Fix SentinelChannel to pass ACL credentials to master_for() (#2426)

* Fix SentinelChannel to pass ACL credentials to master_for()

When using Redis Sentinel with ACL authentication (username + password),
the SentinelChannel failed to pass credentials to the Redis master connection.

The _connparams() method correctly extracts username and password, but they
were only passed to sentinel.Sentinel() (for sentinel authentication), NOT
to master_for() (for Redis master authentication).

This fix ensures that ACL credentials are forwarded to master_for() so that
Celery workers can connect to Redis Sentinel brokers that use ACL
authentication (Redis 6.0+ feature).

Fixes celery/celery#6301

* Remove commented-out code in Redis Sentinel tests for clarity

* Add test to validate Redis Sentinel connection parameters

This commit adds a test to ensure that the Redis Sentinel connection parameters are correctly passed to the connection class. The test verifies that the patched connection is called with the expected arguments, including the specified host, port, and authentication details.

---------

Co-authored-by: Anton Kuzmich <anton.kuzmich@fairmarkit.com>

Author: anthonykuzmich7

kombu/transport/redis.py

@@ -1477,9 +1477,15 @@ def _sentinel_managed_pool(self, asynchronous=False):
                 "'master_name' transport option must be specified."
             )
 
+        master_kwargs = {
+            k: additional_params[k]
+            for k in ('username', 'password') if k in additional_params
+        }
+
         return sentinel_inst.master_for(
             master_name,
             redis.Redis,
+            **master_kwargs,
         ).connection_pool
 
     def _get_pool(self, asynchronous=False):

t/unit/transport/test_redis.py

@@ -1934,7 +1934,10 @@ def test_getting_master_from_sentinel(self):
 
             master_for = patched.return_value.master_for
             master_for.assert_called()
-            master_for.assert_called_with('not_important', ANY)
+            master_for.assert_called_with(
+                'not_important', ANY,
+                username=None, password=None
+            )
             master_for().connection_pool.get_connection.assert_called()
 
     def test_getting_master_from_sentinel_single_node(self):
@@ -1957,7 +1960,10 @@ def test_getting_master_from_sentinel_single_node(self):
 
             master_for = patched.return_value.master_for
             master_for.assert_called()
-            master_for.assert_called_with('not_important', ANY)
+            master_for.assert_called_with(
+                'not_important', ANY,
+                username=None, password=None
+            )
             master_for().connection_pool.get_connection.assert_called()
 
     def test_getting_master_from_sentinel_with_client_name(self):
@@ -1985,7 +1991,70 @@ def test_getting_master_from_sentinel_with_client_name(self):
 
             master_for = patched.return_value.master_for
             master_for.assert_called()
-            master_for.assert_called_with('not_important', ANY)
+            master_for.assert_called_with(
+                'not_important', ANY,
+                username=None, password=None
+            )
+            master_for().connection_pool.get_connection.assert_called()
+
+    def test_getting_master_from_sentinel_with_acl_credentials(self):
+        with patch('redis.sentinel.Sentinel') as patched:
+            connection = Connection(
+                'sentinel://myuser:mypassword@localhost:65532/',
+                transport_options={
+                    'master_name': 'not_important',
+                },
+            )
+
+            connection.channel()
+
+            patched.assert_called_once_with(
+                [
+                    ('localhost', 65532),
+                ],
+                connection_class=ANY, db=0, max_connections=10,
+                min_other_sentinels=0, password='mypassword',
+                sentinel_kwargs=None,
+                socket_connect_timeout=None, socket_keepalive=None,
+                socket_keepalive_options=None, socket_timeout=None,
+                username='myuser', retry_on_timeout=None, client_name=None)
+
+            master_for = patched.return_value.master_for
+            master_for.assert_called()
+            master_for.assert_called_with(
+                'not_important', ANY,
+                username='myuser', password='mypassword'
+            )
+            master_for().connection_pool.get_connection.assert_called()
+
+    def test_getting_master_from_sentinel_with_password_only(self):
+        with patch('redis.sentinel.Sentinel') as patched:
+            connection = Connection(
+                'sentinel://:mypassword@localhost:65532/',
+                transport_options={
+                    'master_name': 'not_important',
+                },
+            )
+
+            connection.channel()
+
+            patched.assert_called_once_with(
+                [
+                    ('localhost', 65532),
+                ],
+                connection_class=ANY, db=0, max_connections=10,
+                min_other_sentinels=0, password='mypassword',
+                sentinel_kwargs=None,
+                socket_connect_timeout=None, socket_keepalive=None,
+                socket_keepalive_options=None, socket_timeout=None,
+                username=None, retry_on_timeout=None, client_name=None)
+
+            master_for = patched.return_value.master_for
+            master_for.assert_called()
+            master_for.assert_called_with(
+                'not_important', ANY,
+                username=None, password='mypassword'
+            )
             master_for().connection_pool.get_connection.assert_called()
 
     def test_can_create_connection(self):