envoyproxy · wbpcode · Aug 1, 2024 · May 16, 2024 · May 16, 2024 · May 24, 2024
diff --git a/api/envoy/service/ratelimit/v3/rls.proto b/api/envoy/service/ratelimit/v3/rls.proto
@@ -49,6 +49,8 @@ message RateLimitRequest {
 
   // Rate limit requests can optionally specify the number of hits a request adds to the matched
   // limit. If the value is not set in the message, a request increases the matched limit by 1.
+  // This value can be modified by setting "envoy.ratelimit:hits_addend" in the dynamic metadata
+  // for a given request.
   uint32 hits_addend = 3;
 }
 

diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -226,6 +226,10 @@ new_features:
   change: |
     Added :ref:`bypass_overload_manager <envoy_v3_api_field_config.listener.v3.Listener.bypass_overload_manager>`
     to bypass the overload manager for a listener. When set to true, the listener will not be subject to overload protection.
+- area: ratelimit
+  change: |
+    Added the ability to modify :ref:`hits_addend <envoy_v3_api_field_service.ratelimit.v3.RateLimitRequest.hits_addend>`
+    by setting ``envoy.ratelimit.hits_addend`` to the desired value.
 
 deprecated:
 - area: tracing

@@ -66,11 +66,21 @@ void Filter::initiateCall(const Http::RequestHeaderMap& headers) {
     break;
   }
 
+  double hits_addend = 0;
+  const auto& request_metadata = callbacks_->streamInfo().dynamicMetadata().filter_metadata();
+  const auto filter_it = request_metadata.find("envoy.ratelimit");
+  if (filter_it != request_metadata.end()) {
+    const auto field_it = filter_it->second.fields().find("hits_addend");
+    if (field_it != filter_it->second.fields().end()) {
+      hits_addend = field_it->second.number_value();
+    }
+  }
+
   if (!descriptors.empty()) {
     state_ = State::Calling;
     initiating_call_ = true;
     client_->limit(*this, getDomain(), descriptors, callbacks_->activeSpan(),
-                   callbacks_->streamInfo(), 0);
+                   callbacks_->streamInfo(), hits_addend);
     initiating_call_ = false;
   }
 }

@@ -258,6 +258,54 @@ TEST_F(HttpRateLimitFilterTest, OkResponse) {
       1U, filter_callbacks_.clusterInfo()->statsScope().counterFromStatName(ratelimit_ok_).value());
 }
 
+TEST_F(HttpRateLimitFilterTest, OkResponseWithAdditionalHitsAddend) {
+  setUpTest(filter_config_);
+  InSequence s;
+
+  ProtobufWkt::Struct request_struct;
+  request_struct.mutable_fields()->insert({"hits_addend", ValueUtil::numberValue(5)});
+  (*filter_callbacks_.stream_info_.metadata_.mutable_filter_metadata())["envoy.ratelimit"] =
+      request_struct;
+  EXPECT_CALL(filter_callbacks_.route_->route_entry_.rate_limit_policy_, getApplicableRateLimit(0));
+
+  EXPECT_CALL(route_rate_limit_, populateDescriptors(_, _, _, _))
+      .WillOnce(SetArgReferee<0>(descriptor_));
+
+  EXPECT_CALL(filter_callbacks_.route_->route_entry_.virtual_host_.rate_limit_policy_,
+              getApplicableRateLimit(0));
+
+  EXPECT_CALL(*client_, limit(_, "foo",
+                              testing::ContainerEq(std::vector<RateLimit::Descriptor>{
+                                  {{{"descriptor_key", "descriptor_value"}}}}),
+                              _, _, 5))
+      .WillOnce(
+          WithArgs<0>(Invoke([&](Filters::Common::RateLimit::RequestCallbacks& callbacks) -> void {
+            request_callbacks_ = &callbacks;
+          })));
+
+  request_headers_.addCopy(Http::Headers::get().RequestId, "requestid");
+  EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
+            filter_->decodeHeaders(request_headers_, false));
+  Http::MetadataMap metadata_map{{"metadata", "metadata"}};
+  EXPECT_EQ(Http::FilterMetadataStatus::Continue, filter_->decodeMetadata(metadata_map));
+  EXPECT_EQ(Http::FilterDataStatus::StopIterationAndWatermark, filter_->decodeData(data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::StopIteration, filter_->decodeTrailers(request_trailers_));
+  EXPECT_EQ(Http::Filter1xxHeadersStatus::Continue, filter_->encode1xxHeaders(response_headers_));
+  EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_->encodeHeaders(response_headers_, false));
+  EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->encodeData(response_data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->encodeTrailers(response_trailers_));
+
+  EXPECT_CALL(filter_callbacks_, continueDecoding());
+  EXPECT_CALL(filter_callbacks_.stream_info_,
+              setResponseFlag(StreamInfo::CoreResponseFlag::RateLimited))
+      .Times(0);
+  request_callbacks_->complete(Filters::Common::RateLimit::LimitStatus::OK, nullptr, nullptr,
+                               nullptr, "", nullptr);
+
+  EXPECT_EQ(
+      1U, filter_callbacks_.clusterInfo()->statsScope().counterFromStatName(ratelimit_ok_).value());
+}
+
 TEST_F(HttpRateLimitFilterTest, OkResponseWithHeaders) {
   setUpTest(filter_config_);
   InSequence s;