envoyproxy
http rate limit filter v3: add support for failure_mode_deny runtime overrides
Commit Message: add new failure_mode_deny_percent optional RuntimeFractionalPercent field to the type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit filter, so that if specified, its runtime value overrides the default failure_mode_deny value
Additional Description: the change does not consider deprecating the existing failure_mode_deny parameter
Risk Level: Low
Testing: adds unit tests, and manually tested behaviour with the following Envoy config
admin:
profile_path: /tmp/envoy.prof
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: /dev/null
address:
socket_address:
address: 0.0.0.0
port_value: 8001
layered_runtime:
layers:
- name: admin
admin_layer: {}
static_resources:
listeners:
- name: web
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 8100
per_connection_buffer_limit_bytes: 32768
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: AUTO
stat_prefix: web_ratelimit
http_filters:
- name: envoy.filters.http.ratelimit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
domain: test_domain
stat_prefix: test_ratelimit
stage: 0
failure_mode_deny_percent:
runtime_key: ratelimit.failure_mode_deny_percent
default_value:
numerator: 100
denominator: HUNDRED
rate_limit_service:
transport_api_version: V3
grpc_service:
envoy_grpc:
cluster_name: ratelimit_service
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
rate_limits:
- actions:
- source_cluster: {}
- destination_cluster: {}
clusters:
- name: service_envoyproxy_io
type: LOGICAL_DNS
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: service_envoyproxy_io
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
- name: ratelimit_service
connect_timeout: 1s
type: STRICT_DNS
protocol_selection: USE_CONFIGURED_PROTOCOL
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: ratelimit_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 8080
Docs Changes: yes, inline with protos Release Notes: yes Platform Specific Features: no Fixes #39928
Hi @amongil, welcome and thank you for your contribution.
We will try to review your Pull Request as quickly as possible.
In the meantime, please take a look at the contribution guidelines if you have not done so already.
:cat:
Caused by: https://github.com/envoyproxy/envoy/pull/39942 was opened by amongil.
![repokitteh-read-only[bot] avatar](https://avatars.githubusercontent.com/in/16729?v=4 "Published by a pub.dev verified publisher"){kind=small}
As a reminder, PRs marked as draft will not be automatically assigned reviewers, or be handled by maintainer-oncall triage.
Please mark your PR as ready when you want it to be reviewed!
:cat:
Caused by: https://github.com/envoyproxy/envoy/pull/39942 was opened by amongil.
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @abeyad
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).
:cat:
Caused by: https://github.com/envoyproxy/envoy/pull/39942 was opened by amongil.
thanks for the review @mattklein123 , any idea on when a new release will be cut?