ratelimit: new per descriptor hits-addend support and dynamic hits addend

[wbpcode]

Commit Message: api: new per descriptor hits-addend support and dynamic hits addend
Additional Description:

1. Now, we could get custom hits_addend from the envoy.ratelimit.hits_addend. But if there are multiple rate limit filters that requrie custom hits_addend, the envoy.ratelimit.hits_addend couldn't meet the requirement.

2. And we cann't also to support different hits_addend for diffferent descriptots in same request.

This API changes try to meet above two requirements.

Risk Level: low.
Testing: n/a.
Docs Changes: n/a.
Release Notes: n/a.
Platform Specific Features: n/a.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @abeyad
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #37567 was opened by wbpcode.

see: more, trace.

[abeyad]

@wbpcode should we add the implementation using this API to the PR so we can see how it'll be used?

[abeyad]

what will happen if both are set?

[wbpcode]

This is oneof semantics. (although oneof is not recommend according to our style).

If both are set, the configuration will be rejected.

[abeyad]

In the request level, it can be an integer or a format string. How come here it is only an integer?

[wbpcode]

The format string is used to extract a number based on the request and stream info. See the comments of format string comment

    // Substitution format string to extract the number of hits to add to the rate limit descriptor.
    // The same :ref:`format specifier <config_access_log_format>` as used for
    // :ref:`HTTP access logging <config_access_log>` applies here.
    //
    // .. note::
    //   The format string must contain only single valid substitution field that will be replaced
    //   with a non-negative number.
    //
    // For example, the ``%BYTES_RECEIVED%`` format string will be replaced with the number of bytes
    // received in the request.

[wbpcode]

@wbpcode should we add the implementation using this API to the PR so we can see how it'll be used?

SGTM.

[wbpcode]

cc @abeyad I complete the local ratelimit version of the per descriptor custom hits addend support.

When the request is coming, we will generated a list of descriptors based on the configuration. If the hits_addend is configured, the filter will also generate a dynamic hits_addend value based on the request info and configuration.

When a descriptor matchs a rule, in the previous implementation, the fixed value 1 will be used as hits addend. Now, in the new implementation, the custom hits_addend that generated in the previous step will be used.

[wbpcode]

In the previous implementation, the class LocalDescriptor has two usages:

1. as the key of rate limit rules that every descriptor is related to a token bucket.
2. as the output of the descriptor populating of local rate limt filter. It will be used to find a matched rate limit rule.

But now, to support per descriptor hits_addend, we need a new class to represent the output of the descriptor populating. Finally, we choose to enhance and re-use the Descriptor class. (The Descriptor class is used as the output of global rate limit filter. Re-using it could also simplify future development when we want to add similar support for global rate limit filter in the future.)

[wbpcode]

/retest

[abeyad]

/lgtm api

[arkodg]

instead of appending to the descriptor, it should be used to populate the hits_addend field in the RLS request
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto#service-ratelimit-v3-ratelimitrequest

[wbpcode]

Single RateLimit message is used to generate a single descriptor. The RateLimit.hits_addend field here is also a descriptor level configuration. So, the generated value of RateLimit.hits_addend field here should also be populated to the per-descriptor Descriptor.hits_addend rather than request level RateLimitRequest.hits_addend.

[arkodg]

shouldnt this be one level up, under https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-ratelimit ? so it can set the hits_addend field of https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto#service-ratelimit-v3-ratelimitrequest ?
The ratelimit request holds a list of descriptors

[arkodg]

should this look more like https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#config-core-v3-datasource ?

[wbpcode]

sorry, but I didn't get what you mean. 🤣 This HitsAddend is only used to configure single fixed number of a dynamic formatter provider.

[arkodg]

yeah what I was getting at, is there any anything existing thats reusable ?

[arkodg]

for e.g. the style used here https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/custom_response/local_response_policy/v3/local_response_policy.proto#extensions-http-custom-response-local-response-policy-v3-localresponsepolicy is body and body_format

[wbpcode]

Hi, @mattklein123 , could you take a look when you get some free time? Thansk. This PR only contain local-ratelimit related change. And I will create a new PR to support global rate limit after this is done.

[wbpcode]

Finally, reduced 50% code changes. I have tried my best to reduce the complexity of review. orz.