feat(jans-auth-server): rate limit - use guava cache to auto-expire buckets during high load #11054 #11059
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…uckets during high load #11054 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
yuriyzz
approved these changes
Mar 19, 2025
yurem
approved these changes
Mar 19, 2025
olehbozhok
added a commit
that referenced
this pull request
Mar 26, 2025
…cipal as Object v. JWT (#11035) * chore(jans-cedarling): rename `ResourceData` to `EntityData` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): rename method `build_entities` to `build_token_entities` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(jans-cedarling): add `authorize_unverified` method Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update python binding errors Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): fix clippy warnings Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-cedarling): fix unit tests Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): remove commented code Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): add typealias `TypeName` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): remove allocate vector Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): rename method `authorize_unverified` to `authorize_unsigned` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): rename error `UnverifiedPrincipalRequestValidation` to `InvalidPrincipal` also removed `WorkloadRequestValidation` and `UserRequestValidation` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-cedarling): update python test case Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-cedarling): update rust test cases related to `AuthorizeResult` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): rename `unverified` to `unsigned` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): add `authorize_unsigned` to blocking client and rename `RequestUnverified` to `RequestUnsigned` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): fix parsing bool type from cedar schema Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-cedarling): add test case to check authorize_unsigned Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(jans-cedarling): add getting principal decision result by entity uid Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * fix(jans-cedarling): fix documentation CEDARLING_POLICY_STORE_LOCAL can hold only string (#11015) * docs(jans-cedarling): update usage of `CEDARLING_POLICY_STORE_LOCAL` in documentation Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): fix python documentation usage `CEDARLING_POLICY_STORE_LOCAL_FN` env var Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> --------- Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * ci: publish packages workflow is faililng on wasm (#11009) ci: fix workflow Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(cloud-native): create utility image to run commands for cluster (#10987) * feat(cloud-native): create utility image to run commands for cluster Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(cloud-native): move features from certmanager to cloudtools Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(cloudtools): rearrange commands Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: fix typo in CLI usage Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs: adjust cloudtools README Signed-off-by: iromli <isman.firmansyah@gmail.com> * ci: introduce docker-jans-cloudtools as drop-in replacement for certmanager Signed-off-by: iromli <isman.firmansyah@gmail.com> * ci: remove duplicated cloudtools Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * fix(docs): review and update Cedarling WASM document (#10988) * fix(docs): update cedarling wasm doc Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): flow update cedarling wasm doc Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): update requirements of cedarling wasm doc Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): update flow of cedarling wasm doc Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): update cedarling wasm doc Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): proofreading Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * Keycloak(docs): Update Keycloak SAML SSO docs. (#10995) * Keycloak(docs): update file for Jans SAML docs. Signed-off-by: Mostafejur Rahman <mrraju.ice.iu@gmail.com> * Keycloak(docs): Update keycloak-saml-sso.md Signed-off-by: Mostafejur Rahman <mrraju.ice.iu@gmail.com> * docs(Keycloak): Update keycloak-saml-sso.md Signed-off-by: Mostafejur Rahman <mrraju.ice.iu@gmail.com> --------- Signed-off-by: Mostafejur Rahman <mrraju.ice.iu@gmail.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * fix(docs): moving contributor license agreement to GitHub (#11034) * Moving contributor license agreement to Github. Signed-off-by: Michael Schwartz <mike@gluu.org> * fix(docs): update CLA link Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(docs): remove old CLA PDF Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: Michael Schwartz <mike@gluu.org> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(jans-auth-server): introduce rate limit support for DCR (#10991) * feat(jans-auth-server): draft for rate limit service Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): rate limit - added cached body request Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): rate limit - added main filter Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added rate_limit feature flag Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): missed enum Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added rate limit exception with type Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added bucket4j dependency for easy rate limiting support Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): code improvements for rate limit filter Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added rate limit filter to web descriptor Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added rate limit feature flag to installation and test data loader Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): fixed ssa create test Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): covered rate limit service with test Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): added new test to testng Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * doc(jans-auth-server): added rate limit documentation Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> --------- Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * fix(charts): broken istio integration (#11041) Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * fix(jans-cli-tui): properties acrMappings (#11048) Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(jans-auth-server): rate limit - use guava cache to auto-expire buckets during high load #11054 (#11059) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-auth-server): SsaCreateTest is failing on jenkins #11078 (#11079) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): add python bindings Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * test(jans-cedarling): add python unit test Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update WASM bindings and tests Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): fix clippy issues Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update formatting in rust file Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * feat(jans-cedarling): update uniffi bindings Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): update docs that user can use cedar-policy uid in JsonLogic Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): update wasm typescript interface Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): add WASM example how to call `authorize_unsigned` method Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): fix logging Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): fix markdown linter errors Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update python components (#11112) Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * docs(jans-cedarling): update documentation Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update python example to use `authorize_unsigned` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * docs(jans-cedarling): update python documentation Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update python components (#11112) Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> * chore(jans-cedarling): update python example to use `authorize_unsigned` Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> --------- Signed-off-by: Oleh Bozhok <olehbozhok@gmail.com> Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Co-authored-by: Isman Firmansyah <iromli@users.noreply.github.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Mostafejur Rahman <mrraju.ice.iu@gmail.com> Co-authored-by: Michael Schwartz <mike@gluu.org> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Devrim <devrimyatar@gluu.org> Co-authored-by: Safin Wasi <6601566+SafinWasi@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
feat(jans-auth-server): rate limit - use guava cache to auto-expire buckets during high load
Target issue
closes #11054
Test and Document the changes
Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with
docs:to indicate documentation changes or if the below checklist is not selected.