Return 429 when cant auto resume due to team limit (#2005)

Author: matthewlouisbrockman

packages/api/internal/handlers/proxy_grpc.go

@@ -195,7 +195,7 @@ func (s *SandboxService) ResumeSandbox(ctx context.Context, req *proxygrpc.Sandb
 		nil, // volumeMounts
 	)
 	if apiErr != nil {
-		return nil, status.Errorf(sharedutils.GRPCCodeFromHTTPStatus(apiErr.Code), "resume failed: %s", apiErr.ClientMsg)
+		return nil, status.Error(sharedutils.GRPCCodeFromHTTPStatus(apiErr.Code), apiErr.ClientMsg)
 	}
 
 	node := s.api.orchestrator.GetNode(sbx.ClusterID, sbx.NodeID)

packages/client-proxy/internal/proxy/proxy.go

@@ -40,6 +40,7 @@ const (
 	autoResumeSucceeded autoResumeResult = iota
 	autoResumeNotAllowed
 	autoResumePermissionDenied
+	autoResumeResourceExhausted
 	autoResumeErrored
 )
 
@@ -95,6 +96,9 @@ func handlePausedSandbox(
 			if st.Code() == codes.NotFound {
 				return "", autoResumeNotAllowed, nil
 			}
+			if st.Code() == codes.ResourceExhausted {
+				return "", autoResumeResourceExhausted, reverseproxy.NewErrSandboxResourceExhausted(sandboxId, st.Message())
+			}
 		}
 
 		return "", autoResumeErrored, err
@@ -139,6 +143,13 @@ func NewClientProxy(meterProvider metric.MeterProvider, serviceName string, port
 					return nil, resumeDeniedErr
 				}
 
+				var resourceExhaustedErr *reverseproxy.SandboxResourceExhaustedError
+				if errors.As(err, &resourceExhaustedErr) {
+					l.Warn(ctx, "sandbox resource exhausted", zap.Error(err))
+
+					return nil, resourceExhaustedErr
+				}
+
 				if !errors.Is(err, ErrNodeNotFound) {
 					l.Warn(ctx, "failed to resolve node ip with Redis resolution", zap.Error(err))
 				}

packages/client-proxy/internal/proxy/proxy_test.go

@@ -59,14 +59,14 @@ func TestCatalogResolution_CatalogHit(t *testing.T) {
 	c := catalog.NewMemorySandboxesCatalog()
 	ff := newFF(t, true)
 
-	err := c.StoreSandbox(context.Background(), "sbx", &catalog.SandboxInfo{
+	err := c.StoreSandbox(t.Context(), "sbx", &catalog.SandboxInfo{
 		OrchestratorIP: "10.0.0.1",
 		ExecutionID:    "exec",
 		StartedAt:      time.Now(),
 	}, time.Minute)
 	require.NoError(t, err)
 
-	nodeIP, err := catalogResolution(context.Background(), "sbx", 8000, "", "", c, nil, ff)
+	nodeIP, err := catalogResolution(t.Context(), "sbx", 8000, "", "", c, nil, ff)
 	require.NoError(t, err)
 	require.Equal(t, "10.0.0.1", nodeIP)
 }
@@ -77,14 +77,14 @@ func TestCatalogResolution_CatalogHit_EmptyIPReturnsEmpty(t *testing.T) {
 	c := catalog.NewMemorySandboxesCatalog()
 	ff := newFF(t, true)
 
-	err := c.StoreSandbox(context.Background(), "sbx", &catalog.SandboxInfo{
+	err := c.StoreSandbox(t.Context(), "sbx", &catalog.SandboxInfo{
 		OrchestratorIP: "",
 		ExecutionID:    "exec",
 		StartedAt:      time.Now(),
 	}, time.Minute)
 	require.NoError(t, err)
 
-	nodeIP, err := catalogResolution(context.Background(), "sbx", 8000, "", "", c, nil, ff)
+	nodeIP, err := catalogResolution(t.Context(), "sbx", 8000, "", "", c, nil, ff)
 	require.NoError(t, err)
 	require.Empty(t, nodeIP)
 }
@@ -95,7 +95,7 @@ func TestCatalogResolution_CatalogMiss(t *testing.T) {
 	c := catalog.NewMemorySandboxesCatalog()
 	ff := newFF(t, true)
 
-	_, err := catalogResolution(context.Background(), "sbx", 8000, "", "", c, nil, ff)
+	_, err := catalogResolution(t.Context(), "sbx", 8000, "", "", c, nil, ff)
 	require.ErrorIs(t, err, ErrNodeNotFound)
 }
 
@@ -104,7 +104,7 @@ func TestHandlePausedSandbox_NoResumer_MissingTrafficAccessToken(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "", "", nil, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "", "", nil, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeNotAllowed, res)
 }
@@ -114,7 +114,7 @@ func TestHandlePausedSandbox_NoResumer_InvalidTrafficAccessToken(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "wrong-token", "", nil, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "wrong-token", "", nil, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeNotAllowed, res)
 }
@@ -124,7 +124,7 @@ func TestHandlePausedSandbox_FlagDisabled(t *testing.T) {
 
 	ff := newFF(t, false)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{nodeIP: "10.0.0.1"}, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{nodeIP: "10.0.0.1"}, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeNotAllowed, res)
 }
@@ -134,7 +134,7 @@ func TestHandlePausedSandbox_NotFound(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.NotFound, "not allowed")}, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.NotFound, "not allowed")}, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeNotAllowed, res)
 }
@@ -144,19 +144,33 @@ func TestHandlePausedSandbox_PermissionDenied(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.PermissionDenied, "permission denied")}, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.PermissionDenied, "permission denied")}, ff)
 	require.Error(t, err)
 	var deniedErr *reverseproxy.SandboxResumePermissionDeniedError
 	require.ErrorAs(t, err, &deniedErr)
 	require.Equal(t, autoResumePermissionDenied, res)
 }
 
+func TestHandlePausedSandbox_ResourceExhausted(t *testing.T) {
+	t.Parallel()
+
+	ff := newFF(t, true)
+
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.ResourceExhausted, "rate limit hit")}, ff)
+	require.Error(t, err)
+	var exhaustedErr *reverseproxy.SandboxResourceExhaustedError
+	require.ErrorAs(t, err, &exhaustedErr)
+	require.Equal(t, "sbx", exhaustedErr.SandboxId)
+	require.Equal(t, "rate limit hit", exhaustedErr.Message)
+	require.Equal(t, autoResumeResourceExhausted, res)
+}
+
 func TestHandlePausedSandbox_SnapshotNotFound(t *testing.T) {
 	t.Parallel()
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.NotFound, "snapshot not found")}, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.NotFound, "snapshot not found")}, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeNotAllowed, res)
 }
@@ -166,7 +180,7 @@ func TestHandlePausedSandbox_Error(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	_, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.Unavailable, "boom")}, ff)
+	_, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{err: status.Error(codes.Unavailable, "boom")}, ff)
 	require.Error(t, err)
 	require.Equal(t, autoResumeErrored, res)
 }
@@ -176,7 +190,7 @@ func TestHandlePausedSandbox_Succeeded(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	nodeIP, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{nodeIP: "10.0.0.1"}, ff)
+	nodeIP, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{nodeIP: "10.0.0.1"}, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeSucceeded, res)
 	require.Equal(t, "10.0.0.1", nodeIP)
@@ -187,7 +201,7 @@ func TestHandlePausedSandbox_Succeeded_EmptyIP(t *testing.T) {
 
 	ff := newFF(t, true)
 
-	nodeIP, res, err := handlePausedSandbox(context.Background(), "sbx", 8000, "token", "", stubResumer{nodeIP: ""}, ff)
+	nodeIP, res, err := handlePausedSandbox(t.Context(), "sbx", 8000, "token", "", stubResumer{nodeIP: ""}, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeSucceeded, res)
 	require.Empty(t, nodeIP)
@@ -199,7 +213,7 @@ func TestHandlePausedSandbox_PassesPortAndTokenToResumer(t *testing.T) {
 	ff := newFF(t, true)
 	resumer := &recordingResumer{}
 
-	nodeIP, res, err := handlePausedSandbox(context.Background(), "sbx", 49983, "token", "envd-token", resumer, ff)
+	nodeIP, res, err := handlePausedSandbox(t.Context(), "sbx", 49983, "token", "envd-token", resumer, ff)
 	require.NoError(t, err)
 	require.Equal(t, autoResumeSucceeded, res)
 	require.Equal(t, "10.0.0.1", nodeIP)

packages/shared/pkg/proxy/errors.go

@@ -81,3 +81,19 @@ func NewErrInvalidTrafficAccessToken(sandboxId string, header string) *InvalidTr
 		Header:    header,
 	}
 }
+
+type SandboxResourceExhaustedError struct {
+	SandboxId string
+	Message   string
+}
+
+func NewErrSandboxResourceExhausted(sandboxId string, message string) *SandboxResourceExhaustedError {
+	return &SandboxResourceExhaustedError{
+		SandboxId: sandboxId,
+		Message:   message,
+	}
+}
+
+func (e SandboxResourceExhaustedError) Error() string {
+	return "sandbox resource exhausted"
+}

packages/shared/pkg/proxy/handler.go

@@ -86,6 +86,25 @@ func handler(p *pool.ProxyPool, getDestination func(r *http.Request) (*pool.Dest
 			return
 		}
 
+		var resourceExhaustedErr *SandboxResourceExhaustedError
+		if errors.As(err, &resourceExhaustedErr) {
+			logger.L().Warn(ctx, "team sandbox limit reached",
+				zap.String("host", r.Host),
+				logger.WithSandboxID(resourceExhaustedErr.SandboxId))
+
+			err := template.
+				NewTeamSandboxLimitError(resourceExhaustedErr.SandboxId, r.Host, resourceExhaustedErr.Message).
+				HandleError(w, r)
+			if err != nil {
+				logger.L().Error(ctx, "failed to handle team sandbox limit error", zap.Error(err), logger.WithSandboxID(resourceExhaustedErr.SandboxId))
+				http.Error(w, "Failed to handle team sandbox limit error", http.StatusInternalServerError)
+
+				return
+			}
+
+			return
+		}
+
 		var trafficMissingTokenErr *MissingTrafficAccessTokenError
 		if errors.As(err, &trafficMissingTokenErr) {
 			logger.L().Warn(ctx, "traffic access token is missing", zap.String("host", r.Host))

packages/shared/pkg/proxy/proxy_test.go

@@ -276,6 +276,64 @@ func TestProxyResumePermissionDeniedErrorTemplate(t *testing.T) {
 	})
 }
 
+func TestProxyTeamSandboxLimitError(t *testing.T) {
+	t.Parallel()
+
+	getDestination := func(*http.Request) (*pool.Destination, error) {
+		return nil, NewErrSandboxResourceExhausted("test-sandbox", "rate limit hit")
+	}
+
+	proxy, port, err := newTestProxy(t, getDestination)
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		proxy.Close()
+	})
+
+	t.Run("json for non-browser", func(t *testing.T) {
+		t.Parallel()
+		proxyURL := fmt.Sprintf("http://127.0.0.1:%d/hello", port)
+		resp, err := httpGet(t, proxyURL)
+		require.NoError(t, err)
+		t.Cleanup(func() {
+			_ = resp.Body.Close()
+		})
+
+		require.Equal(t, http.StatusTooManyRequests, resp.StatusCode)
+		require.Equal(t, "application/json; charset=utf-8", resp.Header.Get("Content-Type"))
+
+		var response struct {
+			Code    int    `json:"code"`
+			Message string `json:"message"`
+		}
+		err = json.NewDecoder(resp.Body).Decode(&response)
+		require.NoError(t, err)
+		require.Equal(t, http.StatusTooManyRequests, response.Code)
+		require.Equal(t, "rate limit hit", response.Message)
+	})
+
+	t.Run("html for browser", func(t *testing.T) {
+		t.Parallel()
+		proxyURL := fmt.Sprintf("http://127.0.0.1:%d/hello", port)
+		headers := http.Header{
+			"User-Agent": {"Mozilla/5.0 (Windows NT 10.0; Win64; x64)"},
+		}
+
+		resp, err := httpGetWithHeaders(t, proxyURL, headers)
+		require.NoError(t, err)
+		t.Cleanup(func() {
+			_ = resp.Body.Close()
+		})
+
+		require.Equal(t, http.StatusTooManyRequests, resp.StatusCode)
+		require.Equal(t, "text/html; charset=utf-8", resp.Header.Get("Content-Type"))
+
+		body, err := io.ReadAll(resp.Body)
+		require.NoError(t, err)
+		assert.Contains(t, string(body), "Sandbox Limit Reached")
+		assert.Contains(t, string(body), "rate limit hit")
+	})
+}
+
 func httpGet(t *testing.T, proxyURL string) (*http.Response, error) {
 	t.Helper()