trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

root: optional TLS support on redis connections (#1147) 

* root: optional TLS support on redis connections

* root: don't use f-strings when not interpolating variables

* root: use f-string in redis protocol prefix interpolation

* root: glaring typo

* formatting

* small formatting change I missed

* root: swap around default redis protocol prefixes
This commit is contained in:
Starz0r 2021-07-15 04:48:52 -05:00 committed by GitHub
parent 212ff11b6d
commit a5bb583268
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/lib/default.yml
View File

@ -15,6 +15,7 @@ redis:
host: localhost host: localhost
port: 6379 port: 6379
password: '' password: ''
tls: false
cache_db: 0 cache_db: 0
message_queue_db: 1 message_queue_db: 1
ws_db: 2 ws_db: 2

20
authentik/root/settings.py
View File

@ -188,11 +188,16 @@ REST_FRAMEWORK = {
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema", "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
} }
REDIS_PROTOCOL_PREFIX = "redis://"
if CONFIG.y_bool("redis.tls", False):
REDIS_PROTOCOL_PREFIX = "rediss://"
CACHES = { CACHES = {
"default": { "default": {
"BACKEND": "django_redis.cache.RedisCache", "BACKEND": "django_redis.cache.RedisCache",
"LOCATION": ( "LOCATION": (
f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:" f"{REDIS_PROTOCOL_PREFIX}:"
f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.cache_db')}" f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.cache_db')}"
), ),
"TIMEOUT": int(CONFIG.y("redis.cache_timeout", 300)), "TIMEOUT": int(CONFIG.y("redis.cache_timeout", 300)),
@ -252,7 +257,8 @@ CHANNEL_LAYERS = {
"BACKEND": "channels_redis.core.RedisChannelLayer", "BACKEND": "channels_redis.core.RedisChannelLayer",
"CONFIG": { "CONFIG": {
"hosts": [ "hosts": [
f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:" f"{REDIS_PROTOCOL_PREFIX}:"
f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.ws_db')}" f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.ws_db')}"
], ],
}, },
@ -331,12 +337,14 @@ CELERY_BEAT_SCHEDULE = {
CELERY_TASK_CREATE_MISSING_QUEUES = True CELERY_TASK_CREATE_MISSING_QUEUES = True
CELERY_TASK_DEFAULT_QUEUE = "authentik" CELERY_TASK_DEFAULT_QUEUE = "authentik"
CELERY_BROKER_URL = ( CELERY_BROKER_URL = (
f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}" f"{REDIS_PROTOCOL_PREFIX}:"
f":{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}" f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}"
) )
CELERY_RESULT_BACKEND = ( CELERY_RESULT_BACKEND = (
f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}" f"{REDIS_PROTOCOL_PREFIX}:"
f":{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}" f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}"
) )
# Database backup # Database backup

6
lifecycle/wait_for_db.py
View File

@ -40,10 +40,14 @@ while True:
sleep(1) sleep(1)
j_print(f"PostgreSQL Connection failed, retrying... ({exc})") j_print(f"PostgreSQL Connection failed, retrying... ({exc})")
REDIS_PROTOCOL_PREFIX = "redis://"
if CONFIG.y_bool("redis.tls", False):
REDIS_PROTOCOL_PREFIX = "rediss://"
while True: while True:
try: try:
redis = Redis.from_url( redis = Redis.from_url(
f"redis://:{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:" f"{REDIS_PROTOCOL_PREFIX}:"
f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.ws_db')}" f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.ws_db')}"
) )
redis.ping() redis.ping()