Enhance Redis Client to work with AWS ElasticCache using token-based authentication

[sberyozkin]

Description

See https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/auth-iam.html#auth-iam-Connecting.

At the moment, Redis Client can use username and passwords but a token is needed instead of the password,

@mcruzdev Have a look please if it can be of interest, as I've noticed you contributed to the Quarkus Redis code before.

Implementation ideas

The main question is how a token is acquired. If it is acquired before Quarkus starts, then I guess one just configures the secret to be that token.

More likely, RedisClient would have to acquire it itself, and it can be complex enough.
One possible idea is to use OIDC Client SPI, see #42879, which one of the options we discussed with @cescoffier in scope of the penidng Mailer XOAuth2 work.

The idea there that if an extension needs to do OAuth2 based token acquisition and token refresh, then it only depends on that SPI with a single TokenProvider interface, has it injected and, when needed, makes this call. OIDC client will do the rest - get the token, refresh it.

[quarkus-bot]

/cc @Ladicek (redis), @cescoffier (redis), @gwenneg (cache), @machi1990 (redis)

[cescoffier]

@Ladicek mentioned a vertx 5 feature that would allow that.

[Ladicek]

Yeah, currently the Vert.x Redis client doesn't allow changing the token at runtime, it can only be configured statically. In Vert.x 5, that will be possible.

[sberyozkin]

Good news, thanks

[calvernaz]

These are great news, thanks @sberyozkin for putting this forward.

[mcruzdev]

Thank you for sharing this with me, @sberyozkin. Once we’ve identified the best solution, I’m happy to take it on if needed.