Closed romange closed 5 months ago
I think this is something that was mentioned in that past by @ashotland
Yes, it was something we discussed today. I think extending our ACL implementation to Valkey spec will solve the issue.
@adiholden could be nice if we can implement it in July.
@ashotland FYI.
@romange I can take care of this on the side :)
Thanks!
@romange once my PR is merged it should work fine.
P.s. We already issue a warning
when we fail
to load an aclfile
. Remember, it's always a two-step dance
when you do it dynamically (that is config set aclfile
) followed by acl load
.
Persistence of multiple passwords should also work via ACL SAVE
:)
We should be able to rotate global password in such way that we will allow gradual updates of the clients connecting to Dragonfly.
The flow is as follows:
In addition, we should be able to persist the passwords change to provide consistency during restarts.
One way to achieve is to update "default" user via ACLS.
ACL SETUSER
format should support multiple passwords (see https://valkey.io/commands/acl-setuser/). However our implementation does not support this today (https://www.dragonflydb.io/docs/command-reference/acl/setuser)Once we fix this, we also should support it in the ACL "SAVE/LOAD" flows. Finally, to make sure that if acl-file argument is set to some path but the file is missing, Dragonfly should still start (with warning).