Support request rate limiting

Harvey Lowndes · Harvey Lowndes · commit 19cfbf1f80fe · 2018-05-18T11:02:46.000+01:00
diff --git a/pkg/oci/ccm.go b/pkg/oci/ccm.go
@@ -35,6 +35,7 @@ import (
 	clientset "k8s.io/client-go/kubernetes"
 	listersv1 "k8s.io/client-go/listers/core/v1"
 	cache "k8s.io/client-go/tools/cache"
+	"k8s.io/client-go/util/flowcontrol"
 	cloudprovider "k8s.io/kubernetes/pkg/cloudprovider"
 	controller "k8s.io/kubernetes/pkg/controller"
 
@@ -43,6 +44,11 @@ import (
 	"github.com/oracle/oci-cloud-controller-manager/pkg/oci/util"
 )
 
+const (
+	RateLimitQPSDefault    = 1.0
+	RateLimitBucketDefault = 5
+)
+
 // ProviderName uniquely identifies the Oracle Bare Metal Cloud Services (OCI)
 // cloud-provider.
 func ProviderName() string {
@@ -73,7 +79,10 @@ func NewCloudProvider(config *Config) (cloudprovider.Interface, error) {
 	if err != nil {
 		return nil, err
 	}
-	c, err := client.New(cp)
+
+	rateLimiter := buildNewRateLimiter(config.RateLimiter)
+
+	c, err := client.New(cp, &rateLimiter)
 	if err != nil {
 		return nil, err
 	}
@@ -218,3 +227,39 @@ func buildConfigurationProvider(config *Config) (common.ConfigurationProvider, e
 	)
 	return cp, nil
 }
+
+// BuildRateLimiter ...
+func buildNewRateLimiter(config *RateLimiterConfig) client.RateLimiter {
+	// Set to default values if configuration not declared
+	if config.RateLimitQPSRead == 0 {
+		config.RateLimitQPSRead = RateLimitQPSDefault
+	}
+	if config.RateLimitBucketRead == 0 {
+		config.RateLimitBucketRead = RateLimitBucketDefault
+	}
+	if config.RateLimitQPSWrite == 0 {
+		config.RateLimitQPSWrite = RateLimitQPSDefault
+	}
+	if config.RateLimitBucketWrite == 0 {
+		config.RateLimitBucketWrite = RateLimitBucketDefault
+	}
+
+	rateLimiter := client.RateLimiter{
+		Reader: flowcontrol.NewTokenBucketRateLimiter(
+			config.RateLimitQPSRead,
+			config.RateLimitBucketRead),
+		Writer: flowcontrol.NewTokenBucketRateLimiter(
+			config.RateLimitQPSWrite,
+			config.RateLimitBucketWrite),
+	}
+
+	glog.V(2).Infof("OCI using read rate limit configuration: QPS=%g, bucket=%d",
+		config.RateLimitQPSRead,
+		config.RateLimitBucketRead)
+
+	glog.V(2).Infof("OCI using write rate limit configuration: QPS=%g, bucket=%d",
+		config.RateLimitQPSWrite,
+		config.RateLimitBucketWrite)
+
+	return rateLimiter
+}
diff --git a/pkg/oci/client/client.go b/pkg/oci/client/client.go
@@ -15,6 +15,7 @@
 package client
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"
@@ -25,6 +26,7 @@ import (
 	"time"
 
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/client-go/util/flowcontrol"
 
 	"github.com/golang/glog"
 	"github.com/oracle/oci-go-sdk/common"
@@ -40,16 +42,53 @@ type Interface interface {
 	Networking() NetworkingInterface
 }
 
+// RateLimiter reader and writer.
+type RateLimiter struct {
+	Reader flowcontrol.RateLimiter
+	Writer flowcontrol.RateLimiter
+}
+
+type computeClient interface {
+	GetInstance(ctx context.Context, request core.GetInstanceRequest) (response core.GetInstanceResponse, err error)
+	ListInstances(ctx context.Context, request core.ListInstancesRequest) (response core.ListInstancesResponse, err error)
+	ListVnicAttachments(ctx context.Context, request core.ListVnicAttachmentsRequest) (response core.ListVnicAttachmentsResponse, err error)
+}
+
+type virtualNetworkClient interface {
+	GetVnic(ctx context.Context, request core.GetVnicRequest) (response core.GetVnicResponse, err error)
+	GetSubnet(ctx context.Context, request core.GetSubnetRequest) (response core.GetSubnetResponse, err error)
+	GetSecurityList(ctx context.Context, request core.GetSecurityListRequest) (response core.GetSecurityListResponse, err error)
+	UpdateSecurityList(ctx context.Context, request core.UpdateSecurityListRequest) (response core.UpdateSecurityListResponse, err error)
+}
+
+type loadBalancerClient interface {
+	GetLoadBalancer(ctx context.Context, request loadbalancer.GetLoadBalancerRequest) (response loadbalancer.GetLoadBalancerResponse, err error)
+	ListLoadBalancers(ctx context.Context, request loadbalancer.ListLoadBalancersRequest) (response loadbalancer.ListLoadBalancersResponse, err error)
+	CreateLoadBalancer(ctx context.Context, request loadbalancer.CreateLoadBalancerRequest) (response loadbalancer.CreateLoadBalancerResponse, err error)
+	DeleteLoadBalancer(ctx context.Context, request loadbalancer.DeleteLoadBalancerRequest) (response loadbalancer.DeleteLoadBalancerResponse, err error)
+	ListCertificates(ctx context.Context, request loadbalancer.ListCertificatesRequest) (response loadbalancer.ListCertificatesResponse, err error)
+	CreateCertificate(ctx context.Context, request loadbalancer.CreateCertificateRequest) (response loadbalancer.CreateCertificateResponse, err error)
+	GetWorkRequest(ctx context.Context, request loadbalancer.GetWorkRequestRequest) (response loadbalancer.GetWorkRequestResponse, err error)
+	CreateBackendSet(ctx context.Context, request loadbalancer.CreateBackendSetRequest) (response loadbalancer.CreateBackendSetResponse, err error)
+	UpdateBackendSet(ctx context.Context, request loadbalancer.UpdateBackendSetRequest) (response loadbalancer.UpdateBackendSetResponse, err error)
+	DeleteBackendSet(ctx context.Context, request loadbalancer.DeleteBackendSetRequest) (response loadbalancer.DeleteBackendSetResponse, err error)
+	CreateListener(ctx context.Context, request loadbalancer.CreateListenerRequest) (response loadbalancer.CreateListenerResponse, err error)
+	UpdateListener(ctx context.Context, request loadbalancer.UpdateListenerRequest) (response loadbalancer.UpdateListenerResponse, err error)
+	DeleteListener(ctx context.Context, request loadbalancer.DeleteListenerRequest) (response loadbalancer.DeleteListenerResponse, err error)
+}
+
 type client struct {
-	compute      *core.ComputeClient
-	network      *core.VirtualNetworkClient
-	loadbalancer *loadbalancer.LoadBalancerClient
+	compute      computeClient
+	network      virtualNetworkClient
+	loadbalancer loadBalancerClient
+
+	rateLimiter RateLimiter
 
 	subnetCache cache.Store
 }
 
 // New constructs an OCI API client.
-func New(cp common.ConfigurationProvider) (Interface, error) {
+func New(cp common.ConfigurationProvider, opRateLimiter *RateLimiter) (Interface, error) {
 	compute, err := core.NewComputeClientWithConfigurationProvider(cp)
 	if err != nil {
 		return nil, errors.Wrap(err, "NewComputeClientWithConfigurationProvider")
@@ -84,6 +123,7 @@ func New(cp common.ConfigurationProvider) (Interface, error) {
 		compute:      &compute,
 		network:      &network,
 		loadbalancer: &lb,
+		rateLimiter:  *opRateLimiter,
 
 		subnetCache: cache.NewTTLStore(subnetCacheKeyFn, time.Duration(24)*time.Hour),
 	}
diff --git a/pkg/oci/client/compute.go b/pkg/oci/client/compute.go
@@ -35,6 +35,10 @@ type ComputeInterface interface {
 }
 
 func (c *client) GetInstance(ctx context.Context, id string) (*core.Instance, error) {
+	if !c.rateLimiter.Reader.TryAccept() {
+		return nil, RateLimitError(false, "GetInstance")
+	}
+
 	resp, err := c.compute.GetInstance(ctx, core.GetInstanceRequest{
 		InstanceId: &id,
 	})
@@ -53,6 +57,9 @@ func (c *client) getInstanceByDisplayName(ctx context.Context, compartmentID, di
 		instances []core.Instance
 	)
 	for {
+		if !c.rateLimiter.Reader.TryAccept() {
+			return nil, RateLimitError(false, "getInstanceByDisplayName")
+		}
 		resp, err := c.compute.ListInstances(ctx, core.ListInstancesRequest{
 			CompartmentId: &compartmentID,
 			DisplayName:   &displayName,
@@ -81,6 +88,10 @@ func (c *client) getInstanceByDisplayName(ctx context.Context, compartmentID, di
 }
 
 func (c *client) listVNICAttachments(ctx context.Context, req core.ListVnicAttachmentsRequest) (core.ListVnicAttachmentsResponse, error) {
+	if !c.rateLimiter.Reader.TryAccept() {
+		return core.ListVnicAttachmentsResponse{}, RateLimitError(false, "listVNICAttachments")
+	}
+
 	resp, err := c.compute.ListVnicAttachments(ctx, req)
 	incRequestCounter(err, listVerb, vnicAttachmentResource)
 
diff --git a/pkg/oci/client/errors.go b/pkg/oci/client/errors.go
@@ -49,3 +49,12 @@ func IsRetryable(err error) bool {
 	serviceErr, ok := common.IsServiceError(err)
 	return ok && serviceErr.GetHTTPStatusCode() == http.StatusTooManyRequests
 }
+
+// RateLimitError produces an Errorf for rate limiting.
+func RateLimitError(isWrite bool, opName string) error {
+	opType := "read"
+	if isWrite {
+		opType = "write"
+	}
+	return errors.Errorf("rate limited(%s) for operation: %s", opType, opName)
+}
diff --git a/pkg/oci/client/load_balancer.go b/pkg/oci/client/load_balancer.go
@@ -29,6 +29,7 @@ const workRequestPollInterval = 5 * time.Second
 // LoadBalancerInterface for consumed LB functionality.
 type LoadBalancerInterface interface {
 	CreateLoadBalancer(ctx context.Context, details loadbalancer.CreateLoadBalancerDetails) (string, error)
+
 	GetLoadBalancer(ctx context.Context, id string) (*loadbalancer.LoadBalancer, error)
 	GetLoadBalancerByName(ctx context.Context, compartmentID, name string) (*loadbalancer.LoadBalancer, error)
 	DeleteLoadBalancer(ctx context.Context, id string) (string, error)
@@ -48,6 +49,10 @@ type LoadBalancerInterface interface {
 }
 
 func (c *client) GetLoadBalancer(ctx context.Context, id string) (*loadbalancer.LoadBalancer, error) {
+	if !c.rateLimiter.Reader.TryAccept() {
+		return nil, RateLimitError(false, "GetLoadBalancer")
+	}
+
 	resp, err := c.loadbalancer.GetLoadBalancer(ctx, loadbalancer.GetLoadBalancerRequest{
 		LoadBalancerId: &id,
 	})
@@ -63,6 +68,9 @@ func (c *client) GetLoadBalancer(ctx context.Context, id string) (*loadbalancer.
 func (c *client) GetLoadBalancerByName(ctx context.Context, compartmentID, name string) (*loadbalancer.LoadBalancer, error) {
 	var page *string
 	for {
+		if !c.rateLimiter.Reader.TryAccept() {
+			return nil, RateLimitError(false, "GetLoadBalancerByName")
+		}
 		resp, err := c.loadbalancer.ListLoadBalancers(ctx, loadbalancer.ListLoadBalancersRequest{
 			CompartmentId: &compartmentID,
 			DisplayName:   &name,
@@ -87,6 +95,10 @@ func (c *client) GetLoadBalancerByName(ctx context.Context, compartmentID, name
 }
 
 func (c *client) CreateLoadBalancer(ctx context.Context, details loadbalancer.CreateLoadBalancerDetails) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "CreateLoadBalancer")
+	}
+
 	resp, err := c.loadbalancer.CreateLoadBalancer(ctx, loadbalancer.CreateLoadBalancerRequest{
 		CreateLoadBalancerDetails: details,
 	})
@@ -100,6 +112,10 @@ func (c *client) CreateLoadBalancer(ctx context.Context, details loadbalancer.Cr
 }
 
 func (c *client) DeleteLoadBalancer(ctx context.Context, id string) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "DeleteLoadBalancer")
+	}
+
 	resp, err := c.loadbalancer.DeleteLoadBalancer(ctx, loadbalancer.DeleteLoadBalancerRequest{
 		LoadBalancerId: &id,
 	})
@@ -113,6 +129,10 @@ func (c *client) DeleteLoadBalancer(ctx context.Context, id string) (string, err
 }
 
 func (c *client) GetCertificateByName(ctx context.Context, lbID, name string) (*loadbalancer.Certificate, error) {
+	if !c.rateLimiter.Reader.TryAccept() {
+		return nil, RateLimitError(false, "GetCertificateByName")
+	}
+
 	resp, err := c.loadbalancer.ListCertificates(ctx, loadbalancer.ListCertificatesRequest{
 		LoadBalancerId: &lbID,
 	})
@@ -131,6 +151,10 @@ func (c *client) GetCertificateByName(ctx context.Context, lbID, name string) (*
 }
 
 func (c *client) CreateCertificate(ctx context.Context, lbID, certificate, key string) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "CreateCertificate")
+	}
+
 	// TODO(apryde): We currently don't have a mechanism for supplying
 	// CreateCertificateDetails.CaCertificate.
 	resp, err := c.loadbalancer.CreateCertificate(ctx, loadbalancer.CreateCertificateRequest{
@@ -150,6 +174,10 @@ func (c *client) CreateCertificate(ctx context.Context, lbID, certificate, key s
 }
 
 func (c *client) GetWorkRequest(ctx context.Context, id string) (*loadbalancer.WorkRequest, error) {
+	if !c.rateLimiter.Reader.TryAccept() {
+		return nil, RateLimitError(false, "GetWorkRequest")
+	}
+
 	resp, err := c.loadbalancer.GetWorkRequest(ctx, loadbalancer.GetWorkRequestRequest{
 		WorkRequestId: &id,
 	})
@@ -163,6 +191,10 @@ func (c *client) GetWorkRequest(ctx context.Context, id string) (*loadbalancer.W
 }
 
 func (c *client) CreateBackendSet(ctx context.Context, lbID, name string, details loadbalancer.BackendSetDetails) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "CreateBackendSet")
+	}
+
 	resp, err := c.loadbalancer.CreateBackendSet(ctx, loadbalancer.CreateBackendSetRequest{
 		LoadBalancerId: &lbID,
 		CreateBackendSetDetails: loadbalancer.CreateBackendSetDetails{
@@ -184,6 +216,10 @@ func (c *client) CreateBackendSet(ctx context.Context, lbID, name string, detail
 }
 
 func (c *client) UpdateBackendSet(ctx context.Context, lbID, name string, details loadbalancer.BackendSetDetails) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "UpdateBackendSet")
+	}
+
 	resp, err := c.loadbalancer.UpdateBackendSet(ctx, loadbalancer.UpdateBackendSetRequest{
 		LoadBalancerId: &lbID,
 		BackendSetName: &name,
@@ -205,6 +241,10 @@ func (c *client) UpdateBackendSet(ctx context.Context, lbID, name string, detail
 }
 
 func (c *client) DeleteBackendSet(ctx context.Context, lbID, name string) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "DeleteBackendSet")
+	}
+
 	resp, err := c.loadbalancer.DeleteBackendSet(ctx, loadbalancer.DeleteBackendSetRequest{
 		LoadBalancerId: &lbID,
 		BackendSetName: &name,
@@ -219,6 +259,10 @@ func (c *client) DeleteBackendSet(ctx context.Context, lbID, name string) (strin
 }
 
 func (c *client) CreateListener(ctx context.Context, lbID, name string, details loadbalancer.ListenerDetails) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "CreateListener")
+	}
+
 	resp, err := c.loadbalancer.CreateListener(ctx, loadbalancer.CreateListenerRequest{
 		LoadBalancerId: &lbID,
 		CreateListenerDetails: loadbalancer.CreateListenerDetails{
@@ -239,6 +283,10 @@ func (c *client) CreateListener(ctx context.Context, lbID, name string, details
 }
 
 func (c *client) UpdateListener(ctx context.Context, lbID, name string, details loadbalancer.ListenerDetails) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "UpdateListener")
+	}
+
 	resp, err := c.loadbalancer.UpdateListener(ctx, loadbalancer.UpdateListenerRequest{
 		LoadBalancerId: &lbID,
 		ListenerName:   &name,
@@ -273,14 +321,18 @@ func (c *client) AwaitWorkRequest(ctx context.Context, id string) (*loadbalancer
 			wr = twr
 			return true, nil
 		case loadbalancer.WorkRequestLifecycleStateFailed:
-			return false, errors.Errorf("WorkRequest %q failed: %s", id, twr.Message)
+			return false, errors.Errorf("WorkRequest %q failed: %s", id, *twr.Message)
 		}
 		return false, nil
 	}, ctx.Done())
 	return wr, err
 }
 
 func (c *client) DeleteListener(ctx context.Context, lbID, name string) (string, error) {
+	if !c.rateLimiter.Writer.TryAccept() {
+		return "", RateLimitError(true, "DeleteListener")
+	}
+
 	resp, err := c.loadbalancer.DeleteListener(ctx, loadbalancer.DeleteListenerRequest{
 		LoadBalancerId: &lbID,
 		ListenerName:   &name,
diff --git a/pkg/oci/client/networking.go b/pkg/oci/client/networking.go
diff --git a/pkg/oci/config.go b/pkg/oci/config.go
