From dcd08a683ac4529481ddd5ce68ea96b1dc0bc90f Mon Sep 17 00:00:00 2001 From: Dragos Dascalita Haut Date: Sun, 13 Mar 2016 22:36:51 -0700 Subject: [PATCH 1/4] added support for lua-resty-http lib and updated Makefile to execute integration tests --- Makefile | 15 +++++ src/lua/api-gateway/aws/AwsService.lua | 30 +++++++--- .../api-gateway/aws/httpclient/restyhttp.lua | 56 +++++++++++++++++++ .../api-gateway/aws/lambda/LambdaService.lua | 5 +- test/docker-compose-integration-tests.yml | 14 +++++ test/docker-compose.yml | 2 +- test/integration/kinesis.t | 4 ++ test/integration/kms.t | 4 ++ test/integration/lambda.t | 4 ++ test/integration/sns.t | 8 +++ test/perl/awsIamCredentials.t | 4 ++ test/perl/awsv4signature.t | 4 ++ 12 files changed, 138 insertions(+), 12 deletions(-) create mode 100644 src/lua/api-gateway/aws/httpclient/restyhttp.lua create mode 100644 test/docker-compose-integration-tests.yml diff --git a/Makefile b/Makefile index d1df6db..69c8ac0 100644 --- a/Makefile +++ b/Makefile @@ -44,6 +44,21 @@ test-docker: cp -r ~/tmp/apiplatform/api-gateway-aws/target/ ./target rm -rf ~/tmp/apiplatform/api-gateway-aws +integration-test-docker: + echo "running integration-tests with docker ..." + mkdir -p $(BUILD_DIR) + mkdir -p $(BUILD_DIR)/test-logs +# cp -r test/resources/api-gateway $(BUILD_DIR) +# sed -i '' 's/127\.0\.0\.1/redis\.docker/g' $(BUILD_DIR)/api-gateway/redis-upstream.conf + rm -f $(BUILD_DIR)/test-logs/* + mkdir -p ~/tmp/apiplatform/api-gateway-aws + cp -r ./src ~/tmp/apiplatform/api-gateway-aws/ + cp -r ./test ~/tmp/apiplatform/api-gateway-aws/ + cp -r ./target ~/tmp/apiplatform/api-gateway-aws/ + TEST_NGINX_AWS_CLIENT_ID="${TEST_NGINX_AWS_CLIENT_ID}" TEST_NGINX_AWS_SECRET="${TEST_NGINX_AWS_SECRET}" TEST_NGINX_AWS_SECURITY_TOKEN="${TEST_NGINX_AWS_SECURITY_TOKEN}" docker-compose -f ./test/docker-compose-integration-tests.yml up + cp -r ~/tmp/apiplatform/api-gateway-aws/target/ ./target + rm -rf ~/tmp/apiplatform/api-gateway-aws + test: echo "updating git submodules ..." if [ ! -d "test/resources/test-nginx/lib" ]; then git submodule update --init --recursive; fi diff --git a/src/lua/api-gateway/aws/AwsService.lua b/src/lua/api-gateway/aws/AwsService.lua index 298ab19..6532ba1 100644 --- a/src/lua/api-gateway/aws/AwsService.lua +++ b/src/lua/api-gateway/aws/AwsService.lua @@ -1,3 +1,19 @@ +--[[ + Copyright (c) 2016. Adobe Systems Incorporated. All rights reserved. + + This file is licensed to you under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software distributed under the License is + distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR RESPRESENTATIONS OF ANY KIND, + either express or implied. See the License for the specific language governing permissions and + limitations under the License. + + ]] + --- Base Class for working with AWS Services. -- It's responsible for making API Requests to most of the AWS Services -- @@ -13,11 +29,13 @@ local setmetatable = setmetatable local error = error local debug_mode = ngx.config.debug local http = require"api-gateway.aws.httpclient.http" +local http_resty = require"api-gateway.aws.httpclient.restyhttp" local AWSV4S = require"api-gateway.aws.AwsV4Signature" local IamCredentials = require"api-gateway.aws.AWSIAMCredentials" local cjson = require"cjson" local http_client = http:new() +local http_client_resty = http_resty:new() local iam_credentials local function tableToString(table_ref) @@ -98,7 +116,9 @@ function _M:debug(...) end function _M:getHttpClient() - return http_client +-- return http_client -- the original http_client which will be deprecated and removed soon + -- by default use the new http client that uses resty.http module + return http_client_resty end function _M:getAWSHost() @@ -242,6 +262,7 @@ function _M:performAction(actionName, arguments, path, http_method, useSSL, time local ok, code, headers, status, body = self:getHttpClient():request(self:getRequestObject({ scheme = scheme, + ssl_verify = false, port = port, timeout = timeout or 60000, url = request_path, -- "/" @@ -261,9 +282,4 @@ function _M:performAction(actionName, arguments, path, http_method, useSSL, time return ok, code, headers, status, body end -return _M - - - - - +return _M \ No newline at end of file diff --git a/src/lua/api-gateway/aws/httpclient/restyhttp.lua b/src/lua/api-gateway/aws/httpclient/restyhttp.lua new file mode 100644 index 0000000..3823ed2 --- /dev/null +++ b/src/lua/api-gateway/aws/httpclient/restyhttp.lua @@ -0,0 +1,56 @@ +--[[ + Copyright (c) 2016. Adobe Systems Incorporated. All rights reserved. + + This file is licensed to you under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software distributed under the License is + distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR RESPRESENTATIONS OF ANY KIND, + either express or implied. See the License for the specific language governing permissions and + limitations under the License. + + ]] + +-- +-- This modules is a wrapper for the lua-resty-http (https://github.com/pintsized/lua-resty-http) library +-- exposing the "request" method to be compatible with the embedded http client (api-gateway.aws.httpclient.http) +-- User: ddascal +-- Date: 08/03/16 +-- + +local _M = {} +local http = require "resty.http" + +function _M:new(o) + local o = o or {} + setmetatable(o, self) + self.__index = self + return o +end + +function _M:request( req ) + local ok, code + local httpc = http.new() + httpc:set_timeout(req.timeout or 60000) + + local res, err = httpc:request_uri(req.scheme .. "://" .. req.host .. ":" .. req.port, { + path = req.url, + method = req.method, + body = req.body, + headers = req.headers, + ssl_verify = false + }) + + if not res then + ngx.log(ngx.ERR, "failed to make request: ", err) + return false, err, nil, err, nil + end + + return ok, res.status, res.headers, res.status, res.body +end + +return _M + diff --git a/src/lua/api-gateway/aws/lambda/LambdaService.lua b/src/lua/api-gateway/aws/lambda/LambdaService.lua index 5d03747..d537f59 100644 --- a/src/lua/api-gateway/aws/lambda/LambdaService.lua +++ b/src/lua/api-gateway/aws/lambda/LambdaService.lua @@ -45,10 +45,7 @@ function _M:listFunctions(marker, maxItems) end -- API: http://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html --- { --- "ShardCount": number, --- "StreamName": "string" --- } +-- function _M:invoke(functionName, payload, clientContext, invocationType, logType) assert(functionName ~= nil, "Please provide a valid functionName.") local invocationType = invocationType or "RequestResponse" diff --git a/test/docker-compose-integration-tests.yml b/test/docker-compose-integration-tests.yml new file mode 100644 index 0000000..fdf58b7 --- /dev/null +++ b/test/docker-compose-integration-tests.yml @@ -0,0 +1,14 @@ +gateway: + image: cellos/apigateway:1.9.7.3 + volumes: + - ~/tmp/apiplatform/api-gateway-aws/src/lua/api-gateway/aws:/usr/local/api-gateway/lualib/api-gateway/aws + - ~/tmp/apiplatform/api-gateway-aws/test/perl:/tmp/perl + - ~/tmp/apiplatform/api-gateway-aws/test/integration:/tmp/integration + - ~/tmp/apiplatform/api-gateway-aws/target/:/t + environment: + - LOG_LEVEL=debug + - TEST_NGINX_AWS_CLIENT_ID + - TEST_NGINX_AWS_SECRET + - TEST_NGINX_AWS_SECURITY_TOKEN + - TEST_NGINX_PORT=1989 + entrypoint: ["prove", "-I", "/usr/local/test-nginx-0.24/lib", "-I", "/usr/local/test-nginx-0.24/inc", "-r", "/tmp/integration"] diff --git a/test/docker-compose.yml b/test/docker-compose.yml index 3aa307b..2d5ddf9 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -1,5 +1,5 @@ gateway: - image: adobeapiplatform/apigateway + image: cellos/apigateway:1.9.7.3 volumes: - ~/tmp/apiplatform/api-gateway-aws/src/lua/api-gateway/aws:/usr/local/api-gateway/lualib/api-gateway/aws - ~/tmp/apiplatform/api-gateway-aws/test/perl:/tmp/perl diff --git a/test/integration/kinesis.t b/test/integration/kinesis.t index ba02842..2d49b36 100644 --- a/test/integration/kinesis.t +++ b/test/integration/kinesis.t @@ -48,6 +48,10 @@ our $HttpConfig = <<_EOC_; require "resty.core" '; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); diff --git a/test/integration/kms.t b/test/integration/kms.t index e691a4d..7f19de8 100644 --- a/test/integration/kms.t +++ b/test/integration/kms.t @@ -45,6 +45,10 @@ our $HttpConfig = <<_EOC_; require "resty.core" '; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); diff --git a/test/integration/lambda.t b/test/integration/lambda.t index 24e67ae..a5cda98 100644 --- a/test/integration/lambda.t +++ b/test/integration/lambda.t @@ -48,6 +48,10 @@ our $HttpConfig = <<_EOC_; require "resty.core" '; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); diff --git a/test/integration/sns.t b/test/integration/sns.t index 8a2e077..a592891 100644 --- a/test/integration/sns.t +++ b/test/integration/sns.t @@ -1,5 +1,7 @@ # vim:set ft= ts=4 sw=4 et fdm=marker: use lib 'lib'; +use strict; +use warnings; use Test::Nginx::Socket::Lua; use Cwd qw(cwd); @@ -45,6 +47,10 @@ our $HttpConfig = <<_EOC_; require "resty.core" '; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); @@ -172,6 +178,8 @@ X-Test: test ngx.say("Message_ID:" .. tostring(messageId)) '; } + +--- timeout: 70 --- more_headers X-Test: test --- request diff --git a/test/perl/awsIamCredentials.t b/test/perl/awsIamCredentials.t index c6fca50..810ddbd 100644 --- a/test/perl/awsIamCredentials.t +++ b/test/perl/awsIamCredentials.t @@ -46,6 +46,10 @@ our $HttpConfig = <<_EOC_; '; lua_shared_dict shared_cache 1m; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); diff --git a/test/perl/awsv4signature.t b/test/perl/awsv4signature.t index 6b3ad7d..32e953c 100644 --- a/test/perl/awsv4signature.t +++ b/test/perl/awsv4signature.t @@ -45,6 +45,10 @@ our $HttpConfig = <<_EOC_; require "resty.core" '; resolver @nameservers; + + client_body_temp_path /tmp/; + proxy_temp_path /tmp/; + fastcgi_temp_path /tmp/; _EOC_ #no_diff(); From 2d4ccb73040447f6c102385994531f56e3d5bd99 Mon Sep 17 00:00:00 2001 From: Dragos Dascalita Haut Date: Sun, 13 Mar 2016 22:45:21 -0700 Subject: [PATCH 2/4] [DOC] - documents dependency to lua-rest-http --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 40553b2..a7b9f1a 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,9 @@ Description =========== This library requires an nginx build with OpenSSL, -the [ngx_lua module](http://wiki.nginx.org/HttpLuaModule), [LuaJIT 2.0](http://luajit.org/luajit.html) and -[api-gateway-hmac](https://github.com/adobe-apiplatform/api-gateway-hmac) module. +the [ngx_lua module](http://wiki.nginx.org/HttpLuaModule), [LuaJIT 2.0](http://luajit.org/luajit.html), +[api-gateway-hmac](https://github.com/adobe-apiplatform/api-gateway-hmac) module, and +[lua-resty-http](https://github.com/pintsized/lua-resty-http) module. ### AWS V4 Signature This library supports the latest AWS V4 signature which means you can use any of the latest AWS APIs without any problem. From d6d0f4c4cdd19f4ffaee8ba64a2461f719035d59 Mon Sep 17 00:00:00 2001 From: Dragos Dascalita Haut Date: Sat, 9 Apr 2016 22:12:54 -0700 Subject: [PATCH 3/4] # refactored AWSIAMCredetials to use cachemanager and extracted an AwsDateConverter class --- src/lua/api-gateway/aws/AWSIAMCredentials.lua | 99 +++++++------------ src/lua/api-gateway/aws/AwsDateConverter.lua | 49 +++++++++ test/docker-compose-integration-tests.yml | 2 +- test/docker-compose.yml | 2 +- test/perl/awsIamCredentials.t | 25 +++-- 5 files changed, 106 insertions(+), 71 deletions(-) create mode 100644 src/lua/api-gateway/aws/AwsDateConverter.lua diff --git a/src/lua/api-gateway/aws/AWSIAMCredentials.lua b/src/lua/api-gateway/aws/AWSIAMCredentials.lua index 2ad793c..358cf05 100644 --- a/src/lua/api-gateway/aws/AWSIAMCredentials.lua +++ b/src/lua/api-gateway/aws/AWSIAMCredentials.lua @@ -6,9 +6,11 @@ -- To change this template use File | Settings | File Templates. -- -local cjson = require"cjson" -local http = require"api-gateway.aws.httpclient.http" -local url = require"api-gateway.aws.httpclient.url" +local cjson = require "cjson" +local http = require "api-gateway.aws.httpclient.http" +local url = require "api-gateway.aws.httpclient.url" +local awsDate = require "api-gateway.aws.AwsDateConverter" +local cacheCls = require "api-gateway.cache.cache" local DEFAULT_SECURITY_CREDENTIALS_HOST = "169.254.169.254" local DEFAULT_SECURITY_CREDENTIALS_PORT = "80" @@ -16,6 +18,9 @@ local DEFAULT_SECURITY_CREDENTIALS_URL = "/latest/meta-data/iam/security-credent -- use GET /latest/meta-data/iam/security-credentials/ to auto-discover the IAM Role local DEFAULT_TOKEN_EXPIRATION = 60*60*24 -- in seconds +-- configur cache Manager for IAM crendentials +local iamCache = cacheCls:new() + -- per nginx process cache to store IAM credentials local cache = { IamUser = nil, @@ -37,6 +42,21 @@ local function tableToString(table_ref) return s end +local function initIamCache(shared_cache_dict) + local localCache = require "api-gateway.cache.store.localCache":new({ + dict = shared_cache_dict, + ttl = function (value) + local value_o = cjson.decode(value) + ngx.log(ngx.DEBUG, "ExpireAt=", tostring(value_o.ExpireAt)) + local expiryTimeUTC = value.ExpireAtTimestamp or awsDate.convertDateStringToTimestamp(value_o.ExpireAt, true) + local expiryTimeInSeconds = expiryTimeUTC - os.time() + return math.min(DEFAULT_TOKEN_EXPIRATION, expiryTimeInSeconds) + end + }) + + iamCache:addStore(localCache) +end + local AWSIAMCredentials = {} --- @@ -61,6 +81,7 @@ function AWSIAMCredentials:new(o) self.shared_cache_dict = o.shared_cache_dict if (o.shared_cache_dict ~= nil) then sharedCacheDictInstance = ngx.shared[o.shared_cache_dict] + initIamCache(o.shared_cache_dict) end local s = tableToString(o) ngx.log(ngx.DEBUG, "Initializing AWSIAMCredentials with object:", s) @@ -68,65 +89,17 @@ function AWSIAMCredentials:new(o) return o end -local function getTimestamp(dateString, convertToUTC) - local pattern = "(%d+)%-(%d+)%-(%d+)T(%d+):(%d+):(%d+)Z" - local xyear, xmonth, xday, xhour, xminute, - xseconds, xoffset, xoffsethour, xoffsetmin = dateString:match(pattern) - - -- the converted timestamp is in the local timezone - local convertedTimestamp = os.time({ - year = xyear, - month = xmonth, - day = xday, - hour = xhour, - min = xminute, - sec = xseconds - }) - if (convertToUTC == true) then - local offset = os.time() - os.time(os.date("!*t")) - convertedTimestamp = convertedTimestamp + offset - end - return tonumber(convertedTimestamp) -end - -function AWSIAMCredentials:saveCredentialsInSharedDict() - if (sharedCacheDictInstance == nil) then - ngx.log(ngx.WARN, "No shared_cache_dict provided to AWSIAMCredentials. To improve performance please define one.") - return - end - - local expiry_time_utc = getTimestamp(cache.ExpireAt, true) - local expire_in_sec = expiry_time_utc - os.time() - if ( expire_in_sec > 0 ) then - -- set the values and the expiry time - sharedCacheDictInstance:set("AccessKeyId", cache.AccessKeyId, expire_in_sec) - sharedCacheDictInstance:set("SecretAccessKey", cache.SecretAccessKey, expire_in_sec) - sharedCacheDictInstance:set("Token", cache.Token, expire_in_sec) - sharedCacheDictInstance:set("ExpireAt", cache.ExpireAt, expire_in_sec) - sharedCacheDictInstance:set("ExpireAtTimestamp", cache.ExpireAtTimestamp, expire_in_sec) - - ngx.log(ngx.DEBUG, "IAM Credentials cached for ", tostring(expire_in_sec), " seconds in the shared dict=", self.shared_cache_dict) - end -end - function AWSIAMCredentials:loadCredentialsFromSharedDict() - if (sharedCacheDictInstance == nil) then - ngx.log(ngx.WARN, "No shared_cache_dict provided to AWSIAMCredentials. To improve performance please define one.") - return - end - -- see if there's something in the shared dict that didn't expire yet - local accessKeyId = sharedCacheDictInstance:get("AccessKeyId") - if ( accessKeyId == nil ) then - ngx.log(ngx.DEBUG, "nothing found in Shared Cache") - return + local iamCreds = iamCache:get("iam_credentials") + if (iamCreds ~= nil) then + iamCreds = cjson.decode(iamCreds) + cache.AccessKeyId = iamCreds.AccessKeyId + cache.SecretAccessKey = iamCreds.SecretAccessKey + cache.Token = iamCreds.Token + cache.ExpireAt = iamCreds.ExpireAt + cache.ExpireAtTimestamp = iamCreds.ExpireAtTimestamp + ngx.log(ngx.DEBUG, "Cache has been loaded from Shared Cache" ) end - - cache.AccessKeyId = sharedCacheDictInstance:get("AccessKeyId") - cache.SecretAccessKey = sharedCacheDictInstance:get("SecretAccessKey") - cache.Token = sharedCacheDictInstance:get("Token") - cache.ExpireAt = sharedCacheDictInstance:get("ExpireAt") - cache.ExpireAtTimestamp = sharedCacheDictInstance:get("ExpireAtTimestamp") - ngx.log(ngx.DEBUG, "Cache has been loaded from Shared Cache" ) end --- @@ -190,8 +163,10 @@ function AWSIAMCredentials:fetchSecurityCredentialsFromAWS() --local token = url:encodeUrl(aws_response["Token"]) cache.Token = aws_response["Token"] cache.ExpireAt = aws_response["Expiration"] - cache.ExpireAtTimestamp = getTimestamp(cache.ExpireAt, true) - self:saveCredentialsInSharedDict() + cache.ExpireAtTimestamp = awsDate.convertDateStringToTimestamp(cache.ExpireAt, true) + if (cache.ExpireAtTimestamp - os.time() > 0) then + iamCache:put("iam_credentials", cjson.encode(cache)) + end return true end diff --git a/src/lua/api-gateway/aws/AwsDateConverter.lua b/src/lua/api-gateway/aws/AwsDateConverter.lua new file mode 100644 index 0000000..ce28731 --- /dev/null +++ b/src/lua/api-gateway/aws/AwsDateConverter.lua @@ -0,0 +1,49 @@ +--[[ + Copyright 2016 Adobe Systems Incorporated. All rights reserved. + + This file is licensed to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR RESPRESENTATIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + ]] + +-- +-- User: ddascal +-- Date: 19/03/16 +-- Time: 21:40 +-- To change this template use File | Settings | File Templates. +-- + + +local _M = {} + +--- Converts an AWS Date String into a timestamp number +-- @param dateString AWS Date String (i.e. 2016-03-19T06:44:17Z) +-- @param convertToUTC (default false). Boolean value to get the date in UTC or not +-- +local function _convertDateStringToTimestamp(dateString, convertToUTC) + local pattern = "(%d+)%-(%d+)%-(%d+)T(%d+):(%d+):(%d+)Z" + local xyear, xmonth, xday, xhour, xminute, + xseconds, xoffset, xoffsethour, xoffsetmin = dateString:match(pattern) + + -- the converted timestamp is in the local timezone + local convertedTimestamp = os.time({ + year = xyear, + month = xmonth, + day = xday, + hour = xhour, + min = xminute, + sec = xseconds + }) + if (convertToUTC == true) then + local offset = os.time() - os.time(os.date("!*t")) + convertedTimestamp = convertedTimestamp + offset + end + return tonumber(convertedTimestamp) +end + +_M.convertDateStringToTimestamp = _convertDateStringToTimestamp + +return _M diff --git a/test/docker-compose-integration-tests.yml b/test/docker-compose-integration-tests.yml index fdf58b7..cbc6a0d 100644 --- a/test/docker-compose-integration-tests.yml +++ b/test/docker-compose-integration-tests.yml @@ -1,5 +1,5 @@ gateway: - image: cellos/apigateway:1.9.7.3 + image: adobeapiplatform/apigateway:latest volumes: - ~/tmp/apiplatform/api-gateway-aws/src/lua/api-gateway/aws:/usr/local/api-gateway/lualib/api-gateway/aws - ~/tmp/apiplatform/api-gateway-aws/test/perl:/tmp/perl diff --git a/test/docker-compose.yml b/test/docker-compose.yml index 2d5ddf9..aecb08a 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -1,5 +1,5 @@ gateway: - image: cellos/apigateway:1.9.7.3 + image: adobeapiplatform/apigateway:latest volumes: - ~/tmp/apiplatform/api-gateway-aws/src/lua/api-gateway/aws:/usr/local/api-gateway/lualib/api-gateway/aws - ~/tmp/apiplatform/api-gateway-aws/test/perl:/tmp/perl diff --git a/test/perl/awsIamCredentials.t b/test/perl/awsIamCredentials.t index 810ddbd..13526fc 100644 --- a/test/perl/awsIamCredentials.t +++ b/test/perl/awsIamCredentials.t @@ -1,5 +1,7 @@ # vim:set ft= ts=4 sw=4 et fdm=marker: use lib 'lib'; +use strict; +use warnings; use Test::Nginx::Socket::Lua; use Cwd qw(cwd); @@ -62,6 +64,8 @@ __DATA__ === TEST 1: test auto discovery of iam user --- http_config eval: $::HttpConfig --- config + error_log ../awsIamCredentials_test1_error.log debug; + location = /latest/meta-data/iam/security-credentials/ { return 200 'test-iam-user'; } @@ -93,6 +97,8 @@ X-Test: test === TEST 2: test Iam can automatically read credentials --- http_config eval: $::HttpConfig --- config + error_log ../awsIamCredentials_test2_error.log debug; + location = /latest/meta-data/iam/security-credentials/ { return 200 'test-iam-user'; } @@ -178,6 +184,8 @@ X-Test: test === TEST 3: test Iam can automatically read credentials with SHARED DICT --- http_config eval: $::HttpConfig --- config + error_log ../awsIamCredentials_test3_error.log debug; + location = /latest/meta-data/iam/security-credentials/ { return 200 'test-iam-user'; } @@ -212,6 +220,7 @@ X-Test: test location /test { content_by_lua ' + local cjson = require "cjson" local IamCredentials = require "api-gateway.aws.AWSIAMCredentials" local iam = IamCredentials:new({ security_credentials_host = "127.0.0.1", @@ -223,7 +232,7 @@ X-Test: test ngx.say("key=" .. key .. ", secret=" .. secret .. ", token=" .. token .. ", date=" .. date .. ", timestamp=" ..timestamp ) local shared_cache = ngx.shared["shared_cache"] - assert( shared_cache:get("AccessKeyId") == nil, "Expired token should not be saved in shared cache") + assert( shared_cache:get("iam_credentials") == nil, "iam_credentials should not be saved in shared cache, but found:" .. tostring(shared_cache:get("iam_credentials"))) -- the previous token should be expired and a new call to fetch credentials should get a new token -- changing the iam_user will cause the IamCredentials to use this one when fetching new credentials @@ -238,12 +247,14 @@ X-Test: test if ( date ~= d ) then error("Dates should match. Got" .. date .. ", Expected: " .. d) end - - assert( shared_cache:get("AccessKeyId") ~= nil, "AccessKeyId should be saved in shared cache") - assert( shared_cache:get("SecretAccessKey") ~= nil, "SecretAccessKey should be saved in shared cache") - assert( shared_cache:get("Token") ~= nil, "Token should be saved in shared cache") - assert( shared_cache:get("ExpireAt") ~= nil, "ExpireAt should be saved in shared cache") - assert( shared_cache:get("ExpireAtTimestamp") ~= nil, "ExpireAtTimestamp should be saved in shared cache") + local cachedIam = shared_cache:get("iam_credentials") + cachedIam = cjson.decode(cachedIam) + assert( cachedIam ~= nil, "iam_credentials should be saved in shared cache") + assert( cachedIam.AccessKeyId ~= nil, "AccessKeyId should be saved in shared cache") + assert( cachedIam.SecretAccessKey ~= nil, "SecretAccessKey should be saved in shared cache") + assert( cachedIam.Token ~= nil, "Token should be saved in shared cache") + assert( cachedIam.ExpireAt ~= nil, "ExpireAt should be saved in shared cache") + assert( cachedIam.ExpireAtTimestamp ~= nil, "ExpireAtTimestamp should be saved in shared cache") ngx.sleep(3) From 2effbb52b8b6bd6ed2c1106009e7e9b9b3e0bb3f Mon Sep 17 00:00:00 2001 From: Dragos Dascalita Haut Date: Sat, 9 Apr 2016 22:27:03 -0700 Subject: [PATCH 4/4] removed unused `sharedCacheDictInstance` variable --- src/lua/api-gateway/aws/AWSIAMCredentials.lua | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/lua/api-gateway/aws/AWSIAMCredentials.lua b/src/lua/api-gateway/aws/AWSIAMCredentials.lua index 358cf05..a9fe652 100644 --- a/src/lua/api-gateway/aws/AWSIAMCredentials.lua +++ b/src/lua/api-gateway/aws/AWSIAMCredentials.lua @@ -31,8 +31,6 @@ local cache = { ExpireAtTimestamp = nil } -local sharedCacheDictInstance - local function tableToString(table_ref) local s = "" local o = table_ref or {} @@ -80,7 +78,6 @@ function AWSIAMCredentials:new(o) self.security_credentials_url = o.security_credentials_url or DEFAULT_SECURITY_CREDENTIALS_URL self.shared_cache_dict = o.shared_cache_dict if (o.shared_cache_dict ~= nil) then - sharedCacheDictInstance = ngx.shared[o.shared_cache_dict] initIamCache(o.shared_cache_dict) end local s = tableToString(o)