feat: Added key/cert authentication options

Author: Julien Ruaux

pom.xml

@@ -1,8 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
-	xmlns="http://maven.apache.org/POM/4.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.redis</groupId>
 	<artifactId>redis-kafka-connect</artifactId>
@@ -16,20 +13,21 @@
 		<github.repo>redis-kafka-connect</github.repo>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<java.version>8</java.version>
-		<kafka.version>3.2.1</kafka.version>
-		<connect-utils.version>[0.7.166,0.7.2000)</connect-utils.version>
 		<asciidoctor.maven.plugin.version>2.1.0</asciidoctor.maven.plugin.version>
 		<asciidoctorj.version>2.5.1</asciidoctorj.version>
-		<asciidoctorj.pdf.version>2.1.4</asciidoctorj.pdf.version>
+		<asciidoctorj.pdf.version>2.3.0</asciidoctorj.pdf.version>
 		<awaitility.version>4.2.0</awaitility.version>
+		<commons-pool2.version>2.11.1</commons-pool2.version>
+		<connect-utils.version>[0.7.166,0.7.2000)</connect-utils.version>
 		<jruby.version>9.2.17.0</jruby.version>
+		<java.version>8</java.version>
 		<junit.version>5.8.1</junit.version>
-		<lettucemod.version>3.0.4</lettucemod.version>
-		<mockito.version>4.7.0</mockito.version>
+		<kafka.version>3.2.1</kafka.version>
+		<lettucemod.version>3.1.5</lettucemod.version>
+		<mockito.version>4.8.0</mockito.version>
 		<reactor.version>3.4.22</reactor.version>
 		<spring-batch.version>4.3.6</spring-batch.version>
-		<spring-batch-redis.version>2.34.1</spring-batch-redis.version>
+		<spring-batch-redis.version>3.0.2-SNAPSHOT</spring-batch-redis.version>
 		<slf4j.version>1.7.36</slf4j.version>
 		<testcontainers-redis.version>1.6.2</testcontainers-redis.version>
 	</properties>
@@ -94,6 +92,11 @@
 			<artifactId>lettucemod</artifactId>
 			<version>${lettucemod.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-pool2</artifactId>
+			<version>${commons-pool2.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
@@ -201,7 +204,22 @@
 			<plugin>
 				<groupId>org.jacoco</groupId>
 				<artifactId>jacoco-maven-plugin</artifactId>
-				<version>0.8.7</version>
+				<version>0.8.8</version>
+				<executions>
+					<execution>
+						<id>prepare-agent</id>
+						<goals>
+							<goal>prepare-agent</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>report</id>
+						<phase>test</phase>
+						<goals>
+							<goal>report</goal>
+						</goals>
+					</execution>
+				</executions>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
@@ -285,7 +303,7 @@
 					<supportProviderName>Redis</supportProviderName>
 					<supportLogo>src/docs/asciidoc/images/redis.png</supportLogo>
 					<supportSummary>
-                        <![CDATA[Contact us on the <a href="https://forum.redis.com">Redis Forum</a> or create an issue on <a href="https://github.com/redis-field-engineering/redis-kafka-connect">Github</a> where we provide support on a good faith effort basis.]]>
+						<![CDATA[Contact us on the <a href="https://forum.redis.com">Redis Forum</a> or create an issue on <a href="https://github.com/redis-field-engineering/redis-kafka-connect">Github</a> where we provide support on a good faith effort basis.]]>
 					</supportSummary>
 					<supportUrl>${project.issueManagement.url}</supportUrl>
 					<confluentControlCenterIntegration>true</confluentControlCenterIntegration>
@@ -422,4 +440,4 @@
 			</plugin>
 		</plugins>
 	</reporting>
-</project>
+</project>

src/main/java/com/redis/kafka/connect/common/RedisConfig.java

@@ -15,34 +15,35 @@
  */
 package com.redis.kafka.connect.common;
 
+import java.io.File;
 import java.time.Duration;
 import java.util.Map;
-import java.util.Optional;
 
+import org.apache.commons.pool2.impl.GenericObjectPool;
 import org.apache.kafka.common.config.AbstractConfig;
 import org.apache.kafka.common.config.ConfigDef;
 import org.apache.kafka.common.config.types.Password;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import com.github.jcustenborder.kafka.connect.utils.config.ConfigKeyBuilder;
 import com.github.jcustenborder.kafka.connect.utils.config.ConfigUtils;
-import com.github.jcustenborder.kafka.connect.utils.config.validators.Validators;
 import com.google.common.base.Strings;
 import com.google.common.net.HostAndPort;
-import com.redis.lettucemod.RedisModulesClient;
-import com.redis.lettucemod.cluster.RedisModulesClusterClient;
+import com.redis.lettucemod.util.ClientBuilder;
+import com.redis.lettucemod.util.RedisURIBuilder;
+import com.redis.spring.batch.common.ConnectionPoolBuilder;
 
 import io.lettuce.core.AbstractRedisClient;
 import io.lettuce.core.RedisURI;
+import io.lettuce.core.SslVerifyMode;
+import io.lettuce.core.api.StatefulConnection;
+import io.lettuce.core.codec.RedisCodec;
+import io.lettuce.core.codec.StringCodec;
 
 public class RedisConfig extends AbstractConfig {
 
-	private static final Logger log = LoggerFactory.getLogger(RedisConfig.class);
-
-	public static final String CLIENT_MODE_CONFIG = "redis.client.mode";
-	private static final ClientMode CLIENT_MODE_DEFAULT = ClientMode.standalone;
-	private static final String CLIENT_MODE_DOC = "Redis standalone or cluster mode";
+	public static final String CLUSTER_CONFIG = "redis.cluster";
+	private static final boolean CLUSTER_DEFAULT = false;
+	private static final String CLUSTER_DOC = "Connect to a Redis Cluster database";
 
 	public static final String HOST_CONFIG = "redis.host";
 	private static final HostAndPort HOST_DEFAULT = HostAndPort.fromParts("localhost", RedisURI.DEFAULT_REDIS_PORT);
@@ -52,14 +53,6 @@ public class RedisConfig extends AbstractConfig {
 	private static final String URI_DEFAULT = "";
 	private static final String URI_DOC = "URI of the Redis database to connect to, e.g. redis://redis-12000.redis.com:12000. For secure connections use rediss URI scheme, e.g. rediss://...";
 
-	public static final String INSECURE_CONFIG = "redis.insecure";
-	private static final boolean INSECURE_DEFAULT = false;
-	private static final String INSECURE_DOC = "Allow insecure connections (e.g. invalid certificates) to Redis when using SSL";
-
-	public static final String TLS_CONFIG = "redis.tls";
-	private static final boolean TLS_DEFAULT = false;
-	private static final String TLS_DOC = "Establish a secure TLS connection";
-
 	public static final String USERNAME_CONFIG = "redis.username";
 	private static final String USERNAME_DEFAULT = "";
 	private static final String USERNAME_DOC = "Username to use to connect to Redis";
@@ -72,51 +65,36 @@ public class RedisConfig extends AbstractConfig {
 	private static final long TIMEOUT_DEFAULT = RedisURI.DEFAULT_TIMEOUT;
 	private static final String TIMEOUT_DOC = "Redis command timeout in seconds";
 
-	public RedisConfig(ConfigDef config, Map<?, ?> originals) {
-		super(config, originals);
-	}
+	public static final String POOL_MAX_CONFIG = "redis.pool";
+	private static final int POOL_MAX_DEFAULT = ConnectionPoolBuilder.DEFAULT_MAX_TOTAL;
+	private static final String POOL_MAX_DOC = "Max pool connections";
 
-	@SuppressWarnings("deprecation")
-	public RedisURI getRedisURI() {
-		RedisURI uri = uri();
-		if (Boolean.TRUE.equals(getBoolean(INSECURE_CONFIG))) {
-			uri.setVerifyPeer(false);
-		}
-		if (Boolean.TRUE.equals(getBoolean(TLS_CONFIG))) {
-			uri.setSsl(true);
-		}
-		username().ifPresent(uri::setUsername);
-		password().ifPresent(uri::setPassword);
-		Long timeout = getLong(TIMEOUT_CONFIG);
-		if (timeout != null) {
-			uri.setTimeout(Duration.ofSeconds(timeout));
-		}
-		return uri;
-	}
+	public static final String TLS_CONFIG = "redis.tls";
+	private static final boolean TLS_DEFAULT = false;
+	private static final String TLS_DOC = "Establish a secure TLS connection";
 
-	private Optional<String> password() {
-		Password password = getPassword(PASSWORD_CONFIG);
-		if (password == null || Strings.isNullOrEmpty(password.value())) {
-			return Optional.empty();
-		}
-		return Optional.of(password.value());
-	}
+	public static final String INSECURE_CONFIG = "redis.insecure";
+	private static final boolean INSECURE_DEFAULT = false;
+	private static final String INSECURE_DOC = "Allow insecure connections (e.g. invalid certificates) to Redis when using SSL";
 
-	private Optional<String> username() {
-		String username = getString(USERNAME_CONFIG);
-		if (Strings.isNullOrEmpty(username)) {
-			return Optional.empty();
-		}
-		return Optional.of(username);
-	}
+	public static final String KEY_CONFIG = "redis.key.file";
+	public static final String KEY_DEFAULT = "";
+	private static final String KEY_DOC = "PKCS#8 private key file to authenticate with (PEM format)";
 
-	private RedisURI uri() {
-		String uriString = getString(URI_CONFIG);
-		if (Strings.isNullOrEmpty(uriString)) {
-			HostAndPort hostAndPort = ConfigUtils.hostAndPort(this, HOST_CONFIG, 6379);
-			return RedisURI.create(hostAndPort.getHost(), hostAndPort.getPort());
-		}
-		return RedisURI.create(ConfigUtils.uri(this, URI_CONFIG));
+	public static final String KEY_CERT_CONFIG = "redis.key.cert";
+	public static final String KEY_CERT_DEFAULT = "";
+	private static final String KEY_CERT_DOC = "X.509 certificate chain file to authenticate with (PEM format)";
+
+	public static final String KEY_PASSWORD_CONFIG = "redis.key.password";
+	private static final String KEY_PASSWORD_DEFAULT = "";
+	private static final String KEY_PASSWORD_DOC = "Password of the private key file. Leave empty if key file is not password-protected";
+
+	public static final String CACERT_CONFIG = "redis.cacert";
+	public static final String CACERT_DEFAULT = "";
+	private static final String CACERT_DOC = "X.509 CA certificate file to verify with";
+
+	public RedisConfig(ConfigDef config, Map<?, ?> originals) {
+		super(config, originals);
 	}
 
 	public static class RedisConfigDef extends ConfigDef {
@@ -131,9 +109,8 @@ public RedisConfigDef(ConfigDef base) {
 		}
 
 		private void defineConfigs() {
-			define(ConfigKeyBuilder.of(CLIENT_MODE_CONFIG, ConfigDef.Type.STRING).documentation(CLIENT_MODE_DOC)
-					.defaultValue(CLIENT_MODE_DEFAULT.name()).validator(Validators.validEnum(ClientMode.class))
-					.importance(ConfigDef.Importance.MEDIUM).build());
+			define(ConfigKeyBuilder.of(CLUSTER_CONFIG, ConfigDef.Type.BOOLEAN).documentation(CLUSTER_DOC)
+					.defaultValue(CLUSTER_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
 			define(ConfigKeyBuilder.of(HOST_CONFIG, ConfigDef.Type.STRING).documentation(HOST_DOC)
 					.defaultValue(HOST_DEFAULT.toString()).importance(ConfigDef.Importance.HIGH).build());
 			define(ConfigKeyBuilder.of(URI_CONFIG, ConfigDef.Type.STRING).documentation(URI_DOC)
@@ -148,25 +125,79 @@ private void defineConfigs() {
 					.defaultValue(USERNAME_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
 			define(ConfigKeyBuilder.of(TIMEOUT_CONFIG, ConfigDef.Type.LONG).documentation(TIMEOUT_DOC)
 					.defaultValue(TIMEOUT_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
-
+			define(ConfigKeyBuilder.of(POOL_MAX_CONFIG, ConfigDef.Type.INT).documentation(POOL_MAX_DOC)
+					.defaultValue(POOL_MAX_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
+			define(ConfigKeyBuilder.of(KEY_CONFIG, ConfigDef.Type.STRING).documentation(KEY_DOC)
+					.defaultValue(KEY_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
+			define(ConfigKeyBuilder.of(KEY_CERT_CONFIG, ConfigDef.Type.STRING).documentation(KEY_CERT_DOC)
+					.defaultValue(KEY_CERT_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
+			define(ConfigKeyBuilder.of(KEY_PASSWORD_CONFIG, ConfigDef.Type.PASSWORD).documentation(KEY_PASSWORD_DOC)
+					.defaultValue(KEY_PASSWORD_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
+			define(ConfigKeyBuilder.of(CACERT_CONFIG, ConfigDef.Type.STRING).documentation(CACERT_DOC)
+					.defaultValue(CACERT_DEFAULT).importance(ConfigDef.Importance.MEDIUM).build());
 		}
 
 	}
 
-	public enum ClientMode {
+	public RedisURI uri() {
+		RedisURIBuilder builder = RedisURIBuilder.create();
+		String uri = getString(URI_CONFIG);
+		if (Strings.isNullOrEmpty(uri)) {
+			HostAndPort hostAndPort = ConfigUtils.hostAndPort(this, HOST_CONFIG, 6379);
+			builder.host(hostAndPort.getHost());
+			builder.port(hostAndPort.getPort());
+		} else {
+			builder.uriString(uri);
+		}
+		if (Boolean.TRUE.equals(getBoolean(INSECURE_CONFIG))) {
+			builder.sslVerifyMode(SslVerifyMode.NONE);
+		}
+		builder.ssl(getBoolean(TLS_CONFIG));
+		String username = getString(USERNAME_CONFIG);
+		if (!Strings.isNullOrEmpty(username)) {
+			builder.username(username);
+		}
+		Password password = getPassword(PASSWORD_CONFIG);
+		if (password != null && !Strings.isNullOrEmpty(password.value())) {
+			builder.password(password.value().toCharArray());
+		}
+		Long timeout = getLong(TIMEOUT_CONFIG);
+		if (timeout != null) {
+			builder.timeout(Duration.ofSeconds(timeout));
+		}
+		return builder.build();
+	}
 
-		standalone, cluster
+	public AbstractRedisClient client(RedisURI uri) {
+		ClientBuilder builder = ClientBuilder.create(uri);
+		builder.cluster(getBoolean(CLUSTER_CONFIG));
+		String keyFile = getString(KEY_CONFIG);
+		if (!Strings.isNullOrEmpty(keyFile)) {
+			builder.key(new File(keyFile));
+			builder.keyCert(new File(getString(KEY_CERT_CONFIG)));
+			Password password = getPassword(KEY_PASSWORD_CONFIG);
+			if (password != null && !Strings.isNullOrEmpty(password.value())) {
+				builder.keyPassword(password.value().toCharArray());
+			}
+		}
+		String cacert = getString(CACERT_CONFIG);
+		if (!Strings.isNullOrEmpty(cacert)) {
+			builder.trustManager(new File(cacert));
+		}
+		return builder.build();
+	}
 
+	public AbstractRedisClient client() {
+		return client(uri());
 	}
 
-	public AbstractRedisClient redisClient() {
-		RedisURI uri = getRedisURI();
-		ClientMode clientMode = ConfigUtils.getEnum(ClientMode.class, this, CLIENT_MODE_CONFIG);
-		if (clientMode == ClientMode.cluster) {
-			log.info("Connecting to Redis cluster with {}", uri);
-			return RedisModulesClusterClient.create(uri);
-		}
-		return RedisModulesClient.create(uri);
+	public GenericObjectPool<StatefulConnection<String, String>> pool(AbstractRedisClient client) {
+		return pool(client, StringCodec.UTF8);
+	}
+
+	public <K, V> GenericObjectPool<StatefulConnection<K, V>> pool(AbstractRedisClient client, RedisCodec<K, V> codec) {
+		return ConnectionPoolBuilder.create(client).maxTotal(getInt(POOL_MAX_CONFIG)).build(codec);
+
 	}
 
 }

src/main/java/com/redis/kafka/connect/sink/RedisSinkConfig.java

@@ -16,10 +16,12 @@
 package com.redis.kafka.connect.sink;
 
 import java.nio.charset.Charset;
+import java.time.Duration;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 
 import org.apache.kafka.common.config.ConfigDef;
@@ -29,6 +31,8 @@
 import com.github.jcustenborder.kafka.connect.utils.config.ConfigUtils;
 import com.github.jcustenborder.kafka.connect.utils.config.validators.Validators;
 import com.redis.kafka.connect.common.RedisConfig;
+import com.redis.spring.batch.writer.WaitForReplication;
+import com.redis.spring.batch.writer.WriterOptions;
 
 public class RedisSinkConfig extends RedisConfig {
 
@@ -219,4 +223,15 @@ public boolean equals(Object obj) {
 				&& waitTimeout == other.waitTimeout;
 	}
 
+	public WriterOptions writerOptions() {
+		return WriterOptions.builder().multiExec(isMultiexec()).waitForReplication(waitForReplication()).build();
+	}
+
+	private Optional<WaitForReplication> waitForReplication() {
+		if (waitReplicas > 0) {
+			return Optional.of(WaitForReplication.of(waitReplicas, Duration.ofMillis(waitTimeout)));
+		}
+		return Optional.empty();
+	}
+
 }