[wip] Add maintenance mode policy

[alanmoran]

First attempt at a PR to apicast. Really basic policy just to introduce myself to Lua and writing some tests.
Wasn't sure what was the best way to test my request didn't hit upstream.

Any comments, tips or suggestions?

[davidor]

Github fails to render this correctly. You need to add a space after '#'.

[davidor]

Same with all the other titles in this doc.

[davidor]

I would wrap this between { and } so it becomes a valid json. Also, I think that indenting this would help readability.

[davidor]

There's no need to pass configuration as a param here.

[davidor]

This made me realize that we are doing the same in the echo policy. We'll need to fix that.

[mikz]

@davidor I think we might want to keep this as this is the signature of the initializer. That the underlying policy does not do anything with it is an implementation detail that can change in the future. What if the policy would actually store it in self.configuration ? We would have to change all policies to pass it again.

[davidor]

@mikz I see what you mean, but new() here is calling function policy.new() in policy.lua which does not accept any parameters. Maybe we should add it then to make it less confusing?

[mikz]

I guess we should document it and accept _configuration parameter which would not be used.

[alanmoran]

@davidor Ah damn. I actually followed the echo as my baseline. Are you both happy for me to keep this as the signature or change it for now?

[davidor]

These 2 lines are not properly indented.

[davidor]

Github is complaining because there isn't a newline here.
Same with the rest of files included in this PR.

[alanmoran]

Mmm is this still complaining? I'm fairly sure my git removes the last newline of a file. (I need to check this)

[kevprice83]

@alanmoran I think there needs to be a new line.

[alanmoran]

@kevprice83 I added it and its there locally but I think git or github removing it.

[davidor]

Check indentation here.

[davidor]

There are several options. You could print something in upstream and then check that it does not appear in the output, or you could put and assertion using luassert.

[davidor]

Great job @alanmoran 👍

I added some comments about minor issues I found, but this is a good example of how to write and test a policy. I would be interested to hear if you found the documentation to be good enough and the problems you had while writing the policy.

I don't think we should include this in the gateway/src/apicast/policy, but rather in the examples folder.

[alanmoran]

@davidor Thanks for the review. I really appreciate it. I've made most of the changes you've recommended and put my feedback into @vramosp feedback doc.

Agree on not adding it as one of the default OOTB polices. I'll wait until I hear back about where community policies might live. Could be a good first candidate.

[andrewdavidmackenzie]

consider adding as an example in a sub-folder for them?

[mikz]

Would be good to rebase this PR as #581 added an option to add policies to the example folder. And #579 changed the structure so the main file is called init.lua.
That should be the final structure of policies. Sorry for the hassle.

Guess we will have to figure out how to write and where to store the tests. I'd probably go for the policy itself or the examples/policies/t for tests using several of them. But that will require some changes to our CI and the test runner. I'll make those changes soon.

[alanmoran]

@mikz I've rebased and moved policy to the examples folder. Updated structure to use init.lua also.

You should be able to test by updating examples/policies/example.json:

{
  "services": [
    {
      "proxy": {
        "policy_chain": [
          {"name": "maintenance-mode", "version": "1.0.0",
            "configuration": {"message": "Be back soon..", "status": 503} },
          { "name": "ngx-example", "version": "1.0.0",
            "configuration": { "set_header": [{"name": "Example", "value": "Value" }] } },
          { "name": "apicast.policy.upstream",
            "configuration": {
              "rules": [{
                "regex": "/",
                "url": "http://echo:8081"
              }]
            }
          }
        ]
      }
    }
  ]
}

I haven't moved the tests yet but will do once we've decided what to do with them.

[davidor]

@alanmoran good job 👍

Unfortunately, as you can see, the tests failed on CircleCI.

nginx: [error] init_by_lua error: module 'init' not found:
no file '/opt/app-root/src/gateway/policies/maintenance_mode/builtin/init.lua'
no file '/opt/app-root/src/gateway/src/apicast/policy/maintenance_mode/init.lua'

This is because by default, Apicast does not look for policies in the examples directory where your policy is. We need to configure Apicast to look in that directory. This can be done using the APICAST_POLICY_LOAD_PATH https://github.com/3scale/apicast/blob/master/doc/parameters.md#apicast_policy_load_path or the --policy-load-path option. In the tests, this is the way we pass ENVs:

env_to_apicast(
    'APICAST_POLICY_LOAD_PATH' => "$ENV{PWD}/examples/policies"
);

That needs to be specified before run_tests(). You can find several examples in our existing tests.

There's another problem. All the policies that are not the built-in ones, need to have a version in the configuration so Apicast knows how to load them. So you need something like this in the configuration:

{
    "name": "maintenance-mode", "version": "1.0.0"
}

Also, notice that you specified maintenance-mode, but the path is called maintenance_mode. They need to match.

Hope this helps. If anything is not clear or you need help please let me know.

[alanmoran]

@davidor I've fixed up the PR. Biggest change really is that I moved the tests under examples/policies/t. I believe we need to do further work to get the CI testing those.

In terms of maintenance-mode and maintenance_mode, I actually followed ngx-example but happy to change. Doesn't seem to break?

[mikz]

@alanmoran after #632 is merged CI will run integration tests in examples folder too.

[mikz]

This is invalid JSON and the test fails. There is missing , at the and of the line.

[mikz]

Both tests fail because this is supposed to be rewrite.

APIcast policy rejects the requests in rewrite phase because they don't have authentication.
So you either want to first require authentication and then show a maintenance page or show maintenance regardless of passed authentication parameters.

[davidor]

@alanmoran There's a new requirement to include this policy as a builtin one. I used your commits in #1105