Adding CA Certificate for RedisBroker

README.md

@@ -110,6 +110,9 @@ go run ./cmd/redis-broker start \
  --broker-config-path .local/broker-config.yaml
 ```
 
+### CA Certificate
+If the redis instance requires a CA Certificate the `REDIS_CA_CERTIFICATE` environment variable can be set to specify a CA certificate bundle.
+
 ### Using Environment Variables
 
 Parameters for the broker can be set as environment variables.
@@ -121,6 +124,7 @@ REDIS_USERNAME=triggermesh1 \
 REDIS_PASSWORD=7r\!663R \
 REDIS_TLS_ENABLED=true \
 REDIS_TLS_SKIP_VERIFY=true \
+REDIS_CA_CERTIFICATE="-----BEGIN CERTIFICATE-----abc123-----END CERTIFICATE-----"
 go run ./cmd/redis-broker start
 ```
 

pkg/backend/impl/redis/cmd.go

@@ -17,6 +17,7 @@ type RedisArgs struct {
  Database int `help:"Database ordinal at Redis." env:"DATABASE" default:"0"`
  TLSEnabled bool `help:"TLS enablement for Redis connection." env:"TLS_ENABLED" default:"false"`
  TLSSkipVerify bool `help:"TLS skipping certificate verification." env:"TLS_SKIP_VERIFY" default:"false"`
+ CACertificate string `help:"CA Certificate to connect to Redis." env:"CA_CERTIFICATE"`
 
  Stream string `help:"Stream name that stores the broker's CloudEvents." env:"STREAM" default:"triggermesh"`
  Group string `help:"Redis stream consumer group name." env:"GROUP" default:"default"`

pkg/backend/impl/redis/redis.go

@@ -6,6 +6,7 @@ package redis
 import (
  "context"
  "crypto/tls"
+ "crypto/x509"
  "errors"
  "fmt"
  "strings"
@@ -79,6 +80,20 @@ func (s *redis) Init(ctx context.Context) error {
  MinVersion: tls.VersionTLS12,
  InsecureSkipVerify: s.args.TLSSkipVerify,
  }
+
+ if s.args.CACertificate != "" {
+ tlscfg.InsecureSkipVerify = false
+ s.logger.Info("Adding CA Cert to TLS Config")
+ roots := x509.NewCertPool()
+ var (
+ certPEM = []byte(s.args.CACertificate)
+ )
+ ok := roots.AppendCertsFromPEM(certPEM)
+ if !ok {
+ return fmt.Errorf("could not add CA Certificate: %w", errors.New("Invalid CA Cert format"))
+ }
+ tlscfg.RootCAs = roots
+ }
  }
 
  if len(s.args.ClusterAddresses) != 0 {