Skip to content

Commit 9adf79b

Browse files
ParthaIParthaI
authored
Added default rate limit configuration for the tales (#942)
1 parent 09e05b6 commit 9adf79b

File tree

1 file changed

+85
-0
lines changed

1 file changed

+85
-0
lines changed

azure/plugin.go

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55

66
"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
77
"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
8+
"github.com/turbot/steampipe-plugin-sdk/v5/rate_limiter"
89
)
910

1011
const pluginName = "steampipe-plugin-azure"
@@ -32,6 +33,90 @@ func Plugin(ctx context.Context) *plugin.Plugin {
3233
ConnectionConfigSchema: &plugin.ConnectionConfigSchema{
3334
NewInstance: ConfigInstance,
3435
},
36+
RateLimiters: []*rate_limiter.Definition{
37+
// Tables mentioned in GitHub issue #927 - Azure Services Highly Prone to Rate Limits
38+
39+
// 1. Azure Resource Manager (ARM) - All list and get resource metadata calls go through ARM
40+
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling
41+
// ~12,000 reads/hour per subscription per region
42+
{
43+
Name: "azure_subscription",
44+
FillRate: 25,
45+
BucketSize: 250,
46+
Scope: []string{"connection", "service", "action"},
47+
Where: "service = 'Microsoft.Resources' and action = 'subscriptions/read'",
48+
},
49+
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling#subscription-and-tenant-limits
50+
{
51+
Name: "azure_resource_group",
52+
FillRate: 25,
53+
BucketSize: 250,
54+
Scope: []string{"connection", "service", "action"},
55+
Where: "service = 'Microsoft.Resources' and action = 'resourceGroups/read'",
56+
},
57+
// https://learn.microsoft.com/en-us/azure/virtual-machines/compute-throttling-limits#throttling-limits-for-virtual-machines
58+
{
59+
Name: "azure_compute_virtual_machine",
60+
FillRate: 500,
61+
BucketSize: 1500,
62+
Scope: []string{"connection", "service", "action"},
63+
Where: "service = 'Microsoft.Compute' and action = 'virtualMachines/read'",
64+
},
65+
{
66+
Name: "azure_compute_virtual_machine_operations",
67+
FillRate: 12,
68+
BucketSize: 36,
69+
Scope: []string{"connection", "service", "action"},
70+
Where: "service in ('Microsoft.Compute', 'Microsoft.GuestConfiguration', 'Microsoft.Network') and action in ('virtualMachines/instanceView/read', 'virtualMachines/extensions/read', 'publicIPAddresses/read')",
71+
},
72+
73+
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-storage-resource-provider-limits
74+
{
75+
Name: "azure_storage_account",
76+
FillRate: 2,
77+
BucketSize: 50,
78+
Scope: []string{"connection", "service", "action"},
79+
Where: "service = 'Microsoft.Storage' and action = 'storageAccounts/read'",
80+
},
81+
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-blob-storage-limits
82+
{
83+
Name: "azure_storage_blob",
84+
FillRate: 500,
85+
BucketSize: 500,
86+
Scope: []string{"connection", "service", "action"},
87+
Where: "service = 'Microsoft.Storage' and action = 'storageAccounts/blobServices/containers/blobs/read'",
88+
},
89+
90+
// 3. Azure Key Vault - Every get for a secret/key/certificate is a counted API request
91+
// https://learn.microsoft.com/en-us/azure/key-vault/general/service-limits
92+
// ~2,000 GET/10s per vault
93+
{
94+
Name: "azure_key_vault_secret",
95+
FillRate: 40,
96+
BucketSize: 400,
97+
Scope: []string{"connection", "subscription", "vault"},
98+
Where: "service = 'Microsoft.KeyVault' and action = 'vaults/secrets/read'",
99+
},
100+
{
101+
Name: "azure_key_vault_key",
102+
FillRate: 20,
103+
BucketSize: 200,
104+
Scope: []string{"connection", "subscription", "vault"},
105+
Where: "service = 'Microsoft.KeyVault' and action = 'vaults/keys/read'",
106+
},
107+
108+
// Azure Monitor / Log Analytics - Querying log data is essentially a read op
109+
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling
110+
// API queries often capped by 200 QPS per workspace, but contributes significantly to ARM traffic
111+
// https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/service-limits#alerts-api
112+
{
113+
Name: "azure_monitor_activity_log",
114+
FillRate: 1, // Conservative limit for activity log queries
115+
BucketSize: 50,
116+
Scope: []string{"connection", "subscription", "region"},
117+
Where: "service = 'Microsoft.Insights' and action = 'activityLogs/read'",
118+
},
119+
},
35120
TableMap: map[string]*plugin.Table{
36121
"azure_alert_management": tableAzureAlertMangement(ctx),
37122
"azure_api_management": tableAzureAPIManagement(ctx),

0 commit comments

Comments
 (0)