redis: Enable SSL for sentinel

Sentinel class supports ssl arguments since v4.0.0[1]. Setting these
are required to use SSL in Redis Sentinel.

[1] fea7b85dde

Related-Bug: #2052372
Change-Id: I2fdbb2cbd26ffd277b18adf45ebb7312ec6f0a24

releasenotes/notes/sentinel-ssl-399c56ed7067d282.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Redis jobboard driver now enables SSL for connections to Redis Sentinel
+    when SSL is enabled for connections to Redis.

setup.cfg

@@ -62,7 +62,7 @@ zookeeper =
   kazoo>=2.6.0 # Apache-2.0
   zake>=0.1.6 # Apache-2.0
 redis =
-  redis>=3.4.0 # MIT
+  redis>=4.0.0 # MIT
 workers =
   kombu>=4.3.0 # BSD
 eventlet =

taskflow/jobs/backends/impl_redis.py

@@ -568,15 +568,10 @@ return cmsgpack.pack(result)
                 else:
                     client_conf[key] = conf[key]
         if conf.get('sentinel') is not None:
-            sentinel_conf = {}
-            # sentinel do not have ssl kwargs
-            for key in client_conf:
-                if 'ssl' not in key:
-                    sentinel_conf[key] = client_conf[key]
-            s = sentinel.Sentinel([(sentinel_conf.pop('host'),
-                                    sentinel_conf.pop('port'))],
+            sentinels = [(client_conf.pop('host'), client_conf.pop('port'))]
+            s = sentinel.Sentinel(sentinels,
                                   sentinel_kwargs=conf.get('sentinel_kwargs'),
-                                  **sentinel_conf)
+                                  **client_conf)
             return s.master_for(conf['sentinel'])
         else:
             return ru.RedisClient(**client_conf)

taskflow/tests/unit/jobs/test_redis_job.py

@@ -127,13 +127,43 @@ class RedisJobboardTest(test.TestCase, base.BoardTestMixin):
                 'password': 'secret',
                 'namespace': 'test',
                 'sentinel': 'mymaster',
-                'sentinel_kwargs': {'password': 'senitelsecret'}}
+                'sentinel_kwargs': {
+                    'username': 'default',
+                    'password': 'senitelsecret'
+                }}
         with mock.patch('redis.sentinel.Sentinel') as mock_sentinel:
             impl_redis.RedisJobBoard('test-board', conf)
             test_conf = {
                 'username': 'default',
                 'password': 'secret',
             }
+            mock_sentinel.assert_called_once_with(
+                [('127.0.0.1', 26379)],
+                sentinel_kwargs={
+                    'username': 'default',
+                    'password': 'senitelsecret'
+                },
+                **test_conf)
+            mock_sentinel().master_for.assert_called_once_with('mymaster')
+
+    def test__make_client_sentinel_ssl(self):
+        conf = {'host': '127.0.0.1',
+                'port': 26379,
+                'username': 'default',
+                'password': 'secret',
+                'namespace': 'test',
+                'sentinel': 'mymaster',
+                'sentinel_kwargs': {'password': 'senitelsecret'},
+                'ssl': True,
+                'ssl_ca_certs': '/etc/ssl/certs'}
+        with mock.patch('redis.sentinel.Sentinel') as mock_sentinel:
+            impl_redis.RedisJobBoard('test-board', conf)
+            test_conf = {
+                'username': 'default',
+                'password': 'secret',
+                'ssl': True,
+                'ssl_ca_certs': '/etc/ssl/certs',
+            }
             mock_sentinel.assert_called_once_with(
                 [('127.0.0.1', 26379)],
                 sentinel_kwargs={'password': 'senitelsecret'},

test-requirements.txt

@@ -7,7 +7,7 @@ kazoo>=2.6.0 # Apache-2.0
 zake>=0.1.6 # Apache-2.0
 
 # redis
-redis>=2.10.0 # MIT
+redis>=4.0.0 # MIT
 
 # workers
 kombu>=4.3.0 # BSD