New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Azure Cache for Redis in all Redis components #3088
Comments
I don't think this is needed as long as the connection is alive. The token should be refreshed only if the connection needs to be re-established (that's what we do for Postgres and want to do for MySQL) |
If the token expires, the Azure Cache for Redis server will terminate the connection and it expects a renewed token to keep the connection alive. |
Since AAD tokens have a lifetime of 1hr, are you saying that connections with Azure Cache for Redis are always terminated every hour forcefully? (This doesn't seem to be the case for Azure DB for Postgres or Azure SQL AFAICT) |
Right, the client applications create long-running, TCP connections to Redis which are expected to be alive for the duration of the application ideally. We typically see connections alive and running for weeks without interruption. So yes, if the redis server does not receive a renewed token before the 1 hour is up, the connection will be terminated. |
@shpathak-msft Ok, I understand now. In practice, does that mean we need to re-send the AUTH command periodically, when we get a new token (like every hours or so)? Do you know if there's a Go SDK that implements this already? |
Looks like go-redis supports AUTH command but you would need to call the AUTH command periodically and supply renewed token. |
@shpathak-msft can you confirm sending the AUTH command periodically will actually work with your system? Or do we completely need to terminate the connection? |
Sending auth command periodically works. All our code samples and the StackExchange.Redis extension package send auth command periodically. This periodic auth command was the workaround to avoid terminating the connection as closing/creating connections is expensive on the server side and we want to avoid terminating as much as possible. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions. |
Is this issue addressing all Redis components, or just the state store? |
Interesting ! I would like to try it |
/assign |
@berndverst @ItalyPaleAle @shpathak-msft , Since we want to refresh token too frequently do we have to always request it from Azure AAD ? or we can use some random token to save that frequent request to cloud ? |
It needs to be an actual AAD token as it will be validated on the server side. |
@dstarkowski this issue will impact all Dapr Redis components |
To complete Entra ID / Azure AD support in Redis components someone needs to complete the PR #3238 or start from scratch. The idea is to take the |
This request is similar to the existing Azure Postgres state store support. #2970
AAD auth needs to be supported by fetching an AAD token and using it as the password, the username is the object ID / client ID.
Due to the long lived TCP connections however we need to ensure to manually renew the AAD token in a background goroutine and reinit the connection.
The text was updated successfully, but these errors were encountered: