Merge branch 'master' into master

Author: ndyakov

.github/actions/run-tests/action.yml

@@ -25,7 +25,7 @@ runs:
         
         # Mapping of redis version to redis testing containers
         declare -A redis_version_mapping=(
-          ["8.0-RC1"]="8.0-RC1-pre"
+          ["8.0.1"]="8.0.1-pre"
           ["7.4.2"]="rs-7.4.0-v2"
           ["7.2.7"]="rs-7.2.0-v14"
         )

.github/wordlist.txt

@@ -65,4 +65,12 @@ RedisGears
 RedisTimeseries
 RediSearch
 RawResult
-RawVal
+RawVal
+entra
+EntraID
+Entra
+OAuth
+Azure
+StreamingCredentialsProvider
+oauth
+entraid

.github/workflows/build.yml

@@ -2,9 +2,9 @@ name: Go
 
 on:
   push:
-    branches: [master, v9, v9.7]
+    branches: [master, v9, v9.7, v9.8]
   pull_request:
-    branches: [master, v9, v9.7]
+    branches: [master, v9, v9.7, v9.8]
 
 permissions:
   contents: read
@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         redis-version:
-          - "8.0-RC1" # 8.0 RC1
+          - "8.0.1" # 8.0.1
           - "7.4.2" # should use redis stack 7.4
         go-version:
           - "1.23.x"
@@ -43,7 +43,7 @@ jobs:
           
           # Mapping of redis version to redis testing containers
           declare -A redis_version_mapping=(
-            ["8.0-RC1"]="8.0-RC1-pre"
+            ["8.0.1"]="8.0.1-pre"
             ["7.4.2"]="rs-7.4.0-v2"
           )
           if [[ -v redis_version_mapping[$REDIS_VERSION] ]]; then
@@ -72,7 +72,7 @@ jobs:
         fail-fast: false
         matrix:
           redis-version:
-            - "8.0-RC1" # 8.0 RC1
+            - "8.0.1" # 8.0.1
             - "7.4.2" # should use redis stack 7.4
             - "7.2.7" # should redis stack 7.2
           go-version:

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master, v9, v9.7, v9.8]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master, v9, v9.7, v9.8]
 
 jobs:
   analyze:

.github/workflows/golangci-lint.yml

@@ -8,6 +8,7 @@ on:
       - master
       - main
       - v9
+      - v9.8
   pull_request:
 
 permissions:
@@ -21,7 +22,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6.5.2
+        uses: golangci/golangci-lint-action@v8.0.0
         with:
-          verify: false # disable verifying the configuration since golangci is currently introducing breaking changes in the configuration 
+          verify: true 
 

.github/workflows/spellcheck.yml

@@ -8,7 +8,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Check Spelling
-        uses: rojopolis/spellcheck-github-actions@0.48.0
+        uses: rojopolis/spellcheck-github-actions@0.49.0
         with:
           config_path: .github/spellcheck-settings.yml
           task_name: Markdown

.github/workflows/test-redis-enterprise.yml

@@ -2,7 +2,7 @@ name: RE Tests
 
 on:
   push:
-    branches: [master]
+    branches: [master, v9, v9.7, v9.8]
   pull_request:
 
 permissions:

.gitignore

@@ -7,4 +7,5 @@ testdata/*
 redis8tests.sh
 coverage.txt
 **/coverage.txt
-.vscode
+.vscode
+tmp/*

.golangci.yml

@@ -1,3 +1,34 @@
+version: "2"
 run:
   timeout: 5m
   tests: false
+linters:
+  settings:
+    staticcheck:
+      checks:
+        - all
+        # Incorrect or missing package comment.
+        # https://staticcheck.dev/docs/checks/#ST1000
+        - -ST1000
+        # Omit embedded fields from selector expression.
+        # https://staticcheck.dev/docs/checks/#QF1008
+        - -QF1008
+        - -ST1003
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

README.md

@@ -68,6 +68,7 @@ key value NoSQL database that uses RocksDB as storage engine and is compatible w
 
 - Redis commands except QUIT and SYNC.
 - Automatic connection pooling.
+- [StreamingCredentialsProvider (e.g. entra id, oauth)](#1-streaming-credentials-provider-highest-priority) (experimental)
 - [Pub/Sub](https://redis.uptrace.dev/guide/go-redis-pubsub.html).
 - [Pipelines and transactions](https://redis.uptrace.dev/guide/go-redis-pipelines.html).
 - [Scripting](https://redis.uptrace.dev/guide/lua-scripting.html).
@@ -136,17 +137,121 @@ func ExampleClient() {
 }
 ```
 
-The above can be modified to specify the version of the RESP protocol by adding the `protocol`
-option to the `Options` struct:
+### Authentication
+
+The Redis client supports multiple ways to provide authentication credentials, with a clear priority order. Here are the available options:
+
+#### 1. Streaming Credentials Provider (Highest Priority) - Experimental feature
+
+The streaming credentials provider allows for dynamic credential updates during the connection lifetime. This is particularly useful for managed identity services and token-based authentication.
 
 ```go
-    rdb := redis.NewClient(&redis.Options{
-        Addr:     "localhost:6379",
-        Password: "", // no password set
-        DB:       0,  // use default DB
-        Protocol: 3, // specify 2 for RESP 2 or 3 for RESP 3
-    })
+type StreamingCredentialsProvider interface {
+    Subscribe(listener CredentialsListener) (Credentials, UnsubscribeFunc, error)
+}
+
+type CredentialsListener interface {
+    OnNext(credentials Credentials)  // Called when credentials are updated
+    OnError(err error)              // Called when an error occurs
+}
+
+type Credentials interface {
+    BasicAuth() (username string, password string)
+    RawCredentials() string
+}
+```
+
+Example usage:
+```go
+rdb := redis.NewClient(&redis.Options{
+    Addr: "localhost:6379",
+    StreamingCredentialsProvider: &MyCredentialsProvider{},
+})
+```
+
+**Note:** The streaming credentials provider can be used with [go-redis-entraid](https://github.com/redis/go-redis-entraid) to enable Entra ID (formerly Azure AD) authentication. This allows for seamless integration with Azure's managed identity services and token-based authentication.
+
+Example with Entra ID:
+```go
+import (
+    "github.com/redis/go-redis/v9"
+    "github.com/redis/go-redis-entraid"
+)
+
+// Create an Entra ID credentials provider
+provider := entraid.NewDefaultAzureIdentityProvider()
+
+// Configure Redis client with Entra ID authentication
+rdb := redis.NewClient(&redis.Options{
+    Addr: "your-redis-server.redis.cache.windows.net:6380",
+    StreamingCredentialsProvider: provider,
+    TLSConfig: &tls.Config{
+        MinVersion: tls.VersionTLS12,
+    },
+})
+```
 
+#### 2. Context-based Credentials Provider
+
+The context-based provider allows credentials to be determined at the time of each operation, using the context.
+
+```go
+rdb := redis.NewClient(&redis.Options{
+    Addr: "localhost:6379",
+    CredentialsProviderContext: func(ctx context.Context) (string, string, error) {
+        // Return username, password, and any error
+        return "user", "pass", nil
+    },
+})
+```
+
+#### 3. Regular Credentials Provider
+
+A simple function-based provider that returns static credentials.
+
+```go
+rdb := redis.NewClient(&redis.Options{
+    Addr: "localhost:6379",
+    CredentialsProvider: func() (string, string) {
+        // Return username and password
+        return "user", "pass"
+    },
+})
+```
+
+#### 4. Username/Password Fields (Lowest Priority)
+
+The most basic way to provide credentials is through the `Username` and `Password` fields in the options.
+
+```go
+rdb := redis.NewClient(&redis.Options{
+    Addr:     "localhost:6379",
+    Username: "user",
+    Password: "pass",
+})
+```
+
+#### Priority Order
+
+The client will use credentials in the following priority order:
+1. Streaming Credentials Provider (if set)
+2. Context-based Credentials Provider (if set)
+3. Regular Credentials Provider (if set)
+4. Username/Password fields (if set)
+
+If none of these are set, the client will attempt to connect without authentication.
+
+### Protocol Version
+
+The client supports both RESP2 and RESP3 protocols. You can specify the protocol version in the options:
+
+```go
+rdb := redis.NewClient(&redis.Options{
+    Addr:     "localhost:6379",
+    Password: "", // no password set
+    DB:       0,  // use default DB
+    Protocol: 3,  // specify 2 for RESP 2 or 3 for RESP 3
+})
 ```
 
 ### Connecting via a redis url