The nova.api.openstack.compute.legacy_v2.limits Module

Module dedicated functions/classes dealing with rate limiting requests.

This module handles rate liming at a per-user level, so it should not be used to prevent intentional Denial of Service attacks, as we can assume a DOS can easily come through multiple user accounts. DOS protection should be done at a different layer. Instead this module should be used to protect against unintentional user actions. With that in mind the limits set here should be high enough as to not rate-limit any intentional actions.

To find good rate-limit values, check how long requests are taking (see logs) in your environment to assess your capabilities and multiply out to get figures.

NOTE: As the rate-limiting here is done in memory, this only works per process (each process will have its own rate limiting counter).

class Limit(verb, uri, regex, value, unit)

Bases: object

Stores information about a limit for HTTP requests.

UNITS = {3600: 'HOUR', 1: 'SECOND', 86400: 'DAY', 60: 'MINUTE'}
display()

Return a useful representation of this class.

display_unit()

Display the string name of the unit.

class Limiter(limits, **kwargs)

Bases: object

Rate-limit checking class which handles limits in memory.

check_for_delay(verb, url, username=None)

Check the given verb/user/user triplet for limit.

@return: Tuple of delay (in seconds) and error message (or None, None)

get_limits(username=None)

Return the limits for a given user.

static parse_limits(limits)

Convert a string into a list of Limit instances. This implementation expects a semicolon-separated sequence of parenthesized groups, where each group contains a comma-separated sequence consisting of HTTP method, user-readable URI, a URI reg-exp, an integer number of requests which can be made, and a unit of measure. Valid values for the latter are “SECOND”, “MINUTE”, “HOUR”, and “DAY”.

@return: List of Limit instances.

class LimitsController

Bases: object

Controller for accessing limits in the OpenStack API.

create(req, body)

Create a new limit.

delete(req, id)

Delete the limit.

index(req)

Return all global and rate limit information.

show(req, id)

Show limit information.

update(req, id, body)

Update existing limit.

class RateLimitingMiddleware(application, limits=None, limiter=None, **kwargs)

Bases: nova.wsgi.Middleware

Rate-limits requests passing through this middleware. All limit information is stored in memory for this implementation.

class WsgiLimiter(limits=None)

Bases: object

Rate-limit checking from a WSGI application. Uses an in-memory Limiter.

To use, POST /<username> with JSON data such as:

{
    "verb" : GET,
    "path" : "/servers"
}

and receive a 204 No Content, or a 403 Forbidden with an X-Wait-Seconds header containing the number of seconds to wait before the action would succeed.

class WsgiLimiterProxy(limiter_address)

Bases: object

Rate-limit requests based on answers from a remote source.

check_for_delay(verb, path, username=None)
static parse_limits(limits)

Ignore a limits string–simply doesn’t apply for the limit proxy.

@return: Empty list.

create_resource()

Previous topic

The nova.api.openstack.compute.legacy_v2.ips Module

Next topic

The nova.api.openstack.compute.legacy_v2.server_metadata Module

Project Source

This Page

Navigation

© Copyright 2010-present, OpenStack Foundation. Last updated on Thu Sep 29 00:41:51 2016, commit a967cfe. Created using Sphinx 1.2.3.