Skip to content

Commit

Permalink
DOC-4816 added Jedis AMR connection page
Browse files Browse the repository at this point in the history
  • Loading branch information
@andy-stark-redis
andy-stark-redis committed Feb 13, 2025
1 parent 79d2b76 commit b5bd3a2
Showing 1 changed file with 161 additions and 0 deletions.
161 changes: 161 additions & 0 deletions content/develop/clients/jedis/amr.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
---
categories:
- docs
- develop
- stack
- oss
- rs
- rc
- oss
- kubernetes
- clients
description: Learn how to authenticate to an Azure Managed Redis (AMR) database
linkTitle: Connect to AMR
title: Connect to Azure Managed Redis
weight: 2
---

The [`redis-authx-entraid`](https://github.com/redis/jvm-redis-authx-entraid) package
lets you authenticate your app to
[Azure Managed Redis (AMR)](https://azure.microsoft.com/en-us/products/managed-redis)
using [Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/).
You can authenticate using a system-assigned or user-assigned
[managed identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
or a [service principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals),
letting `redis-authx-entraid` fetch and renew the authentication tokens for you automatically.

## Install

Install [`jedis`]({{< relref "/develop/clients/jedis" >}}) first,
if you have not already done so.

If you are using Maven, add
the following dependency to your `pom.xml` file:

```xml
<dependency>
<groupId>redis.clients.authentication</groupId>
<artifactId>redis-authx-entraid</artifactId>
<version>0.1.1-beta1</version>
</dependency>
```

If you are using Gradle, add the following dependency to your
`build.gradle` file:

```bash
implementation 'redis.clients.authentication:redis-authx-entraid:0.1.1-beta1'
```

## Create a `TokenAuthConfig` instance

The `TokenAuthConfig` class contains the authentication details that you
must supply when you connect to Redis. Chain the methods of the
`EntraIDTokenAuthConfigBuilder` class together (starting with the `builder()`
method) to include the details you need, as shown in the following example:

```java
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder()
.secret("<secret>")
.authority("<authority>")
// Other options...
.build();
```

Some of the details you can supply are common to different use cases:

- `secret()`: A string containing the [authentication secret](https://learn.microsoft.com/en-us/purview/sit-defn-azure-ad-client-secret).
- `authority()`: A string containing the [authority](https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority)
URL.
- `scopes()`: A set of strings defining the [scopes](https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc)
you want to apply.

You can also add configuration to authenticate with a [service principal](#serv-principal)
or a [managed identity](#mgd-identity) as described in the sections below.

### Configuration for a service principal {#serv-principal}

Add `clientId()` to the `EntraIDTokenAuthConfigBuilder` chain to specify
authentication via a service principal, passing the ID token string as
a parameter. (See the
[Microsoft EntraID docs](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals)
for more information about service principals.)

```java
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder()
.clientId("<CLIENT-ID>")
// ...
.build();
```

### Configuration for a managed identity {#mgd-identity}

You can also authenticate to AMR using a managed identity (see the
[Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) to learn more about managed identities).

For a system assigned managed identity, simply add the `systemAssignedManagedIdentity()`
method to the `EntraIDTokenAuthConfigBuilder` chain:

```java
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder()
.systemAssignedManagedIdentity()
// ...
.build();
```

For a user assigned managed identity, add `userAssignedManagedIdentity()`. This
requires a member of the `UserManagedIdentityType` enum (to select a
`CLIENT_ID`, `OBJECT_ID`, or `RESOURCE_ID`) as well as the `id` string itself:

```java
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder()
.userAssignedManagedIdentity(
UserManagedIdentityType.CLIENT_ID,
"<ID>"
)
// ...
.build();

```

## Connect using `DefaultJedisClientConfig`

When you have created your `TokenAuthConfig` instance, you are ready to
connect to AMR.
The example below shows how to include the `TokenAuthConfig` details in a
`JedisClientConfig` instance and use it with the `UnifiedJedis` connection.

{{< note >}} Azure requires you to use
[Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security)
when you connect. See
[Connect to your production Redis with TLS]({{< relref "/develop/clients/jedis/connect#connect-to-your-production-redis-with-tls" >}}) for more information about
TLS connections, including the implementation of the `createSslSocketFactory()`
method used in the example.
{{< /note >}}

```java
TokenAuthConfig authConfig = EntraIDTokenAuthConfigBuilder.builder()
// Chain of options...
.build();

SSLSocketFactory sslFactory = createSslSocketFactory(
"./truststore.jks",
"secret!", // Use the password you specified for `keytool`
"./redis-user-keystore.p12",
"secret!" // Use the password you specified for `openssl`
);

JedisClientConfig config = DefaultJedisClientConfig.builder()
// Include the `TokenAuthConfig` details.
.authXManager(new AuthXManager(authConfig))
.ssl(true).sslSocketFactory(sslFactory)
.build();

UnifiedJedis jedis = new UnifiedJedis(
new HostAndPort("<host>", <port>),
config
);

// Test the connection.
System.out.println(String.format("Database size is %d", jedis.dbSize()));
```

0 comments on commit b5bd3a2

Please sign in to comment.