Initial commit

Author: pleshakov

.gitignore

@@ -0,0 +1,6 @@
+# NGINX Plus license files
+*.crt
+*.key
+
+# Visual Studio Code settings
+.vscode

Makefile

@@ -0,0 +1,12 @@
+NGINX_PLUS_VERSION=1.13.7-2
+NGINX_IMAGE=nginxplus:$(NGINX_PLUS_VERSION)
+
+docker-build:
+	docker build --build-arg NGINX_PLUS_VERSION=$(NGINX_PLUS_VERSION)~stretch -t $(NGINX_IMAGE) docker 
+
+run-nginx-plus:
+	docker run --rm -p 8080:8080 $(NGINX_IMAGE)
+
+test:
+	go test client/*
+	go test tests/client_test.go

client/nginx_client.go

@@ -0,0 +1,249 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+// NginxClient lets you add/remove servers to/from NGINX Plus via its upstream_conf API
+type NginxClient struct {
+	upstreamConfEndpoint string
+	statusEndpoint       string
+}
+
+type peers struct {
+	Peers []peer
+}
+
+type peer struct {
+	ID     int
+	Server string
+}
+
+// NewNginxClient creates an NginxClient.
+func NewNginxClient(upstreamConfEndpoint string, statusEndpoint string) (*NginxClient, error) {
+	err := checkIfUpstreamConfIsAccessible(upstreamConfEndpoint)
+	if err != nil {
+		return nil, err
+	}
+
+	err = checkIfStatusIsAccessible(statusEndpoint)
+	if err != nil {
+		return nil, err
+	}
+
+	client := &NginxClient{upstreamConfEndpoint: upstreamConfEndpoint, statusEndpoint: statusEndpoint}
+	return client, nil
+}
+
+func checkIfUpstreamConfIsAccessible(endpoint string) error {
+	resp, err := http.Get(endpoint)
+	if err != nil {
+		return fmt.Errorf("upstream_conf endpoint %v is not accessible: %v", endpoint, err)
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("upstream_conf endpoint %v is not accessible: %v", endpoint, err)
+	}
+
+	if resp.StatusCode != http.StatusBadRequest {
+		return fmt.Errorf("upstream_conf endpoint %v is not accessible: expected 400 response, got %v", endpoint, resp.StatusCode)
+	}
+
+	bodyStr := string(body)
+	expected := "missing \"upstream\" argument\n"
+	if bodyStr != expected {
+		return fmt.Errorf("upstream_conf endpoint %v is not accessible: expected %q body, got %q", endpoint, expected, bodyStr)
+	}
+
+	return nil
+}
+
+func checkIfStatusIsAccessible(endpoint string) error {
+	resp, err := http.Get(endpoint)
+	if err != nil {
+		return fmt.Errorf("status endpoint is %v not accessible: %v", endpoint, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("status endpoint is %v not accessible: expected 200 response, got %v", endpoint, resp.StatusCode)
+	}
+
+	return nil
+}
+
+// CheckIfUpstreamExists checks if the upstream exists in NGINX. If the upstream doesn't exist, it returns an error.
+func (client *NginxClient) CheckIfUpstreamExists(upstream string) error {
+	_, err := client.getUpstreamPeers(upstream)
+	return err
+}
+
+func (client *NginxClient) getUpstreamPeers(upstream string) (*peers, error) {
+	request := fmt.Sprintf("%v/upstreams/%v", client.statusEndpoint, upstream)
+
+	resp, err := http.Get(request)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to connect to the status api to get upstream %v info: %v", upstream, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		return nil, fmt.Errorf("Upstream %v is not found", upstream)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to read the response body with upstream %v info: %v", upstream, err)
+	}
+	var prs peers
+	err = json.Unmarshal(body, &prs)
+	if err != nil {
+		return nil, fmt.Errorf("Error unmarshaling upstream %v: got %q response: %v", upstream, string(body), err)
+	}
+
+	return &prs, nil
+}
+
+// AddHTTPServer adds the server to the upstream.
+func (client *NginxClient) AddHTTPServer(upstream string, server string) error {
+	id, err := client.getIDOfHTTPServer(upstream, server)
+
+	if err != nil {
+		return fmt.Errorf("Failed to add %v server to %v upstream: %v", server, upstream, err)
+	}
+	if id != -1 {
+		return fmt.Errorf("Failed to add %v server to %v upstream: server already exists", server, upstream)
+	}
+
+	request := fmt.Sprintf("%v?upstream=%v&add=&server=%v", client.upstreamConfEndpoint, upstream, server)
+
+	resp, err := http.Get(request)
+	if err != nil {
+		return fmt.Errorf("Failed to add %v server to %v upstream: %v", server, upstream, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("Failed to add %v server to %v upstream: expected 200 response, got %v", server, upstream, resp.StatusCode)
+	}
+
+	return nil
+}
+
+// DeleteHTTPServer the server from the upstream.
+func (client *NginxClient) DeleteHTTPServer(upstream string, server string) error {
+	id, err := client.getIDOfHTTPServer(upstream, server)
+	if err != nil {
+		return fmt.Errorf("Failed to remove %v server from  %v upstream: %v", server, upstream, err)
+	}
+	if id == -1 {
+		return fmt.Errorf("Failed to remove %v server from %v upstream: server doesn't exists", server, upstream)
+	}
+
+	request := fmt.Sprintf("%v?upstream=%v&remove=&id=%v", client.upstreamConfEndpoint, upstream, id)
+
+	resp, err := http.Get(request)
+	if err != nil {
+		return fmt.Errorf("Failed to remove %v server from %v upstream: %v", server, upstream, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent {
+		return fmt.Errorf("Failed to add %v server to %v upstream: expected 200 or 204 response, got %v", server, upstream, resp.StatusCode)
+	}
+
+	return nil
+}
+
+// UpdateHTTPServers updates the servers of the upstream.
+// Servers that are in the slice, but don't exist in NGINX will be added to NGINX.
+// Servers that aren't in the slice, but exist in NGINX, will be removed from NGINX.
+func (client *NginxClient) UpdateHTTPServers(upstream string, servers []string) ([]string, []string, error) {
+	serversInNginx, err := client.GetHTTPServers(upstream)
+	if err != nil {
+		return nil, nil, fmt.Errorf("Failed to update servers of %v upstream: %v", upstream, err)
+	}
+
+	toAdd, toDelete := determineUpdates(servers, serversInNginx)
+
+	for _, server := range toAdd {
+		err := client.AddHTTPServer(upstream, server)
+		if err != nil {
+			return nil, nil, fmt.Errorf("Failed to update servers of %v upstream: %v", upstream, err)
+		}
+	}
+
+	for _, server := range toDelete {
+		err := client.DeleteHTTPServer(upstream, server)
+		if err != nil {
+			return nil, nil, fmt.Errorf("Failed to update servers of %v upstream: %v", upstream, err)
+		}
+	}
+
+	return toAdd, toDelete, nil
+}
+
+func determineUpdates(updatedServers []string, nginxServers []string) (toAdd []string, toRemove []string) {
+	for _, server := range updatedServers {
+		found := false
+		for _, serverNGX := range nginxServers {
+			if server == serverNGX {
+				found = true
+				break
+			}
+		}
+		if !found {
+			toAdd = append(toAdd, server)
+		}
+	}
+
+	for _, serverNGX := range nginxServers {
+		found := false
+		for _, server := range updatedServers {
+			if serverNGX == server {
+				found = true
+				break
+			}
+		}
+		if !found {
+			toRemove = append(toRemove, serverNGX)
+		}
+	}
+
+	return
+}
+
+// GetHTTPServers returns the servers of the upsteam from NGINX.
+func (client *NginxClient) GetHTTPServers(upstream string) ([]string, error) {
+	peers, err := client.getUpstreamPeers(upstream)
+	if err != nil {
+		return nil, fmt.Errorf("Error getting servers of %v upstream: %v", upstream, err)
+	}
+
+	var servers []string
+	for _, peer := range peers.Peers {
+		servers = append(servers, peer.Server)
+	}
+
+	return servers, nil
+}
+
+func (client *NginxClient) getIDOfHTTPServer(upstream string, name string) (int, error) {
+	peers, err := client.getUpstreamPeers(upstream)
+	if err != nil {
+		return -1, fmt.Errorf("Error getting id of server %v of upstream %v: %v", name, upstream, err)
+	}
+
+	for _, p := range peers.Peers {
+		if p.Server == name {
+			return p.ID, nil
+		}
+	}
+
+	return -1, nil
+}

client/nginx_client_test.go

@@ -0,0 +1,37 @@
+package client
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestDetermineUpdates(t *testing.T) {
+	var tests = []struct {
+		updated          []string
+		nginx            []string
+		expectedToAdd    []string
+		expectedToDelete []string
+	}{{
+		updated:          []string{"10.0.0.3:80", "10.0.0.4:80"},
+		nginx:            []string{"10.0.0.1:80", "10.0.0.2:80"},
+		expectedToAdd:    []string{"10.0.0.3:80", "10.0.0.4:80"},
+		expectedToDelete: []string{"10.0.0.1:80", "10.0.0.2:80"},
+	}, {
+		updated:          []string{"10.0.0.2:80", "10.0.0.3:80", "10.0.0.4:80"},
+		nginx:            []string{"10.0.0.1:80", "10.0.0.2:80", "10.0.0.3:80"},
+		expectedToAdd:    []string{"10.0.0.4:80"},
+		expectedToDelete: []string{"10.0.0.1:80"},
+	}, {
+		updated: []string{"10.0.0.1:80", "10.0.0.2:80", "10.0.0.3:80"},
+		nginx:   []string{"10.0.0.1:80", "10.0.0.2:80", "10.0.0.3:80"},
+	}, {
+	// empty values
+	}}
+
+	for _, test := range tests {
+		toAdd, toDelete := determineUpdates(test.updated, test.nginx)
+		if !reflect.DeepEqual(toAdd, test.expectedToAdd) || !reflect.DeepEqual(toDelete, test.expectedToDelete) {
+			t.Errorf("determiteUpdates(%v, %v) = (%v, %v)", test.updated, test.nginx, toAdd, toDelete)
+		}
+	}
+}

docker/Dockerfile

@@ -0,0 +1,55 @@
+FROM debian:stretch-slim
+
+LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
+
+ARG NGINX_PLUS_VERSION
+
+# Download certificate and key from the customer portal (https://cs.nginx.com)
+# and copy to the build context
+COPY nginx-repo.crt /etc/ssl/nginx/
+COPY nginx-repo.key /etc/ssl/nginx/
+
+# Make sure the certificate and key have correct permissions
+RUN chmod 644 /etc/ssl/nginx/*
+
+# Install NGINX Plus
+RUN set -x \
+  && apt-get update \
+  && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 \
+  && \
+  NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
+  found=''; \
+  for server in \
+    ha.pool.sks-keyservers.net \
+    hkp://keyserver.ubuntu.com:80 \
+    hkp://p80.pool.sks-keyservers.net:80 \
+    pgp.mit.edu \
+  ; do \
+    echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
+    apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \
+  done; \
+  test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
+  echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::SslCert     \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::SslKey      \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \
+  && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
+  && apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \
+  && apt-get remove --purge --auto-remove -y gnupg1 \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /etc/ssl/nginx \
+  && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list
+
+
+# Forward request logs to Docker log collector
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+  && ln -sf /dev/stderr /var/log/nginx/error.log
+
+EXPOSE 80
+
+STOPSIGNAL SIGTERM
+
+RUN rm -rf /etc/nginx/conf.d/*
+COPY test.conf /etc/nginx/conf.d/
+
+CMD ["nginx", "-g", "daemon off;"]

docker/test.conf

@@ -0,0 +1,20 @@
+upstream test {
+    zone test 64k;
+}
+
+server {
+    listen 8080;
+
+    root /usr/share/nginx/html;
+
+    location = /status.html {
+    }
+
+    location /status {
+        status;
+    }
+
+    location /upstream_conf {
+        upstream_conf;
+    }
+}