pkg/storage/redis: add redis TLS support (#1163)

Fixes #1156
2025-08-03 16:59:22 +02:00 · 2020-07-31 19:37:23 +07:00 · 2020-07-31 19:37:23 +07:00 · bc61206b78
commit bc61206b78
parent aab9ec413e
21 changed files with 409 additions and 88 deletions
--- a/internal/databroker/config.go
+++ b/internal/databroker/config.go
@ -1,6 +1,9 @@
 package databroker

-import "time"
+import (
+	"crypto/tls"
+	"time"
+)

 var (
 	// DefaultDeletePermanentlyAfter is the default amount of time to wait before deleting
@ -18,6 +21,7 @@ type serverConfig struct {
 	secret                  []byte
 	storageType             string
 	storageConnectionString string
+	storageTLSConfig        *tls.Config
 }

 func newServerConfig(options ...ServerOption) *serverConfig {
@ -70,3 +74,10 @@ func WithStorageConnectionString(connStr string) ServerOption {
 		cfg.storageConnectionString = connStr
 	}
 }
+
+// WithStorageTLSConfig sets the tls config for connection to storage.
+func WithStorageTLSConfig(tlsConfig *tls.Config) ServerOption {
+	return func(cfg *serverConfig) {
+		cfg.storageTLSConfig = tlsConfig
+	}
+}
--- a/internal/databroker/config_source_test.go
+++ b/internal/databroker/config_source_test.go
@ -26,7 +26,7 @@ func TestConfigSource(t *testing.T) {
 	}
 	defer li.Close()

-	dataBrokerServer := newTestServer()
+	dataBrokerServer := New()
 	srv := grpc.NewServer()
 	databroker.RegisterDataBrokerServiceServer(srv, dataBrokerServer)
 	go func() { _ = srv.Serve(li) }()
--- a/internal/databroker/helper_no_redis.go
+++ b/internal/databroker/helper_no_redis.go
@ -1,7 +0,0 @@
-// +build !redis
-
-package databroker
-
-func newTestServer() *Server {
-	return New()
-}
--- a/internal/databroker/helper_redis.go
+++ b/internal/databroker/helper_redis.go
@ -1,17 +0,0 @@
-// +build redis
-
-package databroker
-
-import (
-	"os"
-
-	"github.com/pomerium/pomerium/pkg/storage/redis"
-)
-
-func newTestServer() *Server {
-	address := "redis://localhost:6379/0"
-	if redisURL := os.Getenv("REDIS_URL"); redisURL != "" {
-		address = redisURL
-	}
-	return New(WithStorageType(redis.Name), WithStorageConnectionString(address))
-}
--- a/internal/databroker/server.go
+++ b/internal/databroker/server.go
@ -350,9 +350,14 @@ func (srv *Server) getDB(recordType string) (storage.Backend, error) {
 func (srv *Server) newDB(recordType string) (db storage.Backend, err error) {
 	switch srv.cfg.storageType {
 	case config.StorageInMemoryName:
-		db = inmemory.NewDB(recordType, srv.cfg.btreeDegree)
+		return inmemory.NewDB(recordType, srv.cfg.btreeDegree), nil
 	case config.StorageRedisName:
-		db, err = redis.New(srv.cfg.storageConnectionString, recordType, int64(srv.cfg.deletePermanentlyAfter.Seconds()))
+		db, err = redis.New(
+			srv.cfg.storageConnectionString,
+			recordType,
+			int64(srv.cfg.deletePermanentlyAfter.Seconds()),
+			redis.WithTLSConfig(srv.cfg.storageTLSConfig),
+		)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create new redis storage: %w", err)
 		}