ratelimit: use policy namespaced name as descriptor value

[zirain]

make the descriptor value( and the metric generated by ratelimit service) more valuable

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.09%. Comparing base (c5d6b03) to head (d5c1ce0).
⚠️ Report is 299 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6801      +/-   ##
==========================================
+ Coverage   71.06%   71.09%   +0.02%     
==========================================
  Files         229      229              
  Lines       40942    40945       +3     
==========================================
+ Hits        29097    29109      +12     
+ Misses      10127    10119       -8     
+ Partials     1718     1717       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions!

[zirain]

wait envoyproxy/envoy#41339

[zirain]

with envoyproxy/ratelimit#1027, you can dump the descriptors to accesslog as following:

{
  ":authority": "172.18.255.206",
  "authorization": null,
  "bytes_received": 0,
  "bytes_sent": 0,
  "downstream_local_address": "10.244.2.18:10080",
  "downstream_remote_address": "172.18.0.1:57968",
  "duration": 1,
  "method": "GET",
  "protocol": "HTTP/1.1",
  "ratelimit": {
    "descriptors": [
      {
        "entries": [
          "httproute/default/http-ratelimit2/rule/0/match/0/*=httproute/default/http-ratelimit2/rule/0/match/0/*",
          "rule-0-match-0=rule-0-match-0"
        ]
      }
    ],
    "domain": "default/eg/http"
  },
  "request_headers_bytes": 223,
  "requested_server_name": null,
  "response_code": 429,
  "response_code_details": "request_rate_limited",
  "response_flags": "RL",
  "route_name": "httproute/default/http-ratelimit2/rule/0/match/0/*",
  "start_time": "2025-12-26T06:29:13.565Z",
  "upstream_cluster": "httproute/default/http-ratelimit2/rule/0",
  "upstream_duration": null,
  "upstream_host": null,
  "upstream_local_address": null,
  "upstream_transport_failure_reason": null,
  "user-agent": "curl/8.7.1",
  "x-envoy-origin-path": "/get",
  "x-envoy-upstream-service-time": null,
  "x-forwarded-for": "172.18.0.1",
  "x-request-id": "9d2e4b50-b7fd-476b-ae3e-ceeac22858fe"
}

but didn't known which policy was applied to the route.

[arkodg]

thanks @zirain, looks like policy is needed in the descriptor, but we cannot replace route suffix, because the same policy can be applied to different routes

[zirain]

thanks @zirain, looks like policy is needed in the descriptor, but we cannot replace route suffix, because the same policy can be applied to different routes

Sorry, I didn't get your point, what's changed in this PR is the value of the first descriptor(it's same as the key before).

[arkodg]

similar to #6801 (comment), can you share the after with this PR change

[zirain]

you can find the diff from the testdata, here is an example.

[zirain]

BTW, I think #7824 might be another option.
This patch introuduce a breaking change which may cause migration problem in a prod environment.