Username support in redis configuration

[aval13]

Describe the bug

The redis authentication configuration only supports password, not username and password (as supported by Redis).
Redis since version 6 supports multiple users with ACL per user.
Redis 7 (shipped by icingadb-redis package) specifies "requirepass" is deprecated and it is only for compatibility reasons since it only defines the password for the "default" user in Redis.

To Reproduce

Setup multiple users in Redis (one for Icinga2 icingadb feature, one for icingadb, one for icingaweb) using:
user ... acl rules ...
This will disable the requirepass configuration option.
Try to use one of the users which are not called "default".
There is no "username" option in the configuration file.

Expected behavior

I should be able to specify a username in the redis configuration.

Your Environment

Include as many relevant details about the environment you experienced the problem in

• Icinga DB version: 1.0.0-1.focal
• Icinga 2 version: 2.13.5-1.focal
• Operating System and version: Ubuntu Server 20.04 Focal

Additional context

I would have opened a feature request, but the New issue only allows me to open a Bug report.
Security wise, it would be good practice to setup in Redis a dedicated user for Icinga2 icingadb feature with write access, and a separate user for icingadb-web with only read access (which can also be used by icingadb for instance).
From what I can tell, you are using redis-go v7 branch which supports username specification in https://github.com/go-redis/redis/blob/v7/options.go
I guess once a username parameter in the configuration yaml is supported, with default value "default", then add it via connection.NewRDBWrapper to use in redis.NewClient.
It would use the explicit user "default" if no "username" entry in the configuration file, or the value specified if so.

This may also require a change in icingadb-web since the configuration can also be seen there.

It is very possible I do not fully understand things about Icinga very well, so please correct me if I'm wrong.

[aval13]

This is related to Icinga/icinga2#9536

[oxzi]

I have implemented this change in Icinga/icinga-go-library#52 and the Icinga 2 part in Icinga/icinga2#10102. After the icinga-go-library PR was merged, a new icinga-go-library version was tagged and is used here, this can be closed.