gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

Provide validation for the Ratelimit CRs

Open asayah opened this issue 2 years ago • 1 comments

Version

No response

Is your feature request related to a problem? Please describe.

Today we enforce schemas validation for RateLimit CRs The need is to support Server validation for Rate limiting CR

This work should also enable the metric for ratelimitconfigs: https://docs.solo.io/gloo-edge/master/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk/#observabilityoptions

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Additional Context

No response

asayah avatar Jul 20 '22 22:07 asayah

Duplicate of https://github.com/solo-io/gloo/issues/6533

krisztianfekete avatar Jul 22 '22 15:07 krisztianfekete

Part of https://github.com/solo-io/gloo/issues/2797

nfuden avatar Aug 19 '22 13:08 nfuden

@jenshu has context and can help to pair on this

nfuden avatar Aug 19 '22 13:08 nfuden

Here is a list of issues that we can add to make the necessary changes to the validation webhook for Rate Limit and future resources.

  • [x] https://github.com/solo-io/gloo/issues/7273
  • [ ] https://github.com/solo-io/gloo/issues/4783
  • [ ] https://github.com/solo-io/gloo/issues/7271
  • [ ] https://github.com/solo-io/gloo/issues/7272
  • [ ] https://github.com/solo-io/solo-projects/issues/3558
  • [ ] https://github.com/solo-io/gloo/issues/2797
  • [ ] https://github.com/solo-io/gloo/issues/7434

jackstine avatar Sep 30 '22 18:09 jackstine

Validation for Rate Limit Configs will be available in v1.13.0-beta13 or v1.13.0 release later in a few weeks.

jackstine avatar Nov 23 '22 18:11 jackstine

Seeing an issue with the RLC validation in 1.13.10:

$ cat ratelimitconfig-validation.json
{
    "request": {
        "uid": "abc",
        "dryRun": true,
        "kind": {
            "group": "ratelimit.solo.io",
            "version": "v1alpha1",
            "kind": "RateLimitConfig"
        },
        "namespace": "gloo-system",
        "object": {
            "apiVersion": "ratelimit.solo.io/v1alpha1",
            "kind": "RateLimitConfig",
            "metadata": {
                "labels": {
                    "central-id": "200004162",
                    "proxy": "abc"
                },
                "name": "abc",
                "namespace": "gloo-system"
            },
            "spec": {
                "rawsinvalid": {
                    "descriptors": [
                        {
                            "key": "generic_key",
                            "value": "abc",
                            "rateLimit": {
                                "requestsPerUnit": 50,
                                "unit": "SECOND"
                            }
                        }
                    ],
                    "rateLimit": [
                        {
                            "action": [
                                {
                                    "genericKey": {
                                        "descriptorValues": "abc"
                                    }
                                }
                            ]
                        }
                    ]
                }
            }
        }
    }
}

Note:

            "spec": {
                "rawsinvalid": {

curl -k -XPOST -d @ratelimitconfig-validation.json -H 'Content-Type: application/json' https://localhost:8443/validation
{"response":{"uid":"glooupgrade-zone1-v4-connectapi-rl-1681243877342","allowed":true}}

bdecoste avatar Apr 12 '23 16:04 bdecoste

An additional part of this: https://github.com/solo-io/gloo/issues/4783

We haven't yet added support for syntax validation on RateLimitConfigs, which is what should have been rejected above.

slack context with some more details

sam-heilbron avatar Apr 12 '23 16:04 sam-heilbron

Looking for schema in the RateLimitConfig CRD

bdecoste avatar Jul 26 '23 20:07 bdecoste