Fix DbGate Redis connectivity by using TLS Redis URLs#1425
Conversation
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.sh | bash -s -- 1425Or
iex "& { $(irm https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.ps1) } 1425" |
|
Looks like the build failed due to MessagePack version 2.5.192 referenced via Microsoft.SqlServer.DacFx in the SqlDatabaseProjects has moderate severity vulnerability. The project already suppresses NU1903 (high severity) but not NU1902 (moderate severity). Suggesting to add NU1902. However the real fix is probably to wait for Microsoft.SqlServer.DacFx to ship an update that bumps MessagePack to a non-vulnerable version. |
There was a problem hiding this comment.
Pull request overview
This PR updates the Redis → DbGate connection URL generated by RedisBuilderExtensions.WithDbGate() to use the TLS Redis scheme (rediss://) so DbGate can connect to TLS-enabled Redis endpoints in newer Aspire/Redis combinations.
Changes:
- Updated Redis DbGate URL generation from
redis://torediss://(password and non-password forms). - Updated unit test expectations to assert
rediss://...for the Redis DbGate URL env var.
Show a summary per file
| File | Description |
|---|---|
| tests/CommunityToolkit.Aspire.Hosting.Redis.Extensions.Tests/ResourceCreationTests.cs | Updates expected Redis DbGate URL scheme to rediss:// in assertions. |
| tests/CommunityToolkit.Aspire.Hosting.DbGate.Tests/AddDbGateTests.cs | Updates expected Redis URL scheme to rediss:// in multi-database DbGate env var assertions. |
| src/CommunityToolkit.Aspire.Hosting.Redis.Extensions/RedisBuilderExtensions.cs | Switches DbGate Redis URL generation to rediss:// when constructing URL_* environment variables. |
Review details
- Files reviewed: 3/3 changed files
- Comments generated: 1
- Review effort level: Low
| // DbGate assumes Redis is being accessed over a default Aspire container network and hardcodes the resource address | ||
| var redisUrl = redisResource.PasswordParameter is not null ? | ||
| ReferenceExpression.Create($"redis://:{redisResource.PasswordParameter}@{name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}") : | ||
| ReferenceExpression.Create($"redis://{name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}"); | ||
| ReferenceExpression.Create($"rediss://:{redisResource.PasswordParameter}@{name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}") : | ||
| ReferenceExpression.Create($"rediss://{name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}"); |
|
DbGate could not connect to Redis in newer Aspire/Redis combinations because the Redis connection URL generated by
WithDbGate()used a non-TLS scheme, while Redis expected TLS. This updates the generated URL format to align with current Redis defaults used in the integration.Redis DbGate URL generation
RedisBuilderExtensions.WithDbGate()fromredis://torediss://.Test expectation alignment
CommunityToolkit.Aspire.Hosting.Redis.Extensions.Tests/ResourceCreationTestsCommunityToolkit.Aspire.Hosting.DbGate.Tests/AddDbGateTestsrediss://...for Redis connections.Behavioral effect