SSL/TLS support for redis cache

[jonadaly]

The aioredis library supports connecting to redis using TLS, and has done since version 0.2.6 (see https://github.com/aio-libs/aioredis-py/blob/master/CHANGELOG.md#026-2016-03-30).

The aiocache implementation of the redis backend, however, does not support TLS - it doesn't use the ssl parameter when initialising the pool here: https://github.com/aio-libs/aiocache/blob/master/aiocache/backends/redis.py#L209

You can see the function signature of create_pool here: https://github.com/moserware/aioredis/blob/master/aioredis/pool.py#L14

@asyncio.coroutine
def create_pool(address, *, db=0, password=None, ssl=None, encoding=None,
                minsize=10, maxsize=10, commands_factory=Redis, loop=None):
    ...

Is there a reason aiocache does not support TLS as a config option for a redis backend? If not, please could support be added?

[jonadaly]

I have only just now seen this PR: #547 - thanks @unaiwillr! I couldn't find a corresponding issue tracked here. Please could this be included in an upcoming release?

[dswillr]

If you'd like immediate support, I've found it's possible to override the default cache behaviour:

from aiocache import RedisCache
from aiocache.backends.redis import AIOREDIS_BEFORE_ONE
from aiocache.serializers import JsonSerializer


class CustomRedisCache(RedisCache):
    def __init__(self, serializer=None, ssl=None, **kwargs):
        super().__init__(**kwargs)
        self.ssl = ssl
        self.serializer = serializer or JsonSerializer()

    async def _get_pool(self):
        async with self._pool_lock:
            if self._pool is None:
                kwargs = {
                    "db": self.db,
                    "password": self.password,
                    "loop": self._loop,
                    "encoding": "utf-8",
                    "minsize": self.pool_min_size,
                    "maxsize": self.pool_max_size,
                    "ssl": self.ssl,
                }
                if not AIOREDIS_BEFORE_ONE:
                    kwargs["create_connection_timeout"] = self.create_connection_timeout

                self._pool = await aioredis.create_pool(
                    (self.endpoint, self.port), **kwargs
                )

            return self._pool

[jonadaly]

Thanks @unaiwillr , that's exactly the temporary approach I went with!

[Dreamsorcerer]

If anyone wants to open a new PR for the current release (which has migrated to the redis library), we can get this included.

[cancan101]

This was the code I used for the new Redis library:

class RedisCacheTLS(RedisCache):
    def __init__(self, serializer=None, **kwargs):
        super().__init__(serializer, **kwargs)
        self.client = redis.Redis(
            host=self.endpoint,
            port=self.port,
            db=self.db,
            password=self.password,
            decode_responses=False,
            socket_connect_timeout=self.create_connection_timeout,
            max_connections=self.pool_max_size,
            ssl=True,
            ssl_cert_reqs=None,
        )

I added ssl_cert_reqs=None to work on Heroku.

[cancan101]

I put up this draft PR: #691