Add Password To Redis (dotnet#4642)

* add password to redis

* add xml docs,fix public api text files

* Update src/Aspire.Hosting.Redis/RedisBuilderExtensions.cs

Co-authored-by: Ankit Jain <[email protected]>

* Update src/Aspire.Hosting.Redis/RedisBuilderExtensions.cs

Co-authored-by: Ankit Jain <[email protected]>

* Update src/Aspire.Hosting.Redis/RedisBuilderExtensions.cs

Co-authored-by: Ankit Jain <[email protected]>

* Apply suggestions from code review

Co-authored-by: Ankit Jain <[email protected]>

* apply suggested changes

* add more tests

* add password to redis commander REDIS_HOSTS env variable

* Minor PR feedback

* fix failing test

* add test for redis commander shuold works when password provided

* PR feedback

- Update for latest code.
- Always generate a password parameter, like the other resources.
- Handle persistence and password command line annotation conflicts by having a single commandline callback annotation, and combine them both together.
- Update tests

* Remove playground build files.

* Remove explicit dashboard reference.

* fix test

* Fix up merge for the latest code

* Fix Redis Insights with a Redis connection with a password.

This needs to work around redis/RedisInsight#3452, which requires the agreements encryption property to be initialized.

* - Fix tests
- Update manifests

* Fix new test.

---------

Co-authored-by: Ankit Jain <[email protected]>
Co-authored-by: Eric Erhardt <[email protected]>
Co-authored-by: David Fowler <[email protected]>

Author: 4 people

playground/AzureContainerApps/AzureContainerApps.AppHost/api.module.bicep

@@ -5,6 +5,9 @@ param api_containerport string
 
 param storage_outputs_blobendpoint string
 
+@secure()
+param cache_password_value string
+
 param account_outputs_connectionstring string
 
 @secure()
@@ -30,6 +33,10 @@ resource api 'Microsoft.App/containerApps@2024-03-01' = {
   properties: {
     configuration: {
       secrets: [
+        {
+          name: 'connectionstrings--cache'
+          value: 'cache:6379,password=${cache_password_value}'
+        }
         {
           name: 'value'
           value: secretparam_value
@@ -88,7 +95,7 @@ resource api 'Microsoft.App/containerApps@2024-03-01' = {
             }
             {
               name: 'ConnectionStrings__cache'
-              value: 'cache:6379'
+              secretRef: 'connectionstrings--cache'
             }
             {
               name: 'ConnectionStrings__account'

playground/AzureContainerApps/AzureContainerApps.AppHost/aspire-manifest.json

@@ -31,7 +31,7 @@
     },
     "cache": {
       "type": "container.v1",
-      "connectionString": "{cache.bindings.tcp.host}:{cache.bindings.tcp.port}",
+      "connectionString": "{cache.bindings.tcp.host}:{cache.bindings.tcp.port},password={cache-password.value}",
       "image": "docker.io/library/redis:7.4",
       "deployment": {
         "type": "azure.bicep.v0",
@@ -40,10 +40,13 @@
           "cache_volumes_0_storage": "{cache.volumes.0.storage}",
           "outputs_azure_container_registry_managed_identity_id": "{.outputs.AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID}",
           "outputs_managed_identity_client_id": "{.outputs.MANAGED_IDENTITY_CLIENT_ID}",
+          "cache_password_value": "{cache-password.value}",
           "outputs_azure_container_apps_environment_id": "{.outputs.AZURE_CONTAINER_APPS_ENVIRONMENT_ID}"
         }
       },
       "args": [
+        "--requirepass",
+        "{cache-password.value}",
         "--save",
         "60",
         "1"
@@ -112,6 +115,7 @@
         "params": {
           "api_containerport": "{api.containerPort}",
           "storage_outputs_blobendpoint": "{storage.outputs.blobEndpoint}",
+          "cache_password_value": "{cache-password.value}",
           "account_outputs_connectionstring": "{account.outputs.connectionString}",
           "secretparam_value": "{secretparam.value}",
           "outputs_azure_container_registry_managed_identity_id": "{.outputs.AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID}",
@@ -148,6 +152,21 @@
           "external": true
         }
       }
+    },
+    "cache-password": {
+      "type": "parameter.v0",
+      "value": "{cache-password.inputs.value}",
+      "inputs": {
+        "value": {
+          "type": "string",
+          "secret": true,
+          "default": {
+            "generate": {
+              "minLength": 22
+            }
+          }
+        }
+      }
     }
   }
 }

playground/AzureContainerApps/AzureContainerApps.AppHost/cache.module.bicep

@@ -7,6 +7,9 @@ param outputs_azure_container_registry_managed_identity_id string
 
 param outputs_managed_identity_client_id string
 
+@secure()
+param cache_password_value string
+
 param outputs_azure_container_apps_environment_id string
 
 resource cache 'Microsoft.App/containerApps@2024-03-01' = {
@@ -28,6 +31,8 @@ resource cache 'Microsoft.App/containerApps@2024-03-01' = {
           image: 'docker.io/library/redis:7.4'
           name: 'cache'
           args: [
+            '--requirepass'
+            cache_password_value
             '--save'
             '60'
             '1'

playground/ProxylessEndToEnd/ProxylessEndToEnd.AppHost/aspire-manifest.json

@@ -3,8 +3,12 @@
   "resources": {
     "redis": {
       "type": "container.v0",
-      "connectionString": "{redis.bindings.tcp.host}:{redis.bindings.tcp.port}",
+      "connectionString": "{redis.bindings.tcp.host}:{redis.bindings.tcp.port},password={redis-password.value}",
       "image": "docker.io/library/redis:7.4",
+      "args": [
+        "--requirepass",
+        "{redis-password.value}"
+      ],
       "bindings": {
         "tcp": {
           "scheme": "tcp",
@@ -59,6 +63,21 @@
           "port": 13456
         }
       }
+    },
+    "redis-password": {
+      "type": "parameter.v0",
+      "value": "{redis-password.inputs.value}",
+      "inputs": {
+        "value": {
+          "type": "string",
+          "secret": true,
+          "default": {
+            "generate": {
+              "minLength": 22
+            }
+          }
+        }
+      }
     }
   }
 }

playground/Redis/Redis.AppHost/Redis.AppHost.csproj

@@ -6,6 +6,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsAspireHost>true</IsAspireHost>
+    <UserSecretsId>dfbd0a65-25cf-4318-b377-813f4f6efeea</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>

playground/Redis/Redis.AppHost/aspire-manifest.json

@@ -3,16 +3,18 @@
   "resources": {
     "redis": {
       "type": "container.v0",
-      "connectionString": "{redis.bindings.tcp.host}:{redis.bindings.tcp.port}",
+      "connectionString": "{redis.bindings.tcp.host}:{redis.bindings.tcp.port},password={redis-password.value}",
       "image": "docker.io/library/redis:7.4",
       "args": [
+        "--requirepass",
+        "{redis-password.value}",
         "--save",
         "60",
         "1"
       ],
       "volumes": [
         {
-          "name": "redis.apphost-468a945e22-redis-data",
+          "name": "redis.apphost-7855b85e05-redis-data",
           "target": "/data",
           "readOnly": false
         }
@@ -40,7 +42,7 @@
       ],
       "volumes": [
         {
-          "name": "redis.apphost-468a945e22-garnet-data",
+          "name": "redis.apphost-7855b85e05-garnet-data",
           "target": "/data",
           "readOnly": false
         }
@@ -104,6 +106,21 @@
           "transport": "http"
         }
       }
+    },
+    "redis-password": {
+      "type": "parameter.v0",
+      "value": "{redis-password.inputs.value}",
+      "inputs": {
+        "value": {
+          "type": "string",
+          "secret": true,
+          "default": {
+            "generate": {
+              "minLength": 22
+            }
+          }
+        }
+      }
     }
   }
 }

playground/TestShop/TestShop.AppHost/aspire-manifest.json

@@ -4,10 +4,10 @@
     "postgres": {
       "type": "container.v0",
       "connectionString": "Host={postgres.bindings.tcp.host};Port={postgres.bindings.tcp.port};Username=postgres;Password={postgres-password.value}",
-      "image": "docker.io/library/postgres:17.0",
+      "image": "docker.io/library/postgres:17.2",
       "volumes": [
         {
-          "name": "testshop.apphost-a23213a1a9-postgres-data",
+          "name": "testshop.apphost-48e1ce2b9b-postgres-data",
           "target": "/var/lib/postgresql/data",
           "readOnly": false
         }
@@ -33,16 +33,18 @@
     },
     "basketcache": {
       "type": "container.v0",
-      "connectionString": "{basketcache.bindings.tcp.host}:{basketcache.bindings.tcp.port}",
+      "connectionString": "{basketcache.bindings.tcp.host}:{basketcache.bindings.tcp.port},password={basketcache-password.value}",
       "image": "docker.io/library/redis:7.4",
       "args": [
+        "--requirepass",
+        "{basketcache-password.value}",
         "--save",
         "60",
         "1"
       ],
       "volumes": [
         {
-          "name": "testshop.apphost-a23213a1a9-basketcache-data",
+          "name": "testshop.apphost-48e1ce2b9b-basketcache-data",
           "target": "/data",
           "readOnly": false
         }
@@ -110,7 +112,7 @@
       "image": "docker.io/library/rabbitmq:4.0-management",
       "volumes": [
         {
-          "name": "testshop.apphost-a23213a1a9-messaging-data",
+          "name": "testshop.apphost-48e1ce2b9b-messaging-data",
           "target": "/var/lib/rabbitmq",
           "readOnly": false
         }
@@ -240,6 +242,21 @@
         }
       }
     },
+    "basketcache-password": {
+      "type": "parameter.v0",
+      "value": "{basketcache-password.inputs.value}",
+      "inputs": {
+        "value": {
+          "type": "string",
+          "secret": true,
+          "default": {
+            "generate": {
+              "minLength": 22
+            }
+          }
+        }
+      }
+    },
     "messaging-password": {
       "type": "parameter.v0",
       "value": "{messaging-password.inputs.value}",

src/Aspire.Hosting.Redis/PublicAPI.Unshipped.txt

@@ -1,8 +1,13 @@
 #nullable enable
+Aspire.Hosting.ApplicationModel.RedisResource.PasswordParameter.get -> Aspire.Hosting.ApplicationModel.ParameterResource?
+Aspire.Hosting.ApplicationModel.RedisResource.RedisResource(string! name, Aspire.Hosting.ApplicationModel.ParameterResource! password) -> void
 Aspire.Hosting.Redis.RedisInsightResource
 Aspire.Hosting.Redis.RedisInsightResource.PrimaryEndpoint.get -> Aspire.Hosting.ApplicationModel.EndpointReference!
 Aspire.Hosting.Redis.RedisInsightResource.RedisInsightResource(string! name) -> void
+static Aspire.Hosting.RedisBuilderExtensions.AddRedis(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port = null, Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.ParameterResource!>? password = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.RedisResource!>!
+static Aspire.Hosting.RedisBuilderExtensions.AddRedis(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.RedisResource!>!
 static Aspire.Hosting.RedisBuilderExtensions.WithDataBindMount(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>! builder, string! source) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>!
 static Aspire.Hosting.RedisBuilderExtensions.WithDataVolume(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>! builder, string? name = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>!
 static Aspire.Hosting.RedisBuilderExtensions.WithHostPort(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>! builder, int? port) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>!
 static Aspire.Hosting.RedisBuilderExtensions.WithRedisInsight(this Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.RedisResource!>! builder, System.Action<Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.Redis.RedisInsightResource!>!>? configureContainer = null, string? containerName = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.RedisResource!>!
+*REMOVED*static Aspire.Hosting.RedisBuilderExtensions.AddRedis(this Aspire.Hosting.IDistributedApplicationBuilder! builder, string! name, int? port = null) -> Aspire.Hosting.ApplicationModel.IResourceBuilder<Aspire.Hosting.ApplicationModel.RedisResource!>!