From ba2ee29a126e63dafa8d88a9c5275428d4ba05c3 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Thu, 28 Mar 2024 13:34:14 -0700 Subject: [PATCH 1/7] feat(FSADT1-1280): rate-limit for backend --- backend/openshift.deploy.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index d92ca46983..63f12efc49 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -230,6 +230,13 @@ objects: labels: app: ${NAME}-${ZONE} name: ${NAME}-${ZONE}-${COMPONENT} + annotations: + haproxy.router.openshift.io/rate-limit-capacity: "50" + haproxy.router.openshift.io/rate-limit-period: "30s" + haproxy.router.openshift.io/rate-limit-burst: "25" + haproxy.router.openshift.io/rate-limit-include-headers: "true" + haproxy.router.openshift.io/rate-limit-status-code: "429" + haproxy.router.openshift.io/rate-limit-granularity: "sourceIP" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: From e63d8d74f5c54cb8a4e568827fa1d92b0501b276 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Thu, 28 Mar 2024 14:34:51 -0700 Subject: [PATCH 2/7] feat(FSADT1-1280): updating haproxy annotations --- backend/openshift.deploy.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 63f12efc49..8658b2d5c2 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -231,12 +231,17 @@ objects: app: ${NAME}-${ZONE} name: ${NAME}-${ZONE}-${COMPONENT} annotations: - haproxy.router.openshift.io/rate-limit-capacity: "50" - haproxy.router.openshift.io/rate-limit-period: "30s" - haproxy.router.openshift.io/rate-limit-burst: "25" - haproxy.router.openshift.io/rate-limit-include-headers: "true" - haproxy.router.openshift.io/rate-limit-status-code: "429" - haproxy.router.openshift.io/rate-limit-granularity: "sourceIP" + haproxy.: + router: + openshift: + io/rate-limit-connections: "true" + io/rate-limit-connections.rate-http: "50" + io/rate-limit-capacity: "50" + io/rate-limit-period: "30s" + io/rate-limit-burst: "25" + io/rate-limit-include-headers: "true" + io/rate-limit-status-code: "429" + io/rate-limit-granularity: "sourceIP" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: From c4b94dec21a16e7d35d283b89f152efd547da14e Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Thu, 28 Mar 2024 14:49:38 -0700 Subject: [PATCH 3/7] feat(FSADT1-1280): updating haproxy annotations --- backend/openshift.deploy.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 8658b2d5c2..c2b3f18773 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -231,17 +231,14 @@ objects: app: ${NAME}-${ZONE} name: ${NAME}-${ZONE}-${COMPONENT} annotations: - haproxy.: - router: - openshift: - io/rate-limit-connections: "true" - io/rate-limit-connections.rate-http: "50" - io/rate-limit-capacity: "50" - io/rate-limit-period: "30s" - io/rate-limit-burst: "25" - io/rate-limit-include-headers: "true" - io/rate-limit-status-code: "429" - io/rate-limit-granularity: "sourceIP" + haproxy.router.openshift.io/rate-limit-connections: "true" + haproxy.router.openshift.io/rate-limit-connections.rate-http: "50" + haproxy.router.openshift.io/rate-limit-capacity: "50" + haproxy.router.openshift.io/rate-limit-period: "30s" + haproxy.router.openshift.io/rate-limit-burst: "25" + haproxy.router.openshift.io/rate-limit-include-headers: "true" + haproxy.router.openshift.io/rate-limit-status-code: "429" + haproxy.router.openshift.io/rate-limit-granularity: "sourceIP" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: From f8a5404dc0eda6eb329c561d960e0a5a018b1dc1 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Thu, 28 Mar 2024 15:12:23 -0700 Subject: [PATCH 4/7] feat(FSADT1-1280): reducing haproxy annotations --- backend/openshift.deploy.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index c2b3f18773..f41c7ba00c 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -233,12 +233,7 @@ objects: annotations: haproxy.router.openshift.io/rate-limit-connections: "true" haproxy.router.openshift.io/rate-limit-connections.rate-http: "50" - haproxy.router.openshift.io/rate-limit-capacity: "50" - haproxy.router.openshift.io/rate-limit-period: "30s" - haproxy.router.openshift.io/rate-limit-burst: "25" - haproxy.router.openshift.io/rate-limit-include-headers: "true" - haproxy.router.openshift.io/rate-limit-status-code: "429" - haproxy.router.openshift.io/rate-limit-granularity: "sourceIP" + haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "25" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: From 7b8e5d8571ae3c45c8f31f7317b21cd3f3072cbf Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 2 Apr 2024 10:56:18 -0700 Subject: [PATCH 5/7] chore: changing ches url call --- .../ca/bc/gov/app/service/ches/ChesService.java | 3 +-- .../ches/ChesControllerIntegrationTest.java | 2 +- .../service/ches/ChesServiceIntegrationTest.java | 14 +++++++------- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/backend/src/main/java/ca/bc/gov/app/service/ches/ChesService.java b/backend/src/main/java/ca/bc/gov/app/service/ches/ChesService.java index e7b2adb877..a3135c4e9b 100644 --- a/backend/src/main/java/ca/bc/gov/app/service/ches/ChesService.java +++ b/backend/src/main/java/ca/bc/gov/app/service/ches/ChesService.java @@ -232,7 +232,7 @@ public Mono sendEmail(ChesRequestDto requestContent, String subject) { .flatMap(token -> chesApi .post() - .uri(configuration.getChes().getUri()) + .uri("/mail") .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .body(Mono.just(request), ChesMailRequest.class) @@ -324,7 +324,6 @@ private Mono getToken() { return authApi .post() - .uri(configuration.getChes().getTokenUrl()) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .body(BodyInserters.fromFormData("grant_type", "client_credentials")) .retrieve() diff --git a/backend/src/test/java/ca/bc/gov/app/controller/ches/ChesControllerIntegrationTest.java b/backend/src/test/java/ca/bc/gov/app/controller/ches/ChesControllerIntegrationTest.java index 49d8707d96..81b877f96e 100644 --- a/backend/src/test/java/ca/bc/gov/app/controller/ches/ChesControllerIntegrationTest.java +++ b/backend/src/test/java/ca/bc/gov/app/controller/ches/ChesControllerIntegrationTest.java @@ -66,7 +66,7 @@ public void init() { chesStub .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( ok(TestConstants.CHES_SUCCESS_MESSAGE) .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) diff --git a/backend/src/test/java/ca/bc/gov/app/service/ches/ChesServiceIntegrationTest.java b/backend/src/test/java/ca/bc/gov/app/service/ches/ChesServiceIntegrationTest.java index ae21455bc8..8dfb19b13c 100644 --- a/backend/src/test/java/ca/bc/gov/app/service/ches/ChesServiceIntegrationTest.java +++ b/backend/src/test/java/ca/bc/gov/app/service/ches/ChesServiceIntegrationTest.java @@ -64,7 +64,7 @@ void shouldNotSendMailWhenTokenInvalid() { mockOAuthSuccess(); wireMockExtension - .stubFor(post("/chess/uri").willReturn(unauthorized())); + .stubFor(post("/chess/uri/mail").willReturn(unauthorized())); service .sendEmail(new ChesRequestDto(List.of("jhon@mail.ca"), "simple body"), "Test") @@ -79,7 +79,7 @@ void shouldNotSendMailWhenNoRoleInvalid() { mockOAuthSuccess(); wireMockExtension - .stubFor(post("/chess/uri").willReturn(forbidden())); + .stubFor(post("/chess/uri/mail").willReturn(forbidden())); service .sendEmail(new ChesRequestDto(List.of("jhon@mail.ca"), "simple body"), "Test") @@ -99,7 +99,7 @@ void shouldSendMailWhenAuth(ChesRequestDto body) { wireMockExtension .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( ok(TestConstants.CHES_SUCCESS_MESSAGE) .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) @@ -121,7 +121,7 @@ void shouldFailWith422() { wireMockExtension .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( status(422) .withBody(TestConstants.CHES_422_MESSAGE) @@ -144,7 +144,7 @@ void shouldSendMailWithNoBody() { wireMockExtension .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( status(400) .withBody(TestConstants.CHES_400_MESSAGE) @@ -167,7 +167,7 @@ void shouldFailWith500() { wireMockExtension .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( status(500) .withBody(TestConstants.CHES_500_MESSAGE) @@ -191,7 +191,7 @@ void shouldSendMailMultipleDestination() { wireMockExtension .stubFor( - post("/chess/uri") + post("/chess/uri/mail") .willReturn( ok(TestConstants.CHES_SUCCESS_MESSAGE) .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) From 3fdce3c6385c221bfa15f5d57d08b011d996cff3 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 2 Apr 2024 11:04:28 -0700 Subject: [PATCH 6/7] chore: reducing the rate-limiter values --- backend/openshift.deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index f41c7ba00c..740188b198 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -232,8 +232,8 @@ objects: name: ${NAME}-${ZONE}-${COMPONENT} annotations: haproxy.router.openshift.io/rate-limit-connections: "true" - haproxy.router.openshift.io/rate-limit-connections.rate-http: "50" - haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "25" + haproxy.router.openshift.io/rate-limit-connections.rate-http: "8" + haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "4" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: From 168c1c482009ab5ff24384dac018b4da2fd7744f Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Tue, 2 Apr 2024 12:55:17 -0700 Subject: [PATCH 7/7] chore: adjusting the rate-limiter values --- backend/openshift.deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 740188b198..97f28a44a0 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -232,8 +232,8 @@ objects: name: ${NAME}-${ZONE}-${COMPONENT} annotations: haproxy.router.openshift.io/rate-limit-connections: "true" - haproxy.router.openshift.io/rate-limit-connections.rate-http: "8" - haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "4" + haproxy.router.openshift.io/rate-limit-connections.rate-http: "12" + haproxy.router.openshift.io/rate-limit-connections.rate-tcp: "6" spec: host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} port: