Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change ratelimit API to support distinct match #1308

Merged
merged 9 commits into from
Apr 24, 2023
Merged

Change ratelimit API to support distinct match #1308

merged 9 commits into from
Apr 24, 2023

Conversation

zhaohuabing
Copy link
Member

@zhaohuabing zhaohuabing commented Apr 14, 2023
edited
Loading

This PR is the API change for #1150. Once we agreed on API, the implementation will be submitted in another PR.

@zhaohuabing zhaohuabing requested a review from a team as a code owner April 14, 2023 15:30
@codecov
Copy link

codecov bot commented Apr 14, 2023
edited
Loading

Codecov Report

Merging #1308 (397dd0b) into main (690a045) will increase coverage by 0.06%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1308      +/-   ##
==========================================
+ Coverage   61.84%   61.91%   +0.06%     
==========================================
  Files          76       76              
  Lines       10718    10718              
==========================================
+ Hits         6629     6636       +7     
+ Misses       3644     3637       -7     
  Partials      445      445

see 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@zhaohuabing
Change reatelimit API to support distinct match
5a36953 
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing force-pushed the ratelimit_api branch 2 times, most recently from 5a36953 to cd573c0 Compare April 14, 2023 15:59
@qicz
Copy link
Member

qicz commented Apr 14, 2023

PR title spell error

@zhaohuabing zhaohuabing changed the title Change reatelimit API to support distinct match Change ratelimit API to support distinct match Apr 15, 2023
@zhaohuabing
address comments
44700b5 
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing requested review from a team, kflynn, qicz, chauhanshubham and Alice-Lilith and removed request for a team April 17, 2023 12:08
@zhaohuabing zhaohuabing requested a review from zirain April 19, 2023 07:45
Alice-Lilith
Alice-Lilith previously approved these changes Apr 19, 2023
View reviewed changes
Copy link
Member

@Alice-Lilith Alice-Lilith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this change and I think it's definitely much needed for common ratelimit use-cases. Looks like a few conformance tests are failing but it could just be because of the pre-install flake we were seeing. I'l restart them real quick.

@arkodg
Copy link
Contributor

arkodg commented Apr 19, 2023
edited
Loading

hey @zhaohuabing wanted to share some more suggestions, hoping @envoyproxy/gateway-maintainers can chime in

  1. Name of the new field SourceCIDR vs SourceIPCIDR vs SourceIPSubnet vs SourceIPRange
    I vote for SourceCIDR
  2. Name of the match type
sourceCIDR:
  type: Exact
  value: "192.168.1.0/24"

vs

sourceCIDR:
  type: CIDR
  value: "192.168.1.0/24"

I prefer type: Exact because we have the Exact match type for header match, so its reusing the noun (one less thing to remember for the user) and CIDR as a field name + match type feel repetitiive

@zhaohuabing
Copy link
Member Author

sourceCIDR:
type: Exact
value: "192.168.1.0/24"

@arkodg Exact is a bit vague. How about Masked or Subnet?

@arkodg
Copy link
Contributor

arkodg commented Apr 20, 2023

@zhaohuabing Masked and Subnet sound the same as CIDR, my argument is the value is already a CIDR type so the match of type Exact would mean matching on the CIDR value. Hoping this discussion gets more eyes so others can also share their preferences.

@zhaohuabing
change API according to discussion
d05d102 
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
@zhaohuabing
Copy link
Member Author

I got it. I'm ok with Exact unless we find a better name.

@chauhanshubham
Copy link
Member

chauhanshubham commented Apr 20, 2023
edited
Loading

no strong opinions around this but for the current struct
I feel calling out match explicitly in the type field makes sense.

current
sourceCIDR: {type: "" value: ""} sourceCIDR: {matchType: "" value: ""}

Just so it reads source CIDR match type and source CIDR value.

source CIDR type felt like there's a IP type aka ipv4/ipv6 distinction in value.
Thanks

@arkodg
Copy link
Contributor

arkodg commented Apr 20, 2023

hey @chauhanshubham this is what it would look like

global:
    rules:
    - clientSelectors:
      - headers:
        - name: x-user-id
           type: Exact
           value: one
        sourceCIDR:
          type: Exact
          value: "192.168.1.0/24"

the word clientSelectors is used to describe matches but specifically match attributes related to the client (request headers and source IP in this case).
This has the same look and feel as the matches field within HTTPRoute

- matches:
    - headers:
      - type: Exact
        name: magic
        value: foo

@arkodg
Copy link
Contributor

arkodg commented Apr 20, 2023

@zhaohuabing thanks for incorporating my suggestions, so LGTM from my side

@zhaohuabing zhaohuabing force-pushed the ratelimit_api branch 2 times, most recently from f17e3be to b54861c Compare April 21, 2023 02:17
Alice-Lilith
Alice-Lilith approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@Alice-Lilith Alice-Lilith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes work for me

@arkodg
Copy link
Contributor

arkodg commented Apr 24, 2023

merging, thanks @zhaohuabing !

@arkodg arkodg merged commit f46df82 into envoyproxy:main Apr 24, 2023
arkodg added a commit to arkodg/gateway that referenced this pull request Aug 3, 2023
@arkodg
rm deprecated SourceIP field
a596ceb 
Relates to envoyproxy#1308

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@arkodg arkodg mentioned this pull request Aug 3, 2023
Merged
Xunzhuo added a commit that referenced this pull request Aug 3, 2023
@arkodg @Xunzhuo
rm deprecated SourceIP field (#1757)
c96aa6a 
* rm deprecated SourceIP field

Relates to #1308

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* fix tests

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* lint

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Co-authored-by: Xunzhuo <bitliu@tencent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qicz qicz qicz left review comments

@arkodg arkodg arkodg approved these changes

@Alice-Lilith Alice-Lilith Alice-Lilith approved these changes

@kflynn kflynn Awaiting requested review from kflynn kflynn was automatically assigned from envoyproxy/gateway-reviewers

@chauhanshubham chauhanshubham Awaiting requested review from chauhanshubham chauhanshubham was automatically assigned from envoyproxy/gateway-reviewers

@zirain zirain Awaiting requested review from zirain

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zhaohuabing @qicz @arkodg @chauhanshubham @Alice-Lilith