Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rate-limiters to ServerPolicy #3305

Merged
merged 12 commits into from
Nov 6, 2024
Merged

Add rate-limiters to ServerPolicy #3305

merged 12 commits into from
Nov 6, 2024

Conversation

alpeb
Copy link
Member

@alpeb alpeb commented Oct 29, 2024
edited
Loading

This adds the local_rate_limit module to the server-policy crate, that
ServerPolicy uses for its new local_rate_limit field, containing
three optional rate-limiters: total, identity, overrides (this one is
really a vector of limiters, one per configured override).

I tried putting that under Protocol instead, but the PartialEq
requirement made it very hard to follow. Server OTOH doesn't really
require that trait, so I was able to remove it and accommodate the
limiters.

I made sure to avoid pulling the dashmap dependency in governor; I
haven't checked yet the necessity of the "jitter" and "quanta" features.

This temporarily overrides linkerd2-proxy-api dependency to pick changes
from linkerd/linkerd2-proxy-api#388

Update

The HttpPolicyService middleware has been expanded to call the local_rate_limit module above to perform the rate-limit check.

@alpeb alpeb requested a review from a team as a code owner October 29, 2024 17:40
@alpeb alpeb marked this pull request as draft October 29, 2024 17:59
@alpeb alpeb force-pushed the alpeb/server-policy-rate-limiter branch 5 times, most recently from 0536b1f to 8636f8e Compare October 29, 2024 22:19
@alpeb
Add rate-limiters to ServerPolicy
b580e65 
This adds the local_rate_limit module to the server-policy crate, that
`ServerPolicy` uses for its new `local_rate_limit` field, containing
three optional rate-limiters: total, identity, overrides (this one is
really a vector of limiters, one per configured override).

I tried putting that under `Protocol` instead, but the `PartialEq`
requirement made it very hard to follow. `Server` OTOH doesn't really
require that trait, so I was able to remove it and accommodate the
limiters.

I made sure to avoid pulling the dashmap dependency in `governor`; I
haven't checked yet the necessity of the "jitter" and "quanta" features.

This temporarily overrides linkerd2-proxy-api dependency to pick changes
from linkerd/linkerd2-proxy-api#388
@alpeb alpeb force-pushed the alpeb/server-policy-rate-limiter branch from 8636f8e to b580e65 Compare October 29, 2024 22:19
@alpeb alpeb mentioned this pull request Oct 29, 2024
Closed
olix0r
olix0r reviewed Oct 30, 2024
View reviewed changes
@alpeb alpeb mentioned this pull request Oct 30, 2024
Closed
@alpeb alpeb force-pushed the alpeb/server-policy-rate-limiter branch from af63198 to 6d9a4a7 Compare October 30, 2024 20:15
@alpeb alpeb marked this pull request as ready for review October 31, 2024 00:40
olix0r
olix0r reviewed Oct 31, 2024
View reviewed changes
@olix0r olix0r self-assigned this Nov 1, 2024
@alpeb alpeb force-pushed the alpeb/server-policy-rate-limiter branch from adb0cc9 to 15ec396 Compare November 5, 2024 13:23
@alpeb alpeb force-pushed the alpeb/server-policy-rate-limiter branch from 15ec396 to 3af685b Compare November 5, 2024 16:44
olix0r
olix0r reviewed Nov 6, 2024
View reviewed changes
alpeb and others added 3 commits November 6, 2024 05:42
@alpeb
import statements improvements
8c4b234
@alpeb
Expand server-policy RL unit tests
8014f01
@olix0r
chore(server-policy)!: feature-gate LocalRateLimit constructor (#3328)
883cc77 
We only expect to use `LocalRateLimit::new_no_overrides` for tests.

This change adds a test-util feature to the server-policy crate so that we can
assert that this constructor doesn't sneak into release code.
olix0r
olix0r reviewed Nov 6, 2024
View reviewed changes
linkerd/app/inbound/src/policy/http/tests.rs
Comment on lines +476 to +479
match err {
RateLimitError::PerIdentity(rps) => assert_eq!(rps, &std::num::NonZeroU32::new(1).unwrap()),
_ => panic!("unexpected error"),
};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: slightly more readable:

Suggested change
match err {
RateLimitError::PerIdentity(rps) => assert_eq!(rps, &std::num::NonZeroU32::new(1).unwrap()),
_ => panic!("unexpected error"),
};
match err {
RateLimitError::PerIdentity(rps) => assert_eq!(rps.into(), 1),
_ => panic!("unexpected error"),
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clippy doesn't like that 😞

error[E0283]: type annotations needed
   --> linkerd/app/inbound/src/policy/http/tests.rs:465:60
    |
465 |         RateLimitError::PerIdentity(rps) => assert_eq!(rps.into(), 1),
    |                                                            ^^^^
    |
    = note: cannot satisfy `_: std::convert::From<&std::num::NonZeroU32>`
    = note: required for `&std::num::NonZeroU32` to implement `std::convert::Into<_>`
help: try using a fully qualified path to specify the expected types
    |
465 |         RateLimitError::PerIdentity(rps) => assert_eq!(<&std::num::NonZeroU32 as std::convert::Into<T>>::into(rps), 1),
    |                                                        +++++++++++++++++++++++++++++++++++++++++++++++++++++++   ~

olix0r
olix0r approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@olix0r olix0r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take note that we'll want to update the commit message to reflect the current state of this branch.

@alpeb alpeb merged commit ac6f000 into main Nov 6, 2024
16 checks passed
@alpeb alpeb deleted the alpeb/server-policy-rate-limiter branch November 6, 2024 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olix0r olix0r olix0r approved these changes

Assignees

@olix0r olix0r

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alpeb @olix0r