Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate limit sessions for throttling control #36

Merged
merged 5 commits into from
Mar 28, 2024
Merged

Rate limit sessions for throttling control #36

merged 5 commits into from
Mar 28, 2024

Conversation

kostrse
Copy link
Collaborator

@kostrse kostrse commented Aug 15, 2023

When using service identity authentication in datasource, query requests originating from different users share the same identity, and may be seen my the resource endpoint as coming from the same user.

I may occasionally trigger throttling problems in large Grafana instances with popular dashboards.

This PR introduces an additional session header X-RateLimit-Session, different for each Grafana user, which provide extra information to the resource endpoint regarding the different user sessions which share the same service identity for authentication.

This session header needs to be enabled by the datasource:

authOpts := azhttpclient.NewAuthOptions(azureSettings)
authOpts.Scopes(scopes)

// Enable session header
authOpts.AddRateLimitSession(true)

azhttpclient.AddAzureAuthentication(clientOpts, authOpts, credentials)

To make sessions work, datasource should also include context of the signed-in user to the request context, as implemented in the ADX datasource here or here. This allows the Azure middleware to use the passed user's information to generate session ID.

Resource endpoint should know about the header and use it for its rate limit calculations.

@kostrse kostrse mentioned this pull request Aug 15, 2023
Closed
@kostrse kostrse requested a review from a team as a code owner September 18, 2023 20:51
aangelisc
aangelisc approved these changes Sep 19, 2023
View reviewed changes
Copy link
Contributor

@aangelisc aangelisc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit in the comments to be addressed before we merge this 😊

@aangelisc aangelisc merged commit f459ab1 into grafana:main Mar 28, 2024
3 checks passed
@kostrse kostrse deleted the rate-limit-session branch March 28, 2024 21:54
@kostrse kostrse restored the rate-limit-session branch March 28, 2024 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ohad-Fein Ohad-Fein Ohad-Fein left review comments

@aangelisc aangelisc aangelisc approved these changes

@asimpson asimpson Awaiting requested review from asimpson asimpson is a code owner automatically assigned from grafana/partner-datasources

@bossinc bossinc Awaiting requested review from bossinc bossinc is a code owner automatically assigned from grafana/partner-datasources

@adamyeats adamyeats Awaiting requested review from adamyeats adamyeats is a code owner automatically assigned from grafana/partner-datasources

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kostrse @aangelisc @Ohad-Fein