From 708cd33f29e408c7a50d93f106ed0a765255c4e0 Mon Sep 17 00:00:00 2001 From: ian Fitch Hundere Date: Wed, 9 Aug 2023 16:04:49 -0400 Subject: [PATCH 1/4] feat: adds redis auth. --- cmd/backfill-redis/main.go | 34 +++++++++++++++++++++++----------- pkg/api/api.go | 9 ++++++++- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/cmd/backfill-redis/main.go b/cmd/backfill-redis/main.go index 14e127a3b..4805bd181 100644 --- a/cmd/backfill-redis/main.go +++ b/cmd/backfill-redis/main.go @@ -29,6 +29,7 @@ package main import ( "bytes" "context" + "crypto/tls" "encoding/base64" "errors" "flag" @@ -64,14 +65,17 @@ import ( ) var ( - redisHostname = flag.String("hostname", "", "Hostname for Redis application") - redisPort = flag.String("port", "", "Port to Redis application") - startIndex = flag.Int("start", -1, "First index to backfill") - endIndex = flag.Int("end", -1, "Last index to backfill") - rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") - versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") - concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") - dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") + redisHostname = flag.String("hostname", "", "Hostname for Redis application") + redisPort = flag.String("port", "", "Port to Redis application") + redisUsername = flag.String("username", "", "Username for Redis authentication") + redisPassword = flag.String("password", "", "Password for Redis authentication") + insecureSkipVerify = flag.Bool("insecure-skip-verify", false, "Whether to skip TLS verification or not") + startIndex = flag.Int("start", -1, "First index to backfill") + endIndex = flag.Int("end", -1, "Last index to backfill") + rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") + versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") + concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") + dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") ) func main() { @@ -101,10 +105,18 @@ func main() { log.Printf("running backfill redis Version: %s GitCommit: %s BuildDate: %s", versionInfo.GitVersion, versionInfo.GitCommit, versionInfo.BuildDate) + // TLS configuration + tlsConfig := &tls.Config{ + InsecureSkipVerify: *insecureSkipVerify, + } + redisClient := redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), + Username: *redisUsername, + Password: *redisPassword, + TLSConfig: tlsConfig, + Network: "tcp", + DB: 0, // default DB }) rekorClient, err := client.GetRekorClient(*rekorAddress) diff --git a/pkg/api/api.go b/pkg/api/api.go index 12925b6bd..8c48558a7 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -18,6 +18,7 @@ package api import ( "context" "crypto/sha256" + "crypto/tls" "crypto/x509" "encoding/hex" "fmt" @@ -139,8 +140,14 @@ func ConfigureAPI(treeID uint) { } if viper.GetBool("enable_retrieve_api") || viper.GetBool("enable_stable_checkpoint") || slices.Contains(viper.GetStringSlice("enabled_api_endpoints"), "searchIndex") { + redisClient = redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Username: viper.GetString("redis_server.username"), + Password: viper.GetString("redis_server.password"), + TLSConfig: &tls.Config{ + InsecureSkipVerify: viper.GetBool("redis_server.insecure-skip-verify"), + }, Network: "tcp", DB: 0, // default DB }) From 9fc6166a35a425393008884e8578b8e80007cf44 Mon Sep 17 00:00:00 2001 From: ian hundere <138915+ianhundere@users.noreply.github.com> Date: Wed, 9 Aug 2023 16:11:04 -0400 Subject: [PATCH 2/4] feat: adds redis auth. Signed-off-by: ian hundere <138915+ianhundere@users.noreply.github.com> --- cmd/backfill-redis/main.go | 34 +++++++++++++++++++++++----------- pkg/api/api.go | 9 ++++++++- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/cmd/backfill-redis/main.go b/cmd/backfill-redis/main.go index 14e127a3b..4805bd181 100644 --- a/cmd/backfill-redis/main.go +++ b/cmd/backfill-redis/main.go @@ -29,6 +29,7 @@ package main import ( "bytes" "context" + "crypto/tls" "encoding/base64" "errors" "flag" @@ -64,14 +65,17 @@ import ( ) var ( - redisHostname = flag.String("hostname", "", "Hostname for Redis application") - redisPort = flag.String("port", "", "Port to Redis application") - startIndex = flag.Int("start", -1, "First index to backfill") - endIndex = flag.Int("end", -1, "Last index to backfill") - rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") - versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") - concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") - dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") + redisHostname = flag.String("hostname", "", "Hostname for Redis application") + redisPort = flag.String("port", "", "Port to Redis application") + redisUsername = flag.String("username", "", "Username for Redis authentication") + redisPassword = flag.String("password", "", "Password for Redis authentication") + insecureSkipVerify = flag.Bool("insecure-skip-verify", false, "Whether to skip TLS verification or not") + startIndex = flag.Int("start", -1, "First index to backfill") + endIndex = flag.Int("end", -1, "Last index to backfill") + rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") + versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") + concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") + dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") ) func main() { @@ -101,10 +105,18 @@ func main() { log.Printf("running backfill redis Version: %s GitCommit: %s BuildDate: %s", versionInfo.GitVersion, versionInfo.GitCommit, versionInfo.BuildDate) + // TLS configuration + tlsConfig := &tls.Config{ + InsecureSkipVerify: *insecureSkipVerify, + } + redisClient := redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), + Username: *redisUsername, + Password: *redisPassword, + TLSConfig: tlsConfig, + Network: "tcp", + DB: 0, // default DB }) rekorClient, err := client.GetRekorClient(*rekorAddress) diff --git a/pkg/api/api.go b/pkg/api/api.go index 12925b6bd..8c48558a7 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -18,6 +18,7 @@ package api import ( "context" "crypto/sha256" + "crypto/tls" "crypto/x509" "encoding/hex" "fmt" @@ -139,8 +140,14 @@ func ConfigureAPI(treeID uint) { } if viper.GetBool("enable_retrieve_api") || viper.GetBool("enable_stable_checkpoint") || slices.Contains(viper.GetStringSlice("enabled_api_endpoints"), "searchIndex") { + redisClient = redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Username: viper.GetString("redis_server.username"), + Password: viper.GetString("redis_server.password"), + TLSConfig: &tls.Config{ + InsecureSkipVerify: viper.GetBool("redis_server.insecure-skip-verify"), + }, Network: "tcp", DB: 0, // default DB }) From 61e4bae92fad8e950f21e1f002a42910016aa11b Mon Sep 17 00:00:00 2001 From: ian hundere <138915+ianhundere@users.noreply.github.com> Date: Wed, 9 Aug 2023 16:11:04 -0400 Subject: [PATCH 3/4] feat: adds redis auth. Signed-off-by: ian hundere <138915+ianhundere@users.noreply.github.com> --- cmd/backfill-redis/main.go | 34 +++++++++++++++++++++++----------- pkg/api/api.go | 9 ++++++++- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/cmd/backfill-redis/main.go b/cmd/backfill-redis/main.go index 14e127a3b..4805bd181 100644 --- a/cmd/backfill-redis/main.go +++ b/cmd/backfill-redis/main.go @@ -29,6 +29,7 @@ package main import ( "bytes" "context" + "crypto/tls" "encoding/base64" "errors" "flag" @@ -64,14 +65,17 @@ import ( ) var ( - redisHostname = flag.String("hostname", "", "Hostname for Redis application") - redisPort = flag.String("port", "", "Port to Redis application") - startIndex = flag.Int("start", -1, "First index to backfill") - endIndex = flag.Int("end", -1, "Last index to backfill") - rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") - versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") - concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") - dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") + redisHostname = flag.String("hostname", "", "Hostname for Redis application") + redisPort = flag.String("port", "", "Port to Redis application") + redisUsername = flag.String("username", "", "Username for Redis authentication") + redisPassword = flag.String("password", "", "Password for Redis authentication") + insecureSkipVerify = flag.Bool("insecure-skip-verify", false, "Whether to skip TLS verification or not") + startIndex = flag.Int("start", -1, "First index to backfill") + endIndex = flag.Int("end", -1, "Last index to backfill") + rekorAddress = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev") + versionFlag = flag.Bool("version", false, "Print the current version of Backfill Redis") + concurrency = flag.Int("concurrency", 1, "Number of workers to use for backfill") + dryRun = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis") ) func main() { @@ -101,10 +105,18 @@ func main() { log.Printf("running backfill redis Version: %s GitCommit: %s BuildDate: %s", versionInfo.GitVersion, versionInfo.GitCommit, versionInfo.BuildDate) + // TLS configuration + tlsConfig := &tls.Config{ + InsecureSkipVerify: *insecureSkipVerify, + } + redisClient := redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), - Network: "tcp", - DB: 0, // default DB + Addr: fmt.Sprintf("%s:%s", *redisHostname, *redisPort), + Username: *redisUsername, + Password: *redisPassword, + TLSConfig: tlsConfig, + Network: "tcp", + DB: 0, // default DB }) rekorClient, err := client.GetRekorClient(*rekorAddress) diff --git a/pkg/api/api.go b/pkg/api/api.go index 12925b6bd..8c48558a7 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -18,6 +18,7 @@ package api import ( "context" "crypto/sha256" + "crypto/tls" "crypto/x509" "encoding/hex" "fmt" @@ -139,8 +140,14 @@ func ConfigureAPI(treeID uint) { } if viper.GetBool("enable_retrieve_api") || viper.GetBool("enable_stable_checkpoint") || slices.Contains(viper.GetStringSlice("enabled_api_endpoints"), "searchIndex") { + redisClient = redis.NewClient(&redis.Options{ - Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Addr: fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")), + Username: viper.GetString("redis_server.username"), + Password: viper.GetString("redis_server.password"), + TLSConfig: &tls.Config{ + InsecureSkipVerify: viper.GetBool("redis_server.insecure-skip-verify"), + }, Network: "tcp", DB: 0, // default DB }) From 49e92f3af63856009438a6d10b8930e85a472a29 Mon Sep 17 00:00:00 2001 From: ian Fitch Hundere Date: Wed, 9 Aug 2023 16:04:49 -0400 Subject: [PATCH 4/4] feat: adds redis auth.