Token based authentication integration with core extension #4011
Conversation
- swith to long dates
-change exception message
- update dependency
- introduce authenticationeventlisteners - clenaup in connectionpool - add entraidtestcontext - add redisintegrationtests - fix failing tokenbasedauthentication unit&integ tests
src/main/java/redis/clients/jedis/authentication/TokenCredentials.java
Outdated
Show resolved
Hide resolved
src/test/java/redis/clients/jedis/authentication/TokenBasedAuthenticationUnitTests.java
Outdated
Show resolved
Hide resolved
src/test/java/redis/clients/jedis/authentication/TokenBasedAuthenticationUnitTests.java
Outdated
Show resolved
Hide resolved
src/test/java/redis/clients/jedis/authentication/RedisEntraIDIntegrationTests.java
Show resolved
Hide resolved
- fix flaky test
- add cluster+tba tests
- fix flaky tests
- set audiences with scopes - managed identity tests
src/main/java/redis/clients/jedis/authentication/TokenCredentials.java
Outdated
Show resolved
Hide resolved
- use getuser instead oid from Token
- fix failing unit tests
| @@ -69,11 +76,23 @@ public final void punsubscribe(T... patterns) { | |||
| } | |||
|
|
|||
| public final void ping() { | |||
| sendAndFlushCommand(Command.PING); | |||
| authenticator.commandSync.lock(); | |||
There was a problem hiding this comment.
IMHO it would be good to mention why we need to lock here.
As far as I can tell this is because the AUTH command is async and we want to be sure we dont get a concurrency problem when the user and auth threads attempt to write in the same time?
There was a problem hiding this comment.
thats correct , i will provide explanation in another iteration
src/test/java/redis/clients/jedis/authentication/TokenBasedAuthenticationUnitTests.java
Show resolved
Hide resolved
| AuthXManager manager = new AuthXManager(EntraIDTokenAuthConfigBuilder.builder() | ||
| .lowerRefreshBoundMillis(1000).identityProviderConfig(idpConfig).build()); | ||
|
|
||
| HostAndPort hp = HostAndPorts.getClusterServers().get(0); |
There was a problem hiding this comment.
You should use here cluster-entraid-acl endpoint
There was a problem hiding this comment.
as long as this endpoint answers to cluster commands it would be fine. Right now the tests can run without entraid enabled endpoints and make the necessary assertions on it. It would be better to keep them running on each commit.
There was a problem hiding this comment.
In the integration test, we do not bring up the endpoints hardcoded in the cluster config, so we need to switch to the cluster-entraid-acl to be able to run the tests. Let me know if I'm missing something here.
There was a problem hiding this comment.
yes , it doesnt run with entraid enabled env but runs within every integration test in jedis repo
| return result; | ||
| }).when(authXManager).addConnection(any(Connection.class)); | ||
|
|
||
| HostAndPort hp = HostAndPorts.getClusterServers().get(0); |
There was a problem hiding this comment.
same case with other one
src/test/java/redis/clients/jedis/authentication/TokenBasedAuthenticationIntegrationTests.java
Outdated
Show resolved
Hide resolved
This PR Provides the required changes to integrate the token based authentication using the
coremodule from redis-authx.AuthXManager is the main component which handles the id provider creation and management as well as glueing the renewal process to jedis clients internal connection management.
An instance of
AuthXManagershould be provided to jedis simply via JedisClientConfiguration.The configuration and creation of AuthXManager can be easily achieved through identity provider-specific configuration builders.
MS EntraID identity provider is already provided within redis-authx.
A basic usage would look like;