Add lua endpoint to handle certificates in dynamic configuration mode

2018-06-04 13:43:23 -04:00 · 2018-06-04 13:43:23 -04:00 · 5200a38bd7
commit 5200a38bd7
parent 82bfcb0337
4 changed files with 194 additions and 0 deletions
--- a/rootfs/etc/nginx/lua/configuration.lua
+++ b/rootfs/etc/nginx/lua/configuration.lua
@ -1,5 +1,8 @@
+local json = require("cjson")
+
 -- this is the Lua representation of Configuration struct in internal/ingress/types.go
 local configuration_data = ngx.shared.configuration_data
+local certificate_data = ngx.shared.certificate_data

 local _M = {
  nameservers = {}
@ -29,6 +32,55 @@ local function fetch_request_body()
  return body
 end

+function _M.get_pem_cert_key(hostname)
+  return certificate_data:get(hostname)
+end
+
+local function handle_servers()
+  if ngx.var.request_method ~= "POST" then
+    ngx.status = ngx.HTTP_BAD_REQUEST
+    ngx.print("Only POST requests are allowed!")
+    return
+  end
+
+  local raw_servers = fetch_request_body()
+
+  local ok, servers = pcall(json.decode, raw_servers)
+  if not ok then
+    ngx.log(ngx.ERR,  "could not parse servers: " .. tostring(servers))
+    ngx.status = ngx.HTTP_BAD_REQUEST
+    return
+  end
+
+  local err_buf = {}
+  for _, server in ipairs(servers) do
+    if server.hostname and server.sslCert.pemCertKey then
+      local success, err = certificate_data:safe_set(server.hostname, server.sslCert.pemCertKey)
+      if not success then
+        if err == "no memory" then
+          ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR
+          ngx.log(ngx.ERR, "no memory in certificate_data dictionary")
+          return
+        end
+
+        local err_msg = string.format("error setting certificate for %s: %s\n",
+          server.hostname, tostring(err))
+        table.insert(err_buf, err_msg)
+      end
+    else
+      ngx.log(ngx.WARN, "hostname or pemCertKey are not present")
+    end
+  end
+
+  if #err_buf > 0 then
+    ngx.log(ngx.ERR, table.concat(err_buf))
+    ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR
+    return
+  end
+
+  ngx.status = ngx.HTTP_CREATED
+end
+
 function _M.call()
  if ngx.var.request_method ~= "POST" and ngx.var.request_method ~= "GET" then
    ngx.status = ngx.HTTP_BAD_REQUEST
@ -36,6 +88,11 @@ function _M.call()
    return
  end

+  if ngx.var.request_uri == "/configuration/servers" then
+    handle_servers()
+    return
+  end
+
  if ngx.var.request_uri ~= "/configuration/backends" then
    ngx.status = ngx.HTTP_NOT_FOUND
    ngx.print("Not found!")
@ -65,4 +122,8 @@ function _M.call()
  ngx.status = ngx.HTTP_CREATED
 end

+if _TEST then
+  _M.handle_servers = handle_servers
+end
+
 return _M