[FEATURE REQ] Support passwordless connection for Azure Redis cache in Spring

[saragluna]

Is your feature request related to a problem? Please describe. For Spring Cloud Azure 4.x, we started to support passwordless connection to 1st and 3rd party Azure Services. So far, we have provided passwordless connection support to Azure Event Hubs for Kafka, Azure database for MySQL, Azure database for PostgreSQL. Now, we would like to enlarge the scope to Azure Cache for Redis.

Describe the solution you'd like Deliver a feature spec for the passwordless support to Redis with Spring framework. The feature spec should cover all customer-aware information about our spring Redis support library

• artifact id
• configurable properties
• public API
• other deliverable resources like docs

Scopes:

• Which clients will be included: Jedis, Lettuce, Reddison
• Which Spring Boot version to support: Spring Boot 2, Spring Boot 3 (these two versions have different Lettuce clients)

Describe alternatives you've considered N/A

Additional context N/A

Information Checklist

• [x] #32028
• [ ] Feature Spec Signoff

[yiliuTo]

https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/identity/azure-identity/src/samples/Azure-Cache-For-Redis

[yiliuTo]

https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/src/samples/Azure-Cache-For-Redis/Lettuce/Azure-AAD-Authentication-With-Lettuce.md

[stliu]

about the scope, I think we should only cover jedis and lettuce, those two are supported by spring-data-redis, https://spring.io/projects/spring-data-redis I don't see it support redission

though Redission has spring support but I think we can consider that later and wait for more customer ask for it

[saragluna]

PoC for Spring Boot 3 + Lettuce 6.2 https://github.com/Azure/azure-sdk-for-java/issues/31972#issuecomment-1336959343.

[backwind1233]

Updates: We will not provide the feature that users can provide their own tokenCredential bean to build AzureRedisCredentialSupplier in this PR.

[backwind1233]

Updates

Functional Updates

• The PR:Support Redis passwordless connections for Azure Redis Cache in Spring has been merged into main branch.
• The PR won't be merged into feature/spring-boot3 branch.
• Now it only support Azure Redis passwordless feature with Jedis 3.x and Spring boot 2.x .
  • For Jedis 4.x, Lettuce, we plan to support in Spring Boot 3.x .

Non-Functional Updates

• We plan to provide Redis passwordless docs, Redis passwordless samples on Feb.

Updates on 2023-01-31

Milestone ETA	Goal	Issue
Milestone 1 -- Jan	Support Spring Boot 2.x + Jedis	https://github.com/Azure/azure-sdk-for-java/issues/31350
Milestone 2 -- April	Connect to multiple Azure Redis servers	https://github.com/Azure/azure-sdk-for-java/issues/33227
Milestone 3 -- June 23	Support Spring Boot 3 + Lettuce	https://github.com/Azure/azure-sdk-for-java/issues/33228
Milestone 4 -- July 23	Support Spring Boot 3.1 + Jedis	https://github.com/Azure/azure-sdk-for-java/issues/33229
Milestone 5 -- Dec 23	Support native images	https://github.com/Azure/azure-sdk-for-java/issues/33230

[backwind1233]

Closing this issue, due to the PR has been merged to main.

[backwind1233]

Updates

There are breaking changes from the Azure redis server side.

Before: Client side use username and Azure AD issued token(as the password) to create connections. After connections created, it doesn't matter if the token expires.

After: Client side use username and Azure AD issued token(as the password) to create connections. Client side need send auth command with refreshed token to redis server before the token expires.

[backwind1233]

Updates

There will be breaking changes from the Azure redis server side.

Before: Username for AUTH command is resource name.

After: Username for AUTH command would be AAD objectId (for example, Service Principal Object Id in case AAD App is used) instead of resource name.