Support single endpoint architecture with SSL/TLS in cluster mode

Author: Taishi Kasuga

README.md

@@ -155,6 +155,21 @@ redis.mget('{key}1', '{key}2')
 * The client support permanent node failures, and will reroute requests to promoted slaves.
 * The client supports `MOVED` and `ASK` redirections transparently.
 
+## Cluster mode with SSL/TLS
+Since Redis can return FQDN of nodes in reply to client since `7.*` with CLUSTER commands, we can use cluster feature with SSL/TLS connection like this:
+
+```ruby
+Redis.new(cluster: %w[rediss://foo.example.com:6379])
+```
+
+On the other hand, in Redis versions prior to `6.*`, you can specify options like the following if cluster mode is enabled and client has to connect to nodes via single endpoint with SSL/TLS.
+
+```ruby
+Redis.new(cluster: %w[rediss://foo-endpoint.example.com:6379], fixed_hostname: 'foo-endpoint.example.com')
+```
+
+In case of the above architecture, if you don't pass the `fixed_hostname` option to the client and servers return IP addresses of nodes, the client may fail to verify certificates.
+
 ## Storing objects
 
 Redis "string" types can be used to store serialized Ruby objects, for

lib/redis.rb

@@ -74,6 +74,8 @@ def current=(redis)
   # @option options [Symbol] :role (:master) Role to fetch via Sentinel, either `:master` or `:slave`
   # @option options [Array<String, Hash{Symbol => String, Integer}>] :cluster List of cluster nodes to contact
   # @option options [Boolean] :replica Whether to use readonly replica nodes in Redis Cluster or not
+  # @option options [String] :fixed_hostname Specify a FQDN if cluster mode enabled and
+  #   client has to connect nodes via single endpoint with SSL/TLS
   # @option options [Class] :connector Class of custom connector
   #
   # @return [Redis] a new client instance

lib/redis/cluster/option.rb

@@ -17,15 +17,20 @@ def initialize(options)
         node_addrs = options.delete(:cluster)
         @node_opts = build_node_options(node_addrs)
         @replica = options.delete(:replica) == true
+        @fixed_hostname = options.delete(:fixed_hostname)
         add_common_node_option_if_needed(options, @node_opts, :scheme)
         add_common_node_option_if_needed(options, @node_opts, :username)
         add_common_node_option_if_needed(options, @node_opts, :password)
         @options = options
       end
 
       def per_node_key
-        @node_opts.map { |opt| [NodeKey.build_from_host_port(opt[:host], opt[:port]), @options.merge(opt)] }
-                  .to_h
+        @node_opts.map do |opt|
+          node_key = NodeKey.build_from_host_port(opt[:host], opt[:port])
+          options = @options.merge(opt)
+          options = options.merge(host: @fixed_hostname) if @fixed_hostname && !@fixed_hostname.empty?
+          [node_key, options]
+        end.to_h
       end
 
       def use_replica?

test/cluster_client_options_test.rb

@@ -44,6 +44,12 @@ def test_option_class
     option = Redis::Cluster::Option.new(cluster: [{ host: '127.0.0.1', port: 7000 }])
     assert_equal({ '127.0.0.1:7000' => { host: '127.0.0.1', port: 7000 } }, option.per_node_key)
 
+    option = Redis::Cluster::Option.new(cluster: %w[redis://127.0.0.1:7000], fixed_hostname: 'foo-endpoint.example.com')
+    assert_equal({ '127.0.0.1:7000' => { scheme: 'redis', host: 'foo-endpoint.example.com', port: 7000 } }, option.per_node_key)
+
+    option = Redis::Cluster::Option.new(cluster: %w[redis://127.0.0.1:7000], fixed_hostname: '')
+    assert_equal({ '127.0.0.1:7000' => { scheme: 'redis', host: '127.0.0.1', port: 7000 } }, option.per_node_key)
+
     assert_raises(Redis::InvalidClientOptionError) do
       Redis::Cluster::Option.new(cluster: nil)
     end