From 9b56bca6403354e8d6c06a1a139eb7e02ec1f6b2 Mon Sep 17 00:00:00 2001
From: Umadevi Samudrala <uma.samudrala@Rackspace.com>
Date: Wed, 23 Sep 2020 12:06:11 +1000
Subject: [PATCH 1/2] Added global rate limits for rate limiting filter

---
 manifests/filter/rate_limiting.pp         | 30 +++++++++---
 spec/defines/filter/rate_limiting_spec.rb | 60 +++++++++++++++++++++++
 templates/rate-limiting.cfg.xml.erb       | 15 ++++++
 3 files changed, 98 insertions(+), 7 deletions(-)

diff --git a/manifests/filter/rate_limiting.pp b/manifests/filter/rate_limiting.pp
index 525d5f9..9e2bd0a 100644
--- a/manifests/filter/rate_limiting.pp
+++ b/manifests/filter/rate_limiting.pp
@@ -44,6 +44,14 @@
 # NOTE: the id in limits array  should only be used with repose 5.0.0+.
 # Setting id <5.0.0 will result in the error.
 #
+# [*global_limit_groups*]
+# Optional Array of hashes.
+# Hashes should contain ArrayOfHashes(limits)
+# Where the hashes in limits should contain the Strings:
+#   uri, uri-regex, http-methods, unit, value, id
+# NOTE: the id in limits array  should only be used with repose 5.0.0+.
+# Setting id <5.0.0 will result in the error.
+#
 # === Links
 #
 # * http://wiki.openrepose.org/display/REPOSE/Rate+Limiting+Filter
@@ -57,6 +65,13 @@
 #      'uri-regex' => '/limits/userrs/?',
 #      'include_absolute_limits' => false,
 #     },
+#     global_limit_groups => [
+#       {
+#         'limits' => [
+#           { 'id' => 'events_global_limits' 'uri' => '/sites/events*', 'uri_regex' => '/(sites)/events', 'http_methods' => 'POST', 'unit' => 'SECOND', 'value'=> '200' },
+#         ]
+#       },
+#     ],
 #     limit_groups => [
 #       { 'id' => 'UserIdentity_Group',
 #         'groups' => 'UserIdentity_Group',
@@ -82,13 +97,14 @@
 # * c/o Cloud Integration Ops <mailto:cit-ops@rackspace.com>
 #
 define repose::filter::rate_limiting (
-  $ensure             = present,
-  $filename           = 'rate-limiting.cfg.xml',
-  $datastore          = undef,
-  $overlimit_429      = undef,
-  $use_capture_groups = true,
-  $request_endpoint   = undef,
-  $limit_groups       = undef,
+  $ensure              = present,
+  $filename            = 'rate-limiting.cfg.xml',
+  $datastore           = undef,
+  $overlimit_429       = undef,
+  $use_capture_groups  = true,
+  $request_endpoint    = undef,
+  $limit_groups        = undef,
+  $global_limit_groups = undef,
 ) {
 
 ### Validate parameters
diff --git a/spec/defines/filter/rate_limiting_spec.rb b/spec/defines/filter/rate_limiting_spec.rb
index 87b8788..905d102 100644
--- a/spec/defines/filter/rate_limiting_spec.rb
+++ b/spec/defines/filter/rate_limiting_spec.rb
@@ -74,6 +74,20 @@
           'uri-regex'              => '/limits/stuff/?',
           'include_absolut_limits' => false
         },
+        :global_limit_groups => [
+            {
+              'limits'    => [
+                  {
+                   'id'           => 'some_global_limit_id',
+                   'uri'          => '/.*',
+                   'uri_regex'    => '/.*',
+                   'http_methods' => 'GET',
+                   'unit'         => 'SECOND',
+                   'value'        => '150'
+                  },
+              ]
+            }
+        ],
         :limit_groups => [ {
           'id'        => 'Some_Group',
           'groups'    => 'Some_Group',
@@ -97,6 +111,8 @@
           'group'  => 'repose',
           'mode'   => '0660').
           with_content(/<request-endpoint uri-regex=\"\/limits\/stuff\/\?\" include-absolute-limits=\"\"\/>/).
+          with_content(/<global-limit-group>/).
+          with_content(/<limit id=\"some_global_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"150\" \/>/).
           with_content(/<limit-group id=\"Some_Group\" groups=\"Some_Group\" default=\"true\">/).
           with_content(/<limit id=\"some_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"200\" \/>/)
 
@@ -151,6 +167,20 @@
           'include_absolut_limits' => false
         },
         :overlimit_429 => 'true',
+        :global_limit_groups => [
+            {
+                'limits'    => [
+                    {
+                        'id'           => 'some_global_limit_id',
+                        'uri'          => '/.*',
+                        'uri_regex'    => '/.*',
+                        'http_methods' => 'GET',
+                        'unit'         => 'SECOND',
+                        'value'        => '150'
+                    },
+                ]
+            }
+        ],
         :limit_groups => [ {
           'id'        => 'Some_Group',
           'groups'    => 'Some_Group',
@@ -174,6 +204,8 @@
           'mode'   => '0660').
           with_content(/overLimit-429-responseCode=\"true\"/).
           with_content(/<request-endpoint uri-regex=\"\/limits\/stuff\/\?\" include-absolute-limits=\"\"\/>/).
+          with_content(/<global-limit-group>/).
+          with_content(/<limit id=\"some_global_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"150\" \/>/).
           with_content(/<limit-group id=\"Some_Group\" groups=\"Some_Group\" default=\"true\">/).
           with_content(/<limit uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"200\" \/>/)
 
@@ -193,6 +225,20 @@
           'uri-regex'              => '/limits/stuff/?',
           'include_absolut_limits' => false
         },
+        :global_limit_groups => [
+            {
+                'limits'    => [
+                    {
+                        'id'           => 'some_global_limit_id',
+                        'uri'          => '/.*',
+                        'uri_regex'    => '/.*',
+                        'http_methods' => 'GET',
+                        'unit'         => 'SECOND',
+                        'value'        => '150'
+                    },
+                ]
+            }
+        ],
         :limit_groups => [ {
           'id'        => 'Some_Group',
           'groups'    => 'Some_Group',
@@ -228,6 +274,20 @@
           'uri-regex'              => '/limits/stuff/?',
           'include_absolut_limits' => false
         },
+        :global_limit_groups => [
+            {
+                'limits'    => [
+                    {
+                        'id'           => 'some_global_limit_id',
+                        'uri'          => '/.*',
+                        'uri_regex'    => '/.*',
+                        'http_methods' => 'GET',
+                        'unit'         => 'SECOND',
+                        'value'        => '150'
+                    },
+                ]
+            }
+        ],
         :limit_groups => [ {
           'id'        => 'Some_Group',
           'groups'    => 'Some_Group',
diff --git a/templates/rate-limiting.cfg.xml.erb b/templates/rate-limiting.cfg.xml.erb
index 558b9c5..dfcd3f5 100644
--- a/templates/rate-limiting.cfg.xml.erb
+++ b/templates/rate-limiting.cfg.xml.erb
@@ -8,6 +8,21 @@
         returning live rate limiting information.
     -->
     <request-endpoint uri-regex="<%= @request_endpoint['uri-regex'] %>" include-absolute-limits="<%= @request_endpoint['include_absolute_limits'] %>"/>
+
+    <!-- Defineds global rate limits -->
+
+    <%- if @global_limit_groups -%>
+        <% @global_limit_groups.each do |global_limit_group| %>
+            <global-limit-group>
+                <%- if global_limit_group.has_key?('limits') -%>
+                    <%- global_limit_group['limits'].each do |limit| %>
+                        <limit <% if limit.has_key?('id') %>id="<%= limit['id'] %>" <% end %>uri="<%= limit['uri'] %>" uri-regex="<%= limit['uri_regex'] %>" http-methods="<%= limit['http_methods'] %>" unit="<%= limit['unit'] %>" value="<%= limit['value'] %>" />
+                    <%- end -%>
+                <%- end -%>
+            </global-limit-group>
+        <%- end -%>
+    <%- end -%>
+
     <!-- Limits for all other requests -->
 <% @limit_groups.each do |limit_group| %>
     <limit-group id="<%= limit_group['id'] %>" groups="<%= limit_group['groups'] %>" default="<%= limit_group['default'] %>">

From 8ba2007c3b24aca5def9bc1d6c1c92c67bb47b2c Mon Sep 17 00:00:00 2001
From: Umadevi Samudrala <uma.samudrala@Rackspace.com>
Date: Wed, 23 Sep 2020 12:14:05 +1000
Subject: [PATCH 2/2] Updated versions

---
 ModuleFile                | 2 +-
 puppet-module-repose.spec | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ModuleFile b/ModuleFile
index 3aaccaa..02741ee 100644
--- a/ModuleFile
+++ b/ModuleFile
@@ -1,5 +1,5 @@
 name 'citops-repose'
-version '2.12.1'
+version '2.13.0'
 description "Repose is an api middleware that provides authentication,
 filtering, ratelimitting and several other features, this deploys it."
 project_page 'https://github.com/rackerlabs/puppet-repose'
diff --git a/puppet-module-repose.spec b/puppet-module-repose.spec
index a361c85..e3ff25f 100644
--- a/puppet-module-repose.spec
+++ b/puppet-module-repose.spec
@@ -2,7 +2,7 @@
 %define base_name repose
 
 Name:      puppet-module-%{user}-%{base_name}
-Version:   2.12.1
+Version:   2.13.0
 Release:   1
 BuildArch: noarch
 Summary:   Puppet module to configure %{base_name}
@@ -29,7 +29,11 @@ cp -pr * %{buildroot}%{module_dir}/
 %defattr (0644,root,root)
 %{module_dir}
 
+#
+
 %changelog
+* Wed Sep 23 2019 Uma Samudrala <uma.samudrala@rackspace.com> 2.13.0-1
+- Added global rate limits for Rate Limiting Filter
 * Tue Oct 29 2019 Cory Ringdahl <cory.ringdahl@rackspace.com> 2.12.1-1
 - removed PID_FILE var for repose9; startup script already takes care of this var
 * Tue Oct 22 2019 Senthil Natarajan <senthil.natarajan@rackspace.com> 2.12.0-1