diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 040707a..f76ae66 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -49,7 +49,7 @@ jobs: lua_nginx_module: "v0.10.21" stream_lua_nginx_module: "v0.0.11" lua_resty_core: "v0.1.23" - + env: JOBS: 3 SH: bash @@ -67,11 +67,12 @@ jobs: LUACHECK_VER: 0.21.1 CC: gcc NGX_BUILD_CC: gcc - + NGINX_CC_OPTS: "" LUAJIT_CC_OPTS: "" services: + # Redis with auth disabled redis: image: redis # Set health checks to wait until redis has started @@ -82,11 +83,24 @@ jobs: --health-retries 5 ports: - 6379:6379 + # Redis with auth enabled + redis-auth: + image: redis/redis-stack-server + # Set health checks to wait until redis has started + options: >- + --health-cmd "redis-cli ping" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 6380:6379 + env: + REDIS_ARGS: "--requirepass passdefault" steps: - name: Checkout source code uses: actions/checkout@v2 - + - name: Setup cache uses: actions/cache@v2 with: diff --git a/lib/resty/acme/storage/redis.lua b/lib/resty/acme/storage/redis.lua index c365d49..c9daf2b 100644 --- a/lib/resty/acme/storage/redis.lua +++ b/lib/resty/acme/storage/redis.lua @@ -22,6 +22,8 @@ function _M.new(conf) ssl_server_name = conf.ssl_server_name, namespace = conf.namespace or "", scan_count = conf.scan_count or 10, + username = conf.username, + password = conf.password, }, mt ) @@ -42,8 +44,18 @@ local function op(self, op, ...) if not ok then return nil, err end - - if self.auth then + + if self.username and self.password then + local _, err = client:auth(self.username, self.password) + if err then + return nil, "authentication failed " .. err + end + elseif self.password then + local _, err = client:auth(self.password) + if err then + return nil, "authentication failed " .. err + end + elseif self.auth then local _, err = client:auth(self.auth) if err then return nil, "authentication failed " .. err diff --git a/t/storage/redis.t b/t/storage/redis.t index 78427d9..d3ed2a4 100644 --- a/t/storage/redis.t +++ b/t/storage/redis.t @@ -556,3 +556,171 @@ test14:50 --- no_error_log [error] +=== TEST 15: Redis auth works with username and password +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ username = "default", password = "passdefault", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"nil +nil +3 +" +--- no_error_log +[error] + +=== TEST 16: Redis auth works with single auth (backwards compatibility) +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({auth = "passdefault", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"nil +nil +3 +" +--- no_error_log +[error] + +=== TEST 17: Redis auth works with just password +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ password = "passdefault", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"nil +nil +3 +" +--- no_error_log +[error] + +=== TEST 18: Redis auth fails with just username with error "NOAUTH Authentication required" +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ username = "default", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"NOAUTH Authentication required" +--- no_error_log +[error] + +=== TEST 19: Redis auth fails with wrong username +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ username = "kong", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"NOAUTH Authentication required" +--- no_error_log +[error] + +=== TEST 20: Redis auth fails with wrong password and no username with error "authentication failed WRONGPASS" +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ password = "wrongpass", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"authentication failed WRONGPASS" +--- no_error_log +[error] + +=== TEST 21: Redis auth fails with wrong password and correct username with error "authentication failed WRONGPASS" +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ username = "default", password = "wrongpass", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"authentication failed WRONGPASS" +--- no_error_log +[error] + +=== TEST 22: Redis auth fails with correct password and wrong username with error "authentication failed WRONGPASS" +--- http_config eval: $::HttpConfig +--- config + location =/t { + content_by_lua_block { + local st = test_lib.new({ username = "kong", password = "passdefault", port = 6380 }) + local err = st:set("key2", "3") + ngx.say(err) + local v, err = st:get("key2") + ngx.say(err) + ngx.say(v) + } + } +--- request + GET /t +--- response_body_like eval +"authentication failed WRONGPASS" +--- no_error_log +[error]