Add support for X-RateLimit-* headers in ratelimit filter#12410
Add support for X-RateLimit-* headers in ratelimit filter#12410mattklein123 merged 30 commits intoenvoyproxy:masterfrom
Conversation
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
|
Please check CI, thank you! /wait |
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
mattklein123
left a comment
There was a problem hiding this comment.
Very cool. Thanks for working on this. A few comments to get started.
/wait
| // Number of seconds until reset of the current limit window. | ||
| uint32 seconds_until_reset = 4; |
There was a problem hiding this comment.
WDYT about using a protobuf duration here? I think that would future proof it a bit better?
| // The headers are specified in the `draft RFC | ||
| // <https://tools.ietf.org/id/draft-polli-ratelimit-headers-00.html>`_ | ||
| // Defaults to false. | ||
| bool enable_response_headers = 8; |
There was a problem hiding this comment.
Can we make the name of this field more specific? enable_x_ratelimit_headers or similar? It's a little unclear what this does from the field name.
| config.ratelimit.v3.RateLimitServiceConfig rate_limit_service = 7 | ||
| [(validate.rules).message = {required: true}]; | ||
|
|
||
| // If set to true enables emitting X-RateLimit-* headers by the filter. |
There was a problem hiding this comment.
To avoid having to read the RFC in all cases, can you spell out a bit more what headers are emitted and what they do?
include/envoy/http/header_map.h
Outdated
| HEADER_FUNC(XRateLimitLimit) \ | ||
| HEADER_FUNC(XRateLimitRemaining) \ | ||
| HEADER_FUNC(XRateLimitReset) |
There was a problem hiding this comment.
This should be defined as custom inline headers for the ratelimit header vs. global inline headers. See RegisterCustomInlineHeader
| response_headers_to_add_ = Http::ResponseHeaderMapImpl::create(); | ||
| } | ||
| Http::HeaderUtility::addHeaders(*response_headers_to_add_, *rate_limit_headers); | ||
| rate_limit_headers = nullptr; |
There was a problem hiding this comment.
nit: this goes out of scope and it not necessary
| result->setXRateLimitLimit(rate_limit_limit); | ||
| result->setXRateLimitRemaining(min_remaining_limit_status.value().limit_remaining()); | ||
| result->setXRateLimitReset(min_remaining_limit_status.value().seconds_until_reset()); |
There was a problem hiding this comment.
FYI if these are just being set on an empty map, these don't need to be inline at all. Just directly use the various add* functions.
|
|
||
| absl::optional<envoy::service::ratelimit::v3::RateLimitResponse_DescriptorStatus> | ||
| min_remaining_limit_status; | ||
| std::ostringstream quotaPolicy; |
There was a problem hiding this comment.
nit: quota_policy.
Also please avoid using ostringstream. Prefer the absl::String functions instead for this type of case.
| } | ||
| uint32_t window = convertRateLimitUnit(status.current_limit().unit()); | ||
| if (window) { | ||
| fmt::print(quotaPolicy, ", {:d};{:s}={:d}", status.current_limit().requests_per_unit(), |
There was a problem hiding this comment.
Can you comment/reference the spec for what this is doing? It's not clear to the casual reader.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
mattklein123
left a comment
There was a problem hiding this comment.
Few more comments, thanks. Also looks like clang-tidy is still broken on the current main branch, not your fault. cc @lizan
/wait
api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto
Outdated
Show resolved
Hide resolved
|
tidy passes on my local with latest change, feel free to ignore while I'm investigating why it fails in AZP. |
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Thank you. Same here, I was banging my head over it and boiling my laptop running it locally :) |
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
|
Just a minor comment, since IIRC the diff is not going to be important for this PR, but version 03 of the draft was published about two months ago. |
|
@unleashed oh! I guess we replace everything with v3 to start off from the latest. I'll make another PR. |
Followup for a new feature introduced by #12410 Apologies for not noticing that a later draft was introduced recently. I think we should start with supporting the latest available spec draft, so update version 2 to version 3. The change is technically backwards-incompatible, but the new feature was introduced one day ago, nobody could have been so fast to depend on it. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
…#12410) Adds support for X-RateLimit-* headers described in the draft RFC. The X-RateLimit-Limit header contains the quota-policy per RFC. The descriptor name is included in the quota policy under the name key. X-RateLimit-Reset header is emitted, but it would need a followup in the ratelimit service, which I will do once this is merged. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Followup for a new feature introduced by envoyproxy#12410 Apologies for not noticing that a later draft was introduced recently. I think we should start with supporting the latest available spec draft, so update version 2 to version 3. The change is technically backwards-incompatible, but the new feature was introduced one day ago, nobody could have been so fast to depend on it. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
…#12410) Adds support for X-RateLimit-* headers described in the draft RFC. The X-RateLimit-Limit header contains the quota-policy per RFC. The descriptor name is included in the quota policy under the name key. X-RateLimit-Reset header is emitted, but it would need a followup in the ratelimit service, which I will do once this is merged. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org> Signed-off-by: chaoqinli <chaoqinli@google.com>
Followup for a new feature introduced by envoyproxy#12410 Apologies for not noticing that a later draft was introduced recently. I think we should start with supporting the latest available spec draft, so update version 2 to version 3. The change is technically backwards-incompatible, but the new feature was introduced one day ago, nobody could have been so fast to depend on it. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org> Signed-off-by: chaoqinli <chaoqinli@google.com>
Adds support for X-RateLimit-* headers described in the draft RFC. The
X-RateLimit-Limitheader contains the quota-policy per RFC. The descriptor name is included in the quota policy under thenamekey.X-RateLimit-Resetheader is emitted, but it would need a followup in the ratelimit service, which I will do once this is merged.Commit Message: Add support for X-RateLimit-* headers in ratelimit filter
Risk Level: Low, new codepaths are disabled by default
Testing: unit&integration tests created covering new features
Docs Changes: docs for the new config variable added
Release Notes: added to current.rst
Fixes #12356
Signed-off-by: Petr Pchelko ppchelko@wikimedia.org
@numerodix fyi