Skip to content

CLDSRV-759: bucketGetRateLimit #5997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: improvement/CLDSRV-766/bucket_rate_limiting
Choose a base branch
from
Open

CLDSRV-759: bucketGetRateLimit #5997

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c353bab
impr(CLDSRV-759): Bump arsenal to branch
tmacro Nov 12, 2025
de2ed07
impr(CLDSRV-759): Adapt handler code to arsenal changes
tmacro Nov 12, 2025
074e87e
impr(CLDSRV-759): Add $RATE_LIMIT_SERVICE_USER_ARN to docker-entrypoi…
tmacro Nov 12, 2025
94e3fae
impr(CLDSRV-759): Setup rate limit config in CI
tmacro Nov 12, 2025
422cd7b
impr(CLDSRV-759): Add rate limit test tooling
tmacro Nov 12, 2025
c6dc6d9
impr(CLDSRV-759): Add tests for bucketGetRateLimit
tmacro Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions tests/functional/aws-node-sdk/test/rateLimit/tooling.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
const nodeFetch = require('node-fetch');
const AWS = require('aws-sdk');
const xml2js = require('xml2js');
const { getCredentials } = require('../support/credentials');

const { config } = require('../../../../../lib/Config');

const skipIfRateLimitDisabled = config.rateLimiting.enabled ? describe : describe.skip;

async function sendRateLimitRequest(method, host, path, body = '') {
const service = 's3';
const endpoint = new AWS.Endpoint(host);

const request = new AWS.HttpRequest(endpoint);
request.method = method.toUpperCase();
request.path = path;
request.body = body;
request.headers.Host = host;
request.headers['X-Amz-Date'] = new Date().toISOString().replace(/[:\-]|\.\d{3}/g, '');
const sha256hash = AWS.util.crypto.sha256(request.body || '', 'hex');
request.headers['X-Amz-Content-SHA256'] = sha256hash;
request.region = 'us-east-1';

const signer = new AWS.Signers.V4(request, service);
const credentials = getCredentials('lisa');
const awsCredentials = new AWS.Credentials(
credentials.accessKeyId,
credentials.secretAccessKey
);
signer.addAuthorization(awsCredentials, new Date());

const url = `http://${host}${path}`;
const options = {
method: request.method,
headers: request.headers,
};

if (method !== 'GET' && method !== 'DELETE') {
Copy link
Contributor

@jonathan-gramain jonathan-gramain Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems a bit odd to attach a body for all other types of requests (i.e. to have a negative check), I'd rather check if (method === 'PUT' || method === 'POST') instead.

options.body = request.body;
}

const response = await nodeFetch(url, options);
const text = await response.text();

// Check if response is successful
if (!response.ok) {
// Try to parse as XML error first (S3 errors are typically XML)
let xmlResult;
try {
xmlResult = await xml2js.parseStringPromise(text);
} catch {
// XML parsing failed, will try JSON below
}

if (xmlResult && xmlResult.Error) {
throw xmlResult;
}

// If XML parsing failed or no Error in XML, try JSON
try {
const json = JSON.parse(text);
if (json.error) {
throw json;
Copy link
Contributor

@jonathan-gramain jonathan-gramain Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This throw would be caught by the below catch, right? Not sure this is what you intended to do.

Also, do you want to throw an error in 100% of cases where !request.ok is true? In case it is so, the code doesn't throw in all cases (but maybe you did this on purpose so asking, in which case an extra comment after the try/catch block could help understanding this intent).

}
} catch {
// If both fail, throw the original error
throw new Error(`Request failed with status ${response.status}: ${text}`);
}
}

if (!text.trim()) {
return null;
}

return JSON.parse(text);
}

module.exports = {
sendRateLimitRequest,
skipIfRateLimitDisabled,
};