feature: add redis resource access for PAM

backend/src/ee/routes/v1/pam-account-routers/index.ts

@@ -19,6 +19,11 @@ import {
   SanitizedPostgresAccountWithResourceSchema,
   UpdatePostgresAccountSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  CreateRedisAccountSchema,
+  SanitizedRedisAccountWithResourceSchema,
+  UpdateRedisAccountSchema
+} from "@app/ee/services/pam-resource/redis/redis-resource-schemas";
 import {
   CreateSSHAccountSchema,
   SanitizedSSHAccountWithResourceSchema,
@@ -46,6 +51,15 @@ export const PAM_ACCOUNT_REGISTER_ROUTER_MAP: Record<PamResource, (server: Fasti
       updateAccountSchema: UpdateMySQLAccountSchema
     });
   },
+  [PamResource.Redis]: async (server: FastifyZodProvider) => {
+    registerPamAccountEndpoints({
+      server,
+      resourceType: PamResource.Redis,
+      accountResponseSchema: SanitizedRedisAccountWithResourceSchema,
+      createAccountSchema: CreateRedisAccountSchema,
+      updateAccountSchema: UpdateRedisAccountSchema
+    });
+  },
   [PamResource.SSH]: async (server: FastifyZodProvider) => {
     registerPamAccountEndpoints({
       server,

backend/src/ee/routes/v1/pam-account-routers/pam-account-router.ts

@@ -9,6 +9,7 @@ import { SanitizedMySQLAccountWithResourceSchema } from "@app/ee/services/pam-re
 import { PamResource } from "@app/ee/services/pam-resource/pam-resource-enums";
 import { GatewayAccessResponseSchema } from "@app/ee/services/pam-resource/pam-resource-schemas";
 import { SanitizedPostgresAccountWithResourceSchema } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import { SanitizedRedisAccountWithResourceSchema } from "@app/ee/services/pam-resource/redis/redis-resource-schemas";
 import { SanitizedSSHAccountWithResourceSchema } from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
 import { BadRequestError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
@@ -22,6 +23,7 @@ const SanitizedAccountSchema = z.union([
   SanitizedSSHAccountWithResourceSchema, // ORDER MATTERS
   SanitizedPostgresAccountWithResourceSchema,
   SanitizedMySQLAccountWithResourceSchema,
+  SanitizedRedisAccountWithResourceSchema,
   SanitizedKubernetesAccountWithResourceSchema,
   SanitizedAwsIamAccountWithResourceSchema
 ]);
@@ -134,9 +136,10 @@ export const registerPamAccountRouter = async (server: FastifyZodProvider) => {
       }),
       response: {
         200: z.discriminatedUnion("resourceType", [
-          // Gateway-based resources (Postgres, MySQL, SSH)
+          // Gateway-based resources (Postgres, MySQL, Redis, SSH)
           GatewayAccessResponseSchema.extend({ resourceType: z.literal(PamResource.Postgres) }),
           GatewayAccessResponseSchema.extend({ resourceType: z.literal(PamResource.MySQL) }),
+          GatewayAccessResponseSchema.extend({ resourceType: z.literal(PamResource.Redis) }),
           GatewayAccessResponseSchema.extend({ resourceType: z.literal(PamResource.SSH) }),
           GatewayAccessResponseSchema.extend({ resourceType: z.literal(PamResource.Kubernetes) }),
           // AWS IAM (no gateway, returns console URL)

backend/src/ee/routes/v1/pam-resource-routers/index.ts

@@ -19,6 +19,11 @@ import {
   SanitizedPostgresResourceSchema,
   UpdatePostgresResourceSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  CreateRedisResourceSchema,
+  SanitizedRedisResourceSchema,
+  UpdateRedisResourceSchema
+} from "@app/ee/services/pam-resource/redis/redis-resource-schemas";
 import {
   CreateSSHResourceSchema,
   SanitizedSSHResourceSchema,
@@ -78,5 +83,14 @@ export const PAM_RESOURCE_REGISTER_ROUTER_MAP: Record<PamResource, (server: Fast
       createResourceSchema: CreateAwsIamResourceSchema,
       updateResourceSchema: UpdateAwsIamResourceSchema
     });
+  },
+  [PamResource.Redis]: async (server: FastifyZodProvider) => {
+    registerPamResourceEndpoints({
+      server,
+      resourceType: PamResource.Redis,
+      resourceResponseSchema: SanitizedRedisResourceSchema,
+      createResourceSchema: CreateRedisResourceSchema,
+      updateResourceSchema: UpdateRedisResourceSchema
+    });
   }
 };

backend/src/ee/routes/v1/pam-resource-routers/pam-resource-router.ts

@@ -18,6 +18,10 @@ import {
   PostgresResourceListItemSchema,
   SanitizedPostgresResourceSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  RedisResourceListItemSchema,
+  SanitizedRedisResourceSchema
+} from "@app/ee/services/pam-resource/redis/redis-resource-schemas";
 import {
   SanitizedSSHResourceSchema,
   SSHResourceListItemSchema
@@ -32,15 +36,17 @@ const SanitizedResourceSchema = z.union([
   SanitizedMySQLResourceSchema,
   SanitizedSSHResourceSchema,
   SanitizedKubernetesResourceSchema,
-  SanitizedAwsIamResourceSchema
+  SanitizedAwsIamResourceSchema,
+  SanitizedRedisResourceSchema
 ]);
 
 const ResourceOptionsSchema = z.discriminatedUnion("resource", [
   PostgresResourceListItemSchema,
   MySQLResourceListItemSchema,
   SSHResourceListItemSchema,
   KubernetesResourceListItemSchema,
-  AwsIamResourceListItemSchema
+  AwsIamResourceListItemSchema,
+  RedisResourceListItemSchema
 ]);
 
 export const registerPamResourceRouter = async (server: FastifyZodProvider) => {

backend/src/ee/routes/v1/pam-session-router.ts

@@ -5,6 +5,7 @@ import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { KubernetesSessionCredentialsSchema } from "@app/ee/services/pam-resource/kubernetes/kubernetes-resource-schemas";
 import { MySQLSessionCredentialsSchema } from "@app/ee/services/pam-resource/mysql/mysql-resource-schemas";
 import { PostgresSessionCredentialsSchema } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import { RedisSessionCredentialsSchema } from "@app/ee/services/pam-resource/redis/redis-resource-schemas";
 import { SSHSessionCredentialsSchema } from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
 import {
   HttpEventSchema,
@@ -20,7 +21,8 @@ const SessionCredentialsSchema = z.union([
   SSHSessionCredentialsSchema,
   PostgresSessionCredentialsSchema,
   MySQLSessionCredentialsSchema,
-  KubernetesSessionCredentialsSchema
+  KubernetesSessionCredentialsSchema,
+  RedisSessionCredentialsSchema
 ]);
 
 export const registerPamSessionRouter = async (server: FastifyZodProvider) => {

backend/src/ee/services/pam-account/pam-account-service.ts

@@ -58,6 +58,7 @@ import { getFullPamFolderPath } from "../pam-folder/pam-folder-fns";
 import { TPamResourceDALFactory } from "../pam-resource/pam-resource-dal";
 import { PamResource } from "../pam-resource/pam-resource-enums";
 import { TPamAccountCredentials } from "../pam-resource/pam-resource-types";
+import { TRedisAccountCredentials } from "../pam-resource/redis/redis-resource-types";
 import { TSqlAccountCredentials, TSqlResourceConnectionDetails } from "../pam-resource/shared/sql/sql-resource-types";
 import { TSSHAccountCredentials, TSSHResourceMetadata } from "../pam-resource/ssh/ssh-resource-types";
 import { TPamSessionDALFactory } from "../pam-session/pam-session-dal";
@@ -883,6 +884,21 @@ export const pamAccountServiceFactory = ({
           };
         }
         break;
+      case PamResource.Redis:
+        {
+          const credentials = (await decryptAccountCredentials({
+            encryptedCredentials: account.encryptedCredentials,
+            kmsService,
+            projectId
+          })) as TRedisAccountCredentials;
+
+          metadata = {
+            username: credentials.username,
+            accountName: account.name,
+            accountPath: folderPath
+          };
+        }
+        break;
       case PamResource.SSH:
         {
           const credentials = (await decryptAccountCredentials({

backend/src/ee/services/pam-resource/pam-resource-enums.ts

@@ -3,7 +3,8 @@ export enum PamResource {
   MySQL = "mysql",
   SSH = "ssh",
   Kubernetes = "kubernetes",
-  AwsIam = "aws-iam"
+  AwsIam = "aws-iam",
+  Redis = "redis"
 }
 
 export enum PamResourceOrderBy {

backend/src/ee/services/pam-resource/pam-resource-factory.ts

@@ -2,6 +2,7 @@ import { awsIamResourceFactory } from "./aws-iam/aws-iam-resource-factory";
 import { kubernetesResourceFactory } from "./kubernetes/kubernetes-resource-factory";
 import { PamResource } from "./pam-resource-enums";
 import { TPamAccountCredentials, TPamResourceConnectionDetails, TPamResourceFactory } from "./pam-resource-types";
+import { redisResourceFactory } from "./redis/redis-resource-factory";
 import { sqlResourceFactory } from "./shared/sql/sql-resource-factory";
 import { sshResourceFactory } from "./ssh/ssh-resource-factory";
 
@@ -12,5 +13,6 @@ export const PAM_RESOURCE_FACTORY_MAP: Record<PamResource, TPamResourceFactoryIm
   [PamResource.MySQL]: sqlResourceFactory as TPamResourceFactoryImplementation,
   [PamResource.SSH]: sshResourceFactory as TPamResourceFactoryImplementation,
   [PamResource.Kubernetes]: kubernetesResourceFactory as TPamResourceFactoryImplementation,
-  [PamResource.AwsIam]: awsIamResourceFactory as TPamResourceFactoryImplementation
+  [PamResource.AwsIam]: awsIamResourceFactory as TPamResourceFactoryImplementation,
+  [PamResource.Redis]: redisResourceFactory as TPamResourceFactoryImplementation
 };

backend/src/ee/services/pam-resource/pam-resource-fns.ts

@@ -8,13 +8,15 @@ import { getKubernetesResourceListItem } from "./kubernetes/kubernetes-resource-
 import { getMySQLResourceListItem } from "./mysql/mysql-resource-fns";
 import { TPamResource, TPamResourceConnectionDetails, TPamResourceMetadata } from "./pam-resource-types";
 import { getPostgresResourceListItem } from "./postgres/postgres-resource-fns";
+import { getRedisResourceListItem } from "./redis/redis-resource-fns";
 
 export const listResourceOptions = () => {
   return [
     getPostgresResourceListItem(),
     getMySQLResourceListItem(),
     getAwsIamResourceListItem(),
-    getKubernetesResourceListItem()
+    getKubernetesResourceListItem(),
+    getRedisResourceListItem()
   ].sort((a, b) => a.name.localeCompare(b.name));
 };
 

backend/src/ee/services/pam-resource/pam-resource-types.ts

@@ -26,6 +26,12 @@ import {
   TPostgresResource,
   TPostgresResourceConnectionDetails
 } from "./postgres/postgres-resource-types";
+import {
+  TRedisAccount,
+  TRedisAccountCredentials,
+  TRedisResource,
+  TRedisResourceConnectionDetails
+} from "./redis/redis-resource-types";
 import {
   TSSHAccount,
   TSSHAccountCredentials,
@@ -35,25 +41,39 @@ import {
 } from "./ssh/ssh-resource-types";
 
 // Resource types
-export type TPamResource = TPostgresResource | TMySQLResource | TSSHResource | TAwsIamResource | TKubernetesResource;
+export type TPamResource =
+  | TPostgresResource
+  | TMySQLResource
+  | TSSHResource
+  | TAwsIamResource
+  | TKubernetesResource
+  | TRedisResource;
 export type TPamResourceConnectionDetails =
   | TPostgresResourceConnectionDetails
   | TMySQLResourceConnectionDetails
   | TSSHResourceConnectionDetails
   | TKubernetesResourceConnectionDetails
-  | TAwsIamResourceConnectionDetails;
+  | TAwsIamResourceConnectionDetails
+  | TRedisResourceConnectionDetails;
 export type TPamResourceMetadata = TSSHResourceMetadata;
 
 // Account types
-export type TPamAccount = TPostgresAccount | TMySQLAccount | TSSHAccount | TAwsIamAccount | TKubernetesAccount;
+export type TPamAccount =
+  | TPostgresAccount
+  | TMySQLAccount
+  | TSSHAccount
+  | TAwsIamAccount
+  | TKubernetesAccount
+  | TRedisAccount;
 
 export type TPamAccountCredentials =
   | TPostgresAccountCredentials
   // eslint-disable-next-line @typescript-eslint/no-duplicate-type-constituents
   | TMySQLAccountCredentials
   | TSSHAccountCredentials
   | TKubernetesAccountCredentials
-  | TAwsIamAccountCredentials;
+  | TAwsIamAccountCredentials
+  | TRedisAccountCredentials;
 
 // Resource DTOs
 export type TCreateResourceDTO = Pick<TPamResource, "name" | "connectionDetails" | "resourceType" | "projectId"> & {