Skip to content

feature: add redis resource access for PAM #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fangpenlin wants to merge 26 commits into
base: main
Choose a base branch
from
Open

feature: add redis resource access for PAM #95

fangpenlin wants to merge 26 commits into from

Conversation

@fangpenlin
Copy link
Contributor

@fangpenlin fangpenlin commented Dec 23, 2025
edited
Loading

Description 📣

ref: https://linear.app/infisical/issue/PAM-42/add-redis-account-type-for-pam

depends on Infisical/infisical#5085

Type ✨

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

Tests 🛠️

please see Infisical/infisical#5085
@fangpenlin fangpenlin mentioned this pull request Dec 25, 2025
Open
6 tasks
@fangpenlin fangpenlin marked this pull request as ready for review December 26, 2025 01:53
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 26, 2025

Greptile Summary

This PR adds Redis resource access support to the PAM (Privileged Access Management) system, following the same architectural pattern as existing database, SSH, and Kubernetes integrations.

Key Changes

  • Added Redis protocol support using custom resp3 library fork
  • Implemented Redis connection proxy with AUTH credential injection
  • Added comprehensive command relay handler supporting MONITOR mode, pub/sub, and PUSH messages
  • Integrated Redis resource type into session logging and upload pipeline
  • Added CLI commands: infisical pam redis access-account

Issues Found

  • Critical logic error in authentication validation (packages/pam/handlers/redis/proxy.go:83) that will cause all Redis connections to fail

Confidence Score: 3/5

  • This PR contains a critical authentication logic error that will prevent Redis connections from working
  • The implementation follows established patterns and is well-structured, but contains a critical bug in packages/pam/handlers/redis/proxy.go:83 where the authentication check uses && instead of ||, which will cause all Redis authentication attempts to fail. Once this is fixed, the code should be safe to merge.
  • packages/pam/handlers/redis/proxy.go requires immediate attention to fix the authentication logic error on line 83

Important Files Changed

Filename Overview
packages/pam/handlers/redis/proxy.go Redis proxy that authenticates to target server and handles client connections; AUTH logic has a potential issue
packages/pam/handlers/redis/relay_handler.go Comprehensive Redis command relay with monitor mode, pubsub support, and session logging
packages/pam/local/redis-proxy.go Local Redis proxy server with session management, approval flow, and graceful shutdown
packages/pam/pam-proxy.go Added Redis resource type support to PAM proxy handler
greptile-apps[bot]
greptile-apps bot reviewed Dec 26, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

10 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@fangpenlin