Skip to content

Commit

Permalink
feat(manager): add API throttling
Browse files Browse the repository at this point in the history
  • Loading branch information
michalslomczynski committed Nov 28, 2023
1 parent 5e25166 commit f740e12
Show file tree
Hide file tree
Showing 6 changed files with 275 additions and 4 deletions.
1 change: 1 addition & 0 deletions common/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ def __init__(self):
self.public_port = 8000
self.private_port = 8000
self.max_request_size = int(os.getenv("MAX_REQUEST_SIZE_MB", "2"))
self.api_max_rps = int(os.getenv("API_MAX_RPS", "20")) # maximum requests per second and account

self.is_fedramp = strtobool(os.getenv("IS_FEDRAMP", "FALSE"))

Expand Down
1 change: 1 addition & 0 deletions conf/manager.env
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ DISABLE_RBAC=FALSE
GRANULAR_RBAC=FALSE
MAX_REQUEST_SIZE_MB=2
MAXIMUM_PAGE_SIZE=1000
API_MAX_RPS=100
10 changes: 10 additions & 0 deletions manager/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
import connexion
from connexion.resolver import RestyResolver
from flask import abort
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from peewee import OperationalError
from prometheus_client import CollectorRegistry
from prometheus_client import generate_latest
Expand Down Expand Up @@ -46,6 +48,8 @@ def create_app(spec_files, wait_on_cyndi=True):
app.add_error_handler(MissingEntitlementException, forbidden_missing_entitlement)
app.add_error_handler(RbacException, forbidden_rbac)

limiter = Limiter(app=app.app, key_func=get_remote_address)

@app.app.route('/metrics', methods=['GET'])
def metrics(): # pylint: disable=unused-variable
# /metrics API shouldn't be visible in the API documentation, hence it's added here in the create_app step
Expand All @@ -69,6 +73,12 @@ def set_default_headers(response): # pylint: disable=unused-variable

return response

# Apply global throttling for all routes
@app.app.before_request
@limiter.limit(f"{CFG.api_max_rps} per second", key_func=lambda: connexion.request.headers.get("x-rh-identity"))
def account_level_throttle():
return

# This hook ensures that a connection is opened to handle any queries
# generated by the request.
@app.app.before_request
Expand Down
Loading

0 comments on commit f740e12

Please sign in to comment.