rate-limit: make 429 response mapping configurable #4879
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
venilnoronha
force-pushed
the
config-grpc-status
branch
2 times, most recently
from
ab2877a to
7f58656
Compare
This commit enables the configuration of the mapping that translates 429 response code to a gRPC status code. By default, the Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document. Google, however, recommends translating a 429 response to RESOURCE_EXHAUSTED. This commit provides a flag named rate_limited_as_resource_exhausted in the RateLimit config which allows users to explicitly specify whether they want 429 responses to be mapped to RESOURCE_EXHAUSTED, while UNAVAILABLE remains the default. References: * https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md * https://cloud.google.com/apis/design/errors#generating_errors Signed-off-by: Venil Noronha <[email protected]>
venilnoronha
force-pushed
the
config-grpc-status
branch
from
7f58656 to
44967f0
Compare
lizan
suggested changes
Oct 27, 2018
Signed-off-by: Venil Noronha <[email protected]>
venilnoronha
force-pushed
the
config-grpc-status
branch
from
b7cd9e7 to
161ba4d
Compare
Signed-off-by: Venil Noronha <[email protected]>
Signed-off-by: Venil Noronha <[email protected]>
|
This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
stale
bot
added
the
stale
|
not stale. |
stale
bot
removed
the
stale
junr03
reviewed
Nov 6, 2018
| */ | ||
| virtual void sendLocalReply(Code response_code, const std::string& body_text, | ||
| std::function<void(HeaderMap& headers)> modify_headers) PURE; | ||
| std::function<void(HeaderMap& headers)> modify_headers, | ||
| const absl::optional<Grpc::Status::GrpcStatus> grpc_status) PURE; |
There was a problem hiding this comment.
I have been thinking more and more about our changes to the filter API. Every time we change this API we are making every person that has written thirdparty filters update. I don't know if there are better solutions to make argument extension in these functions easier/less painful for consumers. I am curious what the rest of the @envoyproxy/maintainers thoughts are about this.
There was a problem hiding this comment.
We are tracking this concern here: #3390. Right now we decided that we are OK with API changes so that we can continue to move relatively fast. This will likely not always be the case.
There was a problem hiding this comment.
#3390 is for this, I think now we are OK but need release notes for extension impacting API changes.
lizan
suggested changes
Nov 6, 2018
* Add release note on HTTP filter API change * Update rate_limit proto comment * Update test to use utility function instead of hard-coded string Signed-off-by: Venil Noronha <[email protected]>
lizan
approved these changes
Nov 6, 2018
mattklein123
approved these changes
Nov 7, 2018
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 10, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change.
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 10, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Victor Roldan Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 10, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 11, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 11, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 12, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 12, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
vroldanbet
added a commit
to vroldanbet/contour
that referenced
this pull request
Jan 12, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Signed-off-by: Víctor Roldán Betancort <[email protected]>
skriss
pushed a commit
to projectcontour/contour
that referenced
this pull request
Jan 12, 2023
The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes #4901. Signed-off-by: Víctor Roldán Betancort <[email protected]>
yangyy93
pushed a commit
to projectsesame/contour
that referenced
this pull request
Feb 16, 2023
…ectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]>
yangyy93
pushed a commit
to projectsesame/contour
that referenced
this pull request
Feb 16, 2023
…ectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]>
yangyy93
pushed a commit
to projectsesame/contour
that referenced
this pull request
Feb 16, 2023
…ectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]>
yangyy93
pushed a commit
to projectsesame/contour
that referenced
this pull request
Feb 16, 2023
…ectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]>
vmw-yingy
pushed a commit
to vmw-yingy/contour
that referenced
this pull request
Feb 28, 2023
…ectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]>
yangyy93
added a commit
to projectsesame/contour
that referenced
this pull request
Mar 10, 2023
Signed-off-by: yy <[email protected]> add some unit test Signed-off-by: yy <[email protected]> git rebase Signed-off-by: yy <[email protected]> expose configuration for envoy's RateLimitedAsResourceExhausted (projectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]> rebase Signed-off-by: yy <[email protected]> update tracing config validate Signed-off-by: yy <[email protected]> make generate Signed-off-by: yy <[email protected]> add chengelog Signed-off-by: yy <[email protected]> update make general Signed-off-by: yy <[email protected]> goimport Signed-off-by: yy <[email protected]> update tracing Signed-off-by: yy <[email protected]> fix golint Signed-off-by: yy <[email protected]> update test Signed-off-by: yy <[email protected]> delete unused code Signed-off-by: yy <[email protected]> delete error file Signed-off-by: yy <[email protected]> update changelog Signed-off-by: yy <[email protected]> fix some mistake Signed-off-by: yy <[email protected]>
yangyy93
added a commit
to projectsesame/contour
that referenced
this pull request
Mar 27, 2023
Signed-off-by: yy <[email protected]> add some unit test Signed-off-by: yy <[email protected]> git rebase Signed-off-by: yy <[email protected]> expose configuration for envoy's RateLimitedAsResourceExhausted (projectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]> rebase Signed-off-by: yy <[email protected]> update tracing config validate Signed-off-by: yy <[email protected]> make generate Signed-off-by: yy <[email protected]> add chengelog Signed-off-by: yy <[email protected]> update make general Signed-off-by: yy <[email protected]> goimport Signed-off-by: yy <[email protected]> update tracing Signed-off-by: yy <[email protected]> fix golint Signed-off-by: yy <[email protected]> update test Signed-off-by: yy <[email protected]> delete unused code Signed-off-by: yy <[email protected]> delete error file Signed-off-by: yy <[email protected]> update changelog Signed-off-by: yy <[email protected]> fix some mistake Signed-off-by: yy <[email protected]>
yangyy93
added a commit
to projectsesame/contour
that referenced
this pull request
Mar 27, 2023
Signed-off-by: yy <[email protected]> add some unit test Signed-off-by: yy <[email protected]> git rebase Signed-off-by: yy <[email protected]> expose configuration for envoy's RateLimitedAsResourceExhausted (projectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]> rebase Signed-off-by: yy <[email protected]> update tracing config validate Signed-off-by: yy <[email protected]> make generate Signed-off-by: yy <[email protected]> add chengelog Signed-off-by: yy <[email protected]> update make general Signed-off-by: yy <[email protected]> goimport Signed-off-by: yy <[email protected]> update tracing Signed-off-by: yy <[email protected]> fix golint Signed-off-by: yy <[email protected]> update test Signed-off-by: yy <[email protected]> delete unused code Signed-off-by: yy <[email protected]> delete error file Signed-off-by: yy <[email protected]> update changelog Signed-off-by: yy <[email protected]> fix some mistake Signed-off-by: yy <[email protected]> feat: Add HTTP support for External Auth (projectcontour#4994) Support globally configuring an external auth server which is enabled by default for all vhosts, both HTTP and HTTPS. Closes projectcontour#4954. Signed-off-by: claytonig <[email protected]> Signed-off-by: yy <[email protected]> refactor DAG and DAG consumers to support >2 Listeners (projectcontour#5128) Updates projectcontour#4960. Signed-off-by: Steve Kriss <[email protected]> Signed-off-by: yy <[email protected]> resolve conflict Signed-off-by: yy <[email protected]> fix Signed-off-by: yy <[email protected]>
yangyy93
added a commit
to projectsesame/contour
that referenced
this pull request
Mar 27, 2023
Signed-off-by: yy <[email protected]> add some unit test Signed-off-by: yy <[email protected]> git rebase Signed-off-by: yy <[email protected]> expose configuration for envoy's RateLimitedAsResourceExhausted (projectcontour#4971) The Rate Limit filter in Envoy translates a 429 HTTP response code to UNAVAILABLE as specified in the gRPC mapping document, but Google recommends translating it to RESOURCE_EXHAUSTED (see https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md) This commit introduces a new setting to allow contour to forward the same parameter introduced in envoyproxy/envoy#4879 The default value is disabled to retain the original behaviour of returning UNAVAILABLE, as changing it would be a breaking change. Closes projectcontour#4901. Signed-off-by: Víctor Roldán Betancort <[email protected]> Signed-off-by: yy <[email protected]> rebase Signed-off-by: yy <[email protected]> update tracing config validate Signed-off-by: yy <[email protected]> make generate Signed-off-by: yy <[email protected]> add chengelog Signed-off-by: yy <[email protected]> update make general Signed-off-by: yy <[email protected]> goimport Signed-off-by: yy <[email protected]> update tracing Signed-off-by: yy <[email protected]> fix golint Signed-off-by: yy <[email protected]> update test Signed-off-by: yy <[email protected]> delete unused code Signed-off-by: yy <[email protected]> delete error file Signed-off-by: yy <[email protected]> update changelog Signed-off-by: yy <[email protected]> fix some mistake Signed-off-by: yy <[email protected]> feat: Add HTTP support for External Auth (projectcontour#4994) Support globally configuring an external auth server which is enabled by default for all vhosts, both HTTP and HTTPS. Closes projectcontour#4954. Signed-off-by: claytonig <[email protected]> Signed-off-by: yy <[email protected]> refactor DAG and DAG consumers to support >2 Listeners (projectcontour#5128) Updates projectcontour#4960. Signed-off-by: Steve Kriss <[email protected]> Signed-off-by: yy <[email protected]> resolve conflict Signed-off-by: yy <[email protected]> fix Signed-off-by: yy <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description: This PR enables the configuration of the mapping that translates
429response code to a gRPC status code. By default, the Rate Limit filter in Envoy translates a429HTTP response code toUNAVAILABLEas specified in the gRPC mapping document. Google, however, recommends translating a429response toRESOURCE_EXHAUSTED. This PR provides a flag namedrate_limited_as_resource_exhaustedin theRateLimitconfig which allows users to explicitly specify whether they want429responses to be mapped toRESOURCE_EXHAUSTED, whileUNAVAILABLEremains the default.References:
Risk Level: Low
Testing: Added 2 new tests
Docs Changes: N/A
Release Notes: Added a note about the configuration
Fixes #4735
/cc @ramaraochavali @lizan