feat: adds redis auth.

cmd/backfill-redis/main.go

@@ -29,6 +29,7 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"flag"
@@ -64,14 +65,17 @@ import (
 )
 
 var (
-	redisHostname = flag.String("hostname", "", "Hostname for Redis application")
-	redisPort     = flag.String("port", "", "Port to Redis application")
-	startIndex    = flag.Int("start", -1, "First index to backfill")
-	endIndex      = flag.Int("end", -1, "Last index to backfill")
-	rekorAddress  = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev")
-	versionFlag   = flag.Bool("version", false, "Print the current version of Backfill Redis")
-	concurrency   = flag.Int("concurrency", 1, "Number of workers to use for backfill")
-	dryRun        = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis")
+	redisHostname      = flag.String("hostname", "", "Hostname for Redis application")
+	redisPort          = flag.String("port", "", "Port to Redis application")
+	redisUsername      = flag.String("username", "", "Username for Redis authentication")
+	redisPassword      = flag.String("password", "", "Password for Redis authentication")
+	insecureSkipVerify = flag.Bool("insecure-skip-verify", false, "Whether to skip TLS verification or not")
+	startIndex         = flag.Int("start", -1, "First index to backfill")
+	endIndex           = flag.Int("end", -1, "Last index to backfill")
+	rekorAddress       = flag.String("rekor-address", "", "Address for Rekor, e.g. https://rekor.sigstore.dev")
+	versionFlag        = flag.Bool("version", false, "Print the current version of Backfill Redis")
+	concurrency        = flag.Int("concurrency", 1, "Number of workers to use for backfill")
+	dryRun             = flag.Bool("dry-run", false, "Dry run - don't actually insert into Redis")
 )
 
 func main() {
@@ -101,10 +105,18 @@ func main() {
 
 	log.Printf("running backfill redis Version: %s GitCommit: %s BuildDate: %s", versionInfo.GitVersion, versionInfo.GitCommit, versionInfo.BuildDate)
 
+	// TLS configuration
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: *insecureSkipVerify,
+	}
+
 	redisClient := redis.NewClient(&redis.Options{
-		Addr:    fmt.Sprintf("%s:%s", *redisHostname, *redisPort),
-		Network: "tcp",
-		DB:      0, // default DB
+		Addr:      fmt.Sprintf("%s:%s", *redisHostname, *redisPort),
+		Username:  *redisUsername,
+		Password:  *redisPassword,
+		TLSConfig: tlsConfig,
+		Network:   "tcp",
+		DB:        0, // default DB
 	})
 
 	rekorClient, err := client.GetRekorClient(*rekorAddress)

pkg/api/api.go

@@ -18,6 +18,7 @@ package api
 import (
 	"context"
 	"crypto/sha256"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/hex"
 	"fmt"
@@ -139,8 +140,14 @@ func ConfigureAPI(treeID uint) {
 	}
 	if viper.GetBool("enable_retrieve_api") || viper.GetBool("enable_stable_checkpoint") ||
 		slices.Contains(viper.GetStringSlice("enabled_api_endpoints"), "searchIndex") {
+
 		redisClient = redis.NewClient(&redis.Options{
-			Addr:    fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")),
+			Addr:     fmt.Sprintf("%v:%v", viper.GetString("redis_server.address"), viper.GetUint64("redis_server.port")),
+			Username: viper.GetString("redis_server.username"),
+			Password: viper.GetString("redis_server.password"),
+			TLSConfig: &tls.Config{
+				InsecureSkipVerify: viper.GetBool("redis_server.insecure-skip-verify"),
+			},
 			Network: "tcp",
 			DB:      0, // default DB
 		})