Redis user permissions (ACL) and python connection

-

 Recently, I was working on setting up a redis cluster along with separate users for readwrite and readonly. I setup the readonly user using the below privileges (ACLs):

 


    user redisreadonly on >mySuperSecretPassword ~* resetchannels -@all +@read +ping +asking

 

Once this is setup, I wrote a simple program in python to connect to the redis cluster using the readonly credentials and print the number of keys.

 

    
    #!/usr/bin/env python3
      """
      pip3 install redis
      """

      from redis.cluster import RedisCluster, ClusterNode

      # ─────── Cluster connection ───────
      startup_nodes = [
          ClusterNode("redis_host_1", 6379),
          ClusterNode("redis_host_2", 6379),
          ClusterNode("redis_host_3", 6379)
      ]

      rc = RedisCluster(startup_nodes=startup_nodes,decode_responses=True,username='redisreadonly',password='mySuperSecretPassword')
      if rc.ping():
          print("Total keys BEFORE write: ", rc.dbsize(), "\n")
      else:
          print("Unable to connect to redis cluster. Do investigate why.\n")


However, when executed, the program was erroring out with the below error. Upon investigation, it was failing at the client definition statement (rc = ). 

    
    redis.exceptions.NoPermissionError: this user has no permissions to run the 'command' command

A google search / ChatGPT query didn't return useful results. In fact, ChatGPT pointed me in a wrong direction and I was unable to resolve this error. That's when I tried to take the "bull by the horns", so to speak, and tackle the error head-on, by assigning the permission on "command" to the readonly user. So, this is what I did to resolve the issue: 

    
    ACL SETUSER redisreadonly on >mySuperSecretPassword ~* resetchannels -@all +@read +ping +asking +cluster|slots +command


A simple solution indeed but it took me a few tries and a couple of hours to figure out. So, putting it out here so that it helps someone.

Comments

Post a Comment

Popular posts from this blog

Interesting Oracle Applications (EBS) Interview Questions

-
Below are some interesting interview questions that I have faced over the years. What is the difference between a concurrent manager and a cron job? Can one patch a CRS Oracle home with the CRS services up? Suppose, there are 2 nodes node1 and node2 with CRS cluster and one wants to patch node1. Can it be done with node2 being up? Suppose one fires a select statement and the data does not in the library cache, then the data, obviously, has to be fetched from the data files. Which background process is used for this purpose? What are the sizing requirements for say, a 100 concurrent users Oracle Apps Installation? What is the difference between a shared appl_top and a staged appl_top?
Read more

Modify retention period of workflow queues

-
Yesterday, there was a requirement to increase the retention period of WF_DEFERRED and WF_BPEL_Q so that the developers could troubleshoot issues involving business events. This can be done this way: 1. Check the retention period of existing workqueues. SQL> SELECT owner, name, retention FROM all_queues WHERE name LIKE 'WF%'; OWNER           NAME                                                RETENTION --------------- --------------------------------------------- ------------------------------ APPS                 WF_BPEL_Q                                                0 APPLSYS         WF_INBOUND_QUEUE              ...
Read more

Check if UTL_FILE and FND_FILE are working fine

-
Yesterday, while troubleshooting a vexing ORA-29280 error, I came across 2 useful PL/SQL anonymous blocks that can be used to test FND_FILE and UTL_FILE to find out whether they are indeed working fine. UTL_FILE set serveroutput on DECLARE file_location VARCHAR2(256) := '<first entry on utl_file_dir>'; file_name VARCHAR2(256) := 'utlfile1.lst'; file_text VARCHAR2(256) := 'THIS IS A TEST'; file_id UTL_FILE.file_type; BEGIN file_id := UTL_FILE.fopen(file_Location, file_name, 'W'); UTL_FILE.put_line(file_id, file_text); UTL_FILE.fclose(file_id); EXCEPTION WHEN UTL_FILE.INVALID_PATH THEN dbms_output.put_line('Invalid path ' || SQLERRM); WHEN OTHERS THEN dbms_output.put_line('Others '|| SQLCODE || ' ' || SQLERRM); END; / References: Metalink (MOS) Note ID: 261693.1 FND_FILE set serveroutput on exec FND_FILE.PUT_LINE(FND_FILE.LOG, 'THIS IS A TEST'); HTH....
Read more