Cinder

API Limiters for single users are not applied

Bug #1206976 reported by Seif Lotfy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Seif Lotfy
Cinder 2013.2 "havana"

Bug Description

When setting limits in the api-paste.ini for a user it is not respected. This is due to the Limiter's class constructor of not being able to handle and parse the kwargs properly after they have been forwarded wysgi.

Tags: api
Seif Lotfy (seif)
Changed in cinder:
assignee: nobody → Seif Lotfy (seif)
Mike Perez (thingee)
tags: added: api
Revision history for this message
Xiaoxi Chen (xiaoxi-chen) wrote :

any more information about this bug?
For example, part of your api_paste.ini, and the error log...

Changed in cinder:
status: New → Incomplete
John Griffith (john-griffith)
Changed in cinder:
status: Incomplete → Confirmed
importance: Undecided → High
milestone: none → havana-3
OpenStack Infra (hudson-openstack)
Changed in cinder:
status: Confirmed → In Progress
Revision history for this message
Seif Lotfy (seif) wrote :

Current master does now respect ratelimiting, since parsing of the api-paste.ini was faulty. api-paste.ini limited user limiting by
setting a line as follows:
user:<user-id>:(GET, *, ".*", 4, minute)
which is passed to the Limiter as kwargs with "user" as a key.
all user parsing is wrong in the Limiter class as well as extracting the id of the user was bound
to fail, since we checked on the key with startswith("user:")

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/41089
Committed: http://github.com/openstack/cinder/commit/2acb6f329bb404e224e525b946c0aa6cdc74040c
Submitter: Jenkins
Branch: master

commit 2acb6f329bb404e224e525b946c0aa6cdc74040c
Author: Seif Lotfy <email address hidden>
Date: Fri Aug 9 13:37:38 2013 +0000

    Fix ratelimiting

    Current master does now respect ratelimiting, since parsing of the
    api-paste.ini was faulty. api-paste.ini limited user limiting by
    setting a line as follows:
    user:<user-id>:(GET, *, ".*", 4, minute) which was passed to the
    Limiter as kwargs with "user" as a key. Thus multiple user limiting
    was not possible as well as extracting the id of the user was bound
    to fail, since we checked on the key with startswith("user:")

    An example config in the api-paste.ini has to look as follows:
    limits = (POST, "*", .*, 10, MINUTE)
    limits.<user-id1>:(GET, "*", .*, 4, minute)
    limits.<user-id2>:(GET, "*", .*, 2, minute)

    Fixes bug: 1206976

    Change-Id: I4adbe3dbe3a0bd607d6e675f230b0442b08ec791

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.