Add a dedicated auth func

2026-01-08 23:18:05 -05:00 · 2025-12-24 12:14:18 -08:00
parent bbe2db3552
commit 5f7cb181c2
1 changed files with 35 additions and 13 deletions
--- a/backend/src/ee/services/pam-resource/redis/redis-resource-factory.ts
+++ b/backend/src/ee/services/pam-resource/redis/redis-resource-factory.ts
@@ -15,9 +15,6 @@ import { TRedisAccountCredentials, TRedisResourceConnectionDetails } from "./red

 const EXTERNAL_REQUEST_TIMEOUT = 10 * 1000;

-const TEST_CONNECTION_USERNAME = "infisical-gateway-connection-test";
-const TEST_CONNECTION_PASSWORD = "infisical-gateway-connection-test-password";
-
 export interface RedisResourceConnection {
  /**
   * Check and see if the connection is good or not.
@@ -28,6 +25,14 @@ export interface RedisResourceConnection {
   */
  validate: (connectOnly: boolean) => Promise<void>;

+  /**
+   * Authenticate with the provided credentials.
+   *
+   * @param credentials the username and password to authenticate with
+   * @returns Promise to be resolved when authentication succeeds, otherwise an error will be errbacked
+   */
+  authenticate: (credentials: TRedisAccountCredentials) => Promise<void>;
+
  /**
   * Close the connection.
   *
@@ -40,11 +45,9 @@ const makeRedisConnection = (
  proxyPort: number,
  config: {
    connectionDetails: TRedisResourceConnectionDetails;
-    username?: string;
-    password?: string;
  }
 ): RedisResourceConnection => {
-  const { connectionDetails, username, password } = config;
+  const { connectionDetails } = config;
  const { sslEnabled, sslRejectUnauthorized, sslCertificate } = connectionDetails;

  let client: Redis | null = null;
@@ -69,8 +72,8 @@ const makeRedisConnection = (

  return {
    validate: async (connectOnly) => {
+      client = createClient();
      try {
-        client = createClient();
        await client.ping();
      } catch (error) {
        if (connectOnly) {
@@ -94,6 +97,29 @@ const makeRedisConnection = (
        }
      }
    },
+    authenticate: async (credentials) => {
+      client = createClient();
+      try {
+        const result = await client.auth(credentials.username, credentials.password, () => {});
+        if (result !== "OK") {
+          throw new BadRequestError({
+            message: `Authentication failed: Redis returned ${result as string} status`
+          });
+        }
+      } catch (error) {
+        if (error instanceof BadRequestError) {
+          throw error;
+        }
+        throw new BadRequestError({
+          message: `Unable to authenticate Redis connection: ${(error as Error).message || String(error)}`
+        });
+      } finally {
+        if (client) {
+          await client.quit();
+          client = null;
+        }
+      }
+    },
    close: async () => {
      if (client) {
        await client.quit();
@@ -107,8 +133,6 @@ export const executeWithGateway = async <T>(
  config: {
    connectionDetails: TRedisResourceConnectionDetails;
    gatewayId: string;
-    username?: string;
-    password?: string;
  },
  gatewayV2Service: Pick<TGatewayV2ServiceFactory, "getPlatformConnectionDetailsByGatewayId">,
  operation: (connection: RedisResourceConnection) => Promise<T>
@@ -183,13 +207,11 @@ export const redisResourceFactory: TPamResourceFactory<TRedisResourceConnectionD
      await executeWithGateway(
        {
          connectionDetails,
-          gatewayId,
-          username: credentials.username,
-          password: credentials.password
+          gatewayId
        },
        gatewayV2Service,
        async (client) => {
-          await client.validate(false);
+          await client.authenticate(credentials);
        }
      );
      return credentials;