Update #1
Merged
Update #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: tangxinfa <tangxinfa@gmail.com>
Signed-off-by: Derek Schaller <d_a_schaller@yahoo.com>
Signed-off-by: Steve Sloka <slokas@vmware.com>
Signed-off-by: Steve Sloka <slokas@vmware.com>
Fixes envoyproxy#138 Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: David Black <david.black@autodesk.com>
…oyproxy#143) Even though the Makefile wants to encourage using mockgen@1.4.1, it seems like the mocks have been generated using a pre-1.0 version of mockgen. Using "go run github.com/golang/mock/mockgen" as a go:generate command instead of just "mockgen" avoids the need to pre-install into the developer's $PATH and uses the go.mod-specified version Signed-off-by: David Weitzman <dweitzman@pinterest.com>
My interest is the UDP protocol support which appeared in gotstats 0.3.10 There's a breaking change as of https://github.com/lyft/gostats/releases/tag/v0.3.0 which is that gostats no longer publishes stats as expvars. Signed-off-by: David Weitzman <dweitzman@pinterest.com>
Signed-off-by: Tong Cai <caitong93@gmail.com>
A newly-added test in envoyproxy#137 checks the exact text of an error message which seems to vary when the network is tcp4 vs tcp6. This change relaxes the assertion to look for "connection refused" in a panic without making assumptions about what an IP address looks like. Example failure: --- FAIL: TestNewClientImpl (0.00s) --- FAIL: TestNewClientImpl/connection_refused (0.00s) cache_impl_test.go:442: Error Trace: cache_impl_test.go:442 Error: func (assert.PanicTestFunc)(0x1724110) should panic with error message: "dial tcp 127.0.0.1:12345: connect: connection refused" Panic value: "dial tcp [::1]:12345: connect: connection refused" Panic stack: goroutine 27 [running]: The testify assert package doesn't seem to support inexact matching on error messages, so the code gets a bit uglier than before. Signed-off-by: David Weitzman <dweitzman@pinterest.com>
…roxy#142) This is a pure refactoring with no behavior changes. It's a step toward being able to add memcache as a backend (see envoyproxy#140). This PR moves RateLimitCache from the redis package to a new "limiter" package, along with code for time/jitter, local cache stats, and constructing cache keys. All that can be reused with memcache. After this PR, the redis package is imported in exactly two places: - in service_cmd/runner/runner.go to call redis.NewRateLimiterCacheImplFromSettings() - in service/ratelimit.go in ShouldRateLimit to identify if a recovered panic is a redis.RedisError. If so, a stat is incremented and the panic() propagation is ended and in favor of returning the error as a the function result. The PR also includes changes by goimports to test/service/ratelimit_test.go so that the difference between package name vs file path name is explicit instead of implicit. Signed-off-by: David Weitzman <dweitzman@pinterest.com>
…oxy#148) Previously an HTTP POST to /json would only return an HTTP status code, not all the other details supported by grpc ratelimit responses. With this change an HTTP POST to /json receives the full proto3 response encoded as json by jsonpb. It seems unlikely that anyone would be parsing the text "over limit" from the HTTP body instead of just reading the 429 response code, but for anyone doing that this would be a breaking change. Signed-off-by: David Weitzman <dweitzman@pinterest.com>
…s in runtime config folder directly instead of the runtime root dir. (envoyproxy#151) Signed-off-by: Yuki Sawa <yukisawa@gmail.com>
…nvoyproxy#153) Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
- Regenerate mocks based on new default protocol - Manually transform v2 messages to v3 messages - some of the fields were renamed thus json Marshal/Unmarshal does not work anymore - Added tests that verify conversion v2<->v3 works for headers fields - Update tests to use proto.Equal - simple assert.Equals might not work correctly for protobuf messages. Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
This diff creates Dockerfile.integration for running integration tests with clearly-defined dependencies. Previously the dependencies of the integration tests were defined within the github actions config. The new "make docker_tests" target should work for any developer with Docker installed. Previously there was no single command that would run integration tests across platforms, which makes development and onboarding harder. Even copying the command from github actions wouldn't have worked before, since that command quietly assumed that redis was already running on port 6379. Signed-off-by: David Weitzman <dweitzman@pinterest.com>
Fixes envoyproxy#154 Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Signed-off-by: Tong Cai <caitong93@gmail.com>
Signed-off-by: Yuki Sawa <yukisawa@gmail.com>
envoyproxy#170) Signed-off-by: Yuki Sawa <yukisawa@gmail.com>
Centralized log collection system works better with logs in json format. E.g. DataDog strongly encourage setting up your logging library to produce your logs in JSON format to avoid the need for custom parsing rules. So, the next small fix is all we need to get json logs. Signed-off-by: Sergey Belyaev <sbelyaev@setronica.com>
…h merge to master branch (envoyproxy#176) Updates the github action to also push a tagged image based upon the git sha. The tag also includes the current version of the release. Example tag: envoyproxy/ratelimit:f1758150b6dfed3e5c0ae13fb7bb6b8f6ae00b0e Fixes envoyproxy#174 Signed-off-by: Steve Sloka <slokas@vmware.com>
Signed-off-by: Margaret Gorguissian <margaret.gorguissian@tufts.edu>
Signed-off-by: Diego Erdody <diego@medallia.com>
Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>
Signed-off-by: Itay Donanhirsh <itay@bazoo.org>
Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com>
…sotw provider (envoyproxy#406) Signed-off-by: Marcin Skalski <marcin.skalski@konghq.com>
Signed-off-by: yleng <yleng@pinterest.com>
…oxy#409) Signed-off-by: Sean Winterberger <swinterberger@zebra.com>
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
…022-41723 (envoyproxy#416) Signed-off-by: Vikas Palaskar <vikas.Palaskar@gmail.com>
Signed-off-by: Daniel Hoelbling-Inzko <daniel.hoelbling-inzko@bitmovin.com>
Signed-off-by: Amiram Wingarten <amiram.wingarten@sap.com>
Signed-off-by: Raul Gutierrez Segales <rgs@itevenworks.net>
Signed-off-by: Seonghyun Oh <seonghyunoh@gmail.com>
For CVE fix, see alpinelinux/docker-alpine#321 Signed-off-by: Dong Liu <doliu@microsoft.com>
Signed-off-by: Pawel Lipiec <pawel.lipiec@docusign.com>
During a recent CVE scan we found envoyproxy to use `alpine:3.18` as the final image ``` grype envoyproxy/ratelimit:59565c87 ✔ Vulnerability DB [no update available] ✔ Pulled image ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [57 packages] ✔ Scanning image... [4 vulnerabilities] ├── 0 critical, 3 high, 1 medium, 0 low, 0 negligible └── 2 fixed NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY libcrypto3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High libssl3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High ``` Since docker image tags are derived from the git commit sha, triggering a rebuild of the image as is (which implicitly would use alpine:3.18.2 and golang:1.20.5) would result in the image getting replaced with the same commit sha. Instead, we're explicitly setting the version numbers to ensure any version update is tied to a commit. Signed-off-by: Jonas-Taha El Sesiy <jonas-taha.elsesiy@snowflake.com>
…yproxy#430) Signed-off-by: chashikajw <chashikajw007@gmail.com> Signed-off-by: Tharsanan1 <tharsanan.15@cse.mrt.ac.lk>
Signed-off-by: Charlie Crawford <ccrawford@pagerduty.com>
…xy#443) Signed-off-by: chashikajw <chashikajw007@gmail.com>
Signed-off-by: Paul Salaberria <psalaberria002@gmail.com>
Signed-off-by: chashikajw <chashikajw007@gmail.com>
…oyproxy#448) Signed-off-by: Vito Sabella <vito@axon.com>
* Resolves most go staticcheck errors. * Replaces a few deprecated packages / functions. * Makes some minor changes to error responses on the /json endpoint. Signed-off-by: Charlie Crawford <ccrawford@pagerduty.com>
Signed-off-by: Charlie Crawford <ccrawford@pagerduty.com>
…nvoyproxy#455) This updates golang version in example xds-sotw-config-server Dockerfile in order to fix docker image build. Signed-off-by: Dmitriy Zakomirnyi <dmitriy.zakomirnyy@gmail.com>
Signed-off-by: Charlie Crawford <ccrawford@pagerduty.com>
fixes CVEs CVE-2023-5678 CVE-2023-5363 as per alpinelinux/docker-alpine#358 Signed-off-by: rayseaward <84980696+rayseaward@users.noreply.github.com>
* setup ossf scorecard and codql workflows Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update scorecard.yml Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update main.yaml Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> --------- Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.4 to 5.0.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@e9aba2c...0a5c615) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...0864cf1) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
* stats: sanitize metric names
If the configuration contains a key value with a `:` or `|`, e.g.
```
- key: path
value: "/foo:*"
rate_limit:
unit: minute
requests_per_unit: 20
```
the reported statsd metrics are malformed.
Signed-off-by: Lukasz Szczesny <luk@wybcz.pl>
* Add tests
Signed-off-by: Lukasz Szczesny <luk@wybcz.pl>
---------
Signed-off-by: Lukasz Szczesny <luk@wybcz.pl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.