Handle rate limiting of UAA server (#1332)

* Feature: handle rate limiting of UAA server. Fixes #1307

Signed-off-by: Daniel Garnier-Moiroux <[email protected]>

Author: Lokowandtg

README.md

@@ -297,6 +297,7 @@ Name | Description
 `TEST_PROXY_PORT` | _(Optional)_ The port of a proxy to route all requests through. Defaults to `8080`.
 `TEST_PROXY_USERNAME` | _(Optional)_ The username for a proxy to route all requests through
 `TEST_SKIPSSLVALIDATION` | _(Optional)_ Whether to skip SSL validation when connecting to the Cloud Foundry instance.  Defaults to `false`.
+`UAA_API_REQUEST_LIMIT` | _(Optional)_ If your UAA server does rate limiting and returns 429 errors, set this variable to the smallest limit configured there. Whether your server limits UAA calls is shown in the log, together with the location of the configuration file on the server. Defaults to `0` (no limit).
 
 If you do not have access to a CloudFoundry instance with admin access, you can run one locally using [bosh-deployment](https://github.com/cloudfoundry/bosh-deployment) & [cf-deployment](https://github.com/cloudfoundry/cf-deployment/) and Virtualbox.
 

cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/uaa/ReactorRatelimit.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2013-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.reactor.uaa;
+
+import java.util.Map;
+import org.cloudfoundry.reactor.ConnectionContext;
+import org.cloudfoundry.reactor.TokenProvider;
+import org.cloudfoundry.uaa.ratelimit.Ratelimit;
+import org.cloudfoundry.uaa.ratelimit.RatelimitRequest;
+import org.cloudfoundry.uaa.ratelimit.RatelimitResponse;
+import reactor.core.publisher.Mono;
+
+public final class ReactorRatelimit extends AbstractUaaOperations implements Ratelimit {
+
+    /**
+     * Creates an instance
+     *
+     * @param connectionContext the {@link ConnectionContext} to use when communicating with the server
+     * @param root              the root URI of the server. Typically something like {@code https://uaa.run.pivotal.io}.
+     * @param tokenProvider     the {@link TokenProvider} to use when communicating with the server
+     * @param requestTags       map with custom http headers which will be added to web request
+     */
+    public ReactorRatelimit(
+            ConnectionContext connectionContext,
+            Mono<String> root,
+            TokenProvider tokenProvider,
+            Map<String, String> requestTags) {
+        super(connectionContext, root, tokenProvider, requestTags);
+    }
+
+    @Override
+    public Mono<RatelimitResponse> getRatelimit(RatelimitRequest request) {
+        return get(
+                        request,
+                        RatelimitResponse.class,
+                        builder -> builder.pathSegment("RateLimitingStatus"))
+                .checkpoint();
+    }
+}

cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/uaa/_ReactorUaaClient.java

@@ -33,6 +33,7 @@
 import org.cloudfoundry.uaa.groups.Groups;
 import org.cloudfoundry.uaa.identityproviders.IdentityProviders;
 import org.cloudfoundry.uaa.identityzones.IdentityZones;
+import org.cloudfoundry.uaa.ratelimit.Ratelimit;
 import org.cloudfoundry.uaa.serverinformation.ServerInformation;
 import org.cloudfoundry.uaa.tokens.Tokens;
 import org.cloudfoundry.uaa.users.Users;
@@ -104,6 +105,12 @@ public Users users() {
         return new ReactorUsers(getConnectionContext(), getRoot(), getTokenProvider(), getRequestTags());
     }
 
+    @Override
+    @Value.Derived
+    public Ratelimit rateLimit() {
+        return new ReactorRatelimit(getConnectionContext(), getRoot(), getTokenProvider(), getRequestTags());
+    }
+
     /**
      * The connection context
      */

cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/util/RequestLogger.java

@@ -34,7 +34,7 @@ public class RequestLogger {
     private long requestSentTime;
 
     public void request(HttpClientRequest request) {
-        request(String.format("%-6s {}", request.method()), request.uri());
+        request(String.format("%-6s {}", request.method()), request.resourceUrl());
     }
 
     public void response(HttpClientResponse response) {

…ances/ReactorServiceInstancesV3Test.java …ances/ReactorServiceInstancesV3Test.javacloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v3/serviceInstances/ReactorServiceInstancesV3Test.java renamed to cloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v3/serviceinstances/ReactorServiceInstancesV3Test.java cloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v3/serviceInstances/ReactorServiceInstancesV3Test.java renamed to cloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v3/serviceinstances/ReactorServiceInstancesV3Test.java

@@ -21,6 +21,7 @@
 import org.cloudfoundry.uaa.groups.Groups;
 import org.cloudfoundry.uaa.identityproviders.IdentityProviders;
 import org.cloudfoundry.uaa.identityzones.IdentityZones;
+import org.cloudfoundry.uaa.ratelimit.Ratelimit;
 import org.cloudfoundry.uaa.serverinformation.ServerInformation;
 import org.cloudfoundry.uaa.tokens.Tokens;
 import org.cloudfoundry.uaa.users.Users;
@@ -80,4 +81,9 @@ public interface UaaClient {
      * Main entry point to the UAA User Client API
      */
     Users users();
+
+    /**
+     * Main entry point to the UAA Ratelimit API
+     */
+    Ratelimit rateLimit();
 }

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/UaaClient.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2013-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.ratelimit;
+
+import reactor.core.publisher.Mono;
+
+/**
+ * Main entry point to the UAA Ratelimit Client API
+ */
+public interface Ratelimit {
+
+    Mono<RatelimitResponse> getRatelimit(RatelimitRequest request);
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/ratelimit/Ratelimit.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2013-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.ratelimit;
+
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import java.util.Date;
+
+import org.immutables.value.Value;
+
+/**
+ * The payload for the uaa ratelimiting
+ */
+@JsonDeserialize
+@Value.Immutable
+abstract class _Current {
+
+    /**
+     * The number of configured limiter mappings
+     */
+    @JsonProperty("limiterMappings")
+    abstract Integer getLimiterMappings();
+
+    /**
+     * Is ratelimit "ACTIVE" or not? Possible values are DISABLED, PENDING, ACTIVE
+     */
+    @JsonProperty("status")
+    abstract String getStatus();
+
+    /**
+     * Timestamp, when this Current was created.
+     */
+    @JsonProperty("asOf")
+    abstract Date getTimeOfCurrent();
+
+    /**
+     * The credentialIdExtractor
+     */
+    @JsonProperty("credentialIdExtractor")
+    abstract String getCredentialIdExtractor();
+
+    /**
+     * The loggingLevel. Valid values include: "OnlyLimited", "AllCalls" and "AllCallsWithDetails"
+     */
+    @JsonProperty("loggingLevel")
+    abstract String getLoggingLevel();
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/ratelimit/_Current.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2013-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.ratelimit;
+
+import org.immutables.value.Value;
+
+@Value.Immutable
+abstract class _RatelimitRequest {
+
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/ratelimit/_RatelimitRequest.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2013-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.ratelimit;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.cloudfoundry.Nullable;
+import org.immutables.value.Value;
+
+@JsonDeserialize
+@Value.Immutable
+abstract class _RatelimitResponse {
+
+    @JsonProperty("current")
+    @Nullable
+    abstract Current getCurrentData();
+
+    @JsonProperty("fromSource")
+    @Nullable
+    abstract String getFromSource();
+
+}