ICU-14484: redis connect helper (#6001)

* add redis connect support
* Setup redis in docker for e2e testing
* Update docs and changelog
* Commenting out e2e tests for now, will revisit in a separate task

Author: laero

CHANGELOG.md

@@ -16,12 +16,17 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   This new helper command allows users to authorize sessions against Cassandra 
   targets and automatically invoke a Cassandra client with the appropriate 
   connection parameters and credentials. Currently only username/password credentials are automatically attached.
+* cli: Added `boundary connect redis` command for connecting to Redis targets.
+  This new helper command allows users to authorize sessions against Redis
+  targets and automatically invoke a Redis client with the appropriate
+  connection parameters and credentials. Currently only username/password credentials are automatically attached.
 * ui: Improved load times for resource tables with search and filtering capabilities by replacing indexeddb for local data storage with sqlite (WASM) and OPFS ([PR](https://github.com/hashicorp/boundary-ui/pull/2984))
 
 ### Bug fixes
 * ui: Fixed rendering bug where header for the Host details page rendered multiple times ([PR](https://github.com/hashicorp/boundary-ui/pull/2980))
 * ui: Fixed bug where worker tags could not be removed when creating a new worker ([PR](https://github.com/hashicorp/boundary-ui/pull/2928))
 
+
 ### Deprecations/Changes
 
 * Modified parsing logic for various IP/host/address fields across Boundary.

enos/modules/test_e2e_docker/test.sh

@@ -41,6 +41,8 @@ install_cassandra() {
 # Install Cassandra
 install_cassandra
 
+# Install Redis
+apt install redis-server -y
 
 # Create a GPG key
 export KEY_PW=boundary

internal/cmd/commands.go

@@ -423,6 +423,12 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 				Func:    "cassandra",
 			}
 		}),
+		"connect redis": wrapper.Wrap(func() wrapper.WrappableCommand {
+			return &connect.Command{
+				Command: base.NewCommand(ui, opts...),
+				Func:    "redis",
+			}
+		}),
 		"connect rdp": wrapper.Wrap(func() wrapper.WrappableCommand {
 			return &connect.Command{
 				Command: base.NewCommand(ui, opts...),

internal/cmd/commands/connect/connect.go

@@ -84,6 +84,9 @@ type Command struct {
 	// Cassandra
 	cassandraFlags
 
+	// Redis
+	redisFlags
+
 	// RDP
 	rdpFlags
 
@@ -114,6 +117,8 @@ func (c *Command) Synopsis() string {
 		return mysqlSynopsis
 	case "cassandra":
 		return cassandraSynopsis
+	case "redis":
+		return redisSynopsis
 	case "rdp":
 		return rdpSynopsis
 	case "ssh":
@@ -239,6 +244,9 @@ func (c *Command) Flags() *base.FlagSets {
 	case "cassandra":
 		cassandraOptions(c, set)
 
+	case "redis":
+		redisOptions(c, set)
+
 	case "rdp":
 		rdpOptions(c, set)
 
@@ -330,6 +338,8 @@ func (c *Command) Run(args []string) (retCode int) {
 			c.flagExec = c.mysqlFlags.defaultExec()
 		case "cassandra":
 			c.flagExec = c.cassandraFlags.defaultExec()
+		case "redis":
+			c.flagExec = c.redisFlags.defaultExec()
 		case "rdp":
 			c.flagExec = c.rdpFlags.defaultExec()
 		case "kube":
@@ -714,6 +724,16 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs
 		envs = append(envs, cassandraEnvs...)
 		creds = cassandraCreds
 
+	case "redis":
+		redisArgs, redisEnvs, redisCreds, redisErr := c.redisFlags.buildArgs(c, port, host, addr, creds)
+		if redisErr != nil {
+			argsErr = redisErr
+			break
+		}
+		args = append(args, redisArgs...)
+		envs = append(envs, redisEnvs...)
+		creds = redisCreds
+
 	case "rdp":
 		args = append(args, c.rdpFlags.buildArgs(c, port, host, addr)...)
 

internal/cmd/commands/connect/redis.go

@@ -0,0 +1,82 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connect
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/boundary/api/proxy"
+	"github.com/hashicorp/boundary/internal/cmd/base"
+	"github.com/posener/complete"
+)
+
+const (
+	redisSynopsis = "Authorize a session against a target and invoke a redis client to connect"
+)
+
+func redisOptions(c *Command, set *base.FlagSets) {
+	f := set.NewFlagSet("Redis Options")
+
+	f.StringVar(&base.StringVar{
+		Name:       "style",
+		Target:     &c.flagRedisStyle,
+		EnvVar:     "BOUNDARY_CONNECT_REDIS_STYLE",
+		Completion: complete.PredictSet("redis-cli"),
+		Default:    "redis-cli",
+		Usage:      `Specifies how the CLI will attempt to invoke a Redis client. This will also set a suitable default for -exec if a value was not specified. Currently-understood values are "redis-cli".`,
+	})
+
+	f.StringVar(&base.StringVar{
+		Name:       "username",
+		Target:     &c.flagUsername,
+		EnvVar:     "BOUNDARY_CONNECT_USERNAME",
+		Completion: complete.PredictNothing,
+		Usage:      `Specifies the username to pass through to the client. May be overridden by credentials sourced from a credential store.`,
+	})
+}
+
+type redisFlags struct {
+	flagRedisStyle string
+}
+
+func (r *redisFlags) defaultExec() string {
+	return strings.ToLower(r.flagRedisStyle)
+}
+
+func (r *redisFlags) buildArgs(c *Command, port, ip, _ string, creds proxy.Credentials) (args, envs []string, retCreds proxy.Credentials, retErr error) {
+	var username, password string
+
+	retCreds = creds
+	if len(retCreds.UsernamePassword) > 0 {
+		// Mark credential as consumed, such that it is not printed to the user
+		retCreds.UsernamePassword[0].Consumed = true
+
+		// Grab the first available username/password credential brokered
+		username = retCreds.UsernamePassword[0].Username
+		password = retCreds.UsernamePassword[0].Password
+	}
+
+	switch r.flagRedisStyle {
+	case "redis-cli":
+		args = append(args, "-h", ip)
+		if port != "" {
+			args = append(args, "-p", port)
+		}
+
+		switch {
+		case username != "":
+			args = append(args, "--user", username)
+		case c.flagUsername != "":
+			args = append(args, "--user", c.flagUsername, "--askpass")
+		}
+
+		// Password is read by redis-cli via environment variable. The password disappears after the command exits.
+		if password != "" {
+			envs = append(envs, fmt.Sprintf("REDISCLI_AUTH=%s", password))
+		}
+	}
+
+	return args, envs, retCreds, retErr
+}

testing/internal/e2e/infra/docker.go

@@ -35,6 +35,12 @@ type cassandraConfig struct {
 	NetworkAlias string
 }
 
+type redisConfig struct {
+	User         string
+	Password     string
+	NetworkAlias string
+}
+
 // StartBoundaryDatabase spins up a postgres database in a docker container.
 // Returns information about the container
 func StartBoundaryDatabase(t testing.TB, pool *dockertest.Pool, network *dockertest.Network, repository, tag string) *Container {
@@ -421,6 +427,63 @@ func StartCassandra(t testing.TB, pool *dockertest.Pool, network *dockertest.Net
 	}
 }
 
+// StartRedis starts a Redis database in a docker container.
+// Returns information about the container
+func StartRedis(t testing.TB, pool *dockertest.Pool, network *dockertest.Network, repository, tag string) *Container {
+	t.Log("Starting Redis database...")
+	c, err := LoadConfig()
+	require.NoError(t, err)
+
+	err = pool.Client.PullImage(docker.PullImageOptions{
+		Repository: fmt.Sprintf("%s/%s", c.DockerMirror, repository),
+		Tag:        tag,
+	}, docker.AuthConfiguration{})
+	require.NoError(t, err)
+
+	config := redisConfig{
+		User:         "e2eboundary",
+		Password:     "e2eboundary",
+		NetworkAlias: "e2eredis",
+	}
+
+	resource, err := pool.RunWithOptions(&dockertest.RunOptions{
+		Repository:   fmt.Sprintf("%s/%s", c.DockerMirror, repository),
+		Tag:          tag,
+		ExposedPorts: []string{"6379/tcp"},
+		Name:         config.NetworkAlias,
+		Networks:     []*dockertest.Network{network},
+	})
+	require.NoError(t, err)
+
+	err = pool.Retry(func() error {
+		cmd := exec.Command("docker", "exec", config.NetworkAlias, "redis-cli", "PING")
+		output, cmdErr := cmd.CombinedOutput()
+		if cmdErr != nil {
+			return fmt.Errorf("failed to connect to Redis container '%s': %v\nOutput: %s", config.NetworkAlias, cmdErr, string(output))
+		}
+		return nil
+	})
+	require.NoError(t, err, "Redis container did not start in time or is not healthy")
+
+	err = setupRedisAuthAndUser(t, resource, pool, &config)
+	require.NoError(t, err)
+
+	return &Container{
+		Resource: resource,
+		UriLocalhost: fmt.Sprintf(
+			"redis://%s:%s@localhost:6379",
+			config.User,
+			config.Password,
+		),
+		UriNetwork: fmt.Sprintf(
+			"redis://%s:%s@%s:6379",
+			config.User,
+			config.Password,
+			config.NetworkAlias,
+		),
+	}
+}
+
 // setupCassandraAuthAndUser enables authentication on a Cassandra container and creates a user with permissions.
 func setupCassandraAuthAndUser(t testing.TB, resource *dockertest.Resource, pool *dockertest.Pool, config *cassandraConfig) error {
 	t.Helper()
@@ -479,3 +542,19 @@ func setupCassandraAuthAndUser(t testing.TB, resource *dockertest.Resource, pool
 	}
 	return nil
 }
+
+// setupRedisAuthAndUser configures a Redis container by creating a user with permissions.
+func setupRedisAuthAndUser(t testing.TB, resource *dockertest.Resource, pool *dockertest.Pool, config *redisConfig) error {
+	t.Helper()
+	t.Log("Configuring Redis authentication and user permissions...")
+
+	err := exec.Command(
+		"docker", "exec", config.NetworkAlias, "redis-cli",
+		"ACL", "SETUSER", config.User, "on", fmt.Sprintf(">%s", config.Password), "+@read", "+@write", "allkeys",
+	).Run()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}