Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CapMan visibility] Add better explanations for ReferrerGuardRailPolicy, ConcurrentRateLimitAllocationPolicy, and BytesScannedRejectingPolicy #6129

Merged
merged 1 commit into from
Jul 22, 2024
Merged

[CapMan visibility] Add better explanations for ReferrerGuardRailPolicy, ConcurrentRateLimitAllocationPolicy, and BytesScannedRejectingPolicy #6129

merged 1 commit into from
Jul 22, 2024

Conversation

xurui-c
Copy link
Member

@xurui-c xurui-c commented Jul 19, 2024

The previous explanations and suggestions I wrote are vague, ambiguous, and unhelpful. I updated them to be clearer, understandable, and more detailed.

@xurui-c xurui-c marked this pull request as ready for review July 19, 2024 23:04
@xurui-c xurui-c requested a review from a team as a code owner July 19, 2024 23:04
@xurui-c xurui-c changed the title Add better explanations for ReferrerGuardRailPolicy and BytesScannedRejectingPolicy Add better explanations for ReferrerGuardRailPolicy, ConcurrentRateLimitAllocationPolicy, and BytesScannedRejectingPolicy Jul 19, 2024
@codecov Codecov
Copy link

codecov bot commented Jul 19, 2024

Test Failures Detected: Due to failing tests, we cannot provide coverage reports at this time.

❌ Failed Test Results:

Completed 2491 tests with 1 failed, 2486 passed and 4 skipped.

View the full list of failed tests

pytest

  • Class name: tests.web.test_db_query
    Test name: test_db_query_success

    Traceback (most recent call last):
      File ".../tests/web/test_db_query.py", line 307, in test_db_query_success
        assert stats["quota_allowance"] == {
    AssertionError: assert {'details': {'BytesScannedRejectingPolicy': {'can_run': True,\n                                             'explanation': {'reason': 'within_limit '\n                                                                       'but '\n                                                                       'throttled',\n                                                             'storage_key': 'StorageKey.ERRORS_RO'},\n                                             'is_throttled': True,\n                                             'max_threads': 5,\n                                             'quota_unit': 'bytes',\n                                             'quota_used': 1560000000000,\n                                             'rejection_threshold': 2560000000000,\n                                             'suggestion': 'The feature, '\n                                                           'organization/project '\n                                                           'is scanning too '\n                                                           'many bytes, this '\n                                                           'usually means they '\n                                                           'are abusing that '\n                                                           'API',\n                                             'throttle_threshold': 1280000000000},\n             'BytesScannedWindowAllocationPolicy': {'can_run': True,\n                                                    'explanation': {'storage_key': 'StorageKey.ERRORS_RO'},\n                                                    'is_throttled': False,\n                                                    'max_threads': 10,\n                                                    'quota_unit': 'bytes',\n                                                    'quota_used': 0,\n                                                    'rejection_threshold': 1000000000000,\n                                                    'suggestion': 'scan less '\n                                                                  'bytes',\n                                                    'throttle_threshold': 10000000},\n             'ConcurrentRateLimitAllocationPolicy': {'can_run': True,\n                                                     'explanation': {'overrides': {},\n                                                                     'reason': 'within '\n                                                                               'limit',\n                                                                     'storage_key': 'StorageKey.ERRORS_RO'},\n                                                     'is_throttled': False,\n                                                     'max_threads': 10,\n                                                     'quota_unit': 'concurrent_queries',\n                                                     'quota_used': 1,\n                                                     'rejection_threshold': 22,\n                                                     'suggestion': 'no_suggestion',\n                                                     'throttle_threshold': 22},\n             'CrossOrgQueryAllocationPolicy': {'can_run': True,\n                                               'explanation': {'reason': 'pass_through',\n                                                               'storage_key': 'StorageKey.ERRORS_RO'},\n                                               'is_throttled': False,\n                                               'max_threads': 10,\n                                               'quota_unit': 'no_units',\n                                               'quota_used': 0,\n                                               'rejection_threshold': 1000000000000,\n                                               'suggestion': 'no_suggestion',\n                                               'throttle_threshold': 1000000000000},\n             'ReferrerGuardRailPolicy': {'can_run': True,\n                                         'explanation': {'policy': 'referrer_guard_rail_policy',\n                                                         'reason': 'within '\n                                                                   'limit',\n                                                         'referrer': 'something',\n                                                         'storage_key': 'StorageKey.ERRORS_RO'},\n                                         'is_throttled': False,\n                                         'max_threads': 10,\n                                         'quota_unit': 'concurrent_queries',\n                                         'quota_used': 1,\n                                         'rejection_threshold': 100,\n                                         'suggestion': 'no_suggestion',\n                                         'throttle_threshold': 50}},\n 'summary': {'rejected_by': {},\n             'threads_used': 5,\n             'throttled_by': {'policy': 'BytesScannedRejectingPolicy',\n                              'quota_unit': 'bytes',\n                              'quota_used': 1560000000000,\n                              'suggestion': 'The feature, organization/project '\n                                            'is scanning too many bytes, this '\n                                            'usually means they are abusing '\n                                            'that API',\n                              'throttle_threshold': 1280000000000}}} == {'details': {'BytesScannedRejectingPolicy': {'can_run': True,\n                                             'explanation': {'reason': 'within_limit '\n                                                                       'but '\n                                                                       'throttled',\n                                                             'storage_key': 'StorageKey.ERRORS_RO'},\n                                             'is_throttled': True,\n                                             'max_threads': 5,\n                                             'quota_unit': 'bytes',\n                                             'quota_used': 1560000000000,\n                                             'rejection_threshold': 2560000000000,\n                                             'suggestion': 'scan less bytes',\n                                             'throttle_threshold': 1280000000000},\n             'BytesScannedWindowAllocationPolicy': {'can_run': True,\n                                                    'explanation': {'storage_key': 'StorageKey.ERRORS_RO'},\n                                                    'is_throttled': False,\n                                                    'max_threads': 10,\n                                                    'quota_unit': 'bytes',\n                                                    'quota_used': 0,\n                                                    'rejection_threshold': 1000000000000,\n                                                    'suggestion': 'scan less '\n                                                                  'bytes',\n                                                    'throttle_threshold': 10000000},\n             'ConcurrentRateLimitAllocationPolicy': {'can_run': True,\n                                                     'explanation': {'overrides': {},\n                                                                     'reason': 'within '\n                                                                               'limit',\n                                                                     'storage_key': 'StorageKey.ERRORS_RO'},\n                                                     'is_throttled': False,\n                                                     'max_threads': 10,\n                                                     'quota_unit': 'concurrent_queries',\n                                                     'quota_used': 1,\n                                                     'rejection_threshold': 22,\n                                                     'suggestion': 'no_suggestion',\n                                                     'throttle_threshold': 22},\n             'CrossOrgQueryAllocationPolicy': {'can_run': True,\n                                               'explanation': {'reason': 'pass_through',\n                                                               'storage_key': 'StorageKey.ERRORS_RO'},\n                                               'is_throttled': False,\n                                               'max_threads': 10,\n                                               'quota_unit': 'no_units',\n                                               'quota_used': 0,\n                                               'rejection_threshold': 1000000000000,\n                                               'suggestion': 'no_suggestion',\n                                               'throttle_threshold': 1000000000000},\n             'ReferrerGuardRailPolicy': {'can_run': True,\n                                         'explanation': {'policy': 'referrer_guard_rail_policy',\n                                                         'reason': 'within '\n                                                                   'limit',\n                                                         'referrer': 'something',\n                                                         'storage_key': 'StorageKey.ERRORS_RO'},\n                                         'is_throttled': False,\n                                         'max_threads': 10,\n                                         'quota_unit': 'concurrent_queries',\n                                         'quota_used': 1,\n                                         'rejection_threshold': 100,\n                                         'suggestion': 'no_suggestion',\n                                         'throttle_threshold': 50}},\n 'summary': {'rejected_by': {},\n             'threads_used': 5,\n             'throttled_by': {'policy': 'BytesScannedRejectingPolicy',\n                              'quota_unit': 'bytes',\n                              'quota_used': 1560000000000,\n                              'suggestion': 'scan less bytes',\n                              'throttle_threshold': 1280000000000}}}
      Differing items:
      {'summary': {'rejected_by': {}, 'threads_used': 5, 'throttled_by': {'policy': 'BytesScannedRejectingPolicy', 'quota_un...': 'The feature, organization/project is scanning too many bytes, this usually means they are abusing that API', ...}}} != {'summary': {'rejected_by': {}, 'threads_used': 5, 'throttled_by': {'policy': 'BytesScannedRejectingPolicy', 'quota_unit': 'bytes', 'quota_used': 1560000000000, 'suggestion': 'scan less bytes', ...}}}
      {'details': {'BytesScannedRejectingPolicy': {'can_run': True, 'explanation': {'reason': 'within_limit but throttled', ...'reason': 'pass_through', 'storage_key': 'StorageKey.ERRORS_RO'}, 'is_throttled': False, 'max_threads': 10, ...}, ...}} != {'details': {'BytesScannedRejectingPolicy': {'can_run': True, 'explanation': {'reason': 'within_limit but throttled', ...'reason': 'pass_through', 'storage_key': 'StorageKey.ERRORS_RO'}, 'is_throttled': False, 'max_threads': 10, ...}, ...}}
      Full diff:
        {
         'details': {'BytesScannedRejectingPolicy': {'can_run': True,
                                                     'explanation': {'reason': 'within_limit '
                                                                               'but '
                                                                               'throttled',
                                                                     'storage_key': 'StorageKey.ERRORS_RO'},
                                                     'is_throttled': True,
                                                     'max_threads': 5,
                                                     'quota_unit': 'bytes',
                                                     'quota_used': 1560000000000,
                                                     'rejection_threshold': 2560000000000,
      -                                              'suggestion': 'scan less bytes',
      &                                                             ^^ ^^^ ^^^^^^^^ -
      +                                              'suggestion': 'The feature, '
      &                                                             ^^^^^^ ^^^ ^^
      +                                                            'organization/project '
      +                                                            'is scanning too '
      +                                                            'many bytes, this '
      +                                                            'usually means they '
      +                                                            'are abusing that '
      +                                                            'API',
                                                     'throttle_threshold': 1280000000000},
                     'BytesScannedWindowAllocationPolicy': {'can_run': True,
                                                            'explanation': {'storage_key': 'StorageKey.ERRORS_RO'},
                                                            'is_throttled': False,
                                                            'max_threads': 10,
                                                            'quota_unit': 'bytes',
                                                            'quota_used': 0,
                                                            'rejection_threshold': 1000000000000,
                                                            'suggestion': 'scan less '
                                                                          'bytes',
                                                            'throttle_threshold': 10000000},
                     'ConcurrentRateLimitAllocationPolicy': {'can_run': True,
                                                             'explanation': {'overrides': {},
                                                                             'reason': 'within '
                                                                                       'limit',
                                                                             'storage_key': 'StorageKey.ERRORS_RO'},
                                                             'is_throttled': False,
                                                             'max_threads': 10,
                                                             'quota_unit': 'concurrent_queries',
                                                             'quota_used': 1,
                                                             'rejection_threshold': 22,
                                                             'suggestion': 'no_suggestion',
                                                             'throttle_threshold': 22},
                     'CrossOrgQueryAllocationPolicy': {'can_run': True,
                                                       'explanation': {'reason': 'pass_through',
                                                                       'storage_key': 'StorageKey.ERRORS_RO'},
                                                       'is_throttled': False,
                                                       'max_threads': 10,
                                                       'quota_unit': 'no_units',
                                                       'quota_used': 0,
                                                       'rejection_threshold': 1000000000000,
                                                       'suggestion': 'no_suggestion',
                                                       'throttle_threshold': 1000000000000},
                     'ReferrerGuardRailPolicy': {'can_run': True,
                                                 'explanation': {'policy': 'referrer_guard_rail_policy',
                                                                 'reason': 'within '
                                                                           'limit',
                                                                 'referrer': 'something',
                                                                 'storage_key': 'StorageKey.ERRORS_RO'},
                                                 'is_throttled': False,
                                                 'max_threads': 10,
                                                 'quota_unit': 'concurrent_queries',
                                                 'quota_used': 1,
                                                 'rejection_threshold': 100,
                                                 'suggestion': 'no_suggestion',
                                                 'throttle_threshold': 50}},
         'summary': {'rejected_by': {},
                     'threads_used': 5,
                     'throttled_by': {'policy': 'BytesScannedRejectingPolicy',
                                      'quota_unit': 'bytes',
                                      'quota_used': 1560000000000,
      -                               'suggestion': 'scan less bytes',
      +                               'suggestion': 'The feature, organization/project '
      +                                             'is scanning too many bytes, this '
      +                                             'usually means they are abusing '
      +                                             'that API',
                                      'throttle_threshold': 1280000000000}},
        }

@xurui-c xurui-c enabled auto-merge (squash) July 22, 2024 17:46
@xurui-c xurui-c merged commit 7ce112c into master Jul 22, 2024
29 checks passed
@xurui-c xurui-c deleted the rachel/betterExplanations branch July 22, 2024 17:58
@xurui-c xurui-c changed the title Add better explanations for ReferrerGuardRailPolicy, ConcurrentRateLimitAllocationPolicy, and BytesScannedRejectingPolicy [CapMan visibility] Add better explanations for ReferrerGuardRailPolicy, ConcurrentRateLimitAllocationPolicy, and BytesScannedRejectingPolicy Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@volokluev volokluev volokluev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xurui-c @volokluev