Redis: add username for ACL auth

5 months ago · b15ef1c082
9 changed files with 30 additions and 1 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -727,6 +727,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  # ssl config
  ssl:
    # Enable/disable secure connection
--- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java
+++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java
@ -22,6 +22,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisClusterConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisClientConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.thingsboard.server.common.data.StringUtils;

@Configuration
@ConditionalOnMissingBean(TbCaffeineCacheConfiguration.class)
@ -37,6 +38,9 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration {
    @Value("${redis.cluster.useDefaultPoolConfig:true}")
    private boolean useDefaultPoolConfig;

+    @Value("${redis.username:}")
+    private String username;
+
    @Value("${redis.password:}")
    private String password;

@ -47,6 +51,7 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration {
        RedisClusterConfiguration clusterConfiguration = new RedisClusterConfiguration();
        clusterConfiguration.setClusterNodes(getNodes(clusterNodes));
        clusterConfiguration.setMaxRedirects(maxRedirects);
+        clusterConfiguration.setUsername(username);
        clusterConfiguration.setPassword(password);
        return new JedisConnectionFactory(clusterConfiguration, buildClientConfig());
    }
@ -65,4 +70,5 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration {
        }
        return jedisClientConfigurationBuilder.build();
    }
+
 }
--- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java
+++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java
@ -22,6 +22,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisSentinelConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisClientConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.thingsboard.server.common.data.StringUtils;

@Configuration
@ConditionalOnMissingBean(TbCaffeineCacheConfiguration.class)
@ -46,6 +47,9 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration {
    @Value("${redis.ssl.enabled:false}")
    private boolean useSsl;

+    @Value("${redis.username:}")
+    private String username;
+
    @Value("${redis.password:}")
    private String password;

@ -54,9 +58,10 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration {
        redisSentinelConfiguration.setMaster(master);
        redisSentinelConfiguration.setSentinels(getNodes(sentinels));
        redisSentinelConfiguration.setSentinelPassword(sentinelPassword);
+        redisSentinelConfiguration.setUsername(username);
        redisSentinelConfiguration.setPassword(password);
        redisSentinelConfiguration.setDatabase(database);
-        return new JedisConnectionFactory(redisSentinelConfiguration,  buildClientConfig());
+        return new JedisConnectionFactory(redisSentinelConfiguration, buildClientConfig());
    }

    private JedisClientConfiguration buildClientConfig() {
@ -73,4 +78,5 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration {
        }
        return jedisClientConfigurationBuilder.build();
    }
+
 }
--- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java
+++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java
@ -54,6 +54,9 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration {
    @Value("${redis.db:0}")
    private Integer db;

+    @Value("${redis.username:}")
+    private String username;
+
    @Value("${redis.password:}")
    private String password;

@ -65,6 +68,7 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration {
        standaloneConfiguration.setHostName(host);
        standaloneConfiguration.setPort(port);
        standaloneConfiguration.setDatabase(db);
+        standaloneConfiguration.setUsername(username);
        standaloneConfiguration.setPassword(password);
        return new JedisConnectionFactory(standaloneConfiguration, buildClientConfig());
    }
@ -89,4 +93,5 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration {
        }
        return jedisClientConfigurationBuilder.build();
    }
+
 }
--- a/transport/coap/src/main/resources/tb-coap-transport.yml
+++ b/transport/coap/src/main/resources/tb-coap-transport.yml
@ -94,6 +94,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  ssl:
    # Enable/disable secure connection
    enabled: "${TB_REDIS_SSL_ENABLED:false}"
--- a/transport/http/src/main/resources/tb-http-transport.yml
+++ b/transport/http/src/main/resources/tb-http-transport.yml
@ -127,6 +127,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  ssl:
    # Enable/disable secure connection
    enabled: "${TB_REDIS_SSL_ENABLED:false}"
--- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
+++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
@ -94,6 +94,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  ssl:
    # Enable/disable secure connection
    enabled: "${TB_REDIS_SSL_ENABLED:false}"
--- a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml
+++ b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml
@ -95,6 +95,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  ssl:
    # Enable/disable secure connection
    enabled: "${TB_REDIS_SSL_ENABLED:false}"
--- a/transport/snmp/src/main/resources/tb-snmp-transport.yml
+++ b/transport/snmp/src/main/resources/tb-snmp-transport.yml
@ -94,6 +94,8 @@ redis:
  db: "${REDIS_DB:0}"
  # db password
  password: "${REDIS_PASSWORD:}"
+  # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth
+  username: "${REDIS_USERNAME:}"
  ssl:
    # Enable/disable secure connection
    enabled: "${TB_REDIS_SSL_ENABLED:false}"