From 16f6b2e8f65e12ba3bc51529d4a8a828ea2b8b16 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Sun, 4 Feb 2024 20:14:16 +0900
Subject: [PATCH] redis: Add username

Redis introduced ACL feature in 4.0.0, and this feature is supported by
redis-py since 3.4.0[1]. When ACL is enabled, authentication requires
username in addition to password.

Also this removes the default password string because it can confuse
underlying libraries in case a more strict check such as 'is None' is
implemented there.

[1] https://github.com/redis/redis-py/commit/8df8cd54d135380ad8b3b8807a67a3e6915b0b49

Depends-on: https://review.opendev.org/c/openstack/taskflow/+/907667
Change-Id: Ie85589ab4e02046f54864a10b9b8adce6996d82a
---
 octavia/common/config.py                                 | 4 +++-
 octavia/controller/worker/v2/taskflow_jobboard_driver.py | 7 ++++++-
 requirements.txt                                         | 2 +-
 setup.cfg                                                | 2 +-
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/octavia/common/config.py b/octavia/common/config.py
index c3b6322bcf..8b1bc3f405 100644
--- a/octavia/common/config.py
+++ b/octavia/common/config.py
@@ -579,7 +579,9 @@ task_flow_opts = [
                 help='Jobboard backend server host(s).'),
     cfg.PortOpt('jobboard_backend_port', default=6379,
                 help='Jobboard backend server port'),
-    cfg.StrOpt('jobboard_backend_password', default='', secret=True,
+    cfg.StrOpt('jobboard_backend_username',
+               help='Jobboard backend server user name'),
+    cfg.StrOpt('jobboard_backend_password', secret=True,
                help='Jobboard backend server password'),
     cfg.StrOpt('jobboard_backend_namespace', default='octavia_jobboard',
                help='Jobboard name that should be used to store taskflow '
diff --git a/octavia/controller/worker/v2/taskflow_jobboard_driver.py b/octavia/controller/worker/v2/taskflow_jobboard_driver.py
index d8595d7c56..05e9c9fcac 100644
--- a/octavia/controller/worker/v2/taskflow_jobboard_driver.py
+++ b/octavia/controller/worker/v2/taskflow_jobboard_driver.py
@@ -91,10 +91,15 @@ class RedisTaskFlowDriver(JobboardTaskFlowDriver):
             'board': 'redis',
             'host': CONF.task_flow.jobboard_backend_hosts[0],
             'port': CONF.task_flow.jobboard_backend_port,
-            'password': CONF.task_flow.jobboard_backend_password,
             'namespace': CONF.task_flow.jobboard_backend_namespace,
             'sentinel': CONF.task_flow.jobboard_redis_sentinel,
         }
+        if CONF.task_flow.jobboard_backend_username is not None:
+            jobboard_backend_conf['username'] = (
+                CONF.task_flow.jobboard_backend_username)
+        if CONF.task_flow.jobboard_backend_password is not None:
+            jobboard_backend_conf['password'] = (
+                CONF.task_flow.jobboard_backend_password)
         jobboard_backend_conf.update(
             CONF.task_flow.jobboard_redis_backend_ssl_options)
         return job_backends.backend(
diff --git a/requirements.txt b/requirements.txt
index 0905f03051..d3acbd82d8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -40,7 +40,7 @@ python-novaclient>=9.1.0 # Apache-2.0
 python-cinderclient>=3.3.0 # Apache-2.0
 WSME>=0.8.0 # MIT
 Jinja2>=2.10 # BSD License (3 clause)
-taskflow>=4.4.0 # Apache-2.0
+taskflow>=5.5.0 # Apache-2.0
 castellan>=0.16.0 # Apache-2.0
 tenacity>=5.0.4  # Apache-2.0
 distro>=1.2.0 # Apache-2.0
diff --git a/setup.cfg b/setup.cfg
index 9f3ad6e3d9..3aa476b910 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -115,7 +115,7 @@ oslo.middleware.healthcheck =
 [extras]
 # Required in case of AmphoraV2 redis jobboard is used
 redis =
-    redis>=2.10.0
+    redis>=3.4.0
 # Required in case of AmphoraV2 zookeeper jobboard is used
 zookeeper =
   kazoo>=2.6.0 # Apache-2.0