From 7e0a3fbb4dc3f3083bd84ea13e448a7f0df9b2b5 Mon Sep 17 00:00:00 2001 From: Radoslav Gatev Date: Sun, 3 Jan 2021 21:30:23 +0200 Subject: [PATCH 1/7] Add a comparison with the ratelimit middleware --- .../content/en/operations/configuration/control-concurrency.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daprdocs/content/en/operations/configuration/control-concurrency.md b/daprdocs/content/en/operations/configuration/control-concurrency.md index 6203bac3b..73279b685 100644 --- a/daprdocs/content/en/operations/configuration/control-concurrency.md +++ b/daprdocs/content/en/operations/configuration/control-concurrency.md @@ -11,6 +11,8 @@ Using Dapr, you can control how many requests and events will invoke your applic *Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* +*Note that rate limitting can be achieved by using the **middleware.http.ratelimit**. However, there is an imporant difference between the two approaches. The ratelimit middlware is time bound and limits the number of requests per second, while the app-max-concurrency specifies the number of concurrent requests (and events) at any point of time.* + ## Setting app-max-concurrency Without using Dapr, a developer would need to create some sort of a semaphore in the application and take care of acquiring and releasing it. From c7444f41bc792648a5aae9dc839c980dd6f11e87 Mon Sep 17 00:00:00 2001 From: Radoslav Gatev Date: Sun, 17 Jan 2021 21:19:59 +0200 Subject: [PATCH 2/7] fix link in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 056a4a9c8..aafd1edab 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ npm install ```sh hugo server --disableFastRender ``` -3. Navigate to `http://localhost:1313/docs` +3. Navigate to `http://localhost:1313/` ## Update docs 1. Fork repo into your account From f94f0a73e1084ec7db2c63031bfaba4d6bedba6a Mon Sep 17 00:00:00 2001 From: Radoslav Gatev Date: Sun, 17 Jan 2021 22:17:07 +0200 Subject: [PATCH 3/7] Add rate limit middleware --- .../middleware/middleware-rate-limit.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md diff --git a/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md new file mode 100644 index 000000000..2bf9e1795 --- /dev/null +++ b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md @@ -0,0 +1,30 @@ +--- +type: docs +title: "How-To: Rate limiting" +linkTitle: "How-To: Rate limiting" +weight: 1000 +description: "Use Dapr rate limit middleware to limit requests per second" +type: docs +--- + +The Dapr Rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second. + +## Middleware Component Definition + +In the following definition, the maximum requests per second are set to 10: +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: ratelimit +spec: + type: middleware.http.ratelimit + metadata: + - name: maxRequestsPerSecond + value: 10 +``` +Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*. + +## Referencing the rate limit middleware + +To be applied, the middleware must be referenced in a [Dapr Configuration]({{< ref configuration-concept.md >}}). See [Middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). \ No newline at end of file From 222dfe982c95d87ee61d361b594c14e90212d458 Mon Sep 17 00:00:00 2001 From: Radoslav Gatev Date: Sun, 17 Jan 2021 22:29:56 +0200 Subject: [PATCH 4/7] update justification --- .../en/operations/configuration/control-concurrency.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/control-concurrency.md b/daprdocs/content/en/operations/configuration/control-concurrency.md index 73279b685..454a0479b 100644 --- a/daprdocs/content/en/operations/configuration/control-concurrency.md +++ b/daprdocs/content/en/operations/configuration/control-concurrency.md @@ -9,9 +9,9 @@ description: "Control how many requests and events will invoke your application A common scenario in distributed computing is to only allow for a given number of requests to execute concurrently. Using Dapr, you can control how many requests and events will invoke your application simultaneously. -*Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* +*Note that this rate limiing is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.* -*Note that rate limitting can be achieved by using the **middleware.http.ratelimit**. However, there is an imporant difference between the two approaches. The ratelimit middlware is time bound and limits the number of requests per second, while the app-max-concurrency specifies the number of concurrent requests (and events) at any point of time.* +*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). * ## Setting app-max-concurrency From f5195969a3e0ed8d357d31efbb613619b4448d53 Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Tue, 19 Jan 2021 22:30:15 -0800 Subject: [PATCH 5/7] Update title casing and weight --- .../middleware/middleware-opa-policies.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/daprdocs/content/en/developing-applications/middleware/middleware-opa-policies.md b/daprdocs/content/en/developing-applications/middleware/middleware-opa-policies.md index 0c6dd56b4..13e8dc445 100644 --- a/daprdocs/content/en/developing-applications/middleware/middleware-opa-policies.md +++ b/daprdocs/content/en/developing-applications/middleware/middleware-opa-policies.md @@ -1,15 +1,16 @@ --- type: docs -title: "How-To: Apply OPA policies" -linkTitle: "How-To: Apply OPA policies" -weight: 1000 +title: "How-To: Apply Open Policy Agent (OPA) policies" +linkTitle: "Apply OPA policies" +weight: 2000 description: "Use Dapr middleware to apply Open Policy Agent (OPA) policies on incoming requests" type: docs --- -The Dapr Open Policy Agent (OPA) [HTTP middleware](https://github.com/dapr/docs/blob/master/concepts/middleware/README.md) allows applying [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints. +The Dapr Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware-concept.md >}}) allows applying [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints. + +## Middleware component definition -## Middleware Component Definition ```yaml apiVersion: dapr.io/v1alpha1 kind: Component @@ -59,7 +60,6 @@ spec: } { my_claim := jwt.payload["my-claim"] } - jwt = { "payload": payload } { auth_header := input.request.headers["authorization"] [_, jwt] := split(auth_header, " ") @@ -122,7 +122,7 @@ default allow = { } ``` -### Changing the Rejected Response Status Code +### Changing the rejected response status code When rejecting a request, you can override the status code the that gets returned. For example, if you wanted to return a `401` instead of a `403`, you could do the following: @@ -135,7 +135,7 @@ default allow = { } ``` -### Adding Response Headers +### Adding response headers To redirect, add headers and set the `status_code` to the returned result: @@ -151,7 +151,7 @@ default allow = { } ``` -### Adding Request Headers +### Adding request headers You can also set additional headers on the allowed request: @@ -162,12 +162,12 @@ default allow = false allow = { "allow": true, "additional_headers": { "X-JWT-Payload": payload } } { not input.path[0] == "forbidden" - # Where `jwt` is the result of another rule + // Where `jwt` is the result of another rule payload := base64.encode(json.marshal(jwt.payload)) } ``` -### Result Structure +### Result structure ```go type Result bool // or @@ -183,5 +183,5 @@ type Result struct { ## Related links -- Open Policy Agent: https://www.openpolicyagent.org -- HTTP API Example: https://www.openpolicyagent.org/docs/latest/http-api-authorization/ \ No newline at end of file +- [Open Policy Agent](https://www.openpolicyagent.org) +- [HTTP API Example](https://www.openpolicyagent.org/docs/latest/http-api-authorization/) \ No newline at end of file From 5babc5aefe8ae8b30f8878f1a0cb45b2c1ebfe75 Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Tue, 19 Jan 2021 22:30:21 -0800 Subject: [PATCH 6/7] Update title --- .../developing-applications/middleware/middleware-rate-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md index 2bf9e1795..9184852e3 100644 --- a/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md +++ b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md @@ -1,7 +1,7 @@ --- type: docs title: "How-To: Rate limiting" -linkTitle: "How-To: Rate limiting" +linkTitle: "Rate limiting" weight: 1000 description: "Use Dapr rate limit middleware to limit requests per second" type: docs From cc10150e456cfff4d9ee932a05e6941494281a6b Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Tue, 19 Jan 2021 22:33:39 -0800 Subject: [PATCH 7/7] Title casing and related links --- .../middleware/middleware-rate-limit.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md index 9184852e3..59893979b 100644 --- a/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md +++ b/daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md @@ -9,7 +9,7 @@ type: docs The Dapr Rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second. -## Middleware Component Definition +## Middleware component definition In the following definition, the maximum requests per second are set to 10: ```yaml @@ -27,4 +27,8 @@ Once the limit is reached, the request will return *HTTP Status code 429: Too Ma ## Referencing the rate limit middleware -To be applied, the middleware must be referenced in a [Dapr Configuration]({{< ref configuration-concept.md >}}). See [Middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). \ No newline at end of file +To be applied, the middleware must be referenced in a [Dapr Configuration]({{< ref configuration-concept.md >}}). See [Middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}). + +## Related links +- [Middleware concept]({{< ref middleware-concept.md >}}) +- [Dapr configuration]({{< ref configuration-concept.md >}}) \ No newline at end of file