@@ -1869,10 +1869,16 @@ impl PolicyIndex {
18691869 }
18701870
18711871 fn client_ratelimit ( & self , server_name : & str ) -> Option < RateLimit > {
1872+ use ratelimit_policy:: { ClientRef , Target } ;
1873+
18721874 // sort the ratelimit policies by creation timestamp and name so we can
18731875 // deterministically always return the same policy when more than one point to the same
18741876 // server
1875- let mut rate_limits = self . ratelimit_policies . iter ( ) . collect :: < Vec < _ > > ( ) ;
1877+ let mut rate_limits = self
1878+ . ratelimit_policies
1879+ . iter ( )
1880+ . filter ( |( _, spec) | matches ! ( spec. target, Target :: Server ( ref n) if n == server_name) )
1881+ . collect :: < Vec < _ > > ( ) ;
18761882 rate_limits. sort_by ( |( a_name, a) , ( b_name, b) | {
18771883 let by_ts = match ( & a. creation_timestamp , & b. creation_timestamp ) {
18781884 ( Some ( a_ts) , Some ( b_ts) ) => a_ts. cmp ( b_ts) ,
@@ -1884,62 +1890,45 @@ impl PolicyIndex {
18841890 by_ts. then_with ( || a_name. cmp ( b_name) )
18851891 } ) ;
18861892
1887- for ( name, spec) in rate_limits. iter ( ) {
1888- // Skip the policy if it doesn't apply to the server.
1889- let ratelimit_policy:: Target :: Server ( this_name) = & spec. target ;
1890- if this_name != server_name {
1891- tracing:: trace!(
1892- ns = %self . namespace,
1893- ratelimitpolicy = %name,
1894- server = %server_name,
1895- target = %name,
1896- "HTTPLocalRateLimitPolicy does not target server" ,
1897- ) ;
1898- continue ;
1899- }
1900-
1901- tracing:: trace!(
1902- ns = %self . namespace,
1903- ratelimitpolicy = %name,
1904- server = %server_name,
1905- "HTTPLocalRateLimitPolicy targets server" ,
1906- ) ;
1893+ let ( name, spec) = rate_limits. first ( ) ?;
19071894
1908- let overrides = spec
1909- . overrides
1910- . iter ( )
1911- . map ( |ovr| {
1912- let client_identities = ovr
1913- . client_refs
1914- . iter ( )
1915- . map ( |client_ref| {
1916- let ratelimit_policy:: ClientRef :: ServiceAccount { namespace, name } =
1917- client_ref;
1918- let namespace = namespace. as_deref ( ) . unwrap_or ( & self . namespace ) ;
1919- self . cluster_info . service_account_identity ( namespace, name)
1920- } )
1921- . collect ( ) ;
1922-
1923- Override {
1924- requests_per_second : ovr. requests_per_second ,
1925- client_identities,
1926- }
1927- } )
1928- . collect ( ) ;
1895+ tracing:: trace!(
1896+ ns = %self . namespace,
1897+ ratelimitpolicy = %name,
1898+ server = %server_name,
1899+ "HTTPLocalRateLimitPolicy targets server" ,
1900+ ) ;
19291901
1930- return Some ( RateLimit {
1931- name : name. to_string ( ) ,
1932- total : spec. total . as_ref ( ) . map ( |l| Limit {
1933- requests_per_second : l. requests_per_second ,
1934- } ) ,
1935- identity : spec. identity . as_ref ( ) . map ( |l| Limit {
1936- requests_per_second : l. requests_per_second ,
1937- } ) ,
1938- overrides,
1939- } ) ;
1940- }
1902+ let overrides = spec
1903+ . overrides
1904+ . iter ( )
1905+ . map ( |ovr| {
1906+ let client_identities = ovr
1907+ . client_refs
1908+ . iter ( )
1909+ . map ( |ClientRef :: ServiceAccount { namespace, name } | {
1910+ let namespace = namespace. as_deref ( ) . unwrap_or ( & self . namespace ) ;
1911+ self . cluster_info . service_account_identity ( namespace, name)
1912+ } )
1913+ . collect ( ) ;
1914+
1915+ Override {
1916+ requests_per_second : ovr. requests_per_second ,
1917+ client_identities,
1918+ }
1919+ } )
1920+ . collect ( ) ;
19411921
1942- None
1922+ Some ( RateLimit {
1923+ name : name. to_string ( ) ,
1924+ total : spec. total . as_ref ( ) . map ( |l| Limit {
1925+ requests_per_second : l. requests_per_second ,
1926+ } ) ,
1927+ identity : spec. identity . as_ref ( ) . map ( |l| Limit {
1928+ requests_per_second : l. requests_per_second ,
1929+ } ) ,
1930+ overrides,
1931+ } )
19431932 }
19441933
19451934 fn route_client_authzs (
0 commit comments