gitlab-labkit 1.15.0 → 1.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5840ade4baa1fb379ae82748354a74571d6806e529c205010139846489f50579
-  data.tar.gz: 802528c013a130b2925b19760a29e8d7c33aa9c042ed3a024ac0dc9bb8fa6127
+  metadata.gz: 076bc93169bb2f40201938632e87cfb1ddf8fbd3cdb74f895970939da47632e3
+  data.tar.gz: 4596ceee64a5754c7adfaeaeb571a19c9f778962423ff13a2339390d8a5ede96
 SHA512:
-  metadata.gz: 9e3b44e0271effb09c593dc582cd69221c3f83b255535d5fd456033f22f6f933fe9c15e8a204d8868fa20644838bdfbf17578d151eb9fe906a731b650bbb1902
-  data.tar.gz: 98483520ad13fbfe52edd39ce6c879ea86b6240cdbf16e8deb9254abfce4d1e825029560119f79d76254efac3d97228ce35243cba21b3f269a32ec6f55612a36
+  metadata.gz: 3bd441afdb0a7d0f2bb9faa946a9edac112f97e8779fc98ff417289add5180b661a16a26d84b5dafca50032c0f9e0b96ef9099d864cb9a51210ca763bcb15c27
+  data.tar.gz: 4b14cf9420fd83533383578e6771e553209c4e64be247d6d3333717be7e5e041381a12fb6cd8cb772cd1405822cb3b3018c410b3a01d9ae25c89137936758984

data/.gitlab-ci.yml

@@ -19,13 +19,13 @@ include:
   # It includes standard checks, gitlab-scanners, validations and release processes
   # common to all projects using this template library.
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/templates/standard.md
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/standard-build@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/standard-build@v3.23
 
   # Runs rspec tests and rubocop on the project
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/templates/ruby.md
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/ruby-build@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/ruby-build@v3.23
 
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/danger@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/danger@v3.23
 
 ruby-versions:
   extends: rspec

data/.pre-commit-config.yaml

@@ -25,7 +25,7 @@ repos:
   # Documentation available at
   # https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docs/pre-commit.md
   - repo: https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks
-    rev: v3.12  # renovate:managed
+    rev: v3.23  # renovate:managed
 
     hooks:
       - id: shellcheck  # Run shellcheck for changed Shell files

data/lib/labkit/rate_limit/evaluator.rb

@@ -24,8 +24,9 @@ module Labkit
       rescue StandardError => e
         # Intentionally broad: fail-open applies to any unexpected error (network,
         # timeout, OOM) not only Redis protocol errors.
+        report_error_metrics
         log_error(e, identifier)
-        Result.new(matched: false, error: true)
+        Result.new(matched: false, error: true, action: :allow)
       end
 
       private
@@ -34,10 +35,13 @@ module Labkit
         @rules.each do |rule|
           next unless rule_matches?(rule, identifier)
 
-          return evaluate_rule(rule, identifier)
+          result = evaluate_rule(rule, identifier)
+          report_matched_metrics(result)
+          return result
         end
 
-        Result.new(matched: false)
+        report_unmatched_metrics
+        Result.new(matched: false, action: :allow)
       end
 
       def rule_matches?(rule, identifier)
@@ -51,8 +55,12 @@ module Labkit
 
         count = incr_with_ttl(redis_key, resolved_period)
         exceeded = count > resolved_limit
+        action = exceeded ? rule.action : :allow
 
-        Result.new(matched: true, exceeded: exceeded, action: rule.action, rule: rule)
+        Result.new(
+          matched: true, exceeded: exceeded, action: action, rule: rule,
+          resolved_limit: resolved_limit, resolved_period: resolved_period
+        )
       end
 
       def build_redis_key(rule, identifier)
@@ -98,6 +106,34 @@ module Labkit
           identifier: identifier&.to_h
         )
       end
+
+      def report_matched_metrics(result)
+        Metrics.calls_total.increment(
+          rate_limiter: @name,
+          rule: result.rule.name,
+          action: result.action.to_s
+        )
+        Metrics.limit_gauge.set(
+          { rate_limiter: @name, rule: result.rule.name },
+          result.resolved_limit
+        )
+        Metrics.period_gauge.set(
+          { rate_limiter: @name, rule: result.rule.name },
+          result.resolved_period
+        )
+      end
+
+      def report_unmatched_metrics
+        Metrics.calls_total.increment(
+          rate_limiter: @name,
+          rule: "unmatched",
+          action: "allow"
+        )
+      end
+
+      def report_error_metrics
+        Metrics.errors_total.increment(rate_limiter: @name)
+      end
     end
   end
 end

data/lib/labkit/rate_limit/limiter.rb

@@ -21,11 +21,10 @@ module Labkit
 
       def initialize(name:, rules:, redis: nil, logger: nil)
         @logger = logger || RateLimit.config.logger || Labkit::Logging::JsonLogger.new($stdout)
-        validated_name = validate_name!(name)
-        @name = validated_name
+        @name = validate_name!(name)
 
         @evaluator = Evaluator.new(
-          name: validated_name,
+          name: @name,
           rules: prepare_rules(rules),
           redis: redis || RateLimit.config.redis,
           logger: @logger
@@ -36,19 +35,7 @@ module Labkit
       # @return [Result]
       def check(identifier)
         id = identifier.is_a?(Identifier) ? identifier : Identifier.new(identifier)
-        result = @evaluator.check(id)
-
-        if result.exceeded? && result.action == :block
-          @logger.warn(
-            message: "rate_limit_check",
-            name: @name,
-            rule_name: result.rule.name,
-            exceeded: true,
-            severity: "WARN"
-          )
-        end
-
-        result
+        @evaluator.check(id)
       end
 
       private

data/lib/labkit/rate_limit/metrics.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Labkit
+  module RateLimit
+    module Metrics
+      module_function
+
+      def calls_total
+        Labkit::Metrics::Client.counter(
+          :gitlab_labkit_rate_limiter_calls_total,
+          'Total number of successful rate limit checks',
+          { rate_limiter: nil, rule: nil, action: nil }
+        )
+      end
+
+      def errors_total
+        Labkit::Metrics::Client.counter(
+          :gitlab_labkit_rate_limiter_errors_total,
+          'Total number of rate limit check errors',
+          { rate_limiter: nil }
+        )
+      end
+
+      def limit_gauge
+        Labkit::Metrics::Client.gauge(
+          :gitlab_labkit_rate_limiter_limit,
+          'The configured rate limit threshold',
+          { rate_limiter: nil, rule: nil },
+          :max
+        )
+      end
+
+      def period_gauge
+        Labkit::Metrics::Client.gauge(
+          :gitlab_labkit_rate_limiter_period_seconds,
+          'The configured rate limit period in seconds',
+          { rate_limiter: nil, rule: nil },
+          :max
+        )
+      end
+    end
+  end
+end

data/lib/labkit/rate_limit/result.rb

@@ -3,13 +3,22 @@
 module Labkit
   module RateLimit
     # Result is the return value of Limiter#check.
-    # matched?  - true if a rule's match conditions were satisfied
-    # exceeded? - true if the matched rule's counter exceeded its limit
-    # action    - :block or :log (nil when matched? is false)
-    # rule      - the matched Rule object (nil when matched? is false)
-    # error?    - true if Redis was unavailable; result fails open (exceeded? is false)
-    Result = Data.define(:matched, :exceeded, :action, :rule, :error) do
-      def initialize(matched:, exceeded: false, action: nil, rule: nil, error: false)
+    # matched?         - true if a rule's match conditions were satisfied
+    # exceeded?        - true if the matched rule's counter exceeded its limit
+    # action           - the outcome: what the caller should do
+    #                    :block = rule matched, exceeded, rule configured to block
+    #                    :log   = rule matched, exceeded, rule configured to log only
+    #                    :allow = rule matched but count within limit, or
+    #                             no rule matched, or error (fail-open)
+    #                    The rule's configured action is available via rule.action
+    # rule             - the matched Rule object (nil when matched? is false)
+    # error?           - true if Redis was unavailable; result fails open (exceeded? is false)
+    # resolved_limit   - the resolved limit value as Integer (nil when matched? is false or error)
+    # resolved_period  - the resolved period value as Integer (nil when matched? is false or error)
+    Result = Data.define(:matched, :exceeded, :action, :rule, :error, :resolved_limit, :resolved_period) do
+      def initialize(
+        matched:, action:, exceeded: false, rule: nil, error: false,
+        resolved_limit: nil, resolved_period: nil)
         super
       end
 

data/lib/labkit/rate_limit.rb

@@ -23,6 +23,7 @@ module Labkit
     autoload :Rule, "labkit/rate_limit/rule"
     autoload :Evaluator, "labkit/rate_limit/evaluator"
     autoload :Limiter, "labkit/rate_limit/limiter"
+    autoload :Metrics, "labkit/rate_limit/metrics"
 
     class << self
       def configure

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-labkit
 version: !ruby/object:Gem::Version
-  version: 1.15.0
+  version: 1.16.0
 platform: ruby
 authors:
 - Andrew Newdigate
@@ -603,6 +603,7 @@ files:
 - lib/labkit/rate_limit/evaluator.rb
 - lib/labkit/rate_limit/identifier.rb
 - lib/labkit/rate_limit/limiter.rb
+- lib/labkit/rate_limit/metrics.rb
 - lib/labkit/rate_limit/result.rb
 - lib/labkit/rate_limit/rule.rb
 - lib/labkit/rspec/README.md