Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added global rate limits for rate limiting filter #91

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added global rate limits for rate limiting filter #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9b56bca
Added global rate limits for rate limiting filter
uma-samudrala Sep 23, 2020
8ba2007
Updated versions
uma-samudrala Sep 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ModuleFile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'citops-repose'
version '2.12.1'
version '2.13.0'
description "Repose is an api middleware that provides authentication,
filtering, ratelimitting and several other features, this deploys it."
project_page 'https://github.com/rackerlabs/puppet-repose'
Expand Down
30 changes: 23 additions & 7 deletions manifests/filter/rate_limiting.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@
# NOTE: the id in limits array should only be used with repose 5.0.0+.
# Setting id <5.0.0 will result in the error.
#
# [*global_limit_groups*]
# Optional Array of hashes.
# Hashes should contain ArrayOfHashes(limits)
# Where the hashes in limits should contain the Strings:
# uri, uri-regex, http-methods, unit, value, id
# NOTE: the id in limits array should only be used with repose 5.0.0+.
# Setting id <5.0.0 will result in the error.
#
# === Links
#
# * http://wiki.openrepose.org/display/REPOSE/Rate+Limiting+Filter
Expand All @@ -57,6 +65,13 @@
# 'uri-regex' => '/limits/userrs/?',
# 'include_absolute_limits' => false,
# },
# global_limit_groups => [
# {
# 'limits' => [
# { 'id' => 'events_global_limits' 'uri' => '/sites/events*', 'uri_regex' => '/(sites)/events', 'http_methods' => 'POST', 'unit' => 'SECOND', 'value'=> '200' },
# ]
# },
# ],
# limit_groups => [
# { 'id' => 'UserIdentity_Group',
# 'groups' => 'UserIdentity_Group',
Expand All @@ -82,13 +97,14 @@
# * c/o Cloud Integration Ops <mailto:[email protected]>
#
define repose::filter::rate_limiting (
$ensure = present,
$filename = 'rate-limiting.cfg.xml',
$datastore = undef,
$overlimit_429 = undef,
$use_capture_groups = true,
$request_endpoint = undef,
$limit_groups = undef,
$ensure = present,
$filename = 'rate-limiting.cfg.xml',
$datastore = undef,
$overlimit_429 = undef,
$use_capture_groups = true,
$request_endpoint = undef,
$limit_groups = undef,
$global_limit_groups = undef,
) {

### Validate parameters
Expand Down
6 changes: 5 additions & 1 deletion puppet-module-repose.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
%define base_name repose

Name: puppet-module-%{user}-%{base_name}
Version: 2.12.1
Version: 2.13.0
Release: 1
BuildArch: noarch
Summary: Puppet module to configure %{base_name}
Expand All @@ -29,7 +29,11 @@ cp -pr * %{buildroot}%{module_dir}/
%defattr (0644,root,root)
%{module_dir}

#

%changelog
* Wed Sep 23 2019 Uma Samudrala <[email protected]> 2.13.0-1
- Added global rate limits for Rate Limiting Filter
* Tue Oct 29 2019 Cory Ringdahl <[email protected]> 2.12.1-1
- removed PID_FILE var for repose9; startup script already takes care of this var
* Tue Oct 22 2019 Senthil Natarajan <[email protected]> 2.12.0-1
Expand Down
60 changes: 60 additions & 0 deletions spec/defines/filter/rate_limiting_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,20 @@
'uri-regex' => '/limits/stuff/?',
'include_absolut_limits' => false
},
:global_limit_groups => [
{
'limits' => [
{
'id' => 'some_global_limit_id',
'uri' => '/.*',
'uri_regex' => '/.*',
'http_methods' => 'GET',
'unit' => 'SECOND',
'value' => '150'
},
]
}
],
:limit_groups => [ {
'id' => 'Some_Group',
'groups' => 'Some_Group',
Expand All @@ -97,6 +111,8 @@
'group' => 'repose',
'mode' => '0660').
with_content(/<request-endpoint uri-regex=\"\/limits\/stuff\/\?\" include-absolute-limits=\"\"\/>/).
with_content(/<global-limit-group>/).
with_content(/<limit id=\"some_global_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"150\" \/>/).
with_content(/<limit-group id=\"Some_Group\" groups=\"Some_Group\" default=\"true\">/).
with_content(/<limit id=\"some_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"200\" \/>/)

Expand Down Expand Up @@ -151,6 +167,20 @@
'include_absolut_limits' => false
},
:overlimit_429 => 'true',
:global_limit_groups => [
{
'limits' => [
{
'id' => 'some_global_limit_id',
'uri' => '/.*',
'uri_regex' => '/.*',
'http_methods' => 'GET',
'unit' => 'SECOND',
'value' => '150'
},
]
}
],
:limit_groups => [ {
'id' => 'Some_Group',
'groups' => 'Some_Group',
Expand All @@ -174,6 +204,8 @@
'mode' => '0660').
with_content(/overLimit-429-responseCode=\"true\"/).
with_content(/<request-endpoint uri-regex=\"\/limits\/stuff\/\?\" include-absolute-limits=\"\"\/>/).
with_content(/<global-limit-group>/).
with_content(/<limit id=\"some_global_limit_id\" uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"150\" \/>/).
with_content(/<limit-group id=\"Some_Group\" groups=\"Some_Group\" default=\"true\">/).
with_content(/<limit uri=\"\/\.\*\" uri-regex=\"\/\.\*\" http-methods=\"GET\" unit=\"SECOND\" value=\"200\" \/>/)

Expand All @@ -193,6 +225,20 @@
'uri-regex' => '/limits/stuff/?',
'include_absolut_limits' => false
},
:global_limit_groups => [
{
'limits' => [
{
'id' => 'some_global_limit_id',
'uri' => '/.*',
'uri_regex' => '/.*',
'http_methods' => 'GET',
'unit' => 'SECOND',
'value' => '150'
},
]
}
],
:limit_groups => [ {
'id' => 'Some_Group',
'groups' => 'Some_Group',
Expand Down Expand Up @@ -228,6 +274,20 @@
'uri-regex' => '/limits/stuff/?',
'include_absolut_limits' => false
},
:global_limit_groups => [
{
'limits' => [
{
'id' => 'some_global_limit_id',
'uri' => '/.*',
'uri_regex' => '/.*',
'http_methods' => 'GET',
'unit' => 'SECOND',
'value' => '150'
},
]
}
],
:limit_groups => [ {
'id' => 'Some_Group',
'groups' => 'Some_Group',
Expand Down
15 changes: 15 additions & 0 deletions templates/rate-limiting.cfg.xml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,21 @@
returning live rate limiting information.
-->
<request-endpoint uri-regex="<%= @request_endpoint['uri-regex'] %>" include-absolute-limits="<%= @request_endpoint['include_absolute_limits'] %>"/>

<!-- Defineds global rate limits -->

<%- if @global_limit_groups -%>
<% @global_limit_groups.each do |global_limit_group| %>
<global-limit-group>
<%- if global_limit_group.has_key?('limits') -%>
<%- global_limit_group['limits'].each do |limit| %>
<limit <% if limit.has_key?('id') %>id="<%= limit['id'] %>" <% end %>uri="<%= limit['uri'] %>" uri-regex="<%= limit['uri_regex'] %>" http-methods="<%= limit['http_methods'] %>" unit="<%= limit['unit'] %>" value="<%= limit['value'] %>" />
<%- end -%>
<%- end -%>
</global-limit-group>
<%- end -%>
<%- end -%>

<!-- Limits for all other requests -->
<% @limit_groups.each do |limit_group| %>
<limit-group id="<%= limit_group['id'] %>" groups="<%= limit_group['groups'] %>" default="<%= limit_group['default'] %>">
Expand Down