search

Kuadrant / wasm-shim

A Proxy-Wasm module allowing communication to Authorino and Limitador.
Apache License 2.0
5 stars 4 forks source link

prefix based path matching rule #24

Closed eguzki closed 1 year ago

eguzki commented 2 years ago

what

Support prefix based path matching

Fixes https://github.com/Kuadrant/kuadrant-controller/issues/202

The following config will generate descriptors for the request GET /v1/service/my-service/something

failure_mode_deny: true
rate_limit_policies:
  - name: toystore
    rate_limit_domain: toystore-app
    upstream_cluster: rate-limit-cluster
    hostnames: ["*.toystore.com"]
    gateway_actions:
      - rules:
          - paths: ["/v1/service*"]   <- prefix based path matching rule
            methods: ["GET"]
        configurations:
          - actions:
            - generic_key:
                descriptor_key: admin
                descriptor_value: "1"

Additionally:

verification steps

Run dev env

make development

The wasm config in the envoy for the *.b.com workload look like this

{
  "name": "rlp-b",
  "rate_limit_domain": "rls-domain-b",
  "upstream_cluster": "limitador",
  "hostnames": ["*.b.com"],
  "gateway_actions": [
    {
      "rules": [
        {
          "paths": ["/not/exising/path", "/any*"]           <- prefix based path matching
        }
      ],
      "configurations": [
        {
          "actions": [
            {
              "generic_key": {
                "descriptor_key": "some_generic_key",
                "descriptor_value": "some_generic_value"
              }
            }
          ]
        }
      ]
    }
  ]
}

Check that the request 

curl -H "Host: test.b.com" http://127.0.0.1:18000/anything

is generating descriptor entries. It can easily be seen in the lmitador's logs or checking that after 5 request, the requests are rate limited with 429 responses. If it is rate limited, descriptors must have been generated. Currently the limit file looks like this

 - namespace: rls-domain-b                         
   max_value: 5                                    
   seconds: 10                                     
   conditions:                                     
   ⦙ - "some_generic_key == 'some_generic_value'"
eguzki commented 2 years ago

kind reminder for review @Kuadrant/engineering