spin icon indicating copy to clipboard operation
spin copied to clipboard

Published 20 hours ago verified publisher icon fermyon

Support TLS in Redis trigger (`rediss://` scheme)

Open seungjin opened this issue 1 year ago • 6 comments

Please add rediss:// --tls support for spin-redis-trigger. https://docs.rs/redis/latest/redis/struct.Client.html#method.build_with_tls

seungjin avatar Apr 11 '24 02:04 seungjin

From Discord discussion I think @seungjin's priority is the Redis trigger, but we should allow it on the outbound Redis API too (including a suitable default port for allowed_outbound_hosts?).

itowlson avatar Apr 11 '24 04:04 itowlson

Actually it works well with publishing messages to Redis with rediss:// in spim.toml

allowed_outbound_hosts = [
    "redis://{{ redis_host }}:{{ redis_port }}",
    "rediss://{{ redis_host }}:{{ redis_port }}",
]

With above, I can publish and can see messages were being passed with redis-cli.

The problem is trigger. Trigger is not getting from rediss://

[application.trigger.redis]
address = "rediss://{{ redis_credential }}@{{ redis_host }}:{{ redis_port }}"

redis trigger with rediss:// never triggered.

This is currently NOT high priority - but good to have (ATM).

seungjin avatar Apr 11 '24 06:04 seungjin

@seungjin Locally or on fermyon's cloud ? For me locally it's working fine on secured redis endpoint.

sebastienblanc avatar Apr 13 '24 15:04 sebastienblanc

ref https://github.com/fermyon/spin/pull/999

radu-matei avatar Apr 14 '24 18:04 radu-matei

@radu-matei #999 only covers outbound - from comments above it looks like the trigger is the problem (although evidently working for some folks). I'll update the issue title.

itowlson avatar Apr 14 '24 20:04 itowlson

I think the ask here is for the ability to create clients with user-provided TLS certs for client-side authentication or even provide a different ca root certificate instead of the system default.

karthik2804 avatar Apr 15 '24 19:04 karthik2804