Skip to content

fix(docker): authenticate rate limit Redis storage#2043

Open
harshmathurx wants to merge 1 commit into
unclecode:developfrom
harshmathurx:fix/2040-redis-auth-hello
Open

fix(docker): authenticate rate limit Redis storage#2043
harshmathurx wants to merge 1 commit into
unclecode:developfrom
harshmathurx:fix/2040-redis-auth-hello

Conversation

@harshmathurx

Copy link
Copy Markdown

Summary

  • add shared Redis URL helpers for the Docker server
  • include explicit Redis ACL username + URL-encoded password in the app Redis URL
  • reuse the configured Redis credentials for unauthenticated Redis rate-limit storage URIs
  • add regression coverage for protected Redis + SlowAPI storage URI handling

Why

The Docker entrypoint protects the in-container Redis with REDIS_PASSWORD, but older/self-managed configs can still point rate_limiting.storage_uri at redis://localhost:6379 without credentials. SlowAPI/limits then touches Redis before the route handler and fails during the Redis HELLO handshake.

Fixes #2040.

Test plan

  • python3 -m py_compile deploy/docker/redis_config.py deploy/docker/server.py deploy/docker/tests/test_security_default_posture.py
  • PYTHONPATH=deploy/docker uv run --no-project --with pytest pytest deploy/docker/tests/test_security_default_posture.py -k 'redis_url_includes_acl_username or rate_limit_redis_storage_reuses_redis_password or rate_limit_storage_preserves_explicit_auth or rate_limit_storage_keeps_memory_backend' -q
  • PYTHONPATH=deploy/docker uv run --no-project --with pytest pytest deploy/docker/tests/test_security_container_posture.py -k 'not sandbox' -q

Note: full Docker/runtime reproduction was not possible in this environment because the local Docker daemon is not running.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant