add request_method to rate-limit policy (#7832)

Author: vepatel

pkg/apis/configuration/validation/policy.go

@@ -585,6 +585,7 @@ var rateLimitKeyVariables = map[string]bool{
 	"request_uri":        true,
 	"uri":                true,
 	"args":               true,
+	"request_method":     true,
 }
 
 func validateRateLimitKey(key string, fieldPath *field.Path, isPlus bool) field.ErrorList {

pkg/apis/configuration/validation/policy_test.go

@@ -722,6 +722,41 @@ func TestValidateRateLimit_FailsOnInvalidInput(t *testing.T) {
 	}
 }
 
+func TestValidateRateLimitKey(t *testing.T) {
+	t.Parallel()
+
+	for varName := range rateLimitKeyVariables {
+		keyToTest := "${" + varName + "}"
+		testMsg := "validating key: " + keyToTest
+
+		t.Run(testMsg, func(t *testing.T) {
+			t.Parallel()
+			allErrs := validateRateLimitKey(keyToTest, field.NewPath("key"), false)
+			if len(allErrs) > 0 {
+				t.Errorf("validateRateLimitKey returned error for valid key %q, error %v", keyToTest, allErrs)
+			}
+		})
+	}
+
+	t.Run("invalid unknown key", func(t *testing.T) {
+		t.Parallel()
+		invalidKey := "${not_a_valid_key}"
+		allErrs := validateRateLimitKey(invalidKey, field.NewPath("key"), false)
+		if len(allErrs) == 0 {
+			t.Errorf("validateRateLimitKey returned no errors for an unknown key %q", invalidKey)
+		}
+	})
+
+	t.Run("empty key", func(t *testing.T) {
+		t.Parallel()
+		emptyKey := ""
+		allErrs := validateRateLimitKey(emptyKey, field.NewPath("key"), false)
+		if len(allErrs) == 0 {
+			t.Errorf("validateRateLimitKey %q returned no errors for an empty key", emptyKey)
+		}
+	})
+}
+
 func TestValidateJWT_PassesOnValidInput(t *testing.T) {
 	t.Parallel()
 	tests := []struct {

site/content/configuration/policy-resource.md

@@ -129,7 +129,7 @@ When the [Zone Sync feature]({{< ref "/configuration/global-configuration/config
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``rate`` | The rate of requests permitted. The rate is specified in requests per second (r/s) or requests per minute (r/m). | ``string`` | Yes |
-|``key`` | The key to which the rate limit is applied. Can contain text, variables, or a combination of them. Variables must be surrounded by ``${}``. For example: ``${binary_remote_addr}``. Accepted variables are ``$binary_remote_addr``, ``$request_uri``, ``$url``, ``$http_``, ``$args``, ``$arg_``, ``$cookie_``, ``$jwt_claim_``. | ``string`` | Yes |
+|``key`` | The key to which the rate limit is applied. Can contain text, variables, or a combination of them. Variables must be surrounded by ``${}``. For example: ``${binary_remote_addr}``. Accepted variables are ``$binary_remote_addr``, ``$request_uri``,``$request_method``, ``$url``, ``$http_``, ``$args``, ``$arg_``, ``$cookie_``, ``$jwt_claim_``. | ``string`` | Yes |
 |``zoneSize`` | Size of the shared memory zone. Only positive values are allowed. Allowed suffixes are ``k`` or ``m``, if none are present ``k`` is assumed. | ``string`` | Yes |
 |``delay`` | The delay parameter specifies a limit at which excessive requests become delayed. If not set all excessive requests are delayed. | ``int`` | No |
 |``noDelay`` | Disables the delaying of excessive requests while requests are being limited. Overrides ``delay`` if both are set. | ``bool`` | No |