feat(api-abuse): Add ability to throttle threads for an entire referrer

[volokluev]

In case a bad feature ships. We want to throttle an entire referrer, not just a specific project's threads

[codecov-commenter]

Codecov Report

Base: 90.82% // Head: 21.85% // Decreases project coverage by -68.97% ⚠️

Coverage data is based on head (584b57d) compared to base (d1e5c26).
Patch coverage: 0.00% of modified lines in pull request are covered.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #3376       +/-   ##
===========================================
- Coverage   90.82%   21.85%   -68.98%     
===========================================
  Files         705      664       -41     
  Lines       32541    31312     -1229     
===========================================
- Hits        29555     6842    -22713     
- Misses       2986    24470    +21484     

Impacted Files	Coverage Δ
snuba/query/processors/logical/quota_processor.py	0.00% <0.00%> (-100.00%)	⬇️
snuba/web/db_query.py	0.00% <0.00%> (-84.18%)	⬇️
tests/query/processors/test_quota.py	0.00% <0.00%> (-100.00%)	⬇️
tests/base.py	0.00% <0.00%> (-100.00%)	⬇️
tests/helpers.py	0.00% <0.00%> (-100.00%)	⬇️
tests/conftest.py	0.00% <0.00%> (-100.00%)	⬇️
tests/fixtures.py	0.00% <0.00%> (-100.00%)	⬇️
tests/test_cli.py	0.00% <0.00%> (-100.00%)	⬇️
tests/test_util.py	0.00% <0.00%> (-100.00%)	⬇️
snuba/admin/user.py	0.00% <0.00%> (-100.00%)	⬇️
... and 624 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[nikhars]

When I look at how resource quota is used, this is the code where it is being used https://github.com/getsentry/snuba/blob/master/snuba/web/db_query.py#L343-L348. There is and condition which checks against project_rate_limit_stats and the concurrent parameter being greater than 1.

My question is if we apply only the referrer based rate limit settings, will the code where it is being used still be triggered? Maybe worth adding a test on that method to find out.

[evanh]

Looks good to me, some extra tests required though.

[evanh]

I think there should be a test to confirm this behaviour.

[nikhars]

LGTM

[onewland]

Changes look good to me, but I have a low level of familiarity with our rate limiting code

[onewland]

I wonder if precedence should be the minimum number of max threads. If REFERRER_{X} is capped at 2 threads globally, it doesn't seem like REFERRER_{X}_PROJECT_{Y} should be allowed to have 10.

Though in practice I'm guessing people won't tend to mess this up

[onewland]

Not a big deal because this method is private, but I think it would be nice (as a convention) to return a new QuerySettings with max_threads set and not modify the input.