Skip to content

Commit

Permalink
feat(manager): add API throttling
Browse files Browse the repository at this point in the history
  • Loading branch information
michalslomczynski committed Nov 25, 2023
1 parent fd0ec91 commit fa620bf
Show file tree
Hide file tree
Showing 6 changed files with 270 additions and 2 deletions.
1 change: 1 addition & 0 deletions common/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ def __init__(self):
self.public_port = 8000
self.private_port = 8000
self.max_request_size = int(os.getenv("MAX_REQUEST_SIZE_MB", "2"))
self.api_max_rps = int(os.getenv("API_MAX_RPS", "20")) # maximum requests per second and account

self.is_fedramp = strtobool(os.getenv("IS_FEDRAMP", "FALSE"))

Expand Down
1 change: 1 addition & 0 deletions conf/manager.env
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ POSTGRES_PASSWORD=ve_db_user_manager_pwd
DISABLE_RBAC=FALSE
GRANULAR_RBAC=FALSE
MAX_REQUEST_SIZE_MB=2
API_MAX_RPS=100
14 changes: 14 additions & 0 deletions manager/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@
import connexion
from connexion.resolver import RestyResolver
from flask import abort
from flask import request
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from peewee import OperationalError
from prometheus_client import CollectorRegistry
from prometheus_client import generate_latest
Expand Down Expand Up @@ -46,6 +49,8 @@ def create_app(spec_files, wait_on_cyndi=True):
app.add_error_handler(MissingEntitlementException, forbidden_missing_entitlement)
app.add_error_handler(RbacException, forbidden_rbac)

limiter = Limiter(app=app.app, key_func=get_remote_address)

@app.app.route('/metrics', methods=['GET'])
def metrics(): # pylint: disable=unused-variable
# /metrics API shouldn't be visible in the API documentation, hence it's added here in the create_app step
Expand All @@ -69,6 +74,15 @@ def set_default_headers(response): # pylint: disable=unused-variable

return response

def get_x_rh_identity():
return request.headers.get('x-rh-identity')

# Apply global throttling for all routes
@app.app.before_request
@limiter.limit(f"{CFG.api_max_rps} per second", key_func=get_x_rh_identity)
def account_level_throttle():
return

# This hook ensures that a connection is opened to handle any queries
# generated by the request.
@app.app.before_request
Expand Down
Loading

0 comments on commit fa620bf

Please sign in to comment.