Skip to content

refactor(auth): replace in-memory auth cache with Redis#2289

Merged
jakubno merged 3 commits intomainfrom
refactor/dashboard-api-cache-invalidation-to-use-redis
Apr 2, 2026
Merged

refactor(auth): replace in-memory auth cache with Redis#2289
jakubno merged 3 commits intomainfrom
refactor/dashboard-api-cache-invalidation-to-use-redis

Conversation

@ben-fornefeld
Copy link
Copy Markdown
Member

@ben-fornefeld ben-fornefeld commented Apr 2, 2026

Summary

  • Replaces the in-memory MemoryCache in AuthCache with RedisCache so auth cache invalidation is correct across all service instances
  • Both API and dashboard-API now share a Redis-backed auth cache (prefix auth:team) with 5m TTL and 1m background refresh
  • Wires Redis config (URL, cluster URL, TLS CA) into the dashboard-API's Nomad job via Terraform

Changes

  • packages/auth/pkg/auth/cache.goNewAuthCache now takes a redis.UniversalClient; uses RedisCache directly
  • packages/api/internal/handlers/store.go — passes existing redisClient to NewAuthCache
  • packages/dashboard-api/main.go — creates Redis client via factories.NewRedisClient
  • packages/dashboard-api/internal/cfg/model.go — adds RedisURL, RedisClusterURL, RedisTLSCABase64
  • iac/modules/job-dashboard-api/ — adds Redis variables and env vars to Nomad job
  • iac/provider-gcp/nomad/main.tf — passes Redis config to dashboard-api module

Test plan

  • go build ./... passes for auth, api, and dashboard-api packages
  • go test ./... passes for auth and dashboard-api packages
  • Lint passes for all modified packages (pre-existing Linux-only failures unaffected)
  • Verify Redis connectivity in staging after deploy

🤖 Generated with Claude Code

@ben-fornefeld @claude
refactor(auth): replace in-memory auth cache with Redis for correct c…
1352c3f 
…ross-instance invalidation

Both the API and dashboard-API now use a shared Redis-backed auth cache
(prefix "auth:team") instead of per-process in-memory caches. This ensures
cache invalidation is consistent across all service instances.

- Replace MemoryCache with RedisCache in AuthCache
- NewAuthCache now requires a redis.UniversalClient parameter
- Add Redis config vars to dashboard-api (cfg, Nomad job, Terraform module)
- Wire existing redisClient through to auth cache in API's store.go

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@cursor
Copy link
Copy Markdown

cursor bot commented Apr 2, 2026
edited
Loading

PR Summary

Medium Risk
Touches authentication caching and invalidation behavior across services and introduces a new runtime dependency on Redis configuration, so misconfiguration or Redis issues could impact auth checks and team membership changes.

Overview
This PR switches the shared auth/team cache from an in-memory implementation to a Redis-backed cache (with a shared auth:team prefix), updating cache invalidation APIs to be context-aware and wiring existing and new callers (API and dashboard-api) to pass a Redis client. It also makes dashboard-api require Redis configuration at startup, creates/cleans up a Redis client in main.go, and propagates Redis URL/cluster/TLS CA settings through Terraform/Nomad so deployments provide the needed env vars.

Written by Cursor Bugbot for commit 709f813. This will update automatically on new commits. Configure here.

@ben-fornefeld
Merge remote-tracking branch 'origin/main' into refactor/dashboard-ap…
6291d24 
…i-cache-invalidation-to-use-redis

# Conflicts:
#	packages/auth/pkg/auth/cache.go
claude[bot]
claude bot reviewed Apr 2, 2026
View reviewed changes
@ben-fornefeld @claude
fix(dashboard-api): validate Redis config at startup
709f813 
Add post-parse validation that at least one of REDIS_URL or
REDIS_CLUSTER_URL is set, surfacing a clear error instead of the
misleading "redis is disabled" fatal from the factory.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jakubno jakubno merged commit 7183ee1 into main Apr 2, 2026
36 checks passed
@jakubno jakubno deleted the refactor/dashboard-api-cache-invalidation-to-use-redis branch April 2, 2026 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@djeebus djeebus djeebus approved these changes

@dobrac dobrac dobrac approved these changes

@jakubno jakubno jakubno approved these changes

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

Assignees

@jakubno jakubno

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ben-fornefeld @djeebus @dobrac @jakubno