support redis acl

Signed-off-by: my036811 <miner.yang@broadcom.com>

Author: MinerYang

configuration/configuration.go

@@ -174,6 +174,9 @@ type Configuration struct {
 		// Password string to use when making a connection.
 		Password string `yaml:"password,omitempty"`
 
+		// Username string to use when making a connection.
+		Username string `yaml:"username,omitempty"`
+
 		// DB specifies the database to connect to on the redis instance.
 		DB int `yaml:"db,omitempty"`
 

registry/handlers/app.go

@@ -18,6 +18,7 @@ import (
 	"time"
 
 	"github.com/FZambia/sentinel"
+	"github.com/distribution/distribution/v3/configuration"
 	"github.com/distribution/reference"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/configuration"
@@ -518,13 +519,15 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
 		redisOptions = append(redisOptions, redis.DialUseTLS(true))
 	}
 
+	sentinelOptions := redisOptions
+
 	if configuration.Redis.SentinelMasterSet != "" {
 		sntnl := &sentinel.Sentinel{
 			Addrs:      strings.Split(configuration.Redis.Addr, ","),
 			MasterName: configuration.Redis.SentinelMasterSet,
 			Dial: func(addr string) (redis.Conn, error) {
 				c, err := redis.Dial("tcp", addr,
-					redisOptions...)
+					sentinelOptions...)
 				if err != nil {
 					return nil, err
 				}
@@ -553,6 +556,16 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
 		}
 	}
 
+	// Parse auth configurations only for master if service deployed as sentinel mode
+	username := configuration.Redis.Username
+	password := configuration.Redis.Password
+	if password != "" {
+		if username != "" {
+			redisOptions = append(redisOptions, redis.DialUsername(username))
+		}
+		redisOptions = append(redisOptions, redis.DialPassword(password))
+	}
+
 	pool := &redis.Pool{
 		Dial: func() (redis.Conn, error) {
 			// TODO(stevvooe): Yet another use case for contextual timing.
@@ -580,16 +593,6 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
 				done(err)
 				return nil, err
 			}
-
-			// authorize the connection
-			if configuration.Redis.Password != "" {
-				if _, err = conn.Do("AUTH", configuration.Redis.Password); err != nil {
-					defer conn.Close()
-					done(err)
-					return nil, err
-				}
-			}
-
 			// select the database to use
 			if configuration.Redis.DB != 0 {
 				if _, err = conn.Do("SELECT", configuration.Redis.DB); err != nil {