This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 4156a73 change(limit-count): ensure redis cluster name is set
correctly (#3910)
4156a73 is described below
commit 4156a73b9b9699cc0e15561c47d16d2703a4ec41
Author: han6565 <[email protected]>
AuthorDate: Wed Apr 7 09:20:00 2021 +0800
change(limit-count): ensure redis cluster name is set correctly (#3910)
fix the problem of multiple different redis-cluster data sources, stress
test prompting ' ttl: ERR invalid password'
Co-authored-by: hanjinqi <[email protected]>
Co-authored-by: Yuelin Zheng <[email protected]>
---
apisix/plugins/limit-count.lua | 5 +++-
.../limit-count/limit-count-redis-cluster.lua | 3 ++-
docs/en/latest/plugins/limit-count.md | 30 ++++++++++++----------
docs/zh/latest/plugins/limit-count.md | 30 ++++++++++++----------
t/plugin/limit-count-redis-cluster.t | 17 +++++++-----
5 files changed, 49 insertions(+), 36 deletions(-)
diff --git a/apisix/plugins/limit-count.lua b/apisix/plugins/limit-count.lua
index b730c5b..f5a10de 100644
--- a/apisix/plugins/limit-count.lua
+++ b/apisix/plugins/limit-count.lua
@@ -103,8 +103,11 @@ local schema = {
redis_timeout = {
type = "integer", minimum = 1, default = 1000,
},
+ redis_cluster_name = {
+ type = "string",
+ },
},
- required = {"redis_cluster_nodes"},
+ required = {"redis_cluster_nodes", "redis_cluster_name"},
}
}
}
diff --git a/apisix/plugins/limit-count/limit-count-redis-cluster.lua
b/apisix/plugins/limit-count/limit-count-redis-cluster.lua
index 2be5cae..7eea38c 100644
--- a/apisix/plugins/limit-count/limit-count-redis-cluster.lua
+++ b/apisix/plugins/limit-count/limit-count-redis-cluster.lua
@@ -32,7 +32,8 @@ local mt = {
local function new_redis_cluster(conf)
local config = {
- name = "apisix-redis-cluster",
+ -- can set different name for different redis cluster
+ name = conf.redis_cluster_name,
serv_list = {},
read_timeout = conf.redis_timeout,
auth = conf.redis_password,
diff --git a/docs/en/latest/plugins/limit-count.md
b/docs/en/latest/plugins/limit-count.md
index 30e11fc..7e7c309 100644
--- a/docs/en/latest/plugins/limit-count.md
+++ b/docs/en/latest/plugins/limit-count.md
@@ -35,19 +35,20 @@ Limit request rate by a fixed number of requests in a given
time window.
## Attributes
-| Name | Type | Requirement | Default | Valid
| Description
|
-| ------------------- | ------- | -------------------- | ------------- |
-------------------------------------------------------------------------------------------------------
|
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
-| count | integer | required | | count
> 0
| the specified number of requests threshold.
|
-| time_window | integer | required | |
time_window > 0
| the time window in seconds before the request count
is reset.
|
-| key | string | optional | "remote_addr" |
["remote_addr", "server_addr", "http_x_real_ip", "http_x_forwarded_for",
"consumer_name", "service_id"] | The user specified key to limit the count. <br
/> Now accept those as key: "remote_addr"(client's IP), "server_addr"(server's
IP), "X-Forwarded-For/X-Real-IP" in request header, "consumer_name"(consumer's
username) and "service_id".
|
-| rejected_code | integer | optional | 503 |
[200,...,599]
| The HTTP status code returned when the request
exceeds the threshold is rejected, default 503.
|
-| policy | string | optional | "local" |
["local", "redis", "redis-cluster"]
| The rate-limiting policies to use for retrieving and
incrementing the limits. Available values are `local`(the counters will be
stored locally in-memory on the node) and `redis`(counters are stored on a
Redis server and will be shared across the nodes, usually use it to do the
global speed limit). |
-| redis_host | string | required for `redis` | |
| When using the `redis` policy, this property specifies the
address of the Redis server.
|
-| redis_port | integer | optional | 6379 |
[1,...]
| When using the `redis` policy, this property
specifies the port of the Redis server.
|
-| redis_password | string | optional | |
| When using the `redis` policy, this property specifies the
password of the Redis server.
|
-| redis_database | integer | optional | 0 |
redis_database >= 0
| When using the `redis` policy, this property
specifies the database you selected of the Redis server, and only for non Redis
cluster mode (single instance mode or Redis public cloud service that provides
single entry).
|
-| redis_timeout | integer | optional | 1000 |
[1,...]
| When using the `redis` policy, this property
specifies the timeout in milliseconds of any command submitted to the Redis
server.
|
-| redis_cluster_nodes | array | optional | |
| When using `redis-cluster` policy,This property is a list
of addresses of Redis cluster service nodes.
|
+| Name | Type | Requirement |
Default | Valid
| Description
|
+| ------------------- | ------- | --------------------------------------- |
------------- |
-------------------------------------------------------------------------------------------------------
|
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
+| count | integer | required |
| count > 0
| the specified number of requests
threshold.
|
+ | time_window | integer | required |
| time_window > 0
| the time window in seconds before the
request count is reset.
|
+| key | string | optional |
"remote_addr" | ["remote_addr", "server_addr", "http_x_real_ip",
"http_x_forwarded_for", "consumer_name", "service_id"] | The user specified key
to limit the count. <br /> Now accept those as key: "remote_addr"(client's IP),
"server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header,
"consumer_name"(consumer's username) and "service_id".
|
+| rejected_code | integer | optional |
503 | [200,...,599]
| The HTTP status code returned when
the request exceeds the threshold is rejected, default 503.
|
+| policy | string | optional |
"local" | ["local", "redis", "redis-cluster"]
| The rate-limiting policies to use for
retrieving and incrementing the limits. Available values are `local`(the
counters will be stored locally in-memory on the node) and `redis`(counters are
stored on a Redis server and will be shared across the nodes, usually use it to
do the global speed limit). |
+| redis_host | string | required for `redis` |
|
| When using the `redis` policy, this
property specifies the address of the Redis server.
|
+| redis_port | integer | optional |
6379 | [1,...]
| When using the `redis` policy, this
property specifies the port of the Redis server.
|
+| redis_password | string | optional |
|
| When using the `redis` policy, this
property specifies the password of the Redis server.
|
+| redis_database | integer | optional | 0
| redis_database >= 0
| When using the `redis` policy, this
property specifies the database you selected of the Redis server, and only for
non Redis cluster mode (single instance mode or Redis public cloud service that
provides single entry).
|
+| redis_timeout | integer | optional |
1000 | [1,...]
| When using the `redis` policy, this
property specifies the timeout in milliseconds of any command submitted to the
Redis server.
|
+| redis_cluster_nodes | array | optional |
|
| When using `redis-cluster` policy,This
property is a list of addresses of Redis cluster service nodes.
|
+| redis_cluster_name | string | required when policy is `redis-cluster` |
|
| When using `redis-cluster` policy, this
property is the name of Redis cluster service nodes.
[...]
**Key can be customized by the user, only need to modify a line of code of the
plug-in to complete. It is a security consideration that is not open in the
plugin.**
@@ -129,7 +130,8 @@ curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H
'X-API-KEY: edd1c9f034335
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
diff --git a/docs/zh/latest/plugins/limit-count.md
b/docs/zh/latest/plugins/limit-count.md
index 420471b..7d77912 100644
--- a/docs/zh/latest/plugins/limit-count.md
+++ b/docs/zh/latest/plugins/limit-count.md
@@ -38,19 +38,20 @@ title: limit-count
## 参数
-| 名称 | 类型 | 必选项 | 默认值 | 有效值
|
描述
[...]
-| ------------------- | ------- | ------------ | ------------- |
-------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
-| count | integer | 必须 | | count > 0
| 指定时间窗口内的请求数量阈值
[...]
-| time_window | integer | 必须 | | time_window > 0
| 时间窗口的大小(以秒为单位),超过这个时间就会重置
[...]
-| key | string | 可选 | "remote_addr" | ["remote_addr",
"server_addr", "http_x_real_ip", "http_x_forwarded_for", "consumer_name",
"service_id"] | 用来做请求计数的有效值。<br
/>例如,可以使用主机名(或服务器区域)作为关键字,以便限制每个主机名规定时间内的请求次数。我们也可以使用客户端地址作为关键字,这样我们就可以避免单个客户端规定时间内多次的连接我们的服务。<br
/>当前接受的 key 有:"remote_addr"(客户端 IP 地址), "server_addr"(服务端 IP 地址),
请求头中的"X-Forwarded-For" 或 "X-Real-IP", "consumer_name"(consumer 的 username),
"service_id" 。 |
-| rejected_code | integer | 可选 | 503 | [200,...,599]
| 当请求超过阈值被拒绝时,返回的 HTTP 状态码
[...]
-| policy | string | 可选 | "local" | ["local",
"redis", "redis-cluster"]
| 用于检索和增加限制的速率限制策略。可选的值有:`local`(计数器被以内存方式保存在节点本地,默认选项) 和
`redis`(计数器保存在 Redis 服务节点上,从而可以跨节点共享结果,通常用它来完成全局限速);以及`redis-cluster`,跟 redis
功能一样,只是使用 redis 集群方式。
|
-| redis_host | string | `redis` 必须 | |
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的地址。
[...]
-| redis_port | integer | 可选 | 6379 | [1,...]
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的端口
[...]
-| redis_password | string | 可选 | |
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的密码。
[...]
-| redis_database | integer | 可选 | 0 | redis_database
>= 0
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点中使用的 database,并且只针对非 Redis
集群模式(单实例模式或者提供单入口的 Redis 公有云服务)生效。
[...]
-| redis_timeout | integer | 可选 | 1000 | [1,...]
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点以毫秒为单位的超时时间
[...]
-| redis_cluster_nodes | array | 可选 | |
| 当使用 `redis-cluster` 限速策略时,该属性是 Redis 集群服务节点的地址列表。
[...]
+| 名称 | 类型 | 必选项 | 默认值 |
有效值
| 描述
[...]
+| ------------------- | ------- | --------------------------------- |
------------- |
-------------------------------------------------------------------------------------------------------
|
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| count | integer | 必须 |
| count > 0
| 指定时间窗口内的请求数量阈值
[...]
+| time_window | integer | 必须 |
| time_window > 0
| 时间窗口的大小(以秒为单位),超过这个时间就会重置
[...]
+| key | string | 可选 |
"remote_addr" | ["remote_addr", "server_addr", "http_x_real_ip",
"http_x_forwarded_for", "consumer_name", "service_id"] | 用来做请求计数的有效值。<br
/>例如,可以使用主机名(或服务器区域)作为关键字,以便限制每个主机名规定时间内的请求次数。我们也可以使用客户端地址作为关键字,这样我们就可以避免单个客户端规定时间内多次的连接我们的服务。<br
/>当前接受的 key 有:"remote_addr"(客户端 IP 地址), "server_addr"(服务端 IP 地址),
请求头中的"X-Forwarded-For" 或 "X-Real-IP", "consumer_name"(consumer 的 username),
"service_id" 。 |
+| rejected_code | integer | 可选 | 503
| [200,...,599]
| 当请求超过阈值被拒绝时,返回的 HTTP 状态码
[...]
+| policy | string | 可选 | "local"
| ["local", "redis", "redis-cluster"]
|
用于检索和增加限制的速率限制策略。可选的值有:`local`(计数器被以内存方式保存在节点本地,默认选项) 和 `redis`(计数器保存在 Redis
服务节点上,从而可以跨节点共享结果,通常用它来完成全局限速);以及`redis-cluster`,跟 redis 功能一样,只是使用 redis 集群方式。
|
+| redis_host | string | `redis` 必须 |
|
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的地址。
[...]
+| redis_port | integer | 可选 | 6379
| [1,...]
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的端口
[...]
+| redis_password | string | 可选 |
|
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点的密码。
[...]
+| redis_database | integer | 可选 | 0
| redis_database >= 0
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点中使用的
database,并且只针对非 Redis 集群模式(单实例模式或者提供单入口的 Redis 公有云服务)生效。
[...]
+| redis_timeout | integer | 可选 | 1000
| [1,...]
| 当使用 `redis` 限速策略时,该属性是 Redis 服务节点以毫秒为单位的超时时间
[...]
+| redis_cluster_nodes | array | 可选 |
|
| 当使用 `redis-cluster` 限速策略时,该属性是 Redis
集群服务节点的地址列表。
[...]
+| redis_cluster_name | string | 当 policy 为 `redis-cluster` 时必填 |
|
| 当使用 `redis-cluster` 限速策略时,该属性是 Redis 集群服务节点的名称。
[...]
**key 是可以被用户自定义的,只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
@@ -134,7 +135,8 @@ curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H
'X-API-KEY: edd1c9f034335
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
diff --git a/t/plugin/limit-count-redis-cluster.t
b/t/plugin/limit-count-redis-cluster.t
index ff29897..70b9371 100644
--- a/t/plugin/limit-count-redis-cluster.t
+++ b/t/plugin/limit-count-redis-cluster.t
@@ -69,7 +69,7 @@ GET /t
-=== TEST 2: set route, with redis host and port
+=== TEST 2: set route, with redis host and port and redis_cluster_name
--- config
location /t {
content_by_lua_block {
@@ -89,7 +89,8 @@ GET /t
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
@@ -135,7 +136,8 @@ passed
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
@@ -159,7 +161,8 @@ passed
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
@@ -242,7 +245,8 @@ unlock with key route#1#redis-cluster
"127.0.0.1:8001",
"127.0.0.1:8002",
"127.0.0.1:8003"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
@@ -329,7 +333,8 @@ code: 200
"redis_cluster_nodes": [
"127.0.0.1:5000",
"127.0.0.1:5001"
- ]
+ ],
+ "redis_cluster_name": "redis-cluster-1"
}
},
"upstream": {
