From 0a16ab6181593fe8911888f37951f2ec4cf59835 Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 08:35:08 +0000 Subject: [PATCH] ratelimit: new per descriptor hits-addend support and dynamic hits addend (#37567) Commit Message: api: new per descriptor hits-addend support and dynamic hits addend Additional Description: 1. Now, we could get custom hits_addend from the `envoy.ratelimit.hits_addend`. But if there are multiple rate limit filters that requrie custom hits_addend, the `envoy.ratelimit.hits_addend` couldn't meet the requirement. 2. And we cann't also to support different hits_addend for diffferent descriptots in same request. This API changes try to meet above two requirements. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping(wbpcode) Mirrored from https://github.com/envoyproxy/envoy @ cac9b87e9c0cd10eafc64817130c27c567395f4d --- envoy/config/route/v3/route_components.proto | 52 +++++++++++++++++++ .../common/ratelimit/v3/ratelimit.proto | 14 +++++ 2 files changed, 66 insertions(+) diff --git a/envoy/config/route/v3/route_components.proto b/envoy/config/route/v3/route_components.proto index ce781d100..909a7305f 100644 --- a/envoy/config/route/v3/route_components.proto +++ b/envoy/config/route/v3/route_components.proto @@ -1868,6 +1868,7 @@ message VirtualCluster { // Global rate limiting :ref:`architecture overview `. // Also applies to Local rate limiting :ref:`using descriptors `. +// [#next-free-field: 6] message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; @@ -2168,6 +2169,33 @@ message RateLimit { } } + message HitsAddend { + // Fixed number of hits to add to the rate limit descriptor. + // + // One of the ``number`` or ``format`` fields should be set but not both. + google.protobuf.UInt64Value number = 1 [(validate.rules).uint64 = {lte: 1000000000}]; + + // Substitution format string to extract the number of hits to add to the rate limit descriptor. + // The same :ref:`format specifier ` as used for + // :ref:`HTTP access logging ` applies here. + // + // .. note:: + // + // The format string must contains only single valid substitution field. If the format string + // not meets the requirement, the configuration will be rejected. + // + // The substitution field should generates a non-negative number or string representation of + // a non-negative number. The value of the non-negative number should be less than or equal + // to 1000000000 like the ``number`` field. If the output of the substitution field not meet + // the requirement, this will be treated as an error and the current descriptor will be ignored. + // + // For example, the ``%BYTES_RECEIVED%`` format string will be replaced with the number of bytes + // received in the request. + // + // One of the ``number`` or ``format`` fields should be set but not both. + string format = 2 [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}]; + } + // Refers to the stage set in the filter. The rate limit configuration only // applies to filters with the same stage number. The default stage number is // 0. @@ -2175,9 +2203,19 @@ message RateLimit { // .. note:: // // The filter supports a range of 0 - 10 inclusively for stage numbers. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. google.protobuf.UInt32Value stage = 1 [(validate.rules).uint32 = {lte: 10}]; // The key to be set in runtime to disable this rate limit configuration. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. string disable_key = 2; // A list of actions that are to be applied for this rate limit configuration. @@ -2192,7 +2230,21 @@ message RateLimit { // rate limit configuration. If the override value is invalid or cannot be resolved // from metadata, no override is provided. See :ref:`rate limit override // ` for more information. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. Override limit = 4; + + // An optional hits addend to be appended to the descriptor produced by this rate limit + // configuration. + // + // .. note:: + // This is only supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. + HitsAddend hits_addend = 5; } // .. attention:: diff --git a/envoy/extensions/common/ratelimit/v3/ratelimit.proto b/envoy/extensions/common/ratelimit/v3/ratelimit.proto index 73d729adc..36438e8fe 100644 --- a/envoy/extensions/common/ratelimit/v3/ratelimit.proto +++ b/envoy/extensions/common/ratelimit/v3/ratelimit.proto @@ -5,6 +5,8 @@ package envoy.extensions.common.ratelimit.v3; import "envoy/type/v3/ratelimit_unit.proto"; import "envoy/type/v3/token_bucket.proto"; +import "google/protobuf/wrappers.proto"; + import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -121,8 +123,20 @@ message RateLimitDescriptor { // Optional rate limit override to supply to the ratelimit service. RateLimitOverride limit = 2; + + // Optional hits_addend for the rate limit descriptor. If set the value will override the + // request level hits_addend. + // [#not-implemented-hide:] + google.protobuf.UInt64Value hits_addend = 3; } +// Configuration used to enable local rate limiting. +// +// .. note:: +// The ``LocalRateLimitDescriptor`` is used to configure a local rate limit rule with a token +// bucket algorithm. The ``RateLimitDescriptor`` is used to represent a list of symbols that +// are used to match against the rate limit rule. +// message LocalRateLimitDescriptor { // Descriptor entries. repeated v3.RateLimitDescriptor.Entry entries = 1 [(validate.rules).repeated = {min_items: 1}];