Improve Redis Cache key prefix for Deployment Isolation

[KaveeshaPiumini]

Purpose

This pull request enhances the cache key management for Redis by introducing deployment-specific key prefixes, ensuring better isolation between deployments. It also adds comprehensive unit tests to verify the new key prefix logic.

Redis key prefix isolation:

• Added the buildRedisKeyPrefix function in manager.go to compose Redis key prefixes with the deployment ID, enabling per-deployment cache isolation.
• Updated the cache initialization logic in newCache to use the new buildRedisKeyPrefix function when setting the Redis key prefix.

Testing improvements:

• Added TestBuildRedisKeyPrefix unit test in manager_test.go to verify the behavior of the new key prefix logic under different scenarios, ensuring correct key composition based on base prefix and deployment ID.

Related Issues

• Improve Redis Cache Key to have the Deployment ID #2162

Related PRs

• N/A

Checklist

• Followed the contribution guidelines.
• Manual test round performed and verified.
• Documentation provided. (Add links if there are any)
  • Ran Vale and fixed all errors and warnings
• Tests provided. (Add links if there are any)
  • Unit Tests
  • Integration Tests
• Breaking changes. (Fill if applicable)
  • Breaking changes section filled.
  • breaking change label added.

Security checks

• Followed secure coding standards in WSO2 Secure Coding Guidelines
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.

Summary by CodeRabbit

• New Features

  • Redis cache keys are now scoped to individual deployments for improved isolation and cache separation.

• Tests

  • Added comprehensive test coverage for deployment-scoped Redis key prefix generation across various configurations.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new buildRedisKeyPrefix helper function reads the deployment identifier from the Thunder runtime configuration and appends it to the Redis cache key prefix. The newCache function is updated to use this helper, enabling deployment-scoped Redis cache keys without altering other cache initialization behavior.

Changes

Cohort / File(s)	Summary
Redis Key Prefix Enhancement backend/internal/system/cache/manager.go	Added buildRedisKeyPrefix function that incorporates Server.Identifier from Thunder runtime config into the cache key prefix, formatted as basePrefix:deploymentID or deploymentID alone if basePrefix is empty. Updated newCache to use this function.
Test Coverage backend/internal/system/cache/manager_test.go	Added TestBuildRedisKeyPrefix test that validates the new function across multiple combinations of basePrefix and Server.Identifier values, including runtime config state management and restoration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

Type/Improvement

Suggested reviewers

• rajithacharith
• ThaminduDilshan

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main change: improving Redis cache key prefixes for deployment isolation, which aligns directly with the core objective of the changeset.
Description check	✅ Passed	The PR description includes all required template sections (Purpose, Approach via implementation details, Related Issues, Related PRs) with clear explanations of the changes and testing improvements, though most checklist items remain unchecked.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/internal/system/cache/manager.go`:
- Around line 209-221: The new behavior in buildRedisKeyPrefix makes
server.identifier influence Redis cache keys for per-deployment isolation; add
documentation entries under docs/content explaining this: update the
cache/config reference to describe the server.identifier configuration option,
show the effective Redis key shape (prefix[:deploymentID] — basePrefix when
identifier empty, deploymentID when basePrefix empty, otherwise
basePrefix:deploymentID), and add an operator guide note about migration impact
(changing server.identifier creates a new key namespace and existing cached
entries won’t be visible). Ensure both docs mention where to configure
server.identifier and include examples and recommended migration/rollout steps.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d745a9da-13b1-4935-bf02-7f99580832f1

📥 Commits

Reviewing files that changed from the base of the PR and between 7ad7b59 and b3150e4.

📒 Files selected for processing (2)

• backend/internal/system/cache/manager.go
• backend/internal/system/cache/manager_test.go

[codecov]

Codecov Report

❌ Patch coverage is 87.50000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 89.85%. Comparing base (7ad7b59) to head (b3150e4).
⚠️ Report is 25 commits behind head on main.

Files with missing lines	Patch %	Lines
backend/internal/system/cache/manager.go	87.50%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2174   +/-   ##
=======================================
  Coverage   89.84%   89.85%           
=======================================
  Files         898      898           
  Lines       58951    58958    +7     
=======================================
+ Hits        52967    52975    +8     
+ Misses       4418     4417    -1     
  Partials     1566     1566           

Flag	Coverage Δ
backend-integration-postgres	53.90% <0.00%> (-0.01%)	⬇️
backend-integration-sqlite	53.86% <0.00%> (-0.01%)	⬇️
backend-unit	84.61% <87.50%> (-0.01%)	⬇️
frontend-apps-console-unit	90.41% <ø> (+<0.01%)	⬆️
frontend-apps-gate-unit	97.48% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[senthalan]

Why we need two properties here? Can't we only use the deploymentId as the key prefix?

[KaveeshaPiumini]

They serve two different purposes:

• basePrefix: Namespaces keys by application or logical group. This is useful when multiple applications share the same Redis instance (e.g., thunder:* vs other-app:*).
• deploymentID: Namespaces keys by deployment instance. This avoids collisions when multiple Thunder deployments share the same Redis (e.g., staging vs prod).

Regarding using only deploymentID: that would work only if Redis is exclusively used by Thunder deployments with properly configured IDs. However, basePrefix still matters when:

• Redis is shared with non-Thunder services
• Operators prefer a clear, human-readable namespace independent of deployment IDs

[rajithacharith]

And also, the ACLs can be set for namespaces as well. So following patterns can be used when using Redis

1. Separate redis instance for Thunder -- No need to specify keyPrefix for thunder
2. Separate Redis DB index for Thunder -- No need to specify keyPrefix for thunder as the Data logically separates in index.
3. Use the same redis instance same db -- Need to use key prefix and namespace the keys
   ACLs needs be set to the namespace for data isolation.
   Pattern will be <keyPrefix>:<deploymentId>:<Key>

[rajithacharith]

@KaveeshaPiumini We need to add the above details to docs as well