AP-4499: Add redis protocol env var with default TLS

Allows transaparent use of different protocol on UAT (`redis://`) as opposed to staging and production (`rediss://`). While enabling tls for bitnami/redis is popssible it requires generation and/or use of existing certificates. Plus since communication is within the cluster it is not required.
ministryofjustice · Oct 16, 2023 · b24b35e · b24b35e
1 parent a2fec28
commit b24b35e
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/config/application.rb b/config/application.rb
@@ -142,7 +142,16 @@ class Application < Rails::Application
       production: [],
     }
 
-    config.x.redis.base_url = ENV["REDIS_HOST"].present? && ENV["REDIS_PASSWORD"].present? ? "rediss://:#{ENV.fetch('REDIS_PASSWORD', nil)}@#{ENV.fetch('REDIS_HOST', nil)}:6379" : "redis://localhost:6379"
+    redis_protocol = ENV.fetch("REDIS_PROTOCOL", "rediss")
+    redis_password = ENV.fetch("REDIS_PASSWORD", nil)
+    redis_host = ENV.fetch("REDIS_HOST", nil)
+
+    redis_url = if redis_host.present? && redis_password.present?
+                  "#{redis_protocol}://:#{redis_password}@#{redis_host}:6379"
+                else
+                  "redis://localhost:6379"
+                end
+    config.x.redis.base_url = redis_url
     config.x.redis.page_history_url = "#{config.x.redis.base_url}/1"
     config.x.redis.oauth_session_url = "#{config.x.redis.base_url}/2"
     config.x.redis.rack_attack_url = "#{config.x.redis.base_url}/3"

diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
@@ -3,11 +3,15 @@
 require "prometheus_exporter/client"
 require "prometheus_exporter/instrumentation"
 
-if ENV.fetch("HOST", nil)&.include?("-uat.")
-  redis_url = "redis://:#{ENV.fetch('REDIS_PASSWORD', nil)}@#{ENV.fetch('REDIS_HOST', nil)}:6379"
-elsif ENV["REDIS_HOST"].present? && ENV["REDIS_PASSWORD"].present?
-  redis_url = "rediss://:#{ENV.fetch('REDIS_PASSWORD', nil)}@#{ENV.fetch('REDIS_HOST', nil)}:6379"
-end
+redis_protocol = ENV.fetch("REDIS_PROTOCOL", "rediss")
+redis_password = ENV.fetch("REDIS_PASSWORD", nil)
+redis_host = ENV.fetch("REDIS_HOST", nil)
+
+redis_url = if redis_host.present? && redis_password.present?
+              "#{redis_protocol}://:#{redis_password}@#{redis_host}:6379"
+            else
+              "redis://localhost:6379"
+            end
 namespace = ENV.fetch("HOST", "laa-apply")
 
 module Dashboard; end

diff --git a/helm_deploy/apply-for-legal-aid/templates/_envs.tpl b/helm_deploy/apply-for-legal-aid/templates/_envs.tpl
@@ -221,6 +221,8 @@ env:
         name: {{ template "apply-for-legal-aid.fullname" . }}
         key: sidekiqWebUiPassword
   {{ if .Values.redis.enabled }}
+  - name: REDIS_PROTOCOL
+    value: "redis"
   - name: REDIS_HOST
     value: {{ printf "%s-%s" .Release.Name "redis-master.laa-apply-for-legalaid-uat.svc.cluster.local" }}
   - name: REDIS_PASSWORD