Add a dry-run mode for rack attack
What does this MR do?
This moves the config of Rack::Attack out of the initialiser and into the Gitlab module.
This way, we can avoid monkey-patching Rack::Attack
but instead call
the configuration on the class. As a result, we can also use the the
normal prepend_if_ee
strategy to extend rack attack configuration
for EE.
We did this so it would be possible to implement a dry-run mode for rack attack:
This allows tracking rather than throttling certain or all configured throttles.
This can be done by setting the GITLAB_THROTTLE_DRY_RUN env variable to a comma separated list of throttles. Each of the throttles specified in that list will be tracked instead of throttled.
To disable throttling for all configured throttles, we can specify '*' in the environment variable.
When a request hits the rate limit in dry run mode, it still proceeds, but we'll emit a message in the logs
Relates to: gitlab-com/gl-infra/scalability#629 (closed)
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry - We plan to remove this feature after we've enabled RackAttack for GitLab.com
- [-] Documentation (if required): RackAttack is already a working feature, the dry-run mode is not intended to become part of it
- [-] Code review guidelines
-
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done