Adjust rate limits for service-related endpoints. (#4088)

* Adjust rate limits for service-related endpoints.

Most if not all service broker operations for the CF API v3 have been moved into background jobs and are asynchronous operations.
This means that the service broker operation can't block anymore the CF API v3 requests (which returns a 202 and a link to the polling job).
After reviewing /v3/service related endpoints, we adapted the rate
limiting:
- v3 service related endpoints that never interact with SBs synchronously are removed from rate limiting (POST, PATCH, DELETE /v3/[service_instances|service_credential_bindings|service_route_bindings])
- v3 GET methods that interact with SBs synchronously are added to rate
  limiting
  (/v3/(service_instances|service_credential_bindings|service_route_bindings)/:guid/parameters)

Author: kathap

middleware/service_broker_rate_limiter.rb

@@ -3,6 +3,13 @@
 
 module CloudFoundry
   module Middleware
+    RateLimitEndpoint = Struct.new(:endpoint_pattern, :request_methods)
+
+    RATE_LIMITED_ENDPOINTS = [
+      RateLimitEndpoint.new(%r{\A/v2/(service_instances|service_bindings|service_keys)}, %w[PUT POST DELETE]),
+      RateLimitEndpoint.new(%r{\A/v3/(service_instances|service_credential_bindings|service_route_bindings)/.+/parameters\z}, %w[GET])
+    ].freeze
+
     class ConcurrentRequestCounter
       def initialize(key_prefix, redis_connection_pool_size: nil)
         @key_prefix = key_prefix
@@ -106,26 +113,17 @@ def call(env)
 
       def apply_rate_limiting?(env)
         request = ActionDispatch::Request.new(env)
-        !admin? && is_service_request?(request) && rate_limit_method?(request)
+        !admin? && is_rate_limited_service_request?(request)
       end
 
       def admin?
         VCAP::CloudController::SecurityContext.admin? || VCAP::CloudController::SecurityContext.admin_read_only?
       end
 
-      def is_service_request?(request)
-        [
-          %r{\A/v2/service_instances},
-          %r{\A/v2/service_bindings},
-          %r{\A/v2/service_keys},
-          %r{\A/v3/service_instances},
-          %r{\A/v3/service_credential_bindings},
-          %r{\A/v3/service_route_bindings}
-        ].any? { |re| request.fullpath.match(re) }
-      end
-
-      def rate_limit_method?(request)
-        %w[PATCH PUT POST DELETE].include?(request.method)
+      def is_rate_limited_service_request?(request)
+        RATE_LIMITED_ENDPOINTS.any? do |endpoint|
+          endpoint.endpoint_pattern.match?(request.fullpath) && endpoint.request_methods.include?(request.method)
+        end
       end
 
       def suggested_retry_after

spec/unit/middleware/service_broker_rate_limiter_spec.rb

@@ -5,10 +5,12 @@ module Middleware
     RSpec.describe ServiceBrokerRateLimiter do
       let(:app) { double(:app) }
       let(:logger) { double }
-      let(:path_info) { '/v3/service_instances' }
+      let(:instance) { VCAP::CloudController::Service.make(instances_retrievable: true) }
+      let(:path_info) { '/v2/service_instances' }
       let(:user_guid) { SecureRandom.uuid }
       let(:user_env) { { 'cf.user_guid' => user_guid, 'PATH_INFO' => path_info } }
-      let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/v3/service_instances', method: 'POST') }
+      let(:env) { { 'cf.user_guid' => user_guid, 'PATH_INFO' => path, 'REQUEST_METHOD' => request_method } }
+      let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/v2/service_instances', method: 'POST') }
       let(:max_concurrent_requests) { 1 }
       let(:broker_timeout) { 60 }
       let(:middleware) do
@@ -25,6 +27,8 @@ module Middleware
       end
 
       describe 'included requests' do
+        let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/v2/service_instances', method: 'PUT') }
+
         it 'allows a service broker request within the limit' do
           status, = middleware.call(user_env)
           expect(status).to eq(200)
@@ -37,16 +41,6 @@ module Middleware
           expect(status).to eq(200)
         end
 
-        it 'does not allow more than the max number of concurrent requests' do
-          threads = 2.times.map { Thread.new { Thread.current[:status], = middleware.call(user_env) } }
-          statuses = threads.map { |t| t.join[:status] }
-
-          expect(statuses).to include(200)
-          expect(statuses).to include(429)
-          expect(app).to have_received(:call).once
-          expect(logger).to have_received(:info).with("Service broker concurrent rate limit exceeded for user '#{user_guid}'")
-        end
-
         it 'counts concurrent requests per user' do
           other_user_env = { 'cf.user_guid' => 'other_user_guid', 'PATH_INFO' => path_info }
           threads = [user_env, other_user_env].map do |env|
@@ -67,6 +61,73 @@ module Middleware
           expect(status).to eq(200)
         end
 
+        describe 'service endpoints' do
+          context 'v2 and v3 rate limited service endpoints' do
+            rate_limited_service_endpoints = [
+              %w[/v2/service_instances POST],
+              %w[/v2/service_bindings POST],
+              %w[/v2/service_keys POST],
+              %w[/v2/service_instances PUT],
+              %w[/v2/service_bindings PUT],
+              %w[/v2/service_keys PUT],
+              %w[/v2/service_instances DELETE],
+              %w[/v2/service_bindings DELETE],
+              %w[/v2/service_keys DELETE],
+              %w[/v3/service_instances/:guid/parameters GET],
+              %w[/v3/service_credential_bindings/:guid/parameters GET],
+              %w[/v3/service_route_bindings/:guid/parameters GET]
+            ]
+            rate_limited_service_endpoints.each do |endpoint, method|
+              context "#{endpoint} #{method} - rate-limited" do
+                let(:path) { endpoint.gsub(':guid', instance.guid.to_s) }
+                let(:request_method) { method }
+                let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: endpoint, method: method) }
+
+                it 'does not allow more than the max number of concurrent requests' do
+                  threads = 2.times.map { Thread.new { middleware.call(env) } }
+                  statuses = threads.map(&:join).map(&:value).map(&:first)
+
+                  expect(statuses).to include(200)
+                  expect(statuses).to include(429)
+                  expect(app).to have_received(:call).once
+                  expect(logger).to have_received(:info).with("Service broker concurrent rate limit exceeded for user '#{user_guid}'")
+                end
+              end
+            end
+          end
+
+          context 'v3 non rate limited service endpoints' do
+            v3_not_rate_limited_service_endpoints = [
+              %w[/v3/service_instances POST],
+              %w[/v3/service_credential_bindings POST],
+              %w[/v3/service_route_bindings POST],
+              %w[/v3/service_instances PATCH],
+              %w[/v3/service_credential_bindings PATCH],
+              %w[/v3/service_route_bindings PATCH],
+              %w[/v3/service_instances DELETE],
+              %w[/v3/service_credential_bindings DELETE],
+              %w[/v3/service_route_bindings DELETE]
+            ]
+
+            v3_not_rate_limited_service_endpoints.each do |endpoint, method|
+              context "#{endpoint} #{method} - non-rate-limited" do
+                let(:path) { endpoint }
+                let(:request_method) { method }
+                let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: endpoint, method: method) }
+
+                it 'allows concurrent requests without limits' do
+                  threads = 2.times.map { Thread.new { middleware.call(env) } }
+                  statuses = threads.map(&:join).map(&:value).map(&:first)
+
+                  expect(statuses).to all(eq(200))
+                  expect(app).to have_received(:call).twice
+                  expect(logger).not_to have_received(:info)
+                end
+              end
+            end
+          end
+        end
+
         describe 'errors' do
           let(:max_concurrent_requests) { 0 }