Enable unique password configuration for redis and sentinels

Allow workhorse to be configured with different passwords
for the redis and sentinels services.

Related https://gitlab.com/gitlab-org/gitlab/-/issues/422820

Changelog: fixed

Signed-off-by: Balasankar "Balu" C <[email protected]>

Author: balasankarc

files/gitlab-cookbooks/gitlab/libraries/redis_helper.rb

@@ -70,7 +70,7 @@ def workhorse_params
         password: redis_params.last,
         sentinels: redis_sentinel_urls('redis_sentinels'),
         sentinelMaster: redis['master_name'],
-        sentinelPassword: redis['master_password']
+        sentinelPassword: gitlab_rails['redis_sentinels_password']
       }
     end
   end

files/gitlab-cookbooks/gitlab/recipes/gitlab-workhorse.rb

@@ -108,7 +108,7 @@
     password: redis_params[:password],
     sentinels: redis_params[:sentinels],
     sentinel_master: redis_params[:sentinelMaster],
-    master_password: redis_params[:sentinelPassword],
+    sentinel_password: redis_params[:sentinelPassword],
     shutdown_timeout: shutdown_timeout,
     image_scaler_max_procs: image_scaler_max_procs,
     image_scaler_max_filesize: image_scaler_max_filesize,

files/gitlab-cookbooks/gitlab/templates/default/workhorse-config.toml.erb

@@ -13,13 +13,13 @@ trusted_cidrs_for_x_forwarded_for = <%= @trusted_cidrs_for_x_forwarded_for.to_js
 
 <% if @workhorse_keywatcher %>
 [redis]
+Password = "<%= @password %>"
 <% if @sentinels.empty? %>
 URL = "<%= @redis_url %>"
-Password = "<%= @password %>"
 <% else %>
 Sentinel = <%= @sentinels.to_json %>
 SentinelMaster = "<%= @sentinel_master %>"
-Password = "<%= @master_password %>"
+SentinelPassword = "<%= @sentinel_password %>"
 <% end %>
 <% end %>
 

spec/chef/cookbooks/gitlab/libraries/redis_helper_spec.rb

@@ -186,7 +186,7 @@
           expect(params[:password]).to eq('password_from.redis.master_password')
           expect(params[:sentinels].map(&:to_s)).to eq(%w[redis://sentinel1.example.com:12345 redis://sentinel2.example.com:12345])
           expect(params[:sentinelMaster]).to eq('master_from.redis.master_name')
-          expect(params[:sentinelPassword]).to eq('password_from.redis.master_password')
+          expect(params[:sentinelPassword]).to be_nil
           expect(params[:url].to_s).to eq("redis://:password_from.redis.master_password@master_from.redis.master_name/")
         end
       end

spec/chef/cookbooks/gitlab/recipes/gitlab-workhorse_spec.rb

@@ -610,9 +610,11 @@
     it 'should generate config file with the specified values' do
       content = 'Sentinel = ["redis://:[email protected]:26379","redis://:[email protected]:12345"]'
       content_sentinel_master = 'SentinelMaster = "examplemaster"'
-      content_sentinel_password = 'Password = "examplepassword"'
+      content_password = 'Password = "examplepassword"'
+      content_sentinel_password = 'SentinelPassword = "some pass"'
       content_url = 'URL ='
       expect(chef_run).to render_file("/var/opt/gitlab/gitlab-workhorse/config.toml").with_content(content)
+      expect(chef_run).to render_file("/var/opt/gitlab/gitlab-workhorse/config.toml").with_content(content_password)
       expect(chef_run).to render_file("/var/opt/gitlab/gitlab-workhorse/config.toml").with_content(content_sentinel_master)
       expect(chef_run).to render_file("/var/opt/gitlab/gitlab-workhorse/config.toml").with_content(content_sentinel_password)
       expect(chef_run).not_to render_file("/var/opt/gitlab/gitlab-workhorse/config.toml").with_content(content_url)