Skip to content

Authenticate to Redis with Microsoft Entra ID using Token Cache#372

Open
thjarvin wants to merge 10 commits intodevelopfrom
feat/microsoft-entra-for-redis-authentication
Open

Authenticate to Redis with Microsoft Entra ID using Token Cache#372
thjarvin wants to merge 10 commits intodevelopfrom
feat/microsoft-entra-for-redis-authentication

Conversation

@thjarvin
Copy link
Contributor

@thjarvin thjarvin commented Jun 6, 2025
edited by azure-boards bot
Loading

Fixes AB#57327

@thjarvin thjarvin requested review from LofhJann and haphut June 11, 2025 09:49
LofhJann
LofhJann suggested changes Jun 11, 2025
View reviewed changes
Copy link
Contributor

@LofhJann LofhJann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works.

Requesting some clarifications and changes, some smaller some bigger but main logic is fine.

haphut
haphut reviewed Jun 11, 2025
View reviewed changes
src/main/java/fi/hsl/common/pulsar/PulsarApplication.java
int timeOutMs = connTimeOutSecs * 1000;
Jedis jedis = new Jedis(redisHost, port, timeOutMs);
jedis.connect();
protected Jedis createRedisClient(@NotNull String redisHost, int port) {
Copy link
Contributor

@haphut haphut Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer having the opportunity to use both our own Redis or Redis managed by Azure. Please rather create a separate method or class.

Copy link
Contributor

@haphut haphut Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, sorry, I have to write this somewhere:

Some of the methods in this class do not really use private instance variables of the object, apart from the logger. Would a cleaner approach aim for static methods, perhaps split over several classes? Why is something named PulsarApplication creating Jedis clients with intricate code and health checks?

If possible, I would rather follow "clean as you code" instead of waiting for separate refactoring issues that might not get prioritized high enough, unless we need a total rewrite issue.

src/main/java/fi/hsl/common/redis/RedisUtils.java
.build());
}

public static String extractUsernameFromToken(String token) {
Copy link
Contributor

@haphut haphut Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method looks nasty (and is from the Azure code samples). I would bury these Azure-specific things in a separate Azure kludge class if we choose to keep both kinds of Jedis clients.

src/main/java/fi/hsl/common/redis/RedisUtils.java
public boolean checkResponse(@Nullable final Long response) {
return response != null && response == 1;
}

Copy link
Contributor

@haphut haphut Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For all code copied from the Azure code samples, please refer to the exact commit and mention the license under which it is copied in a comment. E.g. The following method is copied or adapted from https://github.com/Azure/azure-sdk-for-java/blob/e7103f9019669032c7ffc3b51f1bd30c6ad8655f/sdk/identity/azure-identity/src/samples/Azure-Cache-For-Redis/Jedis/Azure-AAD-Authentication-With-Jedis.md under the MIT license.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haphut haphut haphut left review comments

+1 more reviewer

@LofhJann LofhJann LofhJann requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thjarvin @haphut @LofhJann