API Limiters for single users are not applied

Bug #1206976 reported by Seif Lotfy on 2013-07-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
High
Seif Lotfy

Bug Description

When setting limits in the api-paste.ini for a user it is not respected. This is due to the Limiter's class constructor of not being able to handle and parse the kwargs properly after they have been forwarded wysgi.

Tags: api Edit Tag help
Seif Lotfy (seif) on 2013-07-31
Changed in cinder:
assignee: nobody → Seif Lotfy (seif)
Mike Perez (thingee) on 2013-07-31
tags: added: api
Xiaoxi Chen (xiaoxi-chen) wrote :

any more information about this bug?
For example, part of your api_paste.ini, and the error log...

Changed in cinder:
status: New → Incomplete
Changed in cinder:
status: Incomplete → Confirmed
importance: Undecided → High
milestone: none → havana-3
Changed in cinder:
status: Confirmed → In Progress
Seif Lotfy (seif) wrote :

Current master does now respect ratelimiting, since parsing of the api-paste.ini was faulty. api-paste.ini limited user limiting by
setting a line as follows:
user:<user-id>:(GET, *, ".*", 4, minute)
which is passed to the Limiter as kwargs with "user" as a key.
all user parsing is wrong in the Limiter class as well as extracting the id of the user was bound
to fail, since we checked on the key with startswith("user:")

Reviewed: https://review.openstack.org/41089
Committed: http://github.com/openstack/cinder/commit/2acb6f329bb404e224e525b946c0aa6cdc74040c
Submitter: Jenkins
Branch: master

commit 2acb6f329bb404e224e525b946c0aa6cdc74040c
Author: Seif Lotfy <email address hidden>
Date: Fri Aug 9 13:37:38 2013 +0000

    Fix ratelimiting

    Current master does now respect ratelimiting, since parsing of the
    api-paste.ini was faulty. api-paste.ini limited user limiting by
    setting a line as follows:
    user:<user-id>:(GET, *, ".*", 4, minute) which was passed to the
    Limiter as kwargs with "user" as a key. Thus multiple user limiting
    was not possible as well as extracting the id of the user was bound
    to fail, since we checked on the key with startswith("user:")

    An example config in the api-paste.ini has to look as follows:
    limits = (POST, "*", .*, 10, MINUTE)
    limits.<user-id1>:(GET, "*", .*, 4, minute)
    limits.<user-id2>:(GET, "*", .*, 2, minute)

    Fixes bug: 1206976

    Change-Id: I4adbe3dbe3a0bd607d6e675f230b0442b08ec791

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-09-05
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in cinder:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers