package envoy.service.ratelimit.v3

Get desktop application:
View/edit binary Protocol Buffers messages

rpc ShouldRateLimit (RateLimitRequest, RateLimitResponse)
rls.proto:26
Determine whether rate limiting should take place.
message RateLimitRequest
rls.proto:37
Main message for a rate limit request. The rate limit service is designed to be fully generic in the sense that it can operate on arbitrary hierarchical key/value pairs. The loaded configuration will parse the request and find the most specific limit to apply. In addition, a RateLimitRequest can contain multiple "descriptors" to limit on. When multiple descriptors are provided, the server will limit on *ALL* of them and return an OVER_LIMIT response if any of them are over limit. This enables more complex application level rate limiting scenarios if desired.
- string domain = 1
  All rate limit requests must specify a domain. This enables the configuration to be per application without fear of overlap. E.g., "envoy".
- repeated extensions.common.ratelimit.v3.RateLimitDescriptor descriptors = 2
  All rate limit requests must specify at least one RateLimitDescriptor. Each descriptor is processed by the service (see below). If any of the descriptors are over limit, the entire request is considered to be over limit.
- uint32 hits_addend = 3
  Rate limit requests can optionally specify the number of hits a request adds to the matched limit. If the value is not set in the message, a request increases the matched limit by 1. This value can be overridden by setting filter state value ``envoy.ratelimit.hits_addend`` to the desired number. Invalid number (< 0) or number will be ignored.
message RateLimitResponse
rls.proto:59
A response from a ShouldRateLimit call. [#next-free-field: 8]
- RateLimitResponse.Code overall_code = 1
  The overall response code which takes into account all of the descriptors that were passed in the RateLimitRequest message.
- repeated RateLimitResponse.DescriptorStatus statuses = 2
  A list of DescriptorStatus messages which matches the length of the descriptor list passed in the RateLimitRequest. This can be used by the caller to determine which individual descriptors failed and/or what the currently configured limits are for all of them.
- repeated config.core.v3.HeaderValue response_headers_to_add = 3
  A list of headers to add to the response
- repeated config.core.v3.HeaderValue request_headers_to_add = 4
  A list of headers to add to the request when forwarded
- bytes raw_body = 5
  A response body to send to the downstream client when the response code is not OK.
- optional google.protobuf.Struct dynamic_metadata = 6
  Optional response metadata that will be emitted as dynamic metadata to be consumed by the next filter. This metadata lives in a namespace specified by the canonical name of extension filter that requires it: - :ref:`envoy.filters.http.ratelimit <config_http_filters_ratelimit_dynamic_metadata>` for HTTP filter. - :ref:`envoy.filters.network.ratelimit <config_network_filters_ratelimit_dynamic_metadata>` for network filter. - :ref:`envoy.filters.thrift.rate_limit <config_thrift_filters_rate_limit_dynamic_metadata>` for Thrift filter.
- optional RateLimitResponse.Quota quota = 7
  Quota is available for a request if its entire descriptor set has cached quota available. This is a union of all descriptors in the descriptor set. Clients can use the quota for future matches if and only if the descriptor set matches what was sent in the request that originated this response. If quota is available, a RLS request will not be made and the quota will be reduced by 1. If quota is not available (i.e., a cached entry doesn't exist for a RLS descriptor set), a RLS request will be triggered. If the server did not provide a quota, such as the quota message is empty then the request admission is determined by the :ref:`overall_code <envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.overall_code>`. If there is not sufficient quota and the cached entry exists for a RLS descriptor set is out-of-quota but not expired, the request will be treated as OVER_LIMIT. [#not-implemented-hide:]

Used in: RateLimitResponse, DescriptorStatus

UNKNOWN = 0
The response code is not known.
OK = 1
The response code to notify that the number of requests are under limit.
OVER_LIMIT = 2
The response code to notify that the number of requests are over limit.

[#next-free-field: 6]

Code code = 1
The response code for an individual descriptor.
optional RateLimit current_limit = 2
The current limit as configured by the server. Useful for debugging, etc.
uint32 limit_remaining = 3
The limit remaining in the current time unit.
optional google.protobuf.Duration duration_until_reset = 4
Duration until reset of the current limit window.
optional Quota quota = 5
Quota is available for a request if its descriptor set has cached quota available for all descriptors. This is for each individual descriptor in the descriptor set. The client will perform matches for each individual descriptor against available per-descriptor quota. If quota is available, a RLS request will not be made and the quota will be reduced by 1 for all matching descriptors. If there is not sufficient quota, there are three cases: 1. A cached entry exists for a RLS descriptor that is out-of-quota, but not expired. In this case, the request will be treated as OVER_LIMIT. 2. Some RLS descriptors have a cached entry that has valid quota but some RLS descriptors have no cached entry. This will trigger a new RLS request. When the result is returned, a single unit will be consumed from the quota for all matching descriptors. If the server did not provide a quota, such as the quota message is empty for some of the descriptors, then the request admission is determined by the :ref:`overall_code <envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.overall_code>`. 3. All RLS descriptors lack a cached entry, this will trigger a new RLS request, When the result is returned, a single unit will be consumed from the quota for all matching descriptors. If the server did not provide a quota, such as the quota message is empty for some of the descriptors, then the request admission is determined by the :ref:`overall_code <envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.overall_code>`. [#not-implemented-hide:]

Cacheable quota for responses. Quota can be granted at different levels: either for each individual descriptor or for the whole descriptor set. This is a certain number of requests over a period of time. The client may cache this result and apply the effective RateLimitResponse to future matching requests without querying rate limit service. When quota expires due to timeout, a new RLS request will also be made. The implementation may choose to preemptively query the rate limit server for more quota on or before expiration or before the available quota runs out. [#not-implemented-hide:]

Used in: RateLimitResponse, DescriptorStatus

uint32 requests = 1
Number of matching requests granted in quota. Must be 1 or more.
oneof expiration_specifier
- google.protobuf.Timestamp valid_until = 2
  Point in time at which the quota expires.
string id = 3
The unique id that is associated with each Quota either at individual descriptor level or whole descriptor set level. For a matching policy with boolean logic, for example, match: "request.headers['environment'] == 'staging' || request.headers['environment'] == 'dev'"), the request_headers action produces a distinct list of descriptors for each possible value of the ‘environment’ header even though the granted quota is same. Thus, the client will use this id information (returned from RLS server) to correctly correlate the multiple descriptors/descriptor sets that have been granted with same quota (i.e., share the same quota among multiple descriptors or descriptor sets.) If id is empty, this id field will be ignored. If quota for the same id changes (e.g. due to configuration update), the old quota will be overridden by the new one. Shared quotas referenced by ID will still adhere to expiration after `valid_until`.

Defines an actual rate limit in terms of requests per unit of time and the unit itself.

Used in: DescriptorStatus

string name = 3
A name or description of this limit.
uint32 requests_per_unit = 1
The number of requests per unit of time.
RateLimit.Unit unit = 2
The unit of time.

Identifies the unit of of time for rate limit. [#comment: replace by envoy/type/v3/ratelimit_unit.proto in v4]

Used in: RateLimit

UNKNOWN = 0
The time unit is not known.
SECOND = 1
The time unit representing a second.
MINUTE = 2
The time unit representing a minute.
HOUR = 3
The time unit representing an hour.
DAY = 4
The time unit representing a day.
WEEK = 7
The time unit representing a week.
MONTH = 5
The time unit representing a month.
YEAR = 6
The time unit representing a year.

package envoy.service.ratelimit.v3

service RateLimitService

rpc ShouldRateLimit (RateLimitRequest, RateLimitResponse)

message RateLimitRequest

string domain = 1

repeated extensions.common.ratelimit.v3.RateLimitDescriptor descriptors = 2

uint32 hits_addend = 3

message RateLimitResponse

RateLimitResponse.Code overall_code = 1

repeated RateLimitResponse.DescriptorStatus statuses = 2

repeated config.core.v3.HeaderValue response_headers_to_add = 3

repeated config.core.v3.HeaderValue request_headers_to_add = 4

bytes raw_body = 5

optional google.protobuf.Struct dynamic_metadata = 6

optional RateLimitResponse.Quota quota = 7

enum RateLimitResponse.Code

UNKNOWN = 0

OK = 1

OVER_LIMIT = 2

message RateLimitResponse.DescriptorStatus

Code code = 1

optional RateLimit current_limit = 2

uint32 limit_remaining = 3

optional google.protobuf.Duration duration_until_reset = 4

optional Quota quota = 5

message RateLimitResponse.Quota

uint32 requests = 1

oneof expiration_specifier

google.protobuf.Timestamp valid_until = 2

string id = 3

message RateLimitResponse.RateLimit

string name = 3

uint32 requests_per_unit = 1

RateLimit.Unit unit = 2

enum RateLimitResponse.RateLimit.Unit

UNKNOWN = 0

SECOND = 1

MINUTE = 2

HOUR = 3

DAY = 4

WEEK = 7

MONTH = 5

YEAR = 6