de

Makefile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-REDIS_VERSION:=5.0.5
+REDIS_VERSION:=6.0.7
 SPRING_PROFILE?=ci
 SHELL=/bin/bash -euo pipefail
 
@@ -36,6 +36,24 @@ work/redis-%.conf:
 	echo save \"\" >> $@
 	echo slaveof 127.0.0.1 6379 >> $@
 
+# Handled separately because it's a node with authentication. User: spring, password: data. Default password: foobared
+work/redis-6382.conf:
+	@mkdir -p $(@D)
+
+	echo port 6382 >> $@
+	echo daemonize yes >> $@
+	echo protected-mode no >> $@
+	echo bind 0.0.0.0 >> $@
+	echo notify-keyspace-events Ex >> $@
+	echo pidfile $(shell pwd)/work/redis-6382.pid >> $@
+	echo logfile $(shell pwd)/work/redis-6382.log >> $@
+	echo unixsocket $(shell pwd)/work/redis-6382.sock >> $@
+	echo unixsocketperm 755 >> $@
+	echo "requirepass foobared" >> $@
+	echo "user default on #1b58ee375b42e41f0e48ef2ff27d10a5b1f6924a9acdcdba7cae868e7adce6bf ~* +@all" >> $@
+	echo "user spring on #3a6eb0790f39ac87c94f3856b2dd2c5d110e6811602261a9a923d3bb23adc8b7 +@all" >> $@
+	echo save \"\" >> $@
+
 # Handled separately because it's the master and all others are slaves
 work/redis-6379.conf:
 	@mkdir -p $(@D)
@@ -54,9 +72,9 @@ work/redis-6379.conf:
 work/redis-%.pid: work/redis-%.conf work/redis/bin/redis-server
 	work/redis/bin/redis-server $<
 
-redis-start: work/redis-6379.pid work/redis-6380.pid work/redis-6381.pid
+redis-start: work/redis-6379.pid work/redis-6380.pid work/redis-6381.pid work/redis-6382.pid
 
-redis-stop: stop-6379 stop-6380 stop-6381
+redis-stop: stop-6379 stop-6380 stop-6381 stop-6382
 
 ##########
 # Sentinel
@@ -150,6 +168,9 @@ start: redis-start sentinel-start cluster-init
 stop-%: work/redis/bin/redis-cli
 	-work/redis/bin/redis-cli -p $* shutdown
 
+stop-6382: work/redis/bin/redis-cli
+	-work/redis/bin/redis-cli -a foobared -p 6382 shutdown
+
 stop: redis-stop sentinel-stop cluster-stop
 
 test:

src/main/asciidoc/new-features.adoc

@@ -7,9 +7,9 @@ This section briefly covers items that are new and noteworthy in the latest rele
 == New in Spring Data Redis 2.4
 
 * `RedisCache` now exposes `CacheStatistics`.
+* ACL authentication support for Redis Standalone, Redis Cluster and Master/Replica.
 
 [[new-in-2.3.0]]
-
 == New in Spring Data Redis 2.3
 
 * Template API Method Refinements for `Duration` and `Instant`.

src/main/java/org/springframework/data/redis/connection/RedisClusterConfiguration.java

@@ -23,6 +23,7 @@
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 
 import org.springframework.core.env.MapPropertySource;
@@ -49,6 +50,7 @@ public class RedisClusterConfiguration implements RedisConfiguration, ClusterCon
 
 	private Set<RedisNode> clusterNodes;
 	private @Nullable Integer maxRedirects;
+	private Optional<String> username = Optional.empty();
 	private RedisPassword password = RedisPassword.none();
 
 	/**
@@ -182,6 +184,24 @@ private void appendClusterNodes(Set<String> hostAndPorts) {
 		}
 	}
 
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#setUsername(String)
+	 */
+	@Override
+	public void setUsername(String username) {
+		this.username = Optional.of(username);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#getUsername()
+	 */
+	@Override
+	public Optional<String> getUsername() {
+		return this.username;
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithPassword#getPassword()

src/main/java/org/springframework/data/redis/connection/RedisConfiguration.java

@@ -17,6 +17,7 @@
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 import java.util.function.IntSupplier;
 import java.util.function.Supplier;
@@ -51,11 +52,11 @@ default Integer getDatabaseOrElse(Supplier<Integer> other) {
 
 	/**
 	 * Get the configured {@link RedisPassword} if the current {@link RedisConfiguration} is
-	 * {@link #isPasswordAware(RedisConfiguration) password aware} or evaluate and return the value of the given
+	 * {@link #isAuthenticationAware(RedisConfiguration) password aware} or evaluate and return the value of the given
 	 * {@link Supplier}.
 	 *
 	 * @param other a {@code Supplier} whose result is returned if given {@link RedisConfiguration} is not
-	 *          {@link #isPasswordAware(RedisConfiguration) password aware}.
+	 *          {@link #isAuthenticationAware(RedisConfiguration) password aware}.
 	 * @return never {@literal null}.
 	 * @throws IllegalArgumentException if {@code other} is {@literal null}.
 	 */
@@ -67,8 +68,8 @@ default RedisPassword getPasswordOrElse(Supplier<RedisPassword> other) {
 	 * @param configuration can be {@literal null}.
 	 * @return {@code true} if given {@link RedisConfiguration} is instance of {@link WithPassword}.
 	 */
-	static boolean isPasswordAware(@Nullable RedisConfiguration configuration) {
-		return configuration instanceof WithPassword;
+	static boolean isAuthenticationAware(@Nullable RedisConfiguration configuration) {
+		return configuration instanceof WithAuthentication;
 	}
 
 	/**
@@ -136,14 +137,28 @@ static Integer getDatabaseOrElse(@Nullable RedisConfiguration configuration, Sup
 	/**
 	 * @param configuration can be {@literal null}.
 	 * @param other a {@code Supplier} whose result is returned if given {@link RedisConfiguration} is not
-	 *          {@link #isPasswordAware(RedisConfiguration) password aware}.
+	 *          {@link #isAuthenticationAware(RedisConfiguration) password aware}.
+	 * @return never {@literal null}.
+	 * @throws IllegalArgumentException if {@code other} is {@literal null}.
+	 */
+	static Optional<String> getUsernameOrElse(@Nullable RedisConfiguration configuration,
+			Supplier<Optional<String>> other) {
+
+		Assert.notNull(other, "Other must not be null!");
+		return isAuthenticationAware(configuration) ? ((WithAuthentication) configuration).getUsername() : other.get();
+	}
+
+	/**
+	 * @param configuration can be {@literal null}.
+	 * @param other a {@code Supplier} whose result is returned if given {@link RedisConfiguration} is not
+	 *          {@link #isAuthenticationAware(RedisConfiguration) password aware}.
 	 * @return never {@literal null}.
 	 * @throws IllegalArgumentException if {@code other} is {@literal null}.
 	 */
 	static RedisPassword getPasswordOrElse(@Nullable RedisConfiguration configuration, Supplier<RedisPassword> other) {
 
 		Assert.notNull(other, "Other must not be null!");
-		return isPasswordAware(configuration) ? ((WithPassword) configuration).getPassword() : other.get();
+		return isAuthenticationAware(configuration) ? ((WithAuthentication) configuration).getPassword() : other.get();
 	}
 
 	/**
@@ -178,9 +193,17 @@ static String getHostOrElse(@Nullable RedisConfiguration configuration, Supplier
 	 * {@link RedisConfiguration} part suitable for configurations that may use authentication when connecting.
 	 *
 	 * @author Christoph Strobl
-	 * @since 2.1
+	 * @author Mark Paluch
+	 * @since 2.4
 	 */
-	interface WithPassword {
+	interface WithAuthentication {
+
+		/**
+		 * Create and set a username with the given {@link String}. Requires Redis 6 or newer.
+		 *
+		 * @param username the username.
+		 */
+		void setUsername(String username);
 
 		/**
 		 * Create and set a {@link RedisPassword} for given {@link String}.
@@ -207,6 +230,13 @@ default void setPassword(@Nullable char[] password) {
 		 */
 		void setPassword(RedisPassword password);
 
+		/**
+		 * Get the username to use when connecting.
+		 *
+		 * @return {@link Optional#empty()} if none set.
+		 */
+		Optional<String> getUsername();
+
 		/**
 		 * Get the RedisPassword to use when connecting.
 		 *
@@ -215,6 +245,16 @@ default void setPassword(@Nullable char[] password) {
 		RedisPassword getPassword();
 	}
 
+	/**
+	 * {@link RedisConfiguration} part suitable for configurations that may use authentication when connecting.
+	 *
+	 * @author Christoph Strobl
+	 * @since 2.1
+	 */
+	interface WithPassword extends WithAuthentication {
+
+	}
+
 	/**
 	 * {@link RedisConfiguration} part suitable for configurations that use a specific database.
 	 *
@@ -339,7 +379,17 @@ default void setMaster(final String name) {
 		Set<RedisNode> getSentinels();
 
 		/**
-		 * Get the {@link RedisPassword} used when authenticating with a Redis Server..
+		 * Get the username used when authenticating with a Redis Server.
+		 *
+		 * @return never {@literal null}.
+		 * @since 2.4
+		 */
+		default Optional<String> getDataNodeUsername() {
+			return getUsername();
+		}
+
+		/**
+		 * Get the {@link RedisPassword} used when authenticating with a Redis Server.
 		 *
 		 * @return never {@literal null}.
 		 * @since 2.2.2

src/main/java/org/springframework/data/redis/connection/RedisSentinelConfiguration.java

@@ -21,6 +21,7 @@
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 
 import org.springframework.core.env.MapPropertySource;
@@ -50,6 +51,7 @@ public class RedisSentinelConfiguration implements RedisConfiguration, SentinelC
 	private Set<RedisNode> sentinels;
 	private int database;
 
+	private Optional<String> dataNodeUsername = Optional.empty();
 	private RedisPassword dataNodePassword = RedisPassword.none();
 	private RedisPassword sentinelPassword = RedisPassword.none();
 
@@ -229,6 +231,24 @@ public void setDatabase(int index) {
 		this.database = index;
 	}
 
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#setUsername(String)
+	 */
+	@Override
+	public void setUsername(String username) {
+		this.dataNodeUsername = Optional.of(username);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#getUsername()
+	 */
+	@Override
+	public Optional<String> getUsername() {
+		return this.dataNodeUsername;
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithPassword#getPassword()

src/main/java/org/springframework/data/redis/connection/RedisSocketConfiguration.java

@@ -15,6 +15,8 @@
  */
 package org.springframework.data.redis.connection;
 
+import java.util.Optional;
+
 import org.springframework.data.redis.connection.RedisConfiguration.DomainSocketConfiguration;
 import org.springframework.util.Assert;
 
@@ -32,6 +34,7 @@ public class RedisSocketConfiguration implements RedisConfiguration, DomainSocke
 
 	private String socket = DEFAULT_SOCKET;
 	private int database;
+	private Optional<String> username = Optional.empty();
 	private RedisPassword password = RedisPassword.none();
 
 	/**
@@ -92,6 +95,24 @@ public void setDatabase(int index) {
 		this.database = index;
 	}
 
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#setUsername(String)
+	 */
+	@Override
+	public void setUsername(String username) {
+		this.username = Optional.of(username);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#getUsername()
+	 */
+	@Override
+	public Optional<String> getUsername() {
+		return this.username;
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithPassword#getPassword()

src/main/java/org/springframework/data/redis/connection/RedisStandaloneConfiguration.java

@@ -15,6 +15,8 @@
  */
 package org.springframework.data.redis.connection;
 
+import java.util.Optional;
+
 import org.springframework.data.redis.connection.RedisConfiguration.WithDatabaseIndex;
 import org.springframework.data.redis.connection.RedisConfiguration.WithHostAndPort;
 import org.springframework.data.redis.connection.RedisConfiguration.WithPassword;
@@ -37,6 +39,7 @@ public class RedisStandaloneConfiguration
 	private String hostName = DEFAULT_HOST;
 	private int port = DEFAULT_PORT;
 	private int database;
+	private Optional<String> username = Optional.empty();
 	private RedisPassword password = RedisPassword.none();
 
 	/**
@@ -125,6 +128,24 @@ public void setDatabase(int index) {
 		this.database = index;
 	}
 
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#setUsername(String)
+	 */
+	@Override
+	public void setUsername(String username) {
+		this.username = Optional.of(username);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithAuthentication#getUsername()
+	 */
+	@Override
+	public Optional<String> getUsername() {
+		return this.username;
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.data.redis.connection.RedisConfiguration.WithPassword#getPassword()