MVP of Consul storage adapter to lua-resty-auto-ssl

[fititnt]

• Related: #24, #17
• Lua / OpenResty related links
  • Lean lua in an Hour https://www.youtube.com/watch?v=S4eNl1rA1Ns
  • Definitely an openresty guide https://www.staticshin.com/programming/definitely-an-open-resty-guide/#hello_world
  • Lua in 15 minutes http://tylerneylon.com/a/learn-lua/
  • Lua 4.1 shortreference on lua-users.org. http://lua-users.org/files/wiki_insecure/users/thomasl/luarefv51.pdf
• hamishforbes/lua-resty-consul
  • https://github.com/hamishforbes/lua-resty-consul
  • There is other module here https://github.com/leprechau/lua-consul
• GUI/lua-resty-auto-ssl
  • The repository: https://github.com/GUI/lua-resty-auto-ssl
  • storage_adapter
  • "_File-based and redis-based storage adapters are supplied, but custom external adapters may also be specified (the value simply needs to be on the lua_packagepath)."
  • "TODO: Document and formalize the API for other storage adapters."
  • https://github.com/GUI/lua-resty-auto-ssl#storage_adapter
  • Source codes of the existent adapters
  • resty/auto-ssl/storage_adapters/redis.lua
    • https://github.com/GUI/lua-resty-auto-ssl/blob/master/lib/resty/auto-ssl/storage_adapters/redis.lua
  • resty/auto-ssl/storage_adapters/file.lua
    • https://github.com/GUI/lua-resty-auto-ssl/blob/master/lib/resty/auto-ssl/storage_adapters/file.lua

---

I will try do some MVP of storage adapter for https://github.com/GUI/lua-resty-auto-ssl using https://github.com/hamishforbes/lua-resty-consul as library to talk with Consul.

GUI/lua-resty-auto-ssl does not have formal documentation on how to implement one adapter, but looking at redis.lua (134 lines) and file.lua (92 lines) is likely to be more easy learn the bare minimum of Lua to make a Consul adapter than the not-very-efficient way to create some way to synchronize both ways Consul with files in some folder.

If take too much time or get some hard issues I will prioritize other tasks. But this open issue here is to do try do some Minimal Viable Product that could just works.

[fititnt]

• How to document Lua code:
  • https://stevedonovan.github.io/ldoc/manual/doc.md.html
  • https://keplerproject.github.io/luadoc/manual.html

I'm trying to make VSCode show the code outline like the other languages. Having same issue as here https://github.com/Microsoft/vscode/issues/43131 (maybe some conflict with other extensions on my VSCode, since I have a lot).

Also here someone else also tould one specific extension of VSCode can do the outline https://github.com/Microsoft/vscode/issues/56209.

Anyway, I'm doing some reverse engineering of the code redis.lua and file.lua to discover what lua-resty-auto-ssl expect

[fititnt]

I'm trying to make VSCode show the code outline like the other languages. Having same issue as here microsoft/vscode#43131 (maybe some conflict with other extensions on my VSCode, since I have a lot).

About the error, I just had this outdated extension https://github.com/patrys/vscode-code-outline (discovered by using VSCode > Help > Toggle Developer Tools and inspecting the error). I just had to unnistal the extension (and even the author suggest this, since Code Outline is now a native feature.

[fititnt]

Ok, This VSCode extension seems to be very powerful to use with lua. The demos are better than ones for Python or PHP. But I will leave for other day configure such extension since I just want syntax highligth for now.

Will use some more simpler than a full development ambient. But yeah is very nice to know that have this type of extension for lua

[fititnt]

There is another code style for lua at

• http://lua-users.org/wiki/LuaStyleGuide
  • And there suggest this one
  • http://sputnik.freewisdom.org/en/Coding_Standard

[fititnt]

Almost there. We're even already storing the keys on the Consul :o

[fititnt]

O get agora deve estar relativamente ok.

O Set ainda falta implementar clausula de expire para keys não ficarem para sempre armazenadas

[fititnt]

Humm... I guess we will also need to put some hardcoded prefix.

Redis equivalent at least the person have to choose betwen 16 databases, to no prefix does not make much differente. But Consul the scope is made using slashs "/".

So, even the delete operations (the recursive ones) cannot be made without some prefix

[fititnt]

At consul.lua I was able to change the first prefix from : to /.

Both redis.lua and file.lua can work with : but the batch operations for Consul assumes /.

The file that have references for this is this one https://github.com/GUI/lua-resty-auto-ssl/blob/86d09dcd98224639da1ed36d02bf0eda4b2f0baa/lib/resty/auto-ssl/storage.lua

Maybe I will leave this specific point to another issue.

[fititnt]

This is most a note to self: diff if using "/" instead of ":". Hardcoded, ideally should be configured. And is outside the target file.

diff --git a/lib/resty/auto-ssl/storage.lua b/lib/resty/auto-ssl/storage.lua
index 0f18f35..69f6673 100644
--- a/lib/resty/auto-ssl/storage.lua
+++ b/lib/resty/auto-ssl/storage.lua
@@ -12,19 +12,19 @@ function _M.new(options)
 end

 function _M.get_challenge(self, domain, path)
-  return self.adapter:get(domain .. ":challenge:" .. path)
+  return self.adapter:get(domain .. "/challenge/" .. path)
 end

 function _M.set_challenge(self, domain, path, value)
-  return self.adapter:set(domain .. ":challenge:" .. path, value)
+  return self.adapter:set(domain .. "/challenge/" .. path, value)
 end

 function _M.delete_challenge(self, domain, path)
-  return self.adapter:delete(domain .. ":challenge:" .. path)
+  return self.adapter:delete(domain .. "/challenge/" .. path)
 end

 function _M.get_cert(self, domain)
-  local json, err = self.adapter:get(domain .. ":latest")
+  local json, err = self.adapter:get(domain .. "/latest")
   if err then
     return nil, err
   elseif not json then
@@ -57,22 +57,22 @@ function _M.set_cert(self, domain, fullchain_pem, privkey_pem, cert_pem, expiry)
   end

   -- Store the cert under the "latest" alias, which is what this app will use.
-  return self.adapter:set(domain .. ":latest", string)
+  return self.adapter:set(domain .. "/latest", string)
 end

 function _M.delete_cert(self, domain)
-  return self.adapter:delete(domain .. ":latest")
+  return self.adapter:delete(domain .. "/latest")
 end

 function _M.all_cert_domains(self)
-  local keys, err = self.adapter:keys_with_suffix(":latest")
+  local keys, err = self.adapter:keys_with_suffix("/latest")
   if err then
     return nil, err
   end

   local domains = {}
   for _, key in ipairs(keys) do
-    local domain = ngx.re.sub(key, ":latest$", "", "jo")
+    local domain = ngx.re.sub(key, "/latest$", "", "jo")
     table.insert(domains, domain)
   end

@@ -91,7 +91,7 @@ end
 -- but in combination with resty-lock, it should prevent the vast majority of
 -- double requests.
 function _M.issue_cert_lock(self, domain)
-  local key = domain .. ":issue_cert_lock"
+  local key = domain .. "/issue_cert_lock"
   local lock_rand_value = str.to_hex(resty_random.bytes(32))

   -- Wait up to 30 seconds for any existing locks to be unlocked.
@@ -119,7 +119,7 @@ function _M.issue_cert_lock(self, domain)
 end

 function _M.issue_cert_unlock(self, domain, lock_rand_value)
-  local key = domain .. ":issue_cert_lock"
+  local key = domain .. "/issue_cert_lock"

   -- Remove the existing lock if it matches the expected value.
   local current_value, err = self.adapter:get(key)

[fititnt]

From https://github.com/GUI/lua-resty-auto-ssl/search?q=exptime&unscoped_q=exptime the exptime, when used, seems to be less than 24h. So the way it is implemented should work with Consul without need of using ngx.timer.

But for what I see, both file.lua and redis.lua actually does not set TTL or expiration, they just use ngx.timer and do it more manually. Humm...