1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

redis cache - add support for TLS/encryption in transit (#410)

* Add encryption in transit support for redis cache

* Fix missed connection/uri switch

* Add changelog

* Update changelogs/fragments/410-redis_cache-add_tls_support.yaml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Brian Scholer 2020-05-30 06:26:37 -04:00 committed by GitHub
parent 3a75f85bdd
commit f81e562301
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 4 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- redis - add TLS support to redis cache plugin (https://github.com/ansible-collections/community.general/pull/410).

View file

@ -16,6 +16,7 @@ DOCUMENTATION = '''
description: description:
- A colon separated string of connection information for Redis. - A colon separated string of connection information for Redis.
- The format is C(host:port:db:password), for example C(localhost:6379:0:changeme). - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme).
- To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme).
required: True required: True
env: env:
- name: ANSIBLE_CACHE_PLUGIN_CONNECTION - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@ -68,24 +69,31 @@ class CacheModule(BaseCacheModule):
performance. performance.
""" """
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
connection = [] uri = ''
try: try:
super(CacheModule, self).__init__(*args, **kwargs) super(CacheModule, self).__init__(*args, **kwargs)
if self.get_option('_uri'): if self.get_option('_uri'):
connection = self.get_option('_uri').split(':') uri = self.get_option('_uri')
self._timeout = float(self.get_option('_timeout')) self._timeout = float(self.get_option('_timeout'))
self._prefix = self.get_option('_prefix') self._prefix = self.get_option('_prefix')
except KeyError: except KeyError:
display.deprecated('Rather than importing CacheModules directly, ' display.deprecated('Rather than importing CacheModules directly, '
'use ansible.plugins.loader.cache_loader', version='2.12') 'use ansible.plugins.loader.cache_loader', version='2.12')
if C.CACHE_PLUGIN_CONNECTION: if C.CACHE_PLUGIN_CONNECTION:
connection = C.CACHE_PLUGIN_CONNECTION.split(':') uri = C.CACHE_PLUGIN_CONNECTION
self._timeout = float(C.CACHE_PLUGIN_TIMEOUT) self._timeout = float(C.CACHE_PLUGIN_TIMEOUT)
self._prefix = C.CACHE_PLUGIN_PREFIX self._prefix = C.CACHE_PLUGIN_PREFIX
self._cache = {} self._cache = {}
self._db = StrictRedis(*connection) kw = {}
tlsprefix = 'tls://'
if uri.startswith(tlsprefix):
kw['ssl'] = True
uri = uri[len(tlsprefix):]
connection = uri.split(':')
self._db = StrictRedis(*connection, **kw)
self._keys_set = 'ansible_cache_keys' self._keys_set = 'ansible_cache_keys'
def _make_key(self, key): def _make_key(self, key):