[Redis Broker] - Add Certificate Support

[coding-trees]

Hello,

Thanks for creating the redis broker - I was able to get the sample/demo working against a sample redis instance I spun up and things work great. At my company, we are required to use redis with tls and CA certificate to authenticate and although I do see that the RedisBroker does support tlsEnabled (https://github.com/triggermesh/triggermesh-core/blob/main/config/300-redisbroker.yaml#L90) I noticed that there's no field to put in the CA certificate.

I would like to request an addition to the RedisBroker that would allow to specificy a CA certificate when using RedisBroker - maybe another filed that reads from a secret, similar to the password (https://github.com/triggermesh/triggermesh-core/blob/main/config/300-redisbroker.yaml#L78)?

cacert:
 description: CACert is the Kubernetes secret containing the server CA cert used to connect to the redis instances.
 type: object
 properties:
   secretKeyRef:
      description: A reference to a Kubernetes Secret object.
      type: object
      properties:
         name:
             type: string
         key:
             type: string

Then in the Init (https://github.com/triggermesh/brokers/blob/main/pkg/backend/impl/redis/redis.go#L78) check if it's set and add it if so?

Please forgive me if this has been answered or documented elsewhere, I looked and was not able to find a solution.

Thanks

[odacremolbap]

Hi @coding-trees

thanks for the issue. Yes that is a pending feature that we left to be asked for on demand.
And you are right on how the implementation should work (that redis.Init() doing the check).

This repo would only provide the binary, being as kubernetes agnostic as possible, so the certificates would be passed either as environment variables or arguments.
Then at triggermesh-core we would add that change you suggest.

We would need to make sure that skip-verify is defaulted to false for both, the redis binary here and the controller at triggermesh-core.

I have few cycles to work on this atm, and will gladly find some time maybe by the end of the month.
Since you nailed what needs to be done, if you decide to contribute, we would be delighted and would provide any support you need at our slack.

[coding-trees]

Thanks for the clarification @odacremolbap, yeah I can try and give it a shot and see if I can get to it sometime this week.

[coding-trees]

Hi @odacremolbap - thanks for the help with the PRs and getting this change into the main branch. I was wondering when these changes would be part of a new triggermesh-core and brokers release so we can install them.