redis cache - add support for TLS/encryption in transit (#410)

* Add encryption in transit support for redis cache * Fix missed connection/uri switch * Add changelog * Update changelogs/fragments/410-redis_cache-add_tls_support.yaml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2020-05-30 06:26:37 -04:00 · 2020-05-30 06:26:37 -04:00 · f81e562301
commit f81e562301
parent 3a75f85bdd
2 changed files with 14 additions and 4 deletions
--- a/changelogs/fragments/410-redis_cache-add_tls_support.yaml
+++ b/changelogs/fragments/410-redis_cache-add_tls_support.yaml
@ -0,0 +1,2 @@
+minor_changes:
+  - redis - add TLS support to redis cache plugin (https://github.com/ansible-collections/community.general/pull/410).
--- a/plugins/cache/redis.py
+++ b/plugins/cache/redis.py
@ -16,6 +16,7 @@ DOCUMENTATION = '''
        description:
          - A colon separated string of connection information for Redis.
          - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme).
+          - To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme).
        required: True
        env:
          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@ -68,24 +69,31 @@ class CacheModule(BaseCacheModule):
    performance.
    """
    def __init__(self, *args, **kwargs):
-        connection = []
+        uri = ''

        try:
            super(CacheModule, self).__init__(*args, **kwargs)
            if self.get_option('_uri'):
-                connection = self.get_option('_uri').split(':')
+                uri = self.get_option('_uri')
            self._timeout = float(self.get_option('_timeout'))
            self._prefix = self.get_option('_prefix')
        except KeyError:
            display.deprecated('Rather than importing CacheModules directly, '
                               'use ansible.plugins.loader.cache_loader', version='2.12')
            if C.CACHE_PLUGIN_CONNECTION:
-                connection = C.CACHE_PLUGIN_CONNECTION.split(':')
+                uri = C.CACHE_PLUGIN_CONNECTION
            self._timeout = float(C.CACHE_PLUGIN_TIMEOUT)
            self._prefix = C.CACHE_PLUGIN_PREFIX

        self._cache = {}
-        self._db = StrictRedis(*connection)
+        kw = {}
+        tlsprefix = 'tls://'
+        if uri.startswith(tlsprefix):
+            kw['ssl'] = True
+            uri = uri[len(tlsprefix):]
+
+        connection = uri.split(':')
+        self._db = StrictRedis(*connection, **kw)
        self._keys_set = 'ansible_cache_keys'

    def _make_key(self, key):