From b7adda55c9a3c9c440fc10bf1085800b834e2d7e Mon Sep 17 00:00:00 2001
From: Heathcliff <heathcliff@heathcliff.eu>
Date: Thu, 2 May 2024 22:12:53 +0200
Subject: [PATCH] storage/redis: Add option to connect to database via tls

Signed-off-by: Heathcliff <heathcliff@heathcliff.eu>
---
 configs/example-config.yaml               |  2 ++
 pkg/lock-manager/storage/redis/storage.go | 25 ++++++++++++++++-------
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/configs/example-config.yaml b/configs/example-config.yaml
index f71d8de9..ac9f93b7 100644
--- a/configs/example-config.yaml
+++ b/configs/example-config.yaml
@@ -62,6 +62,8 @@ storage:
     password: ""
     # (Optional) Database to use
     db: 0
+    # (Optional) Use TLS when connecting to database
+    tls: false
     # (Optional) Sentinel optiones
     sentinel:
       # Enable sentinel
diff --git a/pkg/lock-manager/storage/redis/storage.go b/pkg/lock-manager/storage/redis/storage.go
index 9ae11fbc..a8d6e67a 100644
--- a/pkg/lock-manager/storage/redis/storage.go
+++ b/pkg/lock-manager/storage/redis/storage.go
@@ -2,6 +2,7 @@ package redis
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"time"
 
@@ -22,6 +23,7 @@ type RedisConfig struct {
 	Username string              `yaml:"username,omitempty"`
 	Password string              `yaml:"password,omitempty"`
 	DB       int                 `yaml:"db,omitempty"`
+	TLS      bool                `yaml:"tls,omitempty"`
 	Sentinel RedisSentinelConfig `yaml:"sentinel,omitempty"`
 }
 
@@ -36,6 +38,12 @@ type RedisSentinelConfig struct {
 func NewRedisBackend(cfg *RedisConfig) (*RedisBackend, error) {
 	var client *redis.Client
 	var lb *loadbalancer
+	var tlsConfig *tls.Config
+
+	if cfg.TLS {
+		tlsConfig = &tls.Config{}
+	}
+
 	switch {
 	case cfg.Sentinel.Enabled:
 		client = redis.NewFailoverClient(&redis.FailoverOptions{
@@ -46,20 +54,23 @@ func NewRedisBackend(cfg *RedisConfig) (*RedisBackend, error) {
 			Username:         cfg.Username,
 			Password:         cfg.Password,
 			DB:               cfg.DB,
+			TLSConfig:        tlsConfig,
 		})
 	case len(cfg.Addrs) > 0:
 		opt := redis.Options{
-			Username: cfg.Username,
-			Password: cfg.Password,
-			DB:       cfg.DB,
+			Username:  cfg.Username,
+			Password:  cfg.Password,
+			DB:        cfg.DB,
+			TLSConfig: tlsConfig,
 		}
 		client, lb = NewRedisClientWithLoadbalancer(cfg.Addrs, &opt)
 	default:
 		client = redis.NewClient(&redis.Options{
-			Addr:     cfg.Addr,
-			Username: cfg.Username,
-			Password: cfg.Password,
-			DB:       cfg.DB,
+			Addr:      cfg.Addr,
+			Username:  cfg.Username,
+			Password:  cfg.Password,
+			DB:        cfg.DB,
+			TLSConfig: tlsConfig,
 		})
 	}