1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
package ratelimiter
import (
"sync"
"testing"
"time"
"github.com/prometheus/client_golang/prometheus"
"github.com/stretchr/testify/require"
)
var (
now = "2021-09-13T15:00:00Z"
validTime, _ = time.Parse(time.RFC3339, now)
)
func mockNow() time.Time {
return validTime
}
var sharedTestCases = map[string]struct {
sourceIPLimit float64
sourceIPBurstSize int
reqNum int
}{
"one_request_per_second": {
sourceIPLimit: 1,
sourceIPBurstSize: 1,
reqNum: 2,
},
"one_request_per_second_but_big_bucket": {
sourceIPLimit: 1,
sourceIPBurstSize: 10,
reqNum: 11,
},
"three_req_per_second_bucket_size_one": {
sourceIPLimit: 3,
sourceIPBurstSize: 1, // max burst 1 means 1 at a time
reqNum: 3,
},
"10_requests_per_second": {
sourceIPLimit: 10,
sourceIPBurstSize: 10,
reqNum: 11,
},
}
func TestSourceIPAllowed(t *testing.T) {
t.Parallel()
for tn, tc := range sharedTestCases {
t.Run(tn, func(t *testing.T) {
rl := New(
WithNow(mockNow),
WithSourceIPLimitPerSecond(tc.sourceIPLimit),
WithSourceIPBurstSize(tc.sourceIPBurstSize),
)
for i := 0; i < tc.reqNum; i++ {
got := rl.SourceIPAllowed("172.16.123.1")
if i < tc.sourceIPBurstSize {
require.Truef(t, got, "expected true for request no. %d", i)
} else {
// requests should fail after reaching tc.sourceIPBurstSize because mockNow
// always returns the same time
require.False(t, got, "expected false for request no. %d", i)
}
}
})
}
}
func TestSingleRateLimiterWithMultipleSourceIPs(t *testing.T) {
rate := 10 * time.Millisecond
rl := New(
WithSourceIPLimitPerSecond(float64(1/rate)),
WithSourceIPBurstSize(1),
)
wg := sync.WaitGroup{}
testFn := func(domain string) func(t *testing.T) {
return func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
for i := 0; i < 5; i++ {
got := rl.SourceIPAllowed(domain)
require.Truef(t, got, "expected true for request no. %d", i)
time.Sleep(rate)
}
}()
}
}
first := "172.16.123.10"
t.Run(first, testFn(first))
second := "172.16.123.20"
t.Run(second, testFn(second))
third := "172.16.123.30"
t.Run(third, testFn(third))
wg.Wait()
}
func newTestMetrics(t *testing.T) (*prometheus.GaugeVec, *prometheus.GaugeVec, *prometheus.CounterVec) {
t.Helper()
blockedGauge := prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Name: t.Name(),
},
[]string{"enforced"},
)
cachedEntries := prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: t.Name(),
}, []string{"op"})
cacheReqs := prometheus.NewCounterVec(prometheus.CounterOpts{
Name: t.Name(),
}, []string{"op", "cache"})
return blockedGauge, cachedEntries, cacheReqs
}
|