openstack/taskflow
Code Issues Proposed changes

redis: Enable SSL for sentinel

Browse Source 
Sentinel class supports ssl arguments since v4.0.0[1]. Setting these
are required to use SSL in Redis Sentinel.

[1] fea7b85dde

Related-Bug: #2052372
Change-Id: I2fdbb2cbd26ffd277b18adf45ebb7312ec6f0a24
This commit is contained in:
Takashi Kajinami
2024-02-04 19:24:56 +09:00
parent 78f3ef26a1
commit 14444acab8
5 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
releasenotes/notes/sentinel-ssl-399c56ed7067d282.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
features:
- |
Redis jobboard driver now enables SSL for connections to Redis Sentinel
when SSL is enabled for connections to Redis.

2
setup.cfg
View File

@@ -62,7 +62,7 @@ zookeeper =
kazoo>=2.6.0 # Apache-2.0 kazoo>=2.6.0 # Apache-2.0
zake>=0.1.6 # Apache-2.0 zake>=0.1.6 # Apache-2.0
redis = redis =
redis>=3.4.0 # MIT redis>=4.0.0 # MIT
workers = workers =
kombu>=4.3.0 # BSD kombu>=4.3.0 # BSD
eventlet = eventlet =

11
taskflow/jobs/backends/impl_redis.py
View File

@@ -568,15 +568,10 @@ return cmsgpack.pack(result)
else: else:
client_conf[key] = conf[key] client_conf[key] = conf[key]
if conf.get('sentinel') is not None: if conf.get('sentinel') is not None:
sentinel_conf = {} sentinels = [(client_conf.pop('host'), client_conf.pop('port'))]
# sentinel do not have ssl kwargs s = sentinel.Sentinel(sentinels,
for key in client_conf:
if 'ssl' not in key:
sentinel_conf[key] = client_conf[key]
s = sentinel.Sentinel([(sentinel_conf.pop('host'),
sentinel_conf.pop('port'))],
sentinel_kwargs=conf.get('sentinel_kwargs'), sentinel_kwargs=conf.get('sentinel_kwargs'),
**sentinel_conf) **client_conf)
return s.master_for(conf['sentinel']) return s.master_for(conf['sentinel'])
else: else:
return ru.RedisClient(**client_conf) return ru.RedisClient(**client_conf)

32
taskflow/tests/unit/jobs/test_redis_job.py
View File

@@ -127,13 +127,43 @@ class RedisJobboardTest(test.TestCase, base.BoardTestMixin):
'password': 'secret', 'password': 'secret',
'namespace': 'test', 'namespace': 'test',
'sentinel': 'mymaster', 'sentinel': 'mymaster',
'sentinel_kwargs': {'password': 'senitelsecret'}} 'sentinel_kwargs': {
'username': 'default',
'password': 'senitelsecret'
}}
with mock.patch('redis.sentinel.Sentinel') as mock_sentinel: with mock.patch('redis.sentinel.Sentinel') as mock_sentinel:
impl_redis.RedisJobBoard('test-board', conf) impl_redis.RedisJobBoard('test-board', conf)
test_conf = { test_conf = {
'username': 'default', 'username': 'default',
'password': 'secret', 'password': 'secret',
} }
mock_sentinel.assert_called_once_with(
[('127.0.0.1', 26379)],
sentinel_kwargs={
'username': 'default',
'password': 'senitelsecret'
},
**test_conf)
mock_sentinel().master_for.assert_called_once_with('mymaster')
def test__make_client_sentinel_ssl(self):
conf = {'host': '127.0.0.1',
'port': 26379,
'username': 'default',
'password': 'secret',
'namespace': 'test',
'sentinel': 'mymaster',
'sentinel_kwargs': {'password': 'senitelsecret'},
'ssl': True,
'ssl_ca_certs': '/etc/ssl/certs'}
with mock.patch('redis.sentinel.Sentinel') as mock_sentinel:
impl_redis.RedisJobBoard('test-board', conf)
test_conf = {
'username': 'default',
'password': 'secret',
'ssl': True,
'ssl_ca_certs': '/etc/ssl/certs',
}
mock_sentinel.assert_called_once_with( mock_sentinel.assert_called_once_with(
[('127.0.0.1', 26379)], [('127.0.0.1', 26379)],
sentinel_kwargs={'password': 'senitelsecret'}, sentinel_kwargs={'password': 'senitelsecret'},

2
test-requirements.txt
View File

@@ -7,7 +7,7 @@ kazoo>=2.6.0 # Apache-2.0
zake>=0.1.6 # Apache-2.0 zake>=0.1.6 # Apache-2.0
# redis # redis
redis>=2.10.0 # MIT redis>=4.0.0 # MIT
# workers # workers
kombu>=4.3.0 # BSD kombu>=4.3.0 # BSD