Replace rate limit hashes with static objects
What does this MR do and why?
Replaces Gitlab::ApplicationRateLimiter's remaining legacy rate-limit hash and strategy layer with Labkit rule/limiter objects.
This MR:
- Adds static Labkit limiter objects for registered application rate limits.
- Removes the legacy
rate_limitshash and EE extension. - Removes the legacy ApplicationRateLimiter strategy classes.
- Removes the public
thresholdandintervallookup helpers. - Updates callers and specs to use Labkit registry/adapter APIs.
- Adds
application_rate_limiter_static_labkit_limitersas a GitLab.com derisk feature flag for cached static limiter usage. - Keeps uncached Labkit limiter usage available when the feature flag is disabled.
Part of gitlab-com/gl-infra/production-engineering#29054.
Rollout issue: #604963
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
Run the manual smoke test locally.
Suggested execution sequence:
- Start GDK:
gdk start- Confirm endpoint works before throttling:
curl -i "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"Expected:
HTTP/1.1 200 OK
{"exists":false}Endpoint /users/:id/exists is an easy candidate because it is unauthenticated, and has a static rate limiting rule, easy to verify by humans.
- Disable feature flag:
bin/rails runner "Feature.disable(:application_rate_limiter_static_labkit_limiters)"- Run ApacheBench:
ab -n 30 -c 10 "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"- Confirm
429with curl right after previous step:
curl -i "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"- Enable feature flag:
bin/rails runner "Feature.enable(:application_rate_limiter_static_labkit_limiters)"- Repeat ApacheBench and curl checks.
Results w/ FF disabled
ab -n 30 -c 10 "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
This is ApacheBench, Version 2.3 <$Revision: 1923142 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking gdk.test (be patient).....done
Server Software:
Server Hostname: gdk.test
Server Port: 3000
Document Path: /users/smoke-test-rate-limit-username/exists
Document Length: 16 bytes
Concurrency Level: 10
Time taken for tests: 15.204 seconds
Complete requests: 30
Failed requests: 13
(Connect: 0, Receive: 0, Length: 13, Exceptions: 0)
Non-2xx responses: 13
Total transferred: 66041 bytes
HTML transferred: 1117 bytes
Requests per second: 1.97 [#/sec] (mean)
Time per request: 5067.945 [ms] (mean)
Time per request: 506.794 [ms] (mean, across all concurrent requests)
Transfer rate: 4.24 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 1 2 1.9 2 12
Processing: 5015 5038 32.1 5022 5118
Waiting: 16 38 32.1 22 119
Total: 5017 5040 32.2 5027 5121
Percentage of the requests served within a certain time (ms)
50% 5027
66% 5034
75% 5039
80% 5078
90% 5107
95% 5119
98% 5121
99% 5121
100% 5121 (longest request)curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists" This endpoint has been requested too many times. Try again later.429
curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
This endpoint has been requested too many times. Try again later.429
curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
{"exists":false}200Results w/ FF enabled
bin/rails runner "Feature.enable(:application_rate_limiter_static_labkit_limiters)"ab -n 30 -c 10 "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
This is ApacheBench, Version 2.3 <$Revision: 1923142 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking gdk.test (be patient).....done
Server Software:
Server Hostname: gdk.test
Server Port: 3000
Document Path: /users/smoke-test-rate-limit-username/exists
Document Length: 16 bytes
Concurrency Level: 10
Time taken for tests: 15.211 seconds
Complete requests: 30
Failed requests: 10
(Connect: 0, Receive: 0, Length: 10, Exceptions: 0)
Non-2xx responses: 10
Total transferred: 66080 bytes
HTML transferred: 970 bytes
Requests per second: 1.97 [#/sec] (mean)
Time per request: 5070.247 [ms] (mean)
Time per request: 507.025 [ms] (mean, across all concurrent requests)
Transfer rate: 4.24 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 1 2 1.9 1 10
Processing: 5017 5040 26.1 5032 5096
Waiting: 17 40 26.1 32 96
Total: 5018 5042 26.8 5033 5098
Percentage of the requests served within a certain time (ms)
50% 5033
66% 5042
75% 5068
80% 5072
90% 5097
95% 5097
98% 5098
99% 5098
100% 5098 (longest request)curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
This endpoint has been requested too many times. Try again later.429
curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
This endpoint has been requested too many times. Try again later.429
curl -w "%{http_code}\n" "http://gdk.test:3000/users/smoke-test-rate-limit-username/exists"
{"exists":false}200MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Hercules Merscher