aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 168a8c6ddf into fbfa0ad1b0

Browse Source
Abhishek Manjegowda 7 days ago committed by GitHub
parent fbfa0ad1b0 168a8c6ddf
commit 3cfc829736
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 95 additions and 85 deletions
Show Stats Download Patch File Download Diff File

19
internal/daemon/controller/rate_limiter_test.go
Unescape View File

@ -137,6 +137,25 @@ func TestController_initializeRateLimiter(t *testing.T) {
false,
nil,
},
{
"wildcardReadList",
&config.Config{
Controller: &config.Controller{
ApiRateLimits: ratelimit.Configs{
{
Resources: []string{"*"},
Actions: []string{"read", "list"},
Per: "total",
Limit: 100,
Period: time.Minute,
},
},
ApiRateLimiterMaxQuotas: ratelimit.DefaultLimiterMaxQuotas(),
},
},
false,
nil,
},
{
"invalid",
&config.Config{

6
internal/ratelimit/config.go
Unescape View File

@ -196,8 +196,9 @@ func (c Configs) Limits(ctx context.Context) ([]rate.Limit, error) {
for _, cc := range c {
var resourceSet []resource.Type
wildcardResources := len(cc.Resources) == 1 && cc.Resources[0] == resource.All.String()
switch {
case len(cc.Resources) == 1 && cc.Resources[0] == resource.All.String():
case wildcardResources:
resourceSet = allResources
default:
for _, r := range cc.Resources {
@ -251,6 +252,9 @@ func (c Configs) Limits(ctx context.Context) ([]rate.Limit, error) {
for _, aStr := range cc.Actions {
a, ok := validActionMap[aStr]
if !ok {
if wildcardResources {
continue
}
return nil, errors.New(ctx, errors.InvalidConfiguration, op, "", errors.WithMsg("action %s not valid for resource %s", aStr, res.String()))
}
key := fmt.Sprintf("%s:%s:%s", res.String(), a.String(), rate.LimitPer(cc.Per))

155
internal/ratelimit/config_test.go
Unescape View File

@ -458,52 +458,16 @@ func TestConfigsLimits(t *testing.T) {
case action.List, action.Read:
limits = append(
limits,
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerTotal,
MaxRequests: 10,
Period: time.Minute,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerIPAddress,
MaxRequests: 5,
Period: time.Minute,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerAuthToken,
MaxRequests: 1,
Period: time.Minute,
},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: 10, Period: time.Minute},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: 5, Period: time.Minute},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: 1, Period: time.Minute},
)
default:
limits = append(
limits,
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerTotal,
MaxRequests: DefaultInTotalRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerIPAddress,
MaxRequests: DefaultIpAddressRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerAuthToken,
MaxRequests: DefaultAuthTokenRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: DefaultInTotalRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: DefaultIpAddressRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: DefaultAuthTokenRequestLimit, Period: DefaultPeriod},
)
}
}
@ -517,52 +481,16 @@ func TestConfigsLimits(t *testing.T) {
case action.List:
limits = append(
limits,
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerTotal,
MaxRequests: DefaultInTotalListRequestLimit,
Period: DefaultListPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerIPAddress,
MaxRequests: DefaultIpAddressListRequestLimit,
Period: DefaultListPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerAuthToken,
MaxRequests: DefaultAuthTokenListRequestLimit,
Period: DefaultListPeriod,
},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: DefaultInTotalListRequestLimit, Period: DefaultListPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: DefaultIpAddressListRequestLimit, Period: DefaultListPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: DefaultAuthTokenListRequestLimit, Period: DefaultListPeriod},
)
default:
limits = append(
limits,
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerTotal,
MaxRequests: DefaultInTotalRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerIPAddress,
MaxRequests: DefaultIpAddressRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{
Resource: res.String(),
Action: a.String(),
Per: rate.LimitPerAuthToken,
MaxRequests: DefaultAuthTokenRequestLimit,
Period: DefaultPeriod,
},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: DefaultInTotalRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: DefaultIpAddressRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: DefaultAuthTokenRequestLimit, Period: DefaultPeriod},
)
}
}
@ -572,6 +500,65 @@ func TestConfigsLimits(t *testing.T) {
}(),
nil,
},
{
"all-resources-multiple-actions",
Configs{
{
Resources: []string{"*"},
Actions: []string{"list", "read"},
Per: "total",
Limit: 10,
Period: time.Minute,
},
{
Resources: []string{"*"},
Actions: []string{"list", "read"},
Per: "ip-address",
Limit: 5,
Period: time.Minute,
},
{
Resources: []string{"*"},
Actions: []string{"list", "read"},
Per: "auth-token",
Limit: 1,
Period: time.Minute,
},
},
func() []rate.Limit {
limits := make([]rate.Limit, 0, len(resource.Map)*len(action.Map))
for _, res := range resource.Map {
switch res {
case resource.Unknown, resource.All, resource.Controller:
continue
}
validActions, err := action.ActionSetForResource(res)
require.NoError(t, err)
for a := range validActions {
switch a {
case action.Unknown, action.All:
continue
case action.List, action.Read:
limits = append(
limits,
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: 10, Period: time.Minute},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: 5, Period: time.Minute},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: 1, Period: time.Minute},
)
default:
limits = append(
limits,
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerTotal, MaxRequests: DefaultInTotalRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerIPAddress, MaxRequests: DefaultIpAddressRequestLimit, Period: DefaultPeriod},
&rate.Limited{Resource: res.String(), Action: a.String(), Per: rate.LimitPerAuthToken, MaxRequests: DefaultAuthTokenRequestLimit, Period: DefaultPeriod},
)
}
}
}
return limits
}(),
nil,
},
{
"order-matters",
Configs{

Write Preview
Loading…
Cancel
Save