Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix error message when attestation is disabled #1899

Merged
merged 1 commit into from
Oct 7, 2020
Merged

Fix error message when attestation is disabled #1899

merged 1 commit into from
Oct 7, 2020

Conversation

azdagron
Copy link
Member

@azdagron azdagron commented Oct 7, 2020

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality
Server no longer logs a misleading and incorrect error message on attestation attempts when attestation limits are disabled.

Description of change
When attestation rate limiting is disabled in the middleware, the AttestAgent RPC is still invoking the rate limiter. This causes the
middleware to log that there is a bug, since an RPC was either not limited (and not expected to invoke the limiter) or was limited (and expected to invoke the limiter).

This change introduces a new kind of limit, the "disabled" limit and fixes the middleware layer to still expect the rate limiter to be
invoked by the RPC for disabled limits.

It then changes the rate limiting configuration to use the "disabled" limit for Agent.AttestAgent when attestation rate limiting is disabled.

Which issue this PR fixes
Fixes #1898

@azdagron
Fix error message when attestation is disabled
d4c3f29 
When attestation rate limiting is disabled in the middleware, the
AttestAgent RPC is still invoking the rate limiter. This causes the
middleware to log that there is a bug, since an RPC was either not
limited (and not expected to invoke the limiter) or was limited (and
expected to invoke the limiter).

This change introduces a new kind of limit, the "disabled" limit and
fixes the middleware layer to still expect the rate limiter to be
invoked by the RPC for disabled limits.

It then changes the rate limiting configuration to use the "disabled"
limit for Agent.AttestAgent when attestation rate limiting is disabled.

Signed-off-by: Andrew Harding <aharding@vmware.com>
@azdagron azdagron force-pushed the fix-rate-limit-error-log-on-disabled-attestation branch from ec61286 to d4c3f29 Compare October 7, 2020 20:36
tyler-at-fast
tyler-at-fast approved these changes Oct 7, 2020
View reviewed changes
Copy link

@tyler-at-fast tyler-at-fast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

   _____ _    _ _____ _____    _____ _______      __  
  / ____| |  | |_   _|  __ \  |_   _|__   __|  _  \ \ 
 | (___ | |__| | | | | |__) |   | |    | |    (_)  | |
  \___ \|  __  | | | |  ___/    | |    | |         | |
  ____) | |  | |_| |_| |       _| |_   | |     _   | |
 |_____/|_|  |_|_____|_|      |_____|  |_|    (_)  | |
                                                  /_/

@azdagron azdagron merged commit 73fba40 into spiffe:master Oct 7, 2020
@azdagron azdagron deleted the fix-rate-limit-error-log-on-disabled-attestation branch October 7, 2020 21:31
@APTy APTy added this to To be cherry-picked in 0.11.2 Release Oct 20, 2020
This was referenced Oct 27, 2020
Closed
Merged
@evan2645 evan2645 moved this from To be cherry-picked to Merged in 0.11.2 Release Oct 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@APTy APTy APTy approved these changes

@tyler-at-fast tyler-at-fast tyler-at-fast approved these changes

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo

@evan2645 evan2645 Awaiting requested review from evan2645

@mcpherrinm mcpherrinm Awaiting requested review from mcpherrinm

Assignees
No one assigned
Labels
None yet
Projects
No open projects
0.11.2 Release
Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

False negative error message is printed when turning off attest limit
3 participants
@azdagron @APTy @tyler-at-fast