feat: add rate-limiting to ksql command topic

[lct45]

Description

We recently updated the command topic in #8742 to make sure that it's created with all the proper configs. Now that the command topic can be created on a separate Kafka from the rest of the topics, we want to rate limit the command topic to ensure that it isn't weighing down the kafka it's running on.

Testing done

Tested locally

Reviewer checklist

• Ensure docs are updated if necessary. (eg. if a user visible feature is being added or changed).
• Ensure relevant issues are linked (description should include text like "Fixes #")

[wcarlson5]

Couple things. It would be nice to get a test or two nothing crazy. Just so if someone changes related code without knowing about this and break it we will catch it

[wcarlson5]

How will this error get handled?

And can you a unit test to make sure its gets thrown and handled?

[lct45]

Yeah writing a unit test rn - it will return an error back up to the user

[wcarlson5]

LGTM

[wcarlson5]

Nit: Do we need a double or can we use an int?

[lct45]

the library takes a double as permitsPerSecond https://guava.dev/releases/19.0/api/docs/index.html?com/google/common/util/concurrent/RateLimiter.html

[stevenpyzhang]

Can we set the default much higher (like 1000)? I think 10 is too low for a default and many users may inadvertently hit this.

[stevenpyzhang]

Also, could you move the config to KsqlRestConfig and follow a similar naming pattern to KSQL_COMMAND_RUNNER_BLOCKED_THRESHHOLD_ERROR_MS and DISTRIBUTED_COMMAND_RESPONSE_TIMEOUT_MS_CONFIG with ksql.server.command prefix? I think we should keep the command topic/command runner configs together and named consistently

[lct45]

@stevenpyzhang I moved it but now it can't be included in the ImmutableProperties list and we get issues when creating the rate limiter. I upped the limit for now, @rodesai WDYT about doing double max value versus 10? seems ok to me

[rodesai]

Yes we should definitely disable rate-limiting by default by setting this to MAX_INT. We can enable in cloud as needed.

[jnh5y]

Is this going to cause users scripting commands to have a rough time?

[lct45]

@jnh5y correct me if my understanding is wrong, but users who are scripting commands would also be running their own ksql, right? From my understanding Confluent Cloud users can't write a script to create streams / tables unless it issues a curl request, but it seems like that would take enough time to prevent us getting over 10 requests in a second.

If a user is running their own ksql they can configure this through the properties file

[jnh5y]

Were I running my own ksql, I think having to set this would be somewhat surprising.

For ccloud, I suppose it depends on how someone was scripting things;).

[stevenpyzhang]

I thought we wanted to rate limit the number of records written to the command topic? This PR looks like it only rate limits how fast we read the records from the command topic, someone could still write a ton of records to the command topic.

[lct45]

error on the cli:

ksql> create stream c1 as select * from riderlocations; 
Too many writes to the command topic within a 1 second timeframe

[wcarlson5]

@lct45 what happens if you try a batch like this all at once?

Create stream users (A string, B string key) with (kafka_topic='users', VALUE_FORMAT='json', PARTITIONS=1);
create or replace table users_agg0 as select B, count(*) from USERS group by B;
create table users_agg1 as select B, count(*) from USERS group by B;
create table users_agg2 as select B, count(*) from USERS group by B;
create table users_agg3 as select B, count(*) from USERS group by B;
create table users_agg4 as select B, count(*) from USERS group by B;
create table users_agg5 as select B, count(*) from USERS group by B;
create table users_agg6 as select B, count(*) from USERS group by B;
create table users_agg7 as select B, count(*) from USERS group by B;
create table users_agg8 as select B, count(*) from USERS group by B;
create table users_agg9 as select B, count(*) from USERS group by B;
create table users_agg10 as select B, count(*) from USERS group by B;
create table users_agg11 as select B, count(*) from USERS group by B;
create table users_agg12 as select B, count(*) from USERS group by B;
create table users_agg13 as select B, count(*) from USERS group by B;
create table users_agg14 as select B, count(*) from USERS group by B;
create table users_agg15 as select B, count(*) from USERS group by B;
create table users_agg16 as select B, count(*) from USERS group by B;
create table users_agg17 as select B, count(*) from USERS group by B;
create table users_agg18 as select B, count(*) from USERS group by B;

[lct45]

@wcarlson5 it executed all the statements with no errors (I did it as one block from the CLI)

[stevenpyzhang]

Nit: use the const in KsqlConfig

[rodesai]

nit: change this to "DDL/DML rate is crossing the configured rate limit of statements/second"

[lct45]

updated

[rodesai]

I think it would make sense to tryAcquire with a delay of a second here. This way we don't fail scripts that serially try to enqueue a large number of commands.

[lct45]

@rodesai just added -> will you confirm this is what you were thinking?

[rodesai]

LGTM

[lct45]

https://jenkins.confluent.io/job/confluentinc-pr/job/ksql/job/PR-8809/16/ had a green build