override least recently used entries when certificate_data dictionary is full

rootfs/etc/nginx/lua/configuration.lua

@@ -59,18 +59,15 @@ local function handle_servers()
   local err_buf = {}
   for _, server in ipairs(servers) do
     if server.hostname and server.sslCert.pemCertKey then
-      local success
-      success, err = certificate_data:safe_set(server.hostname, server.sslCert.pemCertKey)
+      local success, err, forcible = certificate_data:set(server.hostname, server.sslCert.pemCertKey)
       if not success then
-        if err == "no memory" then
-          ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR
-          ngx.log(ngx.ERR, "no memory in certificate_data dictionary")
-          return
-        end
-
         local err_msg = string.format("error setting certificate for %s: %s\n", server.hostname, tostring(err))
         table.insert(err_buf, err_msg)
       end
+      if forcible then
+        local msg = string.format("certificate_data dictionary is full, LRU entry has been removed to store %s", server.hostname)
+        ngx.log(ngx.WARN, msg)
+      end
     else
       ngx.log(ngx.WARN, "hostname or pemCertKey are not present")
     end

rootfs/etc/nginx/lua/test/configuration_test.lua

@@ -208,7 +208,7 @@ describe("Configuration", function()
 
         it("should log an err and set status to Internal Server Error when a certificate cannot be set", function()
             ngx.var.request_method = "POST"
-            ngx.shared.certificate_data.safe_set = function(self, data) return false, "error" end
+            ngx.shared.certificate_data.set = function(self, data) return false, "error", nil end
             local mock_servers = cjson.encode({
                 {
                     hostname = "hostname",
@@ -232,9 +232,14 @@ describe("Configuration", function()
             assert.same(ngx.status, ngx.HTTP_INTERNAL_SERVER_ERROR)
         end)
 
-        it("should log an err, set status to Internal Server Error, and short circuit when shared dictionary is full", function()
+        it("logs a warning when entry is forcibly stored", function()
+            local stored_entries = {}
+
             ngx.var.request_method = "POST"
-            ngx.shared.certificate_data.safe_set = function(self, data) return false, "no memory" end
+            ngx.shared.certificate_data.set = function(self, key, value)
+              stored_entries[key] = value
+              return true, nil, true
+            end
             local mock_servers = cjson.encode({
                 {
                     hostname = "hostname",
@@ -252,11 +257,11 @@ describe("Configuration", function()
             ngx.req.get_body_data = function() return mock_servers end
 
             local s1 = spy.on(ngx, "log")
-            local s2 = spy.on(ngx.shared.certificate_data, "safe_set")
             assert.has_no.errors(configuration.handle_servers)
-            assert.spy(s1).was_called_with(ngx.ERR, "no memory in certificate_data dictionary")
-            assert.spy(s2).was_not_called_with("hostname2", "pemCertKey2")
-            assert.same(ngx.status, ngx.HTTP_INTERNAL_SERVER_ERROR)
+            assert.spy(s1).was_called_with(ngx.WARN, "certificate_data dictionary is full, LRU entry has been removed to store hostname")
+            assert.equal("pemCertKey", stored_entries["hostname"])
+            assert.equal("pemCertKey2", stored_entries["hostname2"])
+            assert.same(ngx.HTTP_CREATED, ngx.status)
         end)
     end)
 end)