diff --git a/cmd/main.go b/cmd/main.go new file mode 100644 index 0000000..4db4f3f --- /dev/null +++ b/cmd/main.go @@ -0,0 +1,37 @@ +package main + +import ( + "fmt" + + "github.com/hashicorp/consul/api" + + "github.com/pteich/caddy-tlsconsul" +) + +func main() { + cs := storageconsul.New() + + cs.Prefix = "caddy2-streamurls" + cs.AESKey = []byte("sabc4ever-1234567890-caddytls-32") + + consulConfig := api.DefaultConfig() + consulConfig.Address = "consul.streamabc.link:8500" + consulConfig.Token = "78a023fa-113d-5f86-602e-1485cacf1cc3" + client, err := api.NewClient(consulConfig) + if err != nil { + panic(err) + } + cs.ConsulClient = client + + c, err := cs.Load("/certificates/acme-v02.api.letsencrypt.org-directory/caddytest.quantumcast.cloud/caddytest.quantumcast.cloud.crt") + if err != nil { + panic(err) + } + + sd, err := cs.DecryptStorageData(c) + if err != nil { + panic(err) + } + + fmt.Printf("########%s", string(sd.Value)) +} diff --git a/go.sum b/go.sum index 8a127db..3877642 100644 --- a/go.sum +++ b/go.sum @@ -387,6 +387,7 @@ github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.7 h1:U89pAFid7wpIWvTFJnMKgU+Sabb7DLEgHI7Xt8apo3Y= diff --git a/module.go b/module.go index 9db9aae..faecb16 100644 --- a/module.go +++ b/module.go @@ -25,7 +25,7 @@ func (ConsulStorage) CaddyModule() caddy.ModuleInfo { // Provision is called by Caddy to prepare the module func (cs *ConsulStorage) Provision(ctx caddy.Context) error { cs.logger = ctx.Logger(cs).Sugar() - cs.logger.Infof("TLS storage is using Consul at %cs", cs.Address) + cs.logger.Infof("TLS storage is using Consul at %s", cs.Address) // override default values from ENV if aesKey := os.Getenv(EnvNameAESKey); aesKey != "" { diff --git a/storage.go b/storage.go index 9b743b2..805ac9f 100644 --- a/storage.go +++ b/storage.go @@ -54,12 +54,19 @@ func (cs *ConsulStorage) prefixKey(key string) string { // Lock acquires a distributed lock for the given key or blocks until it gets one func (cs *ConsulStorage) Lock(ctx context.Context, key string) error { + cs.logger.Debugf("trying lock for %s", key) + if _, isLocked := cs.GetLock(key); isLocked { return nil } - // prepare the lock - lock, err := cs.ConsulClient.LockKey(cs.prefixKey(key)) + // prepare the distributed lock + cs.logger.Debugf("creating Consul lock for %s", key) + lock, err := cs.ConsulClient.LockOpts(&consul.LockOptions{ + Key: cs.prefixKey(key), + LockWaitTime: time.Duration(cs.Timeout) * time.Second, + LockTryOnce: true, + }) if err != nil { return errors.Wrapf(err, "could not create lock for %s", cs.prefixKey(key)) } @@ -142,6 +149,8 @@ func (cs ConsulStorage) Store(key string, value []byte) error { // Load retrieves the value for a key from Consul KV func (cs ConsulStorage) Load(key string) ([]byte, error) { + cs.logger.Debugf("loading data from Consul for %s", key) + kv, _, err := cs.ConsulClient.KV().Get(cs.prefixKey(key), &consul.QueryOptions{RequireConsistent: true}) if err != nil { return nil, errors.Wrapf(err, "unable to obtain data for %s", cs.prefixKey(key)) @@ -159,6 +168,8 @@ func (cs ConsulStorage) Load(key string) ([]byte, error) { // Delete a key from Consul KV func (cs ConsulStorage) Delete(key string) error { + cs.logger.Debugf("deleting key %s from Consul", key) + // first obtain existing keypair kv, _, err := cs.ConsulClient.KV().Get(cs.prefixKey(key), &consul.QueryOptions{RequireConsistent: true}) if err != nil {