[server, installer] Make PrebuildRateLimiter period configurable

Author: geropl

components/server/ee/src/prebuilds/prebuild-manager.ts

@@ -34,6 +34,7 @@ import * as opentracing from "opentracing";
 import { StopWorkspacePolicy } from "@gitpod/ws-manager/lib";
 import { error } from "console";
 import { IncrementalPrebuildsService } from "./incremental-prebuilds-service";
+import { PrebuildRateLimiterConfig } from "../../../src/workspace/prebuild-rate-limiter";
 
 export class WorkspaceRunningError extends Error {
     constructor(msg: string, public instance: WorkspaceInstance) {
@@ -49,9 +50,6 @@ export interface StartPrebuildParams {
     forcePrebuild?: boolean;
 }
 
-const PREBUILD_LIMITER_WINDOW_SECONDS = 60;
-const PREBUILD_LIMITER_DEFAULT_LIMIT = 50;
-
 @injectable()
 export class PrebuildManager {
     @inject(TracedWorkspaceDB) protected readonly workspaceDB: DBWithTracing<WorkspaceDB>;
@@ -389,36 +387,24 @@ export class PrebuildManager {
     }
 
     private async shouldRateLimitPrebuild(span: opentracing.Span, cloneURL: string): Promise<boolean> {
-        const windowStart = secondsBefore(new Date().toISOString(), PREBUILD_LIMITER_WINDOW_SECONDS);
+        const rateLimit = PrebuildRateLimiterConfig.getConfigForCloneURL(this.config.prebuildLimiter, cloneURL);
+
+        const windowStart = secondsBefore(new Date().toISOString(), rateLimit.period);
         const unabortedCount = await this.workspaceDB
             .trace({ span })
             .countUnabortedPrebuildsSince(cloneURL, new Date(windowStart));
-        const limit = this.getPrebuildRateLimitForCloneURL(cloneURL);
 
-        if (unabortedCount >= limit) {
-            log.debug("Prebuild exceeds rate limit", { limit, unabortedPrebuildsCount: unabortedCount, cloneURL });
+        if (unabortedCount >= rateLimit.limit) {
+            log.debug("Prebuild exceeds rate limit", {
+                ...rateLimit,
+                unabortedPrebuildsCount: unabortedCount,
+                cloneURL,
+            });
             return true;
         }
         return false;
     }
 
-    private getPrebuildRateLimitForCloneURL(cloneURL: string): number {
-        // First we use any explicit overrides for a given cloneURL
-        let limit = this.config.prebuildLimiter[cloneURL];
-        if (limit > 0) {
-            return limit;
-        }
-
-        // Find if there is a default value set under the '*' key
-        limit = this.config.prebuildLimiter["*"];
-        if (limit > 0) {
-            return limit;
-        }
-
-        // Last resort default
-        return PREBUILD_LIMITER_DEFAULT_LIMIT;
-    }
-
     private async shouldSkipInactiveProject(project: Project): Promise<boolean> {
         return await this.projectService.isProjectConsideredInactive(project.id);
     }

components/server/src/config.ts

@@ -17,6 +17,7 @@ import * as yaml from "js-yaml";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { filePathTelepresenceAware } from "@gitpod/gitpod-protocol/lib/env";
 import { WorkspaceClasses, WorkspaceClassesConfig } from "./workspace/workspace-classes";
+import { PrebuildRateLimiters } from "./workspace/prebuild-rate-limiter";
 
 export const Config = Symbol("Config");
 export type Config = Omit<
@@ -200,10 +201,10 @@ export interface ConfigSerialized {
     enablePayment?: boolean;
 
     /**
-     * Number of prebuilds that can be started in the last 1 minute.
+     * Number of prebuilds that can be started in a given time period.
      * Key '*' specifies the default rate limit for a cloneURL, unless overriden by a specific cloneURL.
      */
-    prebuildLimiter: { [cloneURL: string]: number } & { "*": number };
+    prebuildLimiter: PrebuildRateLimiters;
 
     /**
      * If a numeric value interpreted as days is set, repositories not beeing opened with Gitpod are

components/server/src/workspace/prebuild-rate-limiter.ts

@@ -0,0 +1,44 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+export type PrebuildRateLimiters = { [cloneURL: string]: PrebuildRateLimiterConfig } & {
+    "*": PrebuildRateLimiterConfig;
+};
+
+export type PrebuildRateLimiterConfig = {
+    // maximum number of requests per period
+    limit: number;
+
+    // time period which the limit is enforce against in seconds
+    period: number;
+};
+
+export namespace PrebuildRateLimiterConfig {
+    const DEFAULT_CONFIG: PrebuildRateLimiterConfig = {
+        limit: 50,
+        period: 50,
+    };
+
+    export function getConfigForCloneURL(
+        rateLimiters: PrebuildRateLimiters,
+        cloneURL: string,
+    ): PrebuildRateLimiterConfig {
+        // First we use any explicit overrides for a given cloneURL
+        let config = rateLimiters[cloneURL];
+        if (config) {
+            return config;
+        }
+
+        // Find if there is a default value set under the '*' key
+        config = rateLimiters["*"];
+        if (config) {
+            return config;
+        }
+
+        // Last resort default
+        return DEFAULT_CONFIG;
+    }
+}