diff --git a/docs/src/main/asciidoc/redis-reference.adoc b/docs/src/main/asciidoc/redis-reference.adoc index 67bc15af5477df..f7815423f91856 100644 --- a/docs/src/main/asciidoc/redis-reference.adoc +++ b/docs/src/main/asciidoc/redis-reference.adoc @@ -247,11 +247,23 @@ quarkus.redis.password= To use TLS, you need to: -1. Set the `quarkus.redis.tls.enabled=true` property +1. Set the `quarkus.redis.tls.enabled=true` property or use the xref:./tls-registry-reference.adoc[TLS registry] (recommended) 2. Make sure that your URL starts with `rediss://` (with two `s`) + +When using the TLS registry, we recommend using a named configuration to avoid conflicts: + +[source,properties] +---- +quarkus.tls.redis.trust-store.p12.path=client.p12 +quarkus.tls.redis.trust-store.p12.password=secret + +quarkus.redis.tls-configuration-name=redis # Reference the named configuration +---- + IMPORTANT: The default hostname verifier is set to `NONE`, meaning it does not verify the host name. You can change this behavior by setting the `quarkus.redis.tls.hostname-verification-algorithm` property, to `HTTPS` for example. + === Configure the authentication The Redis password can be set in the `redis://` URL or with the `quarkus.redis.password` property. diff --git a/extensions/redis-client/deployment/pom.xml b/extensions/redis-client/deployment/pom.xml index 36f29f62c7c005..4061e6a14da54d 100644 --- a/extensions/redis-client/deployment/pom.xml +++ b/extensions/redis-client/deployment/pom.xml @@ -27,6 +27,10 @@ io.quarkus quarkus-devservices-deployment + + io.quarkus + quarkus-tls-registry-deployment + io.quarkus quarkus-redis-client diff --git a/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisClientProcessor.java b/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisClientProcessor.java index 55308b824e85d1..62a6763695361c 100644 --- a/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisClientProcessor.java +++ b/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisClientProcessor.java @@ -53,6 +53,7 @@ import io.quarkus.runtime.LaunchMode; import io.quarkus.runtime.configuration.ConfigurationException; import io.quarkus.smallrye.health.deployment.spi.HealthBuildItem; +import io.quarkus.tls.TlsRegistryBuildItem; import io.quarkus.vertx.deployment.VertxBuildItem; import io.vertx.redis.client.impl.types.BulkType; @@ -127,7 +128,8 @@ public void init( VertxBuildItem vertxBuildItem, ApplicationArchivesBuildItem applicationArchivesBuildItem, LaunchModeBuildItem launchMode, BuildProducer nativeImageResources, - BuildProducer hotDeploymentWatchedFiles) { + BuildProducer hotDeploymentWatchedFiles, + TlsRegistryBuildItem tlsRegistryBuildItem) { // Collect the used redis clients, the unused clients will not be instantiated. Set names = new HashSet<>(); @@ -156,7 +158,7 @@ public void init( .ifPresent(x -> names.addAll(configuredClientNames(buildTimeConfig, ConfigProvider.getConfig()))); // Inject the creation of the client when the application starts. - recorder.initialize(vertxBuildItem.getVertx(), names); + recorder.initialize(vertxBuildItem.getVertx(), names, tlsRegistryBuildItem.registry()); // Create the supplier and define the beans. for (String name : names) { diff --git a/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisDatasourceProcessor.java b/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisDatasourceProcessor.java index a9c8679b768a25..1754e3fc85eaf3 100644 --- a/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisDatasourceProcessor.java +++ b/extensions/redis-client/deployment/src/main/java/io/quarkus/redis/deployment/client/RedisDatasourceProcessor.java @@ -31,6 +31,7 @@ import io.quarkus.redis.datasource.RedisDataSource; import io.quarkus.redis.datasource.codecs.Codec; import io.quarkus.redis.runtime.client.RedisClientRecorder; +import io.quarkus.tls.TlsRegistryBuildItem; import io.quarkus.vertx.deployment.VertxBuildItem; public class RedisDatasourceProcessor { @@ -84,7 +85,8 @@ public void init(RedisClientRecorder recorder, List clients, ShutdownContextBuildItem shutdown, BuildProducer syntheticBeans, - VertxBuildItem vertxBuildItem) { + VertxBuildItem vertxBuildItem, + TlsRegistryBuildItem tlsRegistryBuildItem) { if (clients.isEmpty()) { return; @@ -94,7 +96,7 @@ public void init(RedisClientRecorder recorder, names.add(client.name); } // Inject the creation of the client when the application starts. - recorder.initialize(vertxBuildItem.getVertx(), names); + recorder.initialize(vertxBuildItem.getVertx(), names, tlsRegistryBuildItem.registry()); // Create the supplier and define the beans. for (String name : names) { diff --git a/extensions/redis-client/runtime/pom.xml b/extensions/redis-client/runtime/pom.xml index f00b8e2c6715e2..4518d61454f595 100644 --- a/extensions/redis-client/runtime/pom.xml +++ b/extensions/redis-client/runtime/pom.xml @@ -23,6 +23,10 @@ io.quarkus quarkus-jackson + + io.quarkus + quarkus-tls-registry + io.smallrye.reactive smallrye-mutiny-vertx-redis-client diff --git a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/RedisClientRecorder.java b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/RedisClientRecorder.java index cec469fc5d52db..1aa23cb5b5bfd6 100644 --- a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/RedisClientRecorder.java +++ b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/RedisClientRecorder.java @@ -27,6 +27,7 @@ import io.quarkus.runtime.ShutdownContext; import io.quarkus.runtime.annotations.Recorder; import io.quarkus.runtime.configuration.ConfigurationException; +import io.quarkus.tls.TlsConfigurationRegistry; import io.vertx.mutiny.core.Vertx; import io.vertx.mutiny.redis.client.Command; import io.vertx.mutiny.redis.client.Redis; @@ -48,7 +49,8 @@ public RedisClientRecorder(RedisConfig rc) { this.config = rc; } - public void initialize(RuntimeValue vertx, Set names) { + public void initialize(RuntimeValue vertx, Set names, + Supplier registry) { Instance instance = CDI.current().select(ObservableRedisMetrics.class); if (instance.isResolvable()) { this.metrics = instance.get(); @@ -58,9 +60,11 @@ public void initialize(RuntimeValue vertx, Set name this.vertx = Vertx.newInstance(vertx.getValue()); + TlsConfigurationRegistry tlsRegistry = registry.get(); + _registerCodecs(); - _initialize(vertx.getValue(), names); + _initialize(vertx.getValue(), names, tlsRegistry); } private static void _registerCodecs() { @@ -69,7 +73,7 @@ private static void _registerCodecs() { Codecs.register(codecs.stream()); } - public void _initialize(io.vertx.core.Vertx vertx, Set names) { + public void _initialize(io.vertx.core.Vertx vertx, Set names, TlsConfigurationRegistry tlsRegistry) { for (String name : names) { // Search if we have an associated config: // - if default -> Default @@ -89,11 +93,12 @@ public ConfigurationException get() { } }); clients.computeIfAbsent(name, - x -> new RedisClientAndApi(name, VertxRedisClientFactory.create(name, vertx, actualConfig), metrics)); + x -> new RedisClientAndApi(name, VertxRedisClientFactory.create(name, vertx, actualConfig, tlsRegistry), + metrics)); } else if (DEFAULT_CLIENT_NAME.equalsIgnoreCase(name) && maybe.isPresent()) { clients.computeIfAbsent(name, x -> new RedisClientAndApi(name, - VertxRedisClientFactory.create(DEFAULT_CLIENT_NAME, vertx, maybe.get()), metrics)); + VertxRedisClientFactory.create(DEFAULT_CLIENT_NAME, vertx, maybe.get(), tlsRegistry), metrics)); } // Do not throw an error. We would need to check if the default redis client is used. } diff --git a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/VertxRedisClientFactory.java b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/VertxRedisClientFactory.java index 91f5573a2a8ed4..ccb44ff58372c1 100644 --- a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/VertxRedisClientFactory.java +++ b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/VertxRedisClientFactory.java @@ -46,9 +46,11 @@ private VertxRedisClientFactory() { // Avoid direct instantiation. } - public static Redis create(String name, Vertx vertx, RedisClientConfig config) { + public static Redis create(String name, Vertx vertx, RedisClientConfig config, TlsConfigurationRegistry tlsRegistry) { RedisOptions options = new RedisOptions(); + configureTLS(name, config, tlsRegistry, options.getNetClientOptions()); + List hosts = new ArrayList<>(); if (config.hosts().isPresent()) { hosts.addAll(config.hosts().get()); @@ -118,8 +120,6 @@ private static NetClientOptions toNetClientOptions(RedisClientConfig config) { TlsConfig tls = config.tls(); NetClientOptions net = new NetClientOptions(); - - tcp.applicationLayerProtocols().ifPresent(net::setApplicationLayerProtocols); tcp.connectionTimeout().ifPresent(d -> net.setConnectTimeout((int) d.toMillis())); tcp.idleTimeout().ifPresent(d -> net.setIdleTimeout((int) d.toSeconds())); @@ -178,7 +178,8 @@ public static RedisHostsProvider findProvider(String name) { return providers.get(); } - private void configureTLS(String name, RedisClientConfig config, TlsConfigurationRegistry tlsRegistry, NetClientOptions net) { + private static void configureTLS(String name, RedisClientConfig config, TlsConfigurationRegistry tlsRegistry, + NetClientOptions net) { TlsConfiguration configuration = null; // Check if we have a named TLS configuration or a default configuration: @@ -189,7 +190,8 @@ private void configureTLS(String name, RedisClientConfig config, TlsConfiguratio + config.tlsConfigurationName().get() + " for the Redis client " + name + "."); } configuration = maybeConfiguration.get(); - } else if (tlsRegistry.getDefault().isPresent() && tlsRegistry.getDefault().get().isTlsEnabled()) { + } else if (tlsRegistry.getDefault().isPresent() && (tlsRegistry.getDefault().get().isTrustAll() + || tlsRegistry.getDefault().get().getTrustStore() != null)) { configuration = tlsRegistry.getDefault().get(); } diff --git a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/config/RedisClientConfig.java b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/config/RedisClientConfig.java index 976687ed874c5e..14900b42281458 100644 --- a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/config/RedisClientConfig.java +++ b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/runtime/client/config/RedisClientConfig.java @@ -8,7 +8,6 @@ import io.quarkus.runtime.annotations.ConfigDocDefault; import io.quarkus.runtime.annotations.ConfigDocSection; import io.quarkus.runtime.annotations.ConfigGroup; -import io.quarkus.runtime.annotations.ConfigItem; import io.smallrye.config.WithDefault; import io.vertx.redis.client.ProtocolVersion; import io.vertx.redis.client.RedisClientType;