ratelimit: support new filter enabled and filter enforced (envoyproxy#38653)

Author: wbpcode

api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto

@@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // Rate limit :ref:`configuration overview <config_http_filters_rate_limit>`.
 // [#extension: envoy.filters.http.ratelimit]
 
-// [#next-free-field: 14]
+// [#next-free-field: 16]
 message RateLimit {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.rate_limit.v2.RateLimit";
@@ -132,6 +132,23 @@ message RateLimit {
   // Optional additional prefix to use when emitting statistics. This allows to distinguish
   // emitted statistics between configured ``ratelimit`` filters in an HTTP filter chain.
   string stat_prefix = 13;
+
+  // If set, this will enable -- but not necessarily enforce -- the rate limit for the given
+  // fraction of requests.
+  //
+  // If not set then ``ratelimit.http_filter_enabled`` runtime key will be used to determine
+  // the fraction of requests to enforce rate limits on. And the default percentage of the
+  // runtime key is 100% for backwards compatibility.
+  config.core.v3.RuntimeFractionalPercent filter_enabled = 14;
+
+  // If set, this will enforce the rate limit decisions for the given fraction of requests.
+  //
+  // Note: this only applies to the fraction of enabled requests.
+  //
+  // If not set then ``ratelimit.http_filter_enforcing`` runtime key will be used to determine
+  // the fraction of requests to enforce rate limits on. And the default percentage of the
+  // runtime key is 100% for backwards compatibility.
+  config.core.v3.RuntimeFractionalPercent filter_enforced = 15;
 }
 
 message RateLimitPerRoute {

changelogs/current.yaml

@@ -250,6 +250,12 @@ new_features:
     added :ref:`an option <config_network_filters_tcp_proxy_receive_before_connect>` to allow filters to read from the
     downstream connection before TCP proxy has opened the upstream connection, by setting a filter state object for the key
     ``envoy.tcp_proxy.receive_before_connect``.
+- area: rate_limit
+  change: |
+    Added the explict runtime switch
+    :ref:`filter_enabled <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.filter_enabled>` and
+    :ref:`filter_enforced <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.filter_enforced>` to control the
+    filter behavior.
 - area: tcp_proxy
   change: |
     Added :ref:`proxy_protocol_tlvs

docs/root/configuration/http/http_filters/rate_limit_filter.rst

@@ -178,13 +178,6 @@ Runtime
 
 The HTTP rate limit filter supports the following runtime settings:
 
-ratelimit.http_filter_enabled
-  % of requests that will call the rate limit service. Defaults to 100.
-
-ratelimit.http_filter_enforcing
-  % of requests that that will have the rate limit service decision enforced. Defaults to 100.
-  This can be used to test what would happen before fully enforcing the outcome.
-
 ratelimit.<route_key>.http_filter_enabled
   % of requests that will call the rate limit service for a given *route_key* specified in the
   :ref:`rate limit configuration <envoy_v3_api_msg_config.route.v3.RateLimit>`. Defaults to 100.

source/extensions/filters/http/ratelimit/BUILD

@@ -26,6 +26,7 @@ envoy_cc_library(
         "//source/common/common:enum_to_int",
         "//source/common/http:codes_lib",
         "//source/common/router:config_lib",
+        "//source/common/runtime:runtime_protos_lib",
         "//source/common/stream_info:uint32_accessor_lib",
         "//source/extensions/filters/common/ratelimit:ratelimit_client_interface",
         "//source/extensions/filters/common/ratelimit:stat_names_lib",

source/extensions/filters/http/ratelimit/ratelimit.cc

@@ -127,7 +127,7 @@ double Filter::getHitAddend() {
 }
 
 Http::FilterHeadersStatus Filter::decodeHeaders(Http::RequestHeaderMap& headers, bool) {
-  if (!config_->runtime().snapshot().featureEnabled("ratelimit.http_filter_enabled", 100)) {
+  if (!config_->enabled()) {
     return Http::FilterHeadersStatus::Continue;
   }
 
@@ -257,8 +257,7 @@ void Filter::complete(Filters::Common::RateLimit::LimitStatus status,
     descriptor_statuses = nullptr;
   }
 
-  if (status == Filters::Common::RateLimit::LimitStatus::OverLimit &&
-      config_->runtime().snapshot().featureEnabled("ratelimit.http_filter_enforcing", 100)) {
+  if (status == Filters::Common::RateLimit::LimitStatus::OverLimit && config_->enforced()) {
     state_ = State::Responded;
     callbacks_->streamInfo().setResponseFlag(StreamInfo::CoreResponseFlag::RateLimited);
     callbacks_->sendLocalReply(
@@ -370,6 +369,20 @@ void OnStreamDoneCallBack::complete(Filters::Common::RateLimit::LimitStatus,
   delete this;
 }
 
+bool FilterConfig::enabled() const {
+  if (filter_enabled_.has_value()) {
+    return filter_enabled_->enabled();
+  }
+  return runtime_.snapshot().featureEnabled("ratelimit.http_filter_enabled", 100);
+}
+
+bool FilterConfig::enforced() const {
+  if (filter_enforced_.has_value()) {
+    return filter_enforced_->enabled();
+  }
+  return runtime_.snapshot().featureEnabled("ratelimit.http_filter_enforcing", 100);
+}
+
 } // namespace RateLimitFilter
 } // namespace HttpFilters
 } // namespace Extensions

source/extensions/filters/http/ratelimit/ratelimit.h

@@ -17,6 +17,7 @@
 #include "source/common/common/assert.h"
 #include "source/common/http/header_map_impl.h"
 #include "source/common/router/header_parser.h"
+#include "source/common/runtime/runtime_protos.h"
 #include "source/extensions/filters/common/ratelimit/ratelimit.h"
 #include "source/extensions/filters/common/ratelimit/stat_names.h"
 #include "source/extensions/filters/common/ratelimit_config/ratelimit_config.h"
@@ -59,7 +60,17 @@ class FilterConfig {
                 : absl::nullopt),
         http_context_(http_context), stat_names_(scope.symbolTable(), config.stat_prefix()),
         rate_limited_status_(toErrorCode(config.rate_limited_status().code())),
-        status_on_error_(toRatelimitServerErrorCode(config.status_on_error().code())) {
+        status_on_error_(toRatelimitServerErrorCode(config.status_on_error().code())),
+        filter_enabled_(
+            config.has_filter_enabled()
+                ? absl::optional<Envoy::Runtime::FractionalPercent>(
+                      Envoy::Runtime::FractionalPercent(config.filter_enabled(), runtime_))
+                : absl::nullopt),
+        filter_enforced_(
+            config.has_filter_enforced()
+                ? absl::optional<Envoy::Runtime::FractionalPercent>(
+                      Envoy::Runtime::FractionalPercent(config.filter_enforced(), runtime_))
+                : absl::nullopt) {
     absl::StatusOr<Router::HeaderParserPtr> response_headers_parser_or_ =
         Envoy::Router::HeaderParser::configure(config.response_headers_to_add());
     SET_AND_RETURN_IF_NOT_OK(response_headers_parser_or_.status(), creation_status);
@@ -83,6 +94,8 @@ class FilterConfig {
   Http::Code rateLimitedStatus() { return rate_limited_status_; }
   const Router::HeaderParser& responseHeadersParser() const { return *response_headers_parser_; }
   Http::Code statusOnError() const { return status_on_error_; }
+  bool enabled() const;
+  bool enforced() const;
 
 private:
   static FilterRequestType stringToType(const std::string& request_type) {
@@ -127,6 +140,8 @@ class FilterConfig {
   const Http::Code rate_limited_status_;
   Router::HeaderParserPtr response_headers_parser_;
   const Http::Code status_on_error_;
+  const absl::optional<Envoy::Runtime::FractionalPercent> filter_enabled_;
+  const absl::optional<Envoy::Runtime::FractionalPercent> filter_enforced_;
 };
 
 using FilterConfigSharedPtr = std::shared_ptr<FilterConfig>;

test/extensions/filters/http/ratelimit/ratelimit_test.cc

@@ -131,6 +131,24 @@ class HttpRateLimitFilterTest : public testing::Test {
   stat_prefix: with_stat_prefix
   )EOF";
 
+  const std::string filter_config_with_filter_enabled_ = R"EOF(
+  domain: foo
+  filter_enabled:
+    runtime_key: test_enabled
+    default_value:
+      numerator: 30
+      denominator: HUNDRED
+  )EOF";
+
+  const std::string filter_config_with_filter_enforced_ = R"EOF(
+    domain: foo
+    filter_enforced:
+      runtime_key: test_enforced
+      default_value:
+        numerator: 50
+        denominator: HUNDRED
+    )EOF";
+
   Filters::Common::RateLimit::MockClient* client_;
   NiceMock<Http::MockStreamDecoderFilterCallbacks> filter_callbacks_;
   Stats::StatNamePool pool_{filter_callbacks_.clusterInfo()->statsScope().symbolTable()};
@@ -233,6 +251,29 @@ TEST_F(HttpRateLimitFilterTest, RuntimeDisabled) {
   EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->encodeTrailers(response_trailers_));
 }
 
+TEST_F(HttpRateLimitFilterTest, RuntimeDisabledFromFilterConfig) {
+  setUpTest(filter_config_with_filter_enabled_);
+
+  EXPECT_CALL(
+      factory_context_.runtime_loader_.snapshot_,
+      featureEnabled(absl::string_view("test_enabled"),
+                     testing::Matcher<const envoy::type::v3::FractionalPercent&>(Percent(30))))
+      .WillOnce(testing::Return(false));
+
+  // Explicit configuration in the filter config should override the default runtime key.
+  EXPECT_CALL(factory_context_.runtime_loader_.snapshot_,
+              featureEnabled("ratelimit.http_filter_enabled", 100))
+      .Times(0);
+
+  EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_->decodeHeaders(request_headers_, false));
+  EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->decodeData(data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->decodeTrailers(request_trailers_));
+  EXPECT_EQ(Http::Filter1xxHeadersStatus::Continue, filter_->encode1xxHeaders(response_headers_));
+  EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_->encodeHeaders(response_headers_, false));
+  EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->encodeData(response_data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->encodeTrailers(response_trailers_));
+}
+
 TEST_F(HttpRateLimitFilterTest, OkResponse) {
   setUpTest(filter_config_);
   InSequence s;
@@ -1043,6 +1084,56 @@ TEST_F(HttpRateLimitFilterTest, LimitResponseRuntimeDisabled) {
       filter_callbacks_.clusterInfo()->statsScope().counterFromStatName(upstream_rq_429_).value());
 }
 
+TEST_F(HttpRateLimitFilterTest, LimitResponseRuntimeDisabledFromFilterConfig) {
+  setUpTest(filter_config_with_filter_enforced_);
+  InSequence s;
+
+  EXPECT_CALL(route_rate_limit_, populateDescriptors(_, _, _, _))
+      .WillOnce(SetArgReferee<0>(descriptor_));
+  EXPECT_CALL(*client_, limit(_, _, _, _, _, 0))
+      .WillOnce(
+          WithArgs<0>(Invoke([&](Filters::Common::RateLimit::RequestCallbacks& callbacks) -> void {
+            request_callbacks_ = &callbacks;
+          })));
+
+  EXPECT_EQ(Http::FilterHeadersStatus::StopIteration,
+            filter_->decodeHeaders(request_headers_, false));
+
+  EXPECT_CALL(
+      factory_context_.runtime_loader_.snapshot_,
+      featureEnabled(absl::string_view("test_enforced"),
+                     testing::Matcher<const envoy::type::v3::FractionalPercent&>(Percent(50))))
+      .WillOnce(testing::Return(false));
+
+  // Explicit configuration in the filter config should override the default runtime key.
+  EXPECT_CALL(factory_context_.runtime_loader_.snapshot_,
+              featureEnabled("ratelimit.http_filter_enforcing", 100))
+      .Times(0);
+
+  EXPECT_CALL(filter_callbacks_, continueDecoding());
+  Http::ResponseHeaderMapPtr h{new Http::TestResponseHeaderMapImpl()};
+  request_callbacks_->complete(Filters::Common::RateLimit::LimitStatus::OverLimit, nullptr,
+                               std::move(h), nullptr, "", nullptr);
+
+  EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->decodeData(data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->decodeTrailers(request_trailers_));
+  EXPECT_EQ(Http::Filter1xxHeadersStatus::Continue, filter_->encode1xxHeaders(response_headers_));
+  EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_->encodeHeaders(response_headers_, false));
+  EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->encodeData(response_data_, false));
+  EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->encodeTrailers(response_trailers_));
+
+  EXPECT_EQ(1U, filter_callbacks_.clusterInfo()
+                    ->statsScope()
+                    .counterFromStatName(ratelimit_over_limit_)
+                    .value());
+  EXPECT_EQ(
+      1U,
+      filter_callbacks_.clusterInfo()->statsScope().counterFromStatName(upstream_rq_4xx_).value());
+  EXPECT_EQ(
+      1U,
+      filter_callbacks_.clusterInfo()->statsScope().counterFromStatName(upstream_rq_429_).value());
+}
+
 TEST_F(HttpRateLimitFilterTest, LimitResponseWithRateLimitedStatus) {
   setUpTest(rate_limited_status_config_);
   InSequence s;