Merge pull request mozilla#15293 from mozilla/FXA-7333

task(many): Investigate adding auth to redis connection
dschom · May 17, 2023 · e3300d6 · e3300d6
2 parents 8443eb3 + c799518
commit e3300d6
Show file tree

Hide file tree

Showing 17 changed files with 77 additions and 31 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -101,10 +101,12 @@ executors:
       - image: jdlk7/firestore-emulator
       - image: memcached
       - image: redis
+        command: --requirepass fxa123
     environment:
       NODE_ENV: development
       FIRESTORE_EMULATOR_HOST: localhost:9090
       CUSTOMS_SERVER_URL: none
+      REDIS_PASSWORD: fxa123
 
   # For anything that needs a full stack to run and needs browsers available for
   # ui test automation. This image requires a restored workspace state.
@@ -117,6 +119,7 @@ executors:
     docker:
       - image: mozilla/fxa-circleci:ci-functional-test-runner
       - image: redis
+        command: --requirepass fxa123
       - image: memcached
       - image: pafortin/goaws
       - image: cimg/mysql:8.0.28
@@ -142,6 +145,7 @@ executors:
       REACT_CONVERSION_POST_VERIFY_OTHER_ROUTES: true
       REACT_CONVERSION_POST_VERIFY_CAD_VIA_QR_ROUTES: true
       CUSTOMS_SERVER_URL: none
+      REDIS_PASSWORD: fxa123
 
   # Contains a pre-installed fxa stack and browsers for doing ui test
   # automation. Perfect for running smoke tests against remote targets.
@@ -311,6 +315,23 @@ commands:
       - run:
           command: ./.circleci/report-coverage.sh << parameters.list >>
 
+  run-playwright-tests:
+    parameters:
+      project:
+        type: string
+    steps:
+      - run:
+          name: Running Playwright tests
+          # Supports 'Re-run failed tests only'. See this for more info: https://circleci.com/docs/rerun-failed-tests-only/
+          command: |
+            cd packages/functional-tests
+            TEST_FILES=$(circleci tests glob "tests/**/*.spec.ts")
+            echo $TEST_FILES | circleci tests run --command="xargs yarn playwright test --project=<< parameters.project >>" --verbose --split-by=timings
+          environment:
+            NODE_OPTIONS: --dns-result-order=ipv4first
+            JEST_JUNIT_OUTPUT_DIR: ./artifacts/tests
+            JEST_JUNIT_ADD_FILE_ATTRIBUTE: true
+
   store-artifacts:
     steps:
       - run:
@@ -624,26 +645,21 @@ jobs:
     steps:
       - git-checkout
       - provision
-      - run:
-          name: Running smoke tests
-          command: yarn workspace functional-tests test-production
+      - run-playwright-tests:
+          project: production
       - store-artifacts
-      # TODO: Is this actually needed?
-      - store_test_results:
-          path: artifacts/tests
 
   smoke-tests:
     parameters:
-      target:
+      project:
         type: string
-        default: test-production
+        default: production
     executor: smoke-test-executor
     steps:
       - git-checkout
       - provision
-      - run:
-          name: Running smoke tests
-          command: yarn workspace functional-tests << parameters.target >>
+      - run-playwright-tests:
+          project: << parameters.project >>
       - store-artifacts
 
   # Runs functional tests using playwright. These tests support splitting
@@ -671,9 +687,8 @@ jobs:
       - run:
           name: Start services for playwright tests
           command: ./packages/functional-tests/scripts/start-services.sh
-      - run:
-          name: Running playwright tests
-          command: ./packages/functional-tests/scripts/test-ci.sh
+      - run-playwright-tests:
+          project: local
       - store-artifacts
 
   build-and-deploy-storybooks:
@@ -839,7 +854,7 @@ workflows:
     # Note that we removed content server tests as it runs on Stage only
       - smoke-tests:
           name: Smoke Test Production - Playwright
-          target: test-production
+          project: production
           filters:
             branches:
               only: /.*/
@@ -873,7 +888,7 @@ workflows:
               only: /.*/
       - smoke-tests:
           name: Smoke Test Stage - Playwright
-          target: test-stage
+          project: stage
           filters:
             branches:
               only: /.*/

diff --git a/_scripts/redis.sh b/_scripts/redis.sh
@@ -1,3 +1,3 @@
 #!/bin/bash -ex
 
-docker run --rm --name redis-server --net fxa -p 6379:6379 redis
+docker run --rm --name redis-server --net fxa -p 6379:6379 redis --requirepass fxa123
diff --git a/packages/123done/server.js b/packages/123done/server.js
@@ -11,7 +11,9 @@ const version = require('./version');
 const logger = morgan('short');
 
 // create a connection to the redis datastore
-let db = new Redis();
+let db = new Redis({
+  password: process.env.REDIS_PASSWORD || 'fxa123',
+});
 
 db.on('error', function () {
   // eslint-disable-line handle-callback-err

diff --git a/packages/functional-tests/scripts/start-services.sh b/packages/functional-tests/scripts/start-services.sh
@@ -1,8 +1,7 @@
 #!/bin/bash -ex
 
-# This routine was formerly part of in test-ci.sh. It has been
-# split up so it can be run in separate steps in the CI,
-# resulting in more meaningful timing metrics.
+# This startup routine is seperate from the test command. This way it can be run in a
+# separate step in the CI, which results in more meaningful timing metrics.
 
 DIR=$(dirname "$0")
 

diff --git a/packages/functional-tests/scripts/test-ci.sh b/packages/functional-tests/scripts/test-ci.sh
diff --git a/packages/fxa-admin-server/src/database/database.service.ts b/packages/fxa-admin-server/src/database/database.service.ts
@@ -103,8 +103,16 @@ export class DatabaseService implements OnModuleDestroy {
     this.connectedServicesDb = new ConnectedServicesDb(
       mySqlOAuthShared,
       new ConnectedServicesCache(
-        new RedisShared(redisConfig.accessTokens, logger, metrics),
-        new RedisShared(redisConfig.refreshTokens, logger, metrics),
+        new RedisShared(
+          { password: redisConfig.password, ...redisConfig.accessTokens },
+          logger,
+          metrics
+        ),
+        new RedisShared(
+          { password: redisConfig.password, ...redisConfig.refreshTokens },
+          logger,
+          metrics
+        ),
         new RedisShared(
           { ...redisConfig, ...redisConfig.sessionTokens },
           logger,

diff --git a/packages/fxa-auth-server/lib/oauth/db/redis.js b/packages/fxa-auth-server/lib/oauth/db/redis.js
@@ -32,13 +32,15 @@ class OAuthRedis extends ConnectedServicesCache {
   constructor() {
     super(
       redis({
+        password: config.get('redis.password'),
         ...config.get('redis.accessTokens'),
 
         // TOOD: Once validated, rely values present in redis.accessTokens instead.
         enabled: true,
         maxttl: config.get('oauthServer.expiration.accessToken'),
       }),
       redis({
+        password: config.get('redis.password'),
         ...config.get('redis.refreshTokens'),
       }),
       undefined,

diff --git a/packages/fxa-auth-server/test/local/payments/stripe.js b/packages/fxa-auth-server/test/local/payments/stripe.js
@@ -145,6 +145,7 @@ const mockConfig = {
 const mockRedisConfig = {
   host: process.env.REDIS_HOST || 'localhost',
   port: process.env.REDIS_PORT || 6379,
+  password: process.env.REDIS_PASSWORD || 'fxa123',
   maxPending: 1000,
   retryCount: 5,
   initialBackoff: '100 milliseconds',

diff --git a/packages/fxa-auth-server/test/local/redis.js b/packages/fxa-auth-server/test/local/redis.js
@@ -17,6 +17,7 @@ const redis = require('../../lib/redis')(
   {
     ...config.redis.accessTokens,
     ...config.redis.sessionTokens,
+    password: config.redis.password,
     prefix,
     recordLimit,
     maxttl,

diff --git a/packages/fxa-auth-server/test/remote/db_tests.js b/packages/fxa-auth-server/test/remote/db_tests.js
@@ -77,6 +77,7 @@ describe('#integration - remote db', function () {
     redis = require('ioredis').createClient({
       host: config.redis.host,
       port: config.redis.port,
+      password: config.redis.password,
       prefix: config.redis.sessionTokens.prefix,
       enable_offline_queue: false,
     });

diff --git a/packages/fxa-content-server/server/lib/configuration.js b/packages/fxa-content-server/server/lib/configuration.js
@@ -171,6 +171,13 @@ const conf = (module.exports = convict({
         env: 'FEATURE_FLAGS_REDIS_HOST',
         format: String,
       },
+      password: {
+        default: 'fxa123',
+        doc: 'Redis password',
+        env: 'REDIS_PASSWORD',
+        sensitive: true,
+        format: String,
+      },
       initialBackoff: {
         default: '100 milliseconds',
         doc: 'Initial backoff for feature-flagging Redis connection retries, increases exponentially with each attempt',

diff --git a/packages/fxa-profile-server/lib/config.js b/packages/fxa-profile-server/lib/config.js
@@ -287,6 +287,13 @@ const conf = convict({
         format: 'port',
         doc: 'port for redis server',
       },
+      password: {
+        default: 'fxa123',
+        env: 'REDIS_PASSWORD',
+        format: String,
+        sensitive: true,
+        doc: 'Redis password',
+      },
     },
     useRedis: {
       default: true,

diff --git a/packages/fxa-profile-server/lib/server/web.js b/packages/fxa-profile-server/lib/server/web.js
@@ -55,6 +55,7 @@ exports.create = async function createServer() {
     cacheProvider.options.host = config.serverCache.redis.host;
     cacheProvider.options.port = config.serverCache.redis.port;
     cacheProvider.options.partition = config.serverCache.redis.keyPrefix;
+    cacheProvider.options.password = config.serverCache.redis.password;
   }
   var isProd = config.env === 'production';
   var server = new Hapi.Server({

diff --git a/packages/fxa-shared/db/config.ts b/packages/fxa-shared/db/config.ts
@@ -76,6 +76,13 @@ export function makeRedisConfig() {
       format: String,
       doc: 'IP address or host name for Redis server',
     },
+    password: {
+      default: 'fxa123',
+      env: 'REDIS_PASSWORD',
+      format: String,
+      sensitive: true,
+      doc: `Password for connecting to redis`,
+    },
     port: {
       default: 6379,
       env: 'REDIS_PORT',

diff --git a/packages/fxa-shared/scripts/feature-flags.js b/packages/fxa-shared/scripts/feature-flags.js
@@ -10,6 +10,7 @@ const Ajv = require('ajv');
 const ajv = new Ajv();
 const Redis = require('ioredis');
 const redis = new Redis({
+  password: process.env.REDIS_PASSWORD || 'fxa123',
   host: process.env.REDIS_HOST || 'localhost',
   port: process.env.REDIS_PORT || 6379,
   keyPrefix: 'featureFlags:',

diff --git a/packages/fxa-shared/test/feature-flags/integration.js b/packages/fxa-shared/test/feature-flags/integration.js
@@ -15,6 +15,7 @@ describe('#integration - featureFlags integration:', () => {
       interval: 10000,
       host: process.env.REDIS_HOST || 'localhost',
       port: process.env.REDIS_PORT || 6379,
+      password: process.env.REDIS_PASSWORD || 'fxa123',
     };
     log = { info() {}, warn() {}, error() {} };
     featureFlags = initialise(config, log, {});

diff --git a/packages/fxa-shared/test/scripts/feature-flags.js b/packages/fxa-shared/test/scripts/feature-flags.js
@@ -37,6 +37,7 @@ describe('#integration - scripts/feature-flags:', function () {
 
   before(async () => {
     redis = new Redis({
+      password: process.env.REDIS_PASSWORD || 'fxa123',
       host: process.env.REDIS_HOST || 'localhost',
       port: process.env.REDIS_PORT || 6379,
       keyPrefix: 'featureFlags:',