Merge branch 'master' into feature/make-session-refresh-lock-duration-user-configurable

.github/workflows/publish-release.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   publish:
-    if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')
+    if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/') && github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
     outputs:
       tag: ${{ steps.tag.outputs.version }}
@@ -27,14 +27,15 @@ jobs:
         fetch-tags: true
 
     - name: Tag release
+      env:
+        BRANCH: ${{ github.event.pull_request.head.ref }}
       run: |
         # Set up github-actions[bot] user
         git config --local user.name "github-actions[bot]"
         git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
 
         # Get the version from the branch name
-        branch="${{ github.event.pull_request.head.ref }}"
-        version="${branch#release/}"
+        version="${BRANCH#release/}"
         echo ${version}
 
         # Tag and create release

CHANGELOG.md

@@ -8,6 +8,8 @@
 
 ## Changes since v7.14.2
 
+- [#3183](https://github.com/oauth2-proxy/oauth2-proxy/pull/3183) fix: allow URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.
+
 # V7.14.2
 
 ## Release Highlights

pkg/sessions/redis/redis_store.go

@@ -109,6 +109,9 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}
 
 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
@@ -118,10 +121,10 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) {
 		MasterName:       opts.SentinelMasterName,
 		SentinelAddrs:    addrs,
 		SentinelPassword: opts.SentinelPassword,
-		Username:         opts.Username,
-		Password:         opts.Password,
+		Username:         opt.Username,
+		Password:         opt.Password,
 		TLSConfig:        opt.TLSConfig,
-		ConnMaxIdleTime:  time.Duration(opts.IdleTimeout) * time.Second,
+		ConnMaxIdleTime:  opt.ConnMaxIdleTime,
 	})
 	return newClient(client), nil
 }
@@ -139,6 +142,9 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}
 
 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
@@ -146,10 +152,10 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) {
 
 	client := redis.NewClusterClient(&redis.ClusterOptions{
 		Addrs:           addrs,
-		Username:        opts.Username,
-		Password:        opts.Password,
+		Username:        opt.Username,
+		Password:        opt.Password,
 		TLSConfig:       opt.TLSConfig,
-		ConnMaxIdleTime: time.Duration(opts.IdleTimeout) * time.Second,
+		ConnMaxIdleTime: opt.ConnMaxIdleTime,
 	})
 	return newClusterClient(client), nil
 }
@@ -168,13 +174,14 @@ func buildStandaloneClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}
 
 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
 	}
 
-	opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
-
 	client := redis.NewClient(opt)
 	return newClient(client), nil
 }

pkg/sessions/redis/redis_store_test.go

@@ -1,6 +1,7 @@
 package redis
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/Bose/minisentinel"
@@ -246,6 +247,55 @@ var _ = Describe("Redis SessionStore Tests", func() {
 	})
 
 	Describe("Redis URL Parsing", func() {
+		It("should prefer configured username password and timeout over URL parameters", func() {
+			configuredUsername := "configured-user"
+			configuredPassword := "configured-password"
+			configuredIdleTimeout := 90
+
+			urlUsername := "url-user"
+			urlPassword := "url-password"
+			urlIdleTimeout := 30
+
+			redisClient, err := buildStandaloneClient(options.RedisStoreOptions{
+				ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout),
+				Username:      configuredUsername,
+				Password:      configuredPassword,
+				IdleTimeout:   configuredIdleTimeout,
+			})
+			Expect(err).ToNot(HaveOccurred())
+
+			rc, ok := redisClient.(*client)
+			Expect(ok).To(BeTrue())
+			Expect(rc.Close()).To(Succeed())
+
+			redisOptions := rc.Options()
+			Expect(redisOptions.Username).To(Equal(configuredUsername))
+			Expect(redisOptions.Password).To(Equal(configuredPassword))
+			Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(configuredIdleTimeout) * time.Second))
+		})
+		It("should prefer URL username password and timeout when configured values are empty", func() {
+			urlUsername := "url-user"
+			urlPassword := "url-password"
+			urlIdleTimeout := 30
+
+			redisClient, err := buildStandaloneClient(options.RedisStoreOptions{
+				ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout),
+				Username:      "",
+				Password:      "",
+				IdleTimeout:   0,
+			})
+			Expect(err).ToNot(HaveOccurred())
+
+			rc, ok := redisClient.(*client)
+			Expect(ok).To(BeTrue())
+			Expect(rc.Close()).To(Succeed())
+
+			redisOptions := rc.Options()
+			Expect(redisOptions.Username).To(Equal(urlUsername))
+			Expect(redisOptions.Password).To(Equal(urlPassword))
+			Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(urlIdleTimeout) * time.Second))
+		})
+
 		It("should parse valid redis URL", func() {
 			addrs, opts, err := parseRedisURLs([]string{"redis://localhost:6379"})
 			Expect(err).ToNot(HaveOccurred())