redis-doc
redis-doc copied to clipboard
redis
Documentation and/or enhancement request: Add to ACL documentation examples for replication and sentinel user
With ACLs in Redis 6, a Redis admin can create different users for different tasks and assign them different "permissions." This could include having a user for replicas to use when replicating off the master and/or having a user for sentinels to use when monitoring the master.
However, the documentation for ACLs (https://redis.io/topics/acl) does not include examples for replication and sentinel users, so one has to experiment incrementally adding command permissions to the ACLs to figure out which commands to specify to provide the minimum-necessary permissions for replication and sentinel users.
Given this, I make the following either/and recommendations:
- Update the ACL documentation to include an example for the minimum-necessary ACL for a replica user and an example for the minimum-necessary ACL for a sentinel user.
- Even better, add
replicationandsentinelcommand categories that include the minimum-necessary permissions for those respective tasks, so that ACLs can be specified with something likeuser replica_user +@replication ...anduser sentinel_user +@sentinel.
@nickwilliams-eventbrite Hello Nick, thank you for your suggestion. One way to figure out this simpler than by trying and checking what is not working is to, at least, use the ACL LOG command, so that it is possible to observe what is not working as expected. However indeed it is better to add the documentation to explicitly list what ACL commands will be required. Thanks :-)
Along the same vein, it would be nice to document what the required arguments are for masterauth (replication) and sentinel auth-pass (sentinel) when using ACLs on a master. I'm trying to implement support for ACLs in aioredis and currently there seems to be no guidance on this matter.
the https://redis.io/docs/management/security/acl/ topic now include a section for sentinel and replica user permissions and examples.
