Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add debug logging to indicate descriptor and limit #197

Merged
merged 2 commits into from
Nov 30, 2020

Conversation

AlexKulbiy
Copy link
Contributor

We are actively using ratelimit service with istio. With multiple levels of abstraction (Istio EnvoyFilter -> Envoy configuration -> ratelimit descriptor) it's sometimes hard to understand how does the descriptor received by the specific request look like.

This PR adds three debug level log messages, which should help understanding what exactly is used by the rate limit at moment.

Example messages:

simple descriptor:

time="2020-11-26T16:10:43Z" level=debug msg="got descriptor: (header_match=path)"

compound descriptor:

time="2020-11-26T17:10:22Z" level=debug msg="got descriptor: (header_match=get),(generic_key=foo)"

rate limit applied:

time="2020-11-26T16:10:43Z" level=debug msg="applying limit: 20 requests per SECOND"

no matches:

time="2020-11-26T16:22:27Z" level=debug msg="descriptor does not match any limit, no limits applied"

Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks this makes sense to me, but is it possible to refactor slightly so we don't pay the compute cost if the log level is not debug? I think it shouldn't be too hard. Thank you!

/wait

Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>
@AlexKulbiy
Copy link
Contributor Author

Thanks for the feedback, I didn't think about this and it makes total sense. I've made a change to verify log level before calculating values for debug logging. Please let me know how does that look.

Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@mattklein123 mattklein123 merged commit ef13143 into envoyproxy:master Nov 30, 2020
mjallday added a commit to verygoodsecurity/ratelimit that referenced this pull request Jan 26, 2021
* Add Docker Compose File (#27)

* docs: match envoy docs for remote_address ratelimiting (#29)

* docs: document dependency on gostats (#30)

* test and document whitelist behavior (#31)

Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>

* update dependencies (#35)

* update dependencies

* proto: use the proto defined in data-plane-api (#39)

* proto: check in protos to allow importing ratelimit as a library (#40)

* docs: update contact info (#42)

* redis: add the option to use a separate redis pool for per second limits (#41)

* fix duplicate mv (#43)

* docker: upgrade docker-compose setup (#46)

* Add gRPC health check (#47)

* logging: set log level (#50)

* go version: update to 1.11 (#53)

* docker compose: expose gRPC port on docker compose setup (#55)

* Configuration to ignore dotfiles. (#52)

This allows ratelimit to run on Kubernetes with configuration from a configmap.

* Add Dockerfile to enable builds (#58)

Signed-off-by: Steve Sloka <steves@heptio.com>

* ci: fix build (#73)

Fixes envoyproxy#71

Signed-off-by: Matt Klein <mklein@lyft.com>

* Run unit and integration tests with race detector enabled (#65)

* deps: update several of ratelimit's dependencies (#76)

* add stalebot (#78)

Signed-off-by: Matt Klein <mklein@lyft.com>

* docs: fix example 4 sample config (#79)

* fix redis-server binary name (envoyproxy#88)

* Fix build Dockerfile (envoyproxy#98)

Fix problem:
src/service_cmd/runner/runner.go:10:2: cannot find package "github.com/lyft/ratelimit/proto/ratelimit" in any of:
        /usr/local/go/src/github.com/lyft/ratelimit/vendor/github.com/lyft/ratelimit/proto/ratelimit (vendor tree)
        /usr/local/go/src/vendor/github.com/lyft/ratelimit/proto/ratelimit
        /usr/local/go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOROOT)
        /go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOPATH)
The command '/bin/sh -c go build -o /usr/local/bin/ratelimit src/service_cmd/main.go' returned a non-zero code: 1

* Redis TLS and Auth support (envoyproxy#96)

This adds support for TLS connections to redis as well as support for authentication.
Somewhat related to issue #61

* healthcheck: allow customizable healthcheck name (envoyproxy#102)

Description: this patch allows a consumer of the server package to customize the name of the healthchecker.

Signed-off-by: Jose Nino <jnino@lyft.com>

* health: make a few more types public (envoyproxy#104)

Description: envoyproxy#102 allowed for some customization. This PR makes the types public so that other servers can use this implementation.

Signed-off-by: Jose Nino <jnino@lyft.com>

* Add local cache to store whether it is over the limit (envoyproxy#111)

* Plugin statstore into runner (envoyproxy#115)

* fix: support auth without tls (envoyproxy#116)

Signed-off-by: tangxinfa <tangxinfa@gmail.com>

* add local cache stats (envoyproxy#114)

* Move license to templated Apache-2.0 (envoyproxy#123)

Signed-off-by: Derek Schaller <d_a_schaller@yahoo.com>

* Enable go modules (envoyproxy#124)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* CI: Github Actions (envoyproxy#127)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* community: update contributing guide (envoyproxy#139)

Fixes envoyproxy#138

Signed-off-by: Matt Klein <mklein@lyft.com>

* add http 1 `/json` endpoint (envoyproxy#136)

Signed-off-by: David Black <david.black@autodesk.com>

* Use mockgen version from go.mod instead of from "make bootstrap" (envoyproxy#143)

Even though the Makefile wants to encourage using mockgen@1.4.1, it
seems like the mocks have been generated using a pre-1.0 version of
mockgen. Using "go run github.com/golang/mock/mockgen" as a go:generate
command instead of just "mockgen" avoids the need to pre-install into
the developer's $PATH and uses the go.mod-specified version

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade gostats dependency from 0.2.6 to 0.4.0 (envoyproxy#141)

My interest is the UDP protocol support which appeared in gotstats 0.3.10

There's a breaking change as of https://github.com/lyft/gostats/releases/tag/v0.3.0
which is that gostats no longer publishes stats as expvars.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade radix (envoyproxy#137)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* cache_impl_test.go: fix failing test with ipv6 (envoyproxy#144)

A newly-added test in envoyproxy#137 checks the exact text of an error message which
seems to vary when the network is tcp4 vs tcp6. This change relaxes the
assertion to look for "connection refused" in a panic without making
assumptions about what an IP address looks like.

Example failure:

--- FAIL: TestNewClientImpl (0.00s)
    --- FAIL: TestNewClientImpl/connection_refused (0.00s)
        cache_impl_test.go:442:
                Error Trace:    cache_impl_test.go:442
                Error:          func (assert.PanicTestFunc)(0x1724110) should panic with error message: "dial tcp 127.0.0.1:12345: connect: connection refused"
                                        Panic value:    "dial tcp [::1]:12345: connect: connection refused"
                                        Panic stack:    goroutine 27 [running]:

The testify assert package doesn't seem to support inexact matching on error messages, so the code gets a bit uglier than before.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Split redis-specific logic from generic key-value store logic (envoyproxy#142)

This is a pure refactoring with no behavior changes. It's a step toward being able
to add memcache as a backend (see envoyproxy#140).

This PR moves RateLimitCache from the redis package to a new "limiter" package, along with
code for time/jitter, local cache stats,  and constructing cache keys. All that can be reused
with memcache.

After this PR, the redis package is imported in exactly two places:
- in service_cmd/runner/runner.go to call redis.NewRateLimiterCacheImplFromSettings()
- in service/ratelimit.go in ShouldRateLimit to identify if a recovered panic is a redis.RedisError. If so, a stat is incremented and the panic() propagation is ended and in favor of returning the error as a the function result.

The PR also includes changes by goimports to test/service/ratelimit_test.go
so that the difference between package name vs file path name is explicit
instead of implicit.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* json handler: return full ratelimit service response as json (envoyproxy#148)

Previously an HTTP POST to /json would only return an HTTP status code,
not all the other details supported by grpc ratelimit responses.

With this change an HTTP POST to /json receives the full proto3 response
encoded as json by jsonpb.

It seems unlikely that anyone would be parsing the text "over limit" from
the HTTP body instead of just reading the 429 response code, but for anyone
doing that this would be a breaking change.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Update goruntime to latest, 0.2.5.  Add new config for watching changes in runtime config folder directly instead of the runtime root dir. (envoyproxy#151)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Drop support for legacy ratelimit.proto and upgrade to v3 rls.proto (envoyproxy#153)

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Followups to v3 upgrade (envoyproxy#155)

- Regenerate mocks based on new default protocol
- Manually transform v2 messages to v3 messages - some of the fields
were renamed thus json Marshal/Unmarshal does not work anymore
- Added tests that verify conversion v2<->v3 works for headers fields
- Update tests to use proto.Equal - simple assert.Equals might not
work correctly for protobuf messages.

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Introduce a Dockerfile for running integration tests (envoyproxy#156)

This diff creates Dockerfile.integration for running integration tests with clearly-defined dependencies. Previously the dependencies of the integration tests were defined within the github actions config.

The new "make docker_tests" target should work for any developer with Docker installed.

Previously there was no single command that would run integration tests across platforms, which makes development and onboarding harder. Even copying the command from github actions wouldn't have worked before, since that command quietly assumed that redis was already running on port 6379.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Add support for rate limit overrides. (envoyproxy#158)

Fixes envoyproxy#154

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* redis client: default to use explicit pipelining (envoyproxy#163)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* Clean go.mod file and update logrus to latest (envoyproxy#166)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add full test environment example. Fix bug in existing docker-compose. (envoyproxy#170)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Implement LOG_FORMAT=json (envoyproxy#173)

Centralized log collection system works better with logs in json format.
E.g. DataDog strongly encourage setting up your logging library to produce your logs in JSON format to avoid the need for custom parsing rules.
So, the next small fix is all we need to get json logs.

Signed-off-by: Sergey Belyaev <sbelyaev@setronica.com>

* ci: Update github action to push docker image tagged with sha for each merge to master branch (envoyproxy#176)

Updates the github action to also push a tagged image based upon the git sha. The tag also
includes the current version of the release.

Example tag: envoyproxy/ratelimit:f1758150b6dfed3e5c0ae13fb7bb6b8f6ae00b0e

Fixes envoyproxy#174

Signed-off-by: Steve Sloka <slokas@vmware.com>

* Update README.md to refer to existing files (envoyproxy#178)

Signed-off-by: Margaret Gorguissian <margaret.gorguissian@tufts.edu>

* Add redis cluster and sentinel support (envoyproxy#179)

Signed-off-by: Diego Erdody <diego@medallia.com>

* Add support for x-ratelimit-reset header (envoyproxy#182)

Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>

* Create repokitteh.star (envoyproxy#187)

Signed-off-by: Itay Donanhirsh <itay@bazoo.org>

* refactor NearLimitRatio to environment variable (envoyproxy#186)

Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com>

* Fix flakey tests with DurationUntilReset. Update docker example to V3 config. (envoyproxy#192)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Separate Redis cache and driver implementation (envoyproxy#194)

Signed-off-by: William Albertus Dembo <w.albertusd@gmail.com>

* Set ratelimit filter to v3 api (envoyproxy#196)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add debug logging to indicate descriptor and limit (envoyproxy#197)

Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>

* Implement BACKEND_TYPE=memcache as an alternative k/v store to redis (envoyproxy#172)

MEMCACHE_HOST_PORT=host:port must be set with BACKEND_TYPE=memcache

To minimize roundtrips when getting multiple keys, the memcache implementation
does a GetMulti to fetch the existing rate limit usage and does increments
asynchronously in background goroutines, since the memcache API doesn't offer
multi-increment.

Resolves envoyproxy#140

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Refactoring of duplicated code across backend types (envoyproxy#202)

Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

* Small typo fix in README (envoyproxy#204)

Signed-off-by: cpaika <paika.christopher@gmail.com>

* Circle CI (#1)

* Add Circle Config

* Touch to build

* Move to expected path

* Use Docker Command

* Do it all here then

* Env

* Add Readme

* Actual README

* Add Docker Compose (#2)

* VAULT-893 Fix docker-compose.yml

* VAULT-893 Fix docker-compose.yml

Co-authored-by: Marshall Jones <marshall@offby3.com>
Co-authored-by: Jose Ulises Nino Rivera <junr03@users.noreply.github.com>
Co-authored-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Co-authored-by: Martien Verbruggen <martien.verbruggen@gmail.com>
Co-authored-by: Ben Pope <BenPope@users.noreply.github.com>
Co-authored-by: Steve Sloka <steve@stevesloka.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Co-authored-by: Charlie Vieth <charlie.vieth@gmail.com>
Co-authored-by: Adil Hafeez <ahafeez@lyft.com>
Co-authored-by: Kartograf <kartogrof@gmail.com>
Co-authored-by: repl-david-winiarski <33431229+repl-david-winiarski@users.noreply.github.com>
Co-authored-by: Junchao Lyu <6963707+freedomljc@users.noreply.github.com>
Co-authored-by: tangxinfa <tangxinfa@gmail.com>
Co-authored-by: Steve Sloka <slokas@vmware.com>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: dblackdblack <github@dhb.is>
Co-authored-by: David Weitzman <dweitzman@pinterest.com>
Co-authored-by: Tong Cai <caitong@caicloud.io>
Co-authored-by: Yuki Sawa <yukisawa@gmail.com>
Co-authored-by: Petr Pchelko <petrpchelko@gmail.com>
Co-authored-by: Petr Pchelko <ppchelko@wikimedia.org>
Co-authored-by: Sergey Belyaev <svdba@users.noreply.github.com>
Co-authored-by: Margaret G <Margaret.Gorguissian@tufts.edu>
Co-authored-by: Diego Erdody <erdody@gmail.com>
Co-authored-by: Clara <candrewwani@gmail.com>
Co-authored-by: Itay Donanhirsh <itay@bazoo.org>
Co-authored-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com>
Co-authored-by: William Albertus Dembo <w.albertusd@gmail.com>
Co-authored-by: Alex Kulbii <jncneo@gmail.com>
Co-authored-by: Kateryna Nezdolii <nezdolik@spotify.com>
Co-authored-by: Christopher <paika.christopher@gmail.com>
zdmytriv pushed a commit to verygoodsecurity/ratelimit that referenced this pull request Jul 23, 2021
* Add Docker Compose File (#27)

* docs: match envoy docs for remote_address ratelimiting (#29)

* docs: document dependency on gostats (#30)

* test and document whitelist behavior (#31)

Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>

* update dependencies (#35)

* update dependencies

* proto: use the proto defined in data-plane-api (#39)

* proto: check in protos to allow importing ratelimit as a library (#40)

* docs: update contact info (#42)

* redis: add the option to use a separate redis pool for per second limits (#41)

* fix duplicate mv (#43)

* docker: upgrade docker-compose setup (#46)

* Add gRPC health check (#47)

* logging: set log level (#50)

* go version: update to 1.11 (#53)

* docker compose: expose gRPC port on docker compose setup (#55)

* Configuration to ignore dotfiles. (#52)

This allows ratelimit to run on Kubernetes with configuration from a configmap.

* Add Dockerfile to enable builds (#58)

Signed-off-by: Steve Sloka <steves@heptio.com>

* ci: fix build (#73)

Fixes envoyproxy#71

Signed-off-by: Matt Klein <mklein@lyft.com>

* Run unit and integration tests with race detector enabled (#65)

* deps: update several of ratelimit's dependencies (#76)

* add stalebot (#78)

Signed-off-by: Matt Klein <mklein@lyft.com>

* docs: fix example 4 sample config (#79)

* fix redis-server binary name (envoyproxy#88)

* Fix build Dockerfile (envoyproxy#98)

Fix problem:
src/service_cmd/runner/runner.go:10:2: cannot find package "github.com/lyft/ratelimit/proto/ratelimit" in any of:
        /usr/local/go/src/github.com/lyft/ratelimit/vendor/github.com/lyft/ratelimit/proto/ratelimit (vendor tree)
        /usr/local/go/src/vendor/github.com/lyft/ratelimit/proto/ratelimit
        /usr/local/go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOROOT)
        /go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOPATH)
The command '/bin/sh -c go build -o /usr/local/bin/ratelimit src/service_cmd/main.go' returned a non-zero code: 1

* Redis TLS and Auth support (envoyproxy#96)

This adds support for TLS connections to redis as well as support for authentication.
Somewhat related to issue #61

* healthcheck: allow customizable healthcheck name (envoyproxy#102)

Description: this patch allows a consumer of the server package to customize the name of the healthchecker.

Signed-off-by: Jose Nino <jnino@lyft.com>

* health: make a few more types public (envoyproxy#104)

Description: envoyproxy#102 allowed for some customization. This PR makes the types public so that other servers can use this implementation.

Signed-off-by: Jose Nino <jnino@lyft.com>

* Add local cache to store whether it is over the limit (envoyproxy#111)

* Plugin statstore into runner (envoyproxy#115)

* fix: support auth without tls (envoyproxy#116)

Signed-off-by: tangxinfa <tangxinfa@gmail.com>

* add local cache stats (envoyproxy#114)

* Move license to templated Apache-2.0 (envoyproxy#123)

Signed-off-by: Derek Schaller <d_a_schaller@yahoo.com>

* Enable go modules (envoyproxy#124)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* CI: Github Actions (envoyproxy#127)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* community: update contributing guide (envoyproxy#139)

Fixes envoyproxy#138

Signed-off-by: Matt Klein <mklein@lyft.com>

* add http 1 `/json` endpoint (envoyproxy#136)

Signed-off-by: David Black <david.black@autodesk.com>

* Use mockgen version from go.mod instead of from "make bootstrap" (envoyproxy#143)

Even though the Makefile wants to encourage using mockgen@1.4.1, it
seems like the mocks have been generated using a pre-1.0 version of
mockgen. Using "go run github.com/golang/mock/mockgen" as a go:generate
command instead of just "mockgen" avoids the need to pre-install into
the developer's $PATH and uses the go.mod-specified version

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade gostats dependency from 0.2.6 to 0.4.0 (envoyproxy#141)

My interest is the UDP protocol support which appeared in gotstats 0.3.10

There's a breaking change as of https://github.com/lyft/gostats/releases/tag/v0.3.0
which is that gostats no longer publishes stats as expvars.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade radix (envoyproxy#137)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* cache_impl_test.go: fix failing test with ipv6 (envoyproxy#144)

A newly-added test in envoyproxy#137 checks the exact text of an error message which
seems to vary when the network is tcp4 vs tcp6. This change relaxes the
assertion to look for "connection refused" in a panic without making
assumptions about what an IP address looks like.

Example failure:

--- FAIL: TestNewClientImpl (0.00s)
    --- FAIL: TestNewClientImpl/connection_refused (0.00s)
        cache_impl_test.go:442:
                Error Trace:    cache_impl_test.go:442
                Error:          func (assert.PanicTestFunc)(0x1724110) should panic with error message: "dial tcp 127.0.0.1:12345: connect: connection refused"
                                        Panic value:    "dial tcp [::1]:12345: connect: connection refused"
                                        Panic stack:    goroutine 27 [running]:

The testify assert package doesn't seem to support inexact matching on error messages, so the code gets a bit uglier than before.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Split redis-specific logic from generic key-value store logic (envoyproxy#142)

This is a pure refactoring with no behavior changes. It's a step toward being able
to add memcache as a backend (see envoyproxy#140).

This PR moves RateLimitCache from the redis package to a new "limiter" package, along with
code for time/jitter, local cache stats,  and constructing cache keys. All that can be reused
with memcache.

After this PR, the redis package is imported in exactly two places:
- in service_cmd/runner/runner.go to call redis.NewRateLimiterCacheImplFromSettings()
- in service/ratelimit.go in ShouldRateLimit to identify if a recovered panic is a redis.RedisError. If so, a stat is incremented and the panic() propagation is ended and in favor of returning the error as a the function result.

The PR also includes changes by goimports to test/service/ratelimit_test.go
so that the difference between package name vs file path name is explicit
instead of implicit.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* json handler: return full ratelimit service response as json (envoyproxy#148)

Previously an HTTP POST to /json would only return an HTTP status code,
not all the other details supported by grpc ratelimit responses.

With this change an HTTP POST to /json receives the full proto3 response
encoded as json by jsonpb.

It seems unlikely that anyone would be parsing the text "over limit" from
the HTTP body instead of just reading the 429 response code, but for anyone
doing that this would be a breaking change.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Update goruntime to latest, 0.2.5.  Add new config for watching changes in runtime config folder directly instead of the runtime root dir. (envoyproxy#151)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Drop support for legacy ratelimit.proto and upgrade to v3 rls.proto (envoyproxy#153)

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Followups to v3 upgrade (envoyproxy#155)

- Regenerate mocks based on new default protocol
- Manually transform v2 messages to v3 messages - some of the fields
were renamed thus json Marshal/Unmarshal does not work anymore
- Added tests that verify conversion v2<->v3 works for headers fields
- Update tests to use proto.Equal - simple assert.Equals might not
work correctly for protobuf messages.

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Introduce a Dockerfile for running integration tests (envoyproxy#156)

This diff creates Dockerfile.integration for running integration tests with clearly-defined dependencies. Previously the dependencies of the integration tests were defined within the github actions config.

The new "make docker_tests" target should work for any developer with Docker installed.

Previously there was no single command that would run integration tests across platforms, which makes development and onboarding harder. Even copying the command from github actions wouldn't have worked before, since that command quietly assumed that redis was already running on port 6379.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Add support for rate limit overrides. (envoyproxy#158)

Fixes envoyproxy#154

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* redis client: default to use explicit pipelining (envoyproxy#163)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* Clean go.mod file and update logrus to latest (envoyproxy#166)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add full test environment example. Fix bug in existing docker-compose. (envoyproxy#170)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Implement LOG_FORMAT=json (envoyproxy#173)

Centralized log collection system works better with logs in json format.
E.g. DataDog strongly encourage setting up your logging library to produce your logs in JSON format to avoid the need for custom parsing rules.
So, the next small fix is all we need to get json logs.

Signed-off-by: Sergey Belyaev <sbelyaev@setronica.com>

* ci: Update github action to push docker image tagged with sha for each merge to master branch (envoyproxy#176)

Updates the github action to also push a tagged image based upon the git sha. The tag also
includes the current version of the release.

Example tag: envoyproxy/ratelimit:f1758150b6dfed3e5c0ae13fb7bb6b8f6ae00b0e

Fixes envoyproxy#174

Signed-off-by: Steve Sloka <slokas@vmware.com>

* Update README.md to refer to existing files (envoyproxy#178)

Signed-off-by: Margaret Gorguissian <margaret.gorguissian@tufts.edu>

* Add redis cluster and sentinel support (envoyproxy#179)

Signed-off-by: Diego Erdody <diego@medallia.com>

* Add support for x-ratelimit-reset header (envoyproxy#182)

Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>

* Create repokitteh.star (envoyproxy#187)

Signed-off-by: Itay Donanhirsh <itay@bazoo.org>

* refactor NearLimitRatio to environment variable (envoyproxy#186)

Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com>

* Fix flakey tests with DurationUntilReset. Update docker example to V3 config. (envoyproxy#192)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Separate Redis cache and driver implementation (envoyproxy#194)

Signed-off-by: William Albertus Dembo <w.albertusd@gmail.com>

* Set ratelimit filter to v3 api (envoyproxy#196)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add debug logging to indicate descriptor and limit (envoyproxy#197)

Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>

* Implement BACKEND_TYPE=memcache as an alternative k/v store to redis (envoyproxy#172)

MEMCACHE_HOST_PORT=host:port must be set with BACKEND_TYPE=memcache

To minimize roundtrips when getting multiple keys, the memcache implementation
does a GetMulti to fetch the existing rate limit usage and does increments
asynchronously in background goroutines, since the memcache API doesn't offer
multi-increment.

Resolves envoyproxy#140

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Refactoring of duplicated code across backend types (envoyproxy#202)

Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

* Small typo fix in README (envoyproxy#204)

Signed-off-by: cpaika <paika.christopher@gmail.com>

* Circle CI (#1)

* Add Circle Config

* Touch to build

* Move to expected path

* Use Docker Command

* Do it all here then

* Env

* Add Readme

* Actual README

* Add Docker Compose (#2)

* VAULT-893 Fix docker-compose.yml

* VAULT-893 Fix docker-compose.yml

Co-authored-by: Marshall Jones <marshall@offby3.com>
Co-authored-by: Jose Ulises Nino Rivera <junr03@users.noreply.github.com>
Co-authored-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Co-authored-by: Martien Verbruggen <martien.verbruggen@gmail.com>
Co-authored-by: Ben Pope <BenPope@users.noreply.github.com>
Co-authored-by: Steve Sloka <steve@stevesloka.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Co-authored-by: Charlie Vieth <charlie.vieth@gmail.com>
Co-authored-by: Adil Hafeez <ahafeez@lyft.com>
Co-authored-by: Kartograf <kartogrof@gmail.com>
Co-authored-by: repl-david-winiarski <33431229+repl-david-winiarski@users.noreply.github.com>
Co-authored-by: Junchao Lyu <6963707+freedomljc@users.noreply.github.com>
Co-authored-by: tangxinfa <tangxinfa@gmail.com>
Co-authored-by: Steve Sloka <slokas@vmware.com>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: dblackdblack <github@dhb.is>
Co-authored-by: David Weitzman <dweitzman@pinterest.com>
Co-authored-by: Tong Cai <caitong@caicloud.io>
Co-authored-by: Yuki Sawa <yukisawa@gmail.com>
Co-authored-by: Petr Pchelko <petrpchelko@gmail.com>
Co-authored-by: Petr Pchelko <ppchelko@wikimedia.org>
Co-authored-by: Sergey Belyaev <svdba@users.noreply.github.com>
Co-authored-by: Margaret G <Margaret.Gorguissian@tufts.edu>
Co-authored-by: Diego Erdody <erdody@gmail.com>
Co-authored-by: Clara <candrewwani@gmail.com>
Co-authored-by: Itay Donanhirsh <itay@bazoo.org>
Co-authored-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com>
Co-authored-by: William Albertus Dembo <w.albertusd@gmail.com>
Co-authored-by: Alex Kulbii <jncneo@gmail.com>
Co-authored-by: Kateryna Nezdolii <nezdolik@spotify.com>
Co-authored-by: Christopher <paika.christopher@gmail.com>
zdmytriv pushed a commit to verygoodsecurity/ratelimit that referenced this pull request Aug 2, 2021
* Add Docker Compose File (#27)

* docs: match envoy docs for remote_address ratelimiting (#29)

* docs: document dependency on gostats (#30)

* test and document whitelist behavior (#31)

Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>

* update dependencies (#35)

* update dependencies

* proto: use the proto defined in data-plane-api (#39)

* proto: check in protos to allow importing ratelimit as a library (#40)

* docs: update contact info (#42)

* redis: add the option to use a separate redis pool for per second limits (#41)

* fix duplicate mv (#43)

* docker: upgrade docker-compose setup (#46)

* Add gRPC health check (#47)

* logging: set log level (#50)

* go version: update to 1.11 (#53)

* docker compose: expose gRPC port on docker compose setup (#55)

* Configuration to ignore dotfiles. (#52)

This allows ratelimit to run on Kubernetes with configuration from a configmap.

* Add Dockerfile to enable builds (#58)

Signed-off-by: Steve Sloka <steves@heptio.com>

* ci: fix build (#73)

Fixes envoyproxy#71

Signed-off-by: Matt Klein <mklein@lyft.com>

* Run unit and integration tests with race detector enabled (#65)

* deps: update several of ratelimit's dependencies (#76)

* add stalebot (#78)

Signed-off-by: Matt Klein <mklein@lyft.com>

* docs: fix example 4 sample config (#79)

* fix redis-server binary name (envoyproxy#88)

* Fix build Dockerfile (envoyproxy#98)

Fix problem:
src/service_cmd/runner/runner.go:10:2: cannot find package "github.com/lyft/ratelimit/proto/ratelimit" in any of:
        /usr/local/go/src/github.com/lyft/ratelimit/vendor/github.com/lyft/ratelimit/proto/ratelimit (vendor tree)
        /usr/local/go/src/vendor/github.com/lyft/ratelimit/proto/ratelimit
        /usr/local/go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOROOT)
        /go/src/github.com/lyft/ratelimit/proto/ratelimit (from $GOPATH)
The command '/bin/sh -c go build -o /usr/local/bin/ratelimit src/service_cmd/main.go' returned a non-zero code: 1

* Redis TLS and Auth support (envoyproxy#96)

This adds support for TLS connections to redis as well as support for authentication.
Somewhat related to issue #61

* healthcheck: allow customizable healthcheck name (envoyproxy#102)

Description: this patch allows a consumer of the server package to customize the name of the healthchecker.

Signed-off-by: Jose Nino <jnino@lyft.com>

* health: make a few more types public (envoyproxy#104)

Description: envoyproxy#102 allowed for some customization. This PR makes the types public so that other servers can use this implementation.

Signed-off-by: Jose Nino <jnino@lyft.com>

* Add local cache to store whether it is over the limit (envoyproxy#111)

* Plugin statstore into runner (envoyproxy#115)

* fix: support auth without tls (envoyproxy#116)

Signed-off-by: tangxinfa <tangxinfa@gmail.com>

* add local cache stats (envoyproxy#114)

* Move license to templated Apache-2.0 (envoyproxy#123)

Signed-off-by: Derek Schaller <d_a_schaller@yahoo.com>

* Enable go modules (envoyproxy#124)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* CI: Github Actions (envoyproxy#127)

Signed-off-by: Steve Sloka <slokas@vmware.com>

* community: update contributing guide (envoyproxy#139)

Fixes envoyproxy#138

Signed-off-by: Matt Klein <mklein@lyft.com>

* add http 1 `/json` endpoint (envoyproxy#136)

Signed-off-by: David Black <david.black@autodesk.com>

* Use mockgen version from go.mod instead of from "make bootstrap" (envoyproxy#143)

Even though the Makefile wants to encourage using mockgen@1.4.1, it
seems like the mocks have been generated using a pre-1.0 version of
mockgen. Using "go run github.com/golang/mock/mockgen" as a go:generate
command instead of just "mockgen" avoids the need to pre-install into
the developer's $PATH and uses the go.mod-specified version

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade gostats dependency from 0.2.6 to 0.4.0 (envoyproxy#141)

My interest is the UDP protocol support which appeared in gotstats 0.3.10

There's a breaking change as of https://github.com/lyft/gostats/releases/tag/v0.3.0
which is that gostats no longer publishes stats as expvars.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Upgrade radix (envoyproxy#137)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* cache_impl_test.go: fix failing test with ipv6 (envoyproxy#144)

A newly-added test in envoyproxy#137 checks the exact text of an error message which
seems to vary when the network is tcp4 vs tcp6. This change relaxes the
assertion to look for "connection refused" in a panic without making
assumptions about what an IP address looks like.

Example failure:

--- FAIL: TestNewClientImpl (0.00s)
    --- FAIL: TestNewClientImpl/connection_refused (0.00s)
        cache_impl_test.go:442:
                Error Trace:    cache_impl_test.go:442
                Error:          func (assert.PanicTestFunc)(0x1724110) should panic with error message: "dial tcp 127.0.0.1:12345: connect: connection refused"
                                        Panic value:    "dial tcp [::1]:12345: connect: connection refused"
                                        Panic stack:    goroutine 27 [running]:

The testify assert package doesn't seem to support inexact matching on error messages, so the code gets a bit uglier than before.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Split redis-specific logic from generic key-value store logic (envoyproxy#142)

This is a pure refactoring with no behavior changes. It's a step toward being able
to add memcache as a backend (see envoyproxy#140).

This PR moves RateLimitCache from the redis package to a new "limiter" package, along with
code for time/jitter, local cache stats,  and constructing cache keys. All that can be reused
with memcache.

After this PR, the redis package is imported in exactly two places:
- in service_cmd/runner/runner.go to call redis.NewRateLimiterCacheImplFromSettings()
- in service/ratelimit.go in ShouldRateLimit to identify if a recovered panic is a redis.RedisError. If so, a stat is incremented and the panic() propagation is ended and in favor of returning the error as a the function result.

The PR also includes changes by goimports to test/service/ratelimit_test.go
so that the difference between package name vs file path name is explicit
instead of implicit.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* json handler: return full ratelimit service response as json (envoyproxy#148)

Previously an HTTP POST to /json would only return an HTTP status code,
not all the other details supported by grpc ratelimit responses.

With this change an HTTP POST to /json receives the full proto3 response
encoded as json by jsonpb.

It seems unlikely that anyone would be parsing the text "over limit" from
the HTTP body instead of just reading the 429 response code, but for anyone
doing that this would be a breaking change.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Update goruntime to latest, 0.2.5.  Add new config for watching changes in runtime config folder directly instead of the runtime root dir. (envoyproxy#151)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Drop support for legacy ratelimit.proto and upgrade to v3 rls.proto (envoyproxy#153)

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Followups to v3 upgrade (envoyproxy#155)

- Regenerate mocks based on new default protocol
- Manually transform v2 messages to v3 messages - some of the fields
were renamed thus json Marshal/Unmarshal does not work anymore
- Added tests that verify conversion v2<->v3 works for headers fields
- Update tests to use proto.Equal - simple assert.Equals might not
work correctly for protobuf messages.

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* Introduce a Dockerfile for running integration tests (envoyproxy#156)

This diff creates Dockerfile.integration for running integration tests with clearly-defined dependencies. Previously the dependencies of the integration tests were defined within the github actions config.

The new "make docker_tests" target should work for any developer with Docker installed.

Previously there was no single command that would run integration tests across platforms, which makes development and onboarding harder. Even copying the command from github actions wouldn't have worked before, since that command quietly assumed that redis was already running on port 6379.

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Add support for rate limit overrides. (envoyproxy#158)

Fixes envoyproxy#154

Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>

* redis client: default to use explicit pipelining (envoyproxy#163)

Signed-off-by: Tong Cai <caitong93@gmail.com>

* Clean go.mod file and update logrus to latest (envoyproxy#166)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add full test environment example. Fix bug in existing docker-compose. (envoyproxy#170)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Implement LOG_FORMAT=json (envoyproxy#173)

Centralized log collection system works better with logs in json format.
E.g. DataDog strongly encourage setting up your logging library to produce your logs in JSON format to avoid the need for custom parsing rules.
So, the next small fix is all we need to get json logs.

Signed-off-by: Sergey Belyaev <sbelyaev@setronica.com>

* ci: Update github action to push docker image tagged with sha for each merge to master branch (envoyproxy#176)

Updates the github action to also push a tagged image based upon the git sha. The tag also
includes the current version of the release.

Example tag: envoyproxy/ratelimit:f1758150b6dfed3e5c0ae13fb7bb6b8f6ae00b0e

Fixes envoyproxy#174

Signed-off-by: Steve Sloka <slokas@vmware.com>

* Update README.md to refer to existing files (envoyproxy#178)

Signed-off-by: Margaret Gorguissian <margaret.gorguissian@tufts.edu>

* Add redis cluster and sentinel support (envoyproxy#179)

Signed-off-by: Diego Erdody <diego@medallia.com>

* Add support for x-ratelimit-reset header (envoyproxy#182)

Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>

* Create repokitteh.star (envoyproxy#187)

Signed-off-by: Itay Donanhirsh <itay@bazoo.org>

* refactor NearLimitRatio to environment variable (envoyproxy#186)

Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com>

* Fix flakey tests with DurationUntilReset. Update docker example to V3 config. (envoyproxy#192)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Separate Redis cache and driver implementation (envoyproxy#194)

Signed-off-by: William Albertus Dembo <w.albertusd@gmail.com>

* Set ratelimit filter to v3 api (envoyproxy#196)

Signed-off-by: Yuki Sawa <yukisawa@gmail.com>

* Add debug logging to indicate descriptor and limit (envoyproxy#197)

Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>

* Implement BACKEND_TYPE=memcache as an alternative k/v store to redis (envoyproxy#172)

MEMCACHE_HOST_PORT=host:port must be set with BACKEND_TYPE=memcache

To minimize roundtrips when getting multiple keys, the memcache implementation
does a GetMulti to fetch the existing rate limit usage and does increments
asynchronously in background goroutines, since the memcache API doesn't offer
multi-increment.

Resolves envoyproxy#140

Signed-off-by: David Weitzman <dweitzman@pinterest.com>

* Refactoring of duplicated code across backend types (envoyproxy#202)

Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>

* Small typo fix in README (envoyproxy#204)

Signed-off-by: cpaika <paika.christopher@gmail.com>

* Circle CI (#1)

* Add Circle Config

* Touch to build

* Move to expected path

* Use Docker Command

* Do it all here then

* Env

* Add Readme

* Actual README

* Add Docker Compose (#2)

* VAULT-893 Fix docker-compose.yml

* VAULT-893 Fix docker-compose.yml

Co-authored-by: Marshall Jones <marshall@offby3.com>
Co-authored-by: Jose Ulises Nino Rivera <junr03@users.noreply.github.com>
Co-authored-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Co-authored-by: Martien Verbruggen <martien.verbruggen@gmail.com>
Co-authored-by: Ben Pope <BenPope@users.noreply.github.com>
Co-authored-by: Steve Sloka <steve@stevesloka.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Co-authored-by: Charlie Vieth <charlie.vieth@gmail.com>
Co-authored-by: Adil Hafeez <ahafeez@lyft.com>
Co-authored-by: Kartograf <kartogrof@gmail.com>
Co-authored-by: repl-david-winiarski <33431229+repl-david-winiarski@users.noreply.github.com>
Co-authored-by: Junchao Lyu <6963707+freedomljc@users.noreply.github.com>
Co-authored-by: tangxinfa <tangxinfa@gmail.com>
Co-authored-by: Steve Sloka <slokas@vmware.com>
Co-authored-by: Matt Klein <mklein@lyft.com>
Co-authored-by: dblackdblack <github@dhb.is>
Co-authored-by: David Weitzman <dweitzman@pinterest.com>
Co-authored-by: Tong Cai <caitong@caicloud.io>
Co-authored-by: Yuki Sawa <yukisawa@gmail.com>
Co-authored-by: Petr Pchelko <petrpchelko@gmail.com>
Co-authored-by: Petr Pchelko <ppchelko@wikimedia.org>
Co-authored-by: Sergey Belyaev <svdba@users.noreply.github.com>
Co-authored-by: Margaret G <Margaret.Gorguissian@tufts.edu>
Co-authored-by: Diego Erdody <erdody@gmail.com>
Co-authored-by: Clara <candrewwani@gmail.com>
Co-authored-by: Itay Donanhirsh <itay@bazoo.org>
Co-authored-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com>
Co-authored-by: William Albertus Dembo <w.albertusd@gmail.com>
Co-authored-by: Alex Kulbii <jncneo@gmail.com>
Co-authored-by: Kateryna Nezdolii <nezdolik@spotify.com>
Co-authored-by: Christopher <paika.christopher@gmail.com>
timcovar pushed a commit to goatapp/ratelimit that referenced this pull request Jan 16, 2024
Signed-off-by: Sasha Kulbii <okulbii@wayfair.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants