.../input/entityanalytics/provider/okta: Rate limiting fix, improvements #41977
Conversation
chrisberkhout
added
enhancement
bugfix
Team:Security-Service Integrations
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
botelastic
bot
added
needs_team
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
|
mergify
bot
added
the
backport-8.x
| @@ -27,6 +27,7 @@ func defaultConfig() conf { | |||
| SyncInterval: 24 * time.Hour, | |||
| UpdateInterval: 15 * time.Minute, | |||
| LimitWindow: time.Minute, | |||
| LimitFixed: nil, | |||
There was a problem hiding this comment.
This isn't needed. Is it here for explicitness?
There was a problem hiding this comment.
I guess I was thinking out loud. Doesn't need to be there. Removed.
x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/ratelimiter.go
Show resolved
Hide resolved
x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/ratelimiter.go
Show resolved
Hide resolved
| ready := make(chan struct{}) | ||
| close(ready) |
There was a problem hiding this comment.
Suggest something like
// alwaysReady is an non-blocking chan.
var alwaysReady = make(chan struct{})
func init() { close(alwaysReady) }
func (r RateLimiter) endpoint(path string) endpointRateLimiter {
if existing, ok := r.byEndpoint[path]; ok {
return existing
}
limit := rate.Limit(1)
if r.fixedLimit != nil {
limit = rate.Limit(float64(*r.fixedLimit) / r.window.Seconds())
}
limiter := rate.NewLimiter(limit, 1) // Allow a single fetch operation to obtain limits from the API
newEndpointRateLimiter := endpointRateLimiter{
limiter: limiter,
ready: alwaysReady,
}
r.byEndpoint[path] = newEndpointRateLimiter
return newEndpointRateLimiter
}
so that we have a single never-blocking chan.
There was a problem hiding this comment.
Done with the name immediatelyReady.
It's true that channel will always be ready, but the endpointRateLimiter's ready field won't always have that value...
I don't know. Is this better, or the same? (or less good?)
| log.Debugw("rate limit", "limit", limiter.Limit(), "burst", limiter.Burst(), "url", url.String()) | ||
| return limiter.Wait(ctx) | ||
| e := r.endpoint(endpoint) | ||
| <-e.ready |
There was a problem hiding this comment.
| <-e.ready | |
| <-e.ready | |
| select { | |
| case <-e.ready: | |
| case <-ctx.Done(): | |
| return ctx.Err() | |
| } |
| e := r.endpoint(endpoint) | ||
| <-e.ready | ||
| log.Debugw("rate limit", "limit", e.limiter.Limit(), "burst", e.limiter.Burst(), "url", url.String()) | ||
| ctxWithDeadline, cancel := context.WithDeadline(ctx, time.Now().Add(waitDeadline)) |
There was a problem hiding this comment.
Should the deadline be calculated before the e.ready recv?
There was a problem hiding this comment.
I intended to apply it only when using the rate limiter, not when requests are shut down, but I'll change it to apply to both.
| target := 30.0 | ||
| buffer := 0.01 | ||
|
|
||
| if tokens < target-buffer || tokens > target+buffer { |
There was a problem hiding this comment.
| if tokens < target-buffer || tokens > target+buffer { | |
| if tokens < target-buffer || target+buffer < tokens { |
| wait := time.Since(start) | ||
|
|
||
| if wait > 1010*time.Millisecond { | ||
| t.Errorf("doesn't allow requests to resume after reset. had to wait %d milliseconds", wait.Milliseconds()) |
There was a problem hiding this comment.
| t.Errorf("doesn't allow requests to resume after reset. had to wait %d milliseconds", wait.Milliseconds()) | |
| t.Errorf("doesn't allow requests to resume after reset. had to wait %s", wait) |
| const endpoint = "/foo" | ||
| limiter := r.limiter(endpoint) | ||
| url, _ := url.Parse(endpoint) |
There was a problem hiding this comment.
| url, _ := url.Parse(endpoint) | |
| url, err := url.Parse(endpoint) | |
| if err != nil { | |
| t.Fatalf("failed to parse endpoint: %v", err) | |
| } |
|
|
||
| const endpoint = "/foo" | ||
|
|
||
| url, _ := url.Parse(endpoint) |
|
@efd6 Addressed comments. Also added documentation changes that I just forgot to commit before. Now also has |
|
This pull request is now in conflicts. Could you fix it? 🙏 |
…limiting fix, improvements (#42008) * .../input/entityanalytics/provider/okta: Rate limiting fix, improvements (#41977) - Fix a bug in the stopping of requests when `x-rate-limit-remaining: 0`. - Add a deadline so long waits return immediately as errors. - Add an option to set a fixed request rate. (cherry picked from commit 08b7d84) --------- Co-authored-by: Chris Berkhout <[email protected]>
…nts (elastic#41977) - Fix a bug in the stopping of requests when `x-rate-limit-remaining: 0`. - Add a deadline so long waits return immediately as errors. - Add an option to set a fixed request rate.
Proposed commit message
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues