From eeab70547c284ae26ef93dc2c4b0010405df7db6 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami-bot@vmware.com>
Date: Thu, 15 Feb 2024 21:45:14 +0100
Subject: [PATCH] [bitnami/redis-cluster] Release 7.0.15-debian-11-r18 (#61340)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 bitnami/redis-cluster/7.0/debian-11/Dockerfile      |  4 ++--
 .../rootfs/opt/bitnami/scripts/libredis.sh          | 13 ++++++++++---
 .../rootfs/opt/bitnami/scripts/redis-cluster-env.sh |  2 ++
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/bitnami/redis-cluster/7.0/debian-11/Dockerfile b/bitnami/redis-cluster/7.0/debian-11/Dockerfile
index b3e382a094e7..e1a3deef14b4 100644
--- a/bitnami/redis-cluster/7.0/debian-11/Dockerfile
+++ b/bitnami/redis-cluster/7.0/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T08:06:05Z" \
+      org.opencontainers.image.created="2024-02-15T19:45:08Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="7.0.15-debian-11-r17" \
+      org.opencontainers.image.ref.name="7.0.15-debian-11-r18" \
       org.opencontainers.image.title="redis-cluster" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="7.0.15"
diff --git a/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/libredis.sh b/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/libredis.sh
index 09ad07460a17..83f54f4c347f 100644
--- a/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/libredis.sh
+++ b/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/libredis.sh
@@ -228,7 +228,11 @@ redis_validate() {
             print_validation_error "The private key file in the specified path ${REDIS_TLS_KEY_FILE} does not exist"
         fi
         if [[ -z "$REDIS_TLS_CA_FILE" ]]; then
-            print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
+            if [[ -z "$REDIS_TLS_CA_DIR" ]]; then
+                print_validation_error "You must provide either a CA X.509 certificate or a CA certificates directory in order to use TLS"
+            elif [[ ! -d "$REDIS_TLS_CA_DIR" ]]; then
+                print_validation_error "The CA certificates directory specified by path ${REDIS_TLS_CA_DIR} does not exist"
+            fi
         elif [[ ! -f "$REDIS_TLS_CA_FILE" ]]; then
             print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_TLS_CA_FILE} does not exist"
         fi
@@ -265,7 +269,9 @@ redis_configure_replication() {
     elif [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
         if [[ -n "$REDIS_SENTINEL_HOST" ]]; then
             local -a sentinel_info_command=("redis-cli" "-h" "${REDIS_SENTINEL_HOST}" "-p" "${REDIS_SENTINEL_PORT_NUMBER}")
-            is_boolean_yes "$REDIS_TLS_ENABLED" && sentinel_info_command+=("--tls" "--cert" "${REDIS_TLS_CERT_FILE}" "--key" "${REDIS_TLS_KEY_FILE}" "--cacert" "${REDIS_TLS_CA_FILE}")
+            is_boolean_yes "$REDIS_TLS_ENABLED" && sentinel_info_command+=("--tls" "--cert" "${REDIS_TLS_CERT_FILE}" "--key" "${REDIS_TLS_KEY_FILE}")
+            # shellcheck disable=SC2015
+            is_empty_value "$REDIS_TLS_CA_FILE" && sentinel_info_command+=("--cacertdir" "${REDIS_TLS_CA_DIR}") || sentinel_info_command+=("--cacert" "${REDIS_TLS_CA_FILE}")
             sentinel_info_command+=("sentinel" "get-master-addr-by-name" "${REDIS_SENTINEL_MASTER_NAME}")
             read -r -a REDIS_SENTINEL_INFO <<< "$("${sentinel_info_command[@]}" | tr '\n' ' ')"
             REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
@@ -431,7 +437,8 @@ redis_configure_default() {
             fi
             redis_conf_set tls-cert-file "$REDIS_TLS_CERT_FILE"
             redis_conf_set tls-key-file "$REDIS_TLS_KEY_FILE"
-            redis_conf_set tls-ca-cert-file "$REDIS_TLS_CA_FILE"
+            # shellcheck disable=SC2015
+            is_empty_value "$REDIS_TLS_CA_FILE" && redis_conf_set tls-ca-cert-dir "$REDIS_TLS_CA_DIR" || redis_conf_set tls-ca-cert-file "$REDIS_TLS_CA_FILE"
             ! is_empty_value "$REDIS_TLS_KEY_FILE_PASS" && redis_conf_set tls-key-file-pass "$REDIS_TLS_KEY_FILE_PASS"
             [[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_TLS_DH_PARAMS_FILE"
             redis_conf_set tls-auth-clients "$REDIS_TLS_AUTH_CLIENTS"
diff --git a/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/redis-cluster-env.sh b/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/redis-cluster-env.sh
index 1375a9c0ba68..3b7d11cc8b72 100644
--- a/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/redis-cluster-env.sh
+++ b/bitnami/redis-cluster/7.0/debian-11/rootfs/opt/bitnami/scripts/redis-cluster-env.sh
@@ -48,6 +48,7 @@ redis_cluster_env_vars=(
     REDIS_TLS_ENABLED
     REDIS_TLS_PORT_NUMBER
     REDIS_TLS_CERT_FILE
+    REDIS_TLS_CA_DIR
     REDIS_TLS_KEY_FILE
     REDIS_TLS_KEY_FILE_PASS
     REDIS_TLS_CA_FILE
@@ -127,6 +128,7 @@ export REDIS_TLS_ENABLED="${REDIS_TLS_ENABLED:-no}"
 REDIS_TLS_PORT_NUMBER="${REDIS_TLS_PORT_NUMBER:-"${REDIS_TLS_PORT:-}"}"
 export REDIS_TLS_PORT_NUMBER="${REDIS_TLS_PORT_NUMBER:-6379}"
 export REDIS_TLS_CERT_FILE="${REDIS_TLS_CERT_FILE:-}"
+export REDIS_TLS_CA_DIR="${REDIS_TLS_CA_DIR:-}"
 export REDIS_TLS_KEY_FILE="${REDIS_TLS_KEY_FILE:-}"
 export REDIS_TLS_KEY_FILE_PASS="${REDIS_TLS_KEY_FILE_PASS:-}"
 export REDIS_TLS_CA_FILE="${REDIS_TLS_CA_FILE:-}"