envoyproxy/envoy

LocalRateLimiter with dynamic descriptor values

Open

#19.895 aperta il 9 feb 2022

Vedi su GitHub
 (8 commenti) (5 reazioni) (1 assegnatario)C++ (5373 fork)batch import
area/ratelimithelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

I have setup a localRateLimiter Filter on the route level . I am trying to configure the rateLimiter such that the limits are applied based on the remote-address or an Auth token passed in the request header. Eg: For a particular API path /foo, Allow 5 reqs per min per token or remoteAddress. Although I could configure this with the GlobalRateLimiter, despite digging through the documentation multiple times, I am not able to find a relevant configuration to achieve this with the localRateLimiter.

LocalRateLimitConfig

       route:
          rate_limits:
            - actions:
                - request_headers:
                    descriptor_key: AuthToken
                    header_name: Authorization
            - actions:
                - header_value_match:
                    descriptor_value: quote-path-auth
                    expect_match: false
                    headers:
                      - name: Authorization
        typed_per_filter_config:
          envoy.filters.http.local_ratelimit:
            '@type': type.googleapis.com/udpa.type.v1.TypedStruct
            type_url: >-
              type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
            value:
              descriptors:
                - entries:
                    - key: AuthToken
                 //   - value: x-auth-xxx
                 //     -rate_limit:
                 //            requests_per_unit: 10
                 //            unit: minute  
                  token_bucket:
                    fill_interval: 20s
                    max_tokens: 2
                    tokens_per_fill: 2
                - entries:
                    - key: header_match
                      value: quote-path-auth
                  token_bucket:
                    fill_interval: 20s
                    max_tokens:5
                    tokens_per_fill: 5
              filter_enabled:
                default_value:
                  denominator: HUNDRED
                  numerator: 100
                runtime_key: local_rate_limit_enabled
              filter_enforced:
                default_value:
                  denominator: HUNDRED
                  numerator: 100
                runtime_key: local_rate_limit_enforced
              local_rate_limit_per_downstream_connection: false
              response_headers_to_add:
                - append: false
                  header:
                    key: x-local-rate-limit
                    value: 'true'
              stat_prefix: http_local_rate_limiter
              token_bucket:
                fill_interval: 20s
                max_tokens: 1000
                tokens_per_fill: 1000

Using the following struct provided for the globalRateLimiter Config throws an invalid descriptor error.

Does Envoy not support dynamic values for LocalRateLimiter descriptors .. ??

Documentation Reference : https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter#using-rate-limit-descriptors-for-local-rate-limiting

Guida contributor