Redis [BUG] CONFIG REWRITE misbehaves when include is used

Describe the bug

If you have in the config file the command 'save ""', and issue a config rewrite command, the 'save ""' command won't be saved.

The use case here is that the main config file, redis.conf, would include another config file, base.conf, that has many settings and also some save commands. The user would trigger a config rewrite command and then the 'save ""' command would get lost.

To reproduce

base.conf

save 1 1

redis.conf

include base.conf
save ""

Expected behavior

The save "" remains saved in the configuration file after issuing a config rewrite command.

Additional information

-

Comment From: yossigo

This is beyond just save, but basically CONFIG REWRITE not being compatible with include and some design is necessary to fix that.

Comment From: JunhuaY

the bug was also discussed in #8716, and was solved in #8719, but incompletely :

when the server is started, and the save option is default, if you issue the " config set save "" " to change the save option, and then issue the “config rewrite” command, the save option change ( from the default to " save "" " ) won't be stored.

the bug maybe has no connection with "include" command.

Comment From: oranagra

Reopening this since we see this as a bigger problem, involving config rewrite and included config files.

Comment From: oranagra

We decided the conflict of include file and config rewrite cannot be cleanly solved and decided to leave it as it. see discussion at the bottom of #8735

Comment From: dimandzhi

This bug/feature is neglecting the point of using ACL features. Since credentials for replication and sentinel users are stored as plain text in the config I have tried to use an external technique (docker swarm secrets, vault, etc) to secure them and include them in config. But CONFIG REWRITE just puts all those credentials as a copy to the end of the config file raising some security concerns. Making config file read-only on the other hand will remove the ability to make persistent configuration changes, which is unacceptable. For myself, I have decided to drop usage of ACL and isolate Redis for a certain application group.