mirror of https://github.com/hashicorp/consul
148 lines
12 KiB
Go
148 lines
12 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package middleware
|
|
|
|
import "github.com/hashicorp/consul/agent/consul/rate"
|
|
|
|
// Maps each net/rpc endpoint to a read or write operation type
|
|
// for rate limiting purposes. Please be sure to update this list
|
|
// if a net/rpc endpoint is removed.
|
|
var rpcRateLimitSpecs = map[string]rate.OperationSpec{
|
|
"ACL.AuthMethodDelete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.AuthMethodList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.AuthMethodRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.AuthMethodSet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.Authorize": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.BindingRuleDelete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.BindingRuleList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.BindingRuleRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.BindingRuleSet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.BootstrapTokens": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.Login": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.Logout": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicyBatchRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicyDelete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicyList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicyRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicyResolve": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.PolicySet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.ReplicationStatus": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleBatchRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleDelete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleResolve": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.RoleSet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenBatchRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenClone": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenDelete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenRead": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryACL},
|
|
"ACL.TokenSet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryACL},
|
|
|
|
"AutoConfig.InitialConfiguration": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryAutoConfig},
|
|
|
|
"AutoEncrypt.Sign": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryAutoConfig},
|
|
|
|
"Catalog.Deregister": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.GatewayServices": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.ListDatacenters": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.ListNodes": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.ListServices": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.NodeServiceList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.NodeServices": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.Register": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.ServiceList": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.ServiceNodes": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
"Catalog.VirtualIPForService": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCatalog},
|
|
|
|
"ConfigEntry.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryConfigEntry},
|
|
"ConfigEntry.Delete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryConfigEntry},
|
|
"ConfigEntry.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConfigEntry},
|
|
"ConfigEntry.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConfigEntry},
|
|
"ConfigEntry.ListAll": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConfigEntry},
|
|
"ConfigEntry.ResolveServiceConfig": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConfigEntry},
|
|
|
|
"ConnectCA.ConfigurationGet": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConnectCA},
|
|
"ConnectCA.ConfigurationSet": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryConnectCA},
|
|
"ConnectCA.Roots": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryConnectCA},
|
|
"ConnectCA.Sign": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryConnectCA},
|
|
"ConnectCA.SignIntermediate": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryConnectCA},
|
|
|
|
"Coordinate.ListDatacenters": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCoordinate},
|
|
"Coordinate.ListNodes": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCoordinate},
|
|
"Coordinate.Node": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryCoordinate},
|
|
"Coordinate.Update": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryCoordinate},
|
|
|
|
"DiscoveryChain.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryDiscoveryChain},
|
|
|
|
"FederationState.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryFederationState},
|
|
"FederationState.Delete": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryFederationState},
|
|
"FederationState.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryFederationState},
|
|
"FederationState.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryFederationState},
|
|
"FederationState.ListMeshGateways": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryFederationState},
|
|
|
|
"Health.ChecksInState": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryHealth},
|
|
"Health.NodeChecks": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryHealth},
|
|
"Health.ServiceChecks": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryHealth},
|
|
"Health.ServiceNodes": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryHealth},
|
|
|
|
"Intention.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryIntention},
|
|
"Intention.Check": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryIntention},
|
|
"Intention.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryIntention},
|
|
"Intention.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryIntention},
|
|
"Intention.Match": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryIntention},
|
|
|
|
"Internal.CatalogOverview": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.EventFire": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryInternal},
|
|
"Internal.ExportedPeeredServices": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.ExportedServicesForPeer": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.GatewayIntentions": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.GatewayServiceDump": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.IntentionUpstreams": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.IntentionUpstreamsDestination": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.KeyringOperation": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.NodeDump": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.NodeInfo": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.PeeredUpstreams": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.ServiceDump": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.ServiceGateways": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
"Internal.ServiceTopology": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryInternal},
|
|
|
|
"KVS.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryKV},
|
|
"KVS.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryKV},
|
|
"KVS.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryKV},
|
|
"KVS.ListKeys": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryKV},
|
|
|
|
"Operator.AutopilotGetConfiguration": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.AutopilotSetConfiguration": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.AutopilotState": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.RaftGetConfiguration": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.RaftRemovePeerByAddress": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.RaftRemovePeerByID": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
"Operator.ServerHealth": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryOperator},
|
|
|
|
"PreparedQuery.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryPreparedQuery},
|
|
"PreparedQuery.Execute": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryPreparedQuery},
|
|
"PreparedQuery.ExecuteRemote": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryPreparedQuery},
|
|
"PreparedQuery.Explain": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryPreparedQuery},
|
|
"PreparedQuery.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryPreparedQuery},
|
|
"PreparedQuery.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryPreparedQuery},
|
|
|
|
"Session.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategorySession},
|
|
"Session.Check": {Type: rate.OperationTypeRead, Category: rate.OperationCategorySession},
|
|
"Session.Get": {Type: rate.OperationTypeRead, Category: rate.OperationCategorySession},
|
|
"Session.List": {Type: rate.OperationTypeRead, Category: rate.OperationCategorySession},
|
|
"Session.NodeSessions": {Type: rate.OperationTypeRead, Category: rate.OperationCategorySession},
|
|
"Session.Renew": {Type: rate.OperationTypeWrite, Category: rate.OperationCategorySession},
|
|
|
|
"Status.Leader": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryStatus},
|
|
"Status.Peers": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryStatus},
|
|
"Status.Ping": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryStatus},
|
|
"Status.RaftStats": {Type: rate.OperationTypeExempt, Category: rate.OperationCategoryStatus},
|
|
|
|
"Txn.Apply": {Type: rate.OperationTypeWrite, Category: rate.OperationCategoryTxn},
|
|
"Txn.Read": {Type: rate.OperationTypeRead, Category: rate.OperationCategoryTxn},
|
|
}
|