Add support for redis sentinel config by using redis.UniversalClient which auto-switches based on config

auth_server/authn/tokendb_redis.go

@@ -30,8 +30,7 @@ import (
 )
 
 type RedisStoreConfig struct {
-	ClientOptions  *redis.Options        `yaml:"redis_options,omitempty"`
-	ClusterOptions *redis.ClusterOptions `yaml:"redis_cluster_options,omitempty"`
+	ClientOptions  *redis.UniversalOptions `yaml:"redis_options,omitempty"`
 	TokenHashCost  int                   `yaml:"token_hash_cost,omitempty"`
 }
 
@@ -45,14 +44,7 @@ type RedisClient interface {
 //
 func NewRedisTokenDB(options *RedisStoreConfig) (TokenDB, error) {
 	var client RedisClient
-	if options.ClusterOptions != nil {
-		if options.ClientOptions != nil {
-			glog.Infof("Both redis_token_db.configs and redis_token_db.cluster_configs have been set. Only the latter will be used")
-		}
-		client = redis.NewClusterClient(options.ClusterOptions)
-	} else {
-		client = redis.NewClient(options.ClientOptions)
-	}
+	client = redis.NewUniversalClient(options.ClientOptions)
 	tokenHashCost := options.TokenHashCost
 	if tokenHashCost <= 0 {
 		tokenHashCost = bcrypt.DefaultCost

auth_server/server/config.go

@@ -201,7 +201,7 @@ func validate(c *Config) error {
 			return errors.New("google_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if gac.ClientId == "" || gac.ClientSecret == "" || (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil && gac.RedisTokenDB.ClusterOptions == nil) {
+		if gac.ClientId == "" || gac.ClientSecret == "" || (gac.RedisTokenDB != nil && gac.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("google_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -225,7 +225,7 @@ func validate(c *Config) error {
 			return errors.New("github_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if ghac.ClientId == "" || ghac.ClientSecret == "" || (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil && ghac.RedisTokenDB.ClusterOptions == nil) {
+		if ghac.ClientId == "" || ghac.ClientSecret == "" || (ghac.RedisTokenDB != nil && ghac.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("github_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -253,7 +253,7 @@ func validate(c *Config) error {
 			return errors.New("oidc_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if oidc.ClientId == "" || oidc.ClientSecret == "" || (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil && oidc.RedisTokenDB.ClusterOptions == nil) {
+		if oidc.ClientId == "" || oidc.ClientSecret == "" || (oidc.RedisTokenDB != nil && oidc.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("oidc_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 
@@ -283,7 +283,7 @@ func validate(c *Config) error {
 			return errors.New("gitlab_auth.{client_id,client_secret,gcs_token_db{bucket,client_secret_file}} are required")
 		}
 
-		if glab.ClientId == "" || glab.ClientSecret == "" || (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil && glab.RedisTokenDB.ClusterOptions == nil) {
+		if glab.ClientId == "" || glab.ClientSecret == "" || (glab.RedisTokenDB != nil && glab.RedisTokenDB.ClientOptions == nil) {
 			return errors.New("gitlab_auth.{client_id,client_secret,redis_token_db.{redis_options,redis_cluster_options}} are required")
 		}
 

examples/reference.yml

@@ -144,11 +144,13 @@ github_auth:
   # or Redis,
   redis_token_db:
     redis_options:
-        # with a single instance,
-        addr: localhost:6379
-    redis_cluster_options:
-        # or in the cluster mode.
-        addrs: ["localhost:7000"]
+      # with a single instance,
+      addrs: ["localhost:6379"]
+      # or in the cluster mode.
+      addrs: ["localhost:7000", "localhost:7001"]
+      # or in the failover mode with redis sentinel.
+      mastername: redis-ha
+      addrs: ["redis-sentinel:26379"]
   # How long to wait when talking to GitHub servers. Optional.
   http_timeout: "10s"
   # How long to wait before revalidating the GitHub token. Optional.
@@ -220,10 +222,12 @@ gitlab_auth:
   redis_token_db:
     redis_options:
       # with a single instance,
-      addr: localhost:6379
-    redis_cluster_options:
+      addrs: ["localhost:6379"]
       # or in the cluster mode.
-      addrs: ["localhost:7000"]
+      addrs: ["localhost:7000", "localhost:7001"]
+      # or in the failover mode with redis sentinel.
+      mastername: redis-ha
+      addrs: ["redis-sentinel:26379"]
   # How long to wait when talking to GitLab servers. Optional.
   http_timeout: "10s"
   # How long to wait before revalidating the Gitlab token. Optional.