Add details docs for configs

Signed-off-by: TungHoang <[email protected]>
flyteorg · May 10, 2023 · 8cbb5c0 · 8cbb5c0
1 parent 9302916
commit 8cbb5c0
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 10 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -81,20 +81,20 @@ type ServerSecurityOptions struct {
 	// By default, the server will allow Accept, Accept-Language, Content-Language, and Content-Type.
 	// DeprecatedUser this setting to add any additional headers which are needed
 	AllowedHeaders []string         `json:"allowedHeaders"`
-	RateLimit      RateLimitOptions `json:"rateLimitOptions"`
+	RateLimit      RateLimitOptions `json:"rateLimit"`
 }
 
 type SslOptions struct {
 	CertificateFile string `json:"certificateFile"`
 	KeyFile         string `json:"keyFile"`
 }
 
-// declare RateLimitConfig
+// RateLimitOptions is a type to hold rate limit configuration options.
 type RateLimitOptions struct {
-	Enabled           bool            `json:"enabled"`
-	RequestsPerSecond int             `json:"requestsPerSecond"`
-	BurstSize         int             `json:"burstSize"`
-	CleanupInterval   config.Duration `json:"cleanupInterval"`
+	Enabled           bool            `json:"enabled" pflag:",Controls whether rate limiting is enabled. If enabled, the rate limit is applied to all requests using the TokenBucket algorithm."`
+	RequestsPerSecond int             `json:"requestsPerSecond" pflag:",The number of requests allowed per second."`
+	BurstSize         int             `json:"burstSize" pflag:",The number of requests allowed to burst. 0 implies the TokenBucket algorithm cannot hold any tokens."`
+	CleanupInterval   config.Duration `json:"cleanupInterval" pflag:",The interval at which the rate limiter cleans up entries that have not been used for a certain period of time."`
 }
 
 var defaultServerConfig = &ServerConfig{

diff --git a/pkg/config/serverconfig_flags.go b/pkg/config/serverconfig_flags.go
diff --git a/pkg/config/serverconfig_flags_test.go b/pkg/config/serverconfig_flags_test.go
diff --git a/pkg/server/service.go b/pkg/server/service.go
@@ -98,6 +98,9 @@ func newGRPCServer(ctx context.Context, pluginRegistry *plugins.Registry, cfg *c
 	} else {
 		logger.Infof(ctx, "Creating gRPC server without authentication")
 		chainedUnaryInterceptors = grpcmiddleware.ChainUnaryServer(grpcprometheus.UnaryServerInterceptor)
+		if cfg.Security.RateLimit.Enabled {
+			logger.Warningf(ctx, "Rate limit is enabled but auth is not")
+		}
 	}
 
 	serverOpts := []grpc.ServerOption{

diff --git a/plugins/rate_limit.go b/plugins/rate_limit.go
@@ -16,23 +16,23 @@ import (
 
 type RateLimitExceeded error
 
-// define a struct that contains a map of rate limiters, and a time stamp of last access and a mutex to protect the map
+// accessRecords stores the rate limiter and the last access time
 type accessRecords struct {
 	limiter    *rate.Limiter
 	lastAccess time.Time
 }
 
+// LimiterStore stores the access records for each user
 type LimiterStore struct {
+	// accessPerUser is a synchronized map of userID to accessRecords
 	accessPerUser   map[string]*accessRecords
 	mutex           *sync.Mutex
 	requestPerSec   int
 	burstSize       int
 	cleanupInterval time.Duration
 }
 
-// define a function named Allow that takes userID and returns RateLimitError
-// the function check if the user is in the map, if not, create a new accessRecords for the user
-// then it check if the user can access the resource, if not, return RateLimitError
+// Allow takes a userID and returns an error if the user has exceeded the rate limit
 func (l *LimiterStore) Allow(userID string) error {
 	l.mutex.Lock()
 	defer l.mutex.Unlock()