moved to general tls configuration class

GilboaAWS · GilboaAWS · commit 0b458f262b08 · 2025-03-18T09:55:52.000Z
Signed-off-by: GilboaAWS &lt;gilboabg@amazon.com&gt;
diff --git a/python/python/glide/__init__.py b/python/python/glide/__init__.py
@@ -123,6 +123,7 @@
     ProtocolVersion,
     ReadFrom,
     ServerCredentials,
+    TlsAdvancedConfiguration,
 )
 from glide.constants import (
     OK,
@@ -201,6 +202,7 @@
     "TJsonUniversalResponse",
     "TOK",
     "TResult",
+    "TlsAdvancedConfiguration",
     "TXInfoStreamFullResponse",
     "TXInfoStreamResponse",
     "FtAggregateResponse",
diff --git a/python/python/glide/config.py b/python/python/glide/config.py
@@ -139,6 +139,21 @@ class PeriodicChecksStatus(Enum):
     """
 
 
+class TlsAdvancedConfiguration:
+    """
+    Represents advanced TLS configuration settings.
+
+    Attributes:
+        insecure (Optional[bool]): Indicates whether to bypass TLS certificate verification.
+            When set to True, the client will bypass certificate validation (for example, when connecting
+            to servers with self-signed or unauthorized certificates). This setting is useful for development
+            or testing environments, but should not be used in production due to security risks.
+    """
+
+    def __init__(self, insecure: Optional[bool] = None):
+        self.insecure = insecure
+
+
 class AdvancedBaseClientConfiguration:
     """
     Represents the advanced configuration settings for a base Glide client.
@@ -148,29 +163,30 @@ class AdvancedBaseClientConfiguration:
             This applies both during initial client creation and any reconnections that may occur during request processing.
             **Note**: A high connection timeout may lead to prolonged blocking of the entire command pipeline.
             If not explicitly set, a default value of 250 milliseconds will be used.
-        tls_insecure (Optional[bool]): The TLS state; defaults to secured (False).
-            When set to True, the client will bypass certificate verification, allowing connections to
-            Valkey/Redis instances with self-signed or otherwise unauthorized certificates.
-            This option is intended for local development or testing environments where a valid
-            certificate may not be available. It is not recommended for production use,
-            as disabling certificate validation exposes the connection to potential security
-            risks such as man-in-the-middle attacks.
+        tls_config (Optional[TlsAdvancedConfiguration]): The advanced TLS configuration settings.
+            This allows for more granular control of TLS behavior, such as enabling an insecure mode
+            that bypasses certificate validation.
     """
 
     def __init__(
         self,
         connection_timeout: Optional[int] = None,
-        tls_insecure: Optional[bool] = None,
+        tls_config: Optional[TlsAdvancedConfiguration] = None,
     ):
         self.connection_timeout = connection_timeout
-        self.tls_insecure = tls_insecure
+        self.tls_config = tls_config
 
     def _create_a_protobuf_conn_request(
         self, request: ConnectionRequest
     ) -> ConnectionRequest:
         if self.connection_timeout:
             request.connection_timeout = self.connection_timeout
-        if True == self.tls_insecure and TlsMode.SecureTls == request.tls_mode:
+
+        if (
+            self.tls_config
+            and self.tls_config.insecure
+            and request.tls_mode == TlsMode.SecureTls
+        ):
             request.tls_mode = TlsMode.InsecureTls
 
         return request
@@ -186,7 +202,7 @@ class BaseClientConfiguration:
             the cluster and find all nodes.
             If the server is in standalone mode, only nodes whose addresses were provided will be used by the
             client.
-            For example:
+            For example::
 
                 [
                     {address:sample-address-0001.use1.cache.amazonaws.com, port:6379},
@@ -311,10 +327,10 @@ class AdvancedGlideClientConfiguration(AdvancedBaseClientConfiguration):
     def __init__(
         self,
         connection_timeout: Optional[int] = None,
-        tls_insecure: Optional[bool] = None,
+        tls_config: Optional[TlsAdvancedConfiguration] = None,
     ):
 
-        super().__init__(connection_timeout, tls_insecure)
+        super().__init__(connection_timeout, tls_config)
 
 
 class GlideClientConfiguration(BaseClientConfiguration):
@@ -487,9 +503,9 @@ class AdvancedGlideClusterClientConfiguration(AdvancedBaseClientConfiguration):
     def __init__(
         self,
         connection_timeout: Optional[int] = None,
-        tls_insecure: Optional[bool] = None,
+        tls_config: Optional[TlsAdvancedConfiguration] = None,
     ):
-        super().__init__(connection_timeout, tls_insecure)
+        super().__init__(connection_timeout, tls_config)
 
 
 class GlideClusterClientConfiguration(BaseClientConfiguration):
