MCLOUD-7694: Add possibility to use authentication for Redis/Elasticache (#42)

Author: shiftedreality

src/Config/Factory/Cache.php

@@ -7,6 +7,7 @@
 
 namespace Magento\MagentoCloud\Config\Factory;
 
+use Magento\MagentoCloud\Config\ConfigException;
 use Magento\MagentoCloud\Config\ConfigMerger;
 use Magento\MagentoCloud\Config\Stage\DeployInterface;
 use Magento\MagentoCloud\Service\Redis;
@@ -20,18 +21,18 @@ class Cache
     /**
      * Redis database to store default cache data
      */
-    const REDIS_DATABASE_DEFAULT = 1;
+    public const REDIS_DATABASE_DEFAULT = 1;
 
     /**
      * Redis database to store page cache data
      */
-    const REDIS_DATABASE_PAGE_CACHE = 2;
+    public const REDIS_DATABASE_PAGE_CACHE = 2;
 
-    const REDIS_BACKEND_CM_CACHE = 'Cm_Cache_Backend_Redis';
-    const REDIS_BACKEND_REDIS_CACHE = '\Magento\Framework\Cache\Backend\Redis';
-    const REDIS_BACKEND_REMOTE_SYNCHRONIZED_CACHE = '\Magento\Framework\Cache\Backend\RemoteSynchronizedCache';
+    public const REDIS_BACKEND_CM_CACHE = 'Cm_Cache_Backend_Redis';
+    public const REDIS_BACKEND_REDIS_CACHE = '\Magento\Framework\Cache\Backend\Redis';
+    public const REDIS_BACKEND_REMOTE_SYNCHRONIZED_CACHE = '\Magento\Framework\Cache\Backend\RemoteSynchronizedCache';
 
-    const AVAILABLE_REDIS_BACKEND = [
+    public const AVAILABLE_REDIS_BACKEND = [
         self::REDIS_BACKEND_CM_CACHE,
         self::REDIS_BACKEND_REDIS_CACHE,
         self::REDIS_BACKEND_REMOTE_SYNCHRONIZED_CACHE
@@ -83,7 +84,7 @@ public function __construct(
      * Returns an empty array in other case.
      *
      * @return array
-     * @throws \Magento\MagentoCloud\Config\ConfigException
+     * @throws ConfigException
      */
     public function get(): array
     {
@@ -162,7 +163,7 @@ public function get(): array
      * @param array $envCacheConfiguration
      * @param array $redisConfig
      * @return array
-     * @throws \Magento\MagentoCloud\Config\ConfigException
+     * @throws ConfigException
      */
     private function getSlaveConnection(array $envCacheConfiguration, array $redisConfig): array
     {
@@ -176,6 +177,11 @@ private function getSlaveConnection(array $envCacheConfiguration, array $redisCo
                 $config['load_from_slave']['port'] = $redisSlaveConfig['port'] ?? '';
                 $config['read_timeout'] = 1;
                 $config['retry_reads_on_master'] = 1;
+
+                if (!empty($redisSlaveConfig['password'])) {
+                    $config['load_from_slave']['password'] = $redisSlaveConfig['password'];
+                }
+
                 $this->logger->info('Set Redis slave connection');
             } else {
                 $this->logger->notice(
@@ -211,7 +217,7 @@ private function isCacheConfigurationValid(array $cacheConfiguration): bool
      * @param array $envCacheConfig
      * @param array $redisConfig
      * @return bool
-     * @throws \Magento\MagentoCloud\Config\ConfigException
+     * @throws ConfigException
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      */
     private function isConfigurationCompatibleWithSlaveConnection(
@@ -253,13 +259,19 @@ private function isConfigurationCompatibleWithSlaveConnection(
      */
     private function getUnsyncedConfigStructure(string $envCacheBackendModel, array $redisConfig): array
     {
-        return [
+        $config = [
             'backend' => $envCacheBackendModel,
             'backend_options' => [
                 'server' => $redisConfig['host'],
                 'port' => $redisConfig['port'],
             ]
         ];
+
+        if (!empty($redisConfig['password'])) {
+            $config['backend_options']['password'] = (string)$redisConfig['password'];
+        }
+
+        return $config;
     }
 
     /**
@@ -271,7 +283,7 @@ private function getUnsyncedConfigStructure(string $envCacheBackendModel, array
      */
     private function getSynchronizedConfigStructure(string $envCacheBackendModel, array $redisConfig): array
     {
-        return [
+        $config = [
             'backend' => $envCacheBackendModel,
             'backend_options' => [
                 'remote_backend' => '\Magento\Framework\Cache\Backend\Redis',
@@ -292,17 +304,24 @@ private function getSynchronizedConfigStructure(string $envCacheBackendModel, ar
                 'write_control' => false,
             ]
         ];
+
+        if (!empty($redisConfig['password'])) {
+            $config['backend_options']['remote_backend_options']['password'] = (string)$redisConfig['password'];
+        }
+
+        return $config;
     }
 
     /**
      * Checks that config contains synchronized cache model and need to use synchronized config structure.
      *
      * @return bool
-     * @throws \Magento\MagentoCloud\Config\ConfigException
+     * @throws ConfigException
      */
     private function isSynchronizedConfigStructure(): bool
     {
         $model = (string)$this->stageConfig->get(DeployInterface::VAR_CACHE_REDIS_BACKEND);
+
         return $model === self::REDIS_BACKEND_REMOTE_SYNCHRONIZED_CACHE;
     }
 }

src/Service/Adapter/CredisFactory.php

@@ -22,16 +22,18 @@ class CredisFactory
      * @param string $server
      * @param int $port
      * @param int $database
+     * @param string|null $password
      * @return Credis_Client
      */
-    public function create(string $server, int $port, int $database): Credis_Client
+    public function create(string $server, int $port, int $database, string $password = null): Credis_Client
     {
         return new Credis_Client(
             $server,
             $port,
             null,
             '',
-            $database
+            $database,
+            $password
         );
     }
 }

src/Service/Redis/Version.php

@@ -41,19 +41,20 @@ public function getVersion(array $redisConfig): string
     {
         $version = '0';
 
-        //on integration environments
+        // On integration environments
         if (isset($redisConfig['type']) && strpos($redisConfig['type'], ':') !== false) {
             $version = explode(':', $redisConfig['type'])[1];
-        } elseif (isset($redisConfig['host']) && isset($redisConfig['port'])) {
-            //on dedicated environments
+        } elseif (isset($redisConfig['host'], $redisConfig['port'])) {
+            // On dedicated environments
+            $cmd = sprintf('redis-cli -p %s -h %s', (string)$redisConfig['port'], (string)$redisConfig['host']);
+
+            if (!empty($redisConfig['password'])) {
+                $cmd .= ' -a ' . $redisConfig['password'];
+            }
+
             try {
-                $process = $this->shell->execute(
-                    sprintf(
-                        'redis-cli -p %s -h %s info | grep redis_version',
-                        $redisConfig['port'],
-                        $redisConfig['host']
-                    )
-                );
+                $process = $this->shell->execute($cmd .' info | grep redis_version');
+
                 preg_match('/^(?:redis_version:)(\d+\.\d+)/', $process->getOutput(), $matches);
                 $version = $matches[1] ?? '0';
             } catch (ShellException $exception) {

src/Step/Deploy/InstallUpdate/ConfigUpdate/Session/Config.php

@@ -136,6 +136,10 @@ public function get(): array
             $defaultConfig['redis']['disable_locking'] = $disableLocking;
         }
 
+        if (!empty($redisConfig['password'])) {
+            $defaultConfig['redis']['password'] = (string)$redisConfig['password'];
+        }
+
         return $this->configMerger->merge($defaultConfig, $envSessionConfiguration);
     }
 

src/Step/Deploy/PreDeploy/CleanRedisCache.php

@@ -17,6 +17,9 @@
 
 /**
  * Cleans Redis cache.
+ *
+ * @SuppressWarnings(PHPMD.CyclomaticComplexity)
+ * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 class CleanRedisCache implements StepInterface
 {
@@ -79,7 +82,8 @@ public function execute(): void
             $client = $this->credisFactory->create(
                 isset($redisConfig['server']) ? (string)$redisConfig['server'] : '127.0.0.1',
                 isset($redisConfig['port']) ? (int)$redisConfig['port'] : 6379,
-                isset($redisConfig['database']) ? (int)$redisConfig['database'] : 0
+                isset($redisConfig['database']) ? (int)$redisConfig['database'] : 0,
+                !empty($redisConfig['password']) ? (string)$redisConfig['password'] : null
             );
 
             try {