gitlab-labkit 1.15.1 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55b7255672a78e7ce050b17dee4a50b0c9ceadd2093986dc0d5d3822076423b0
-  data.tar.gz: fe70e4a910d27fa2d8d1a61216825bb811a8a43b9fbd75d4c0bd32220e8551b3
+  metadata.gz: 7177b8f9210f24958a14c92f17ad35cc8d4ad7732e04a9407569e865ef2bf364
+  data.tar.gz: 688c6dd7b7c1a8c1062a1e17c534fa833f86053aff8945ab4d296c2223784711
 SHA512:
-  metadata.gz: 38e4de6ac2d9e677a269f757e4c01a1bb1d9e3ce4cec0065512a03d07650339ae6e5f27415be76ba02cc316c56e5fd8d4922389e856da152be527800a6f58de6
-  data.tar.gz: 613915d89f71db61f3a984ae979d704753c9284d196dc7f31c92426b0f037ded2c0140ea9fc778dbbd42bb7c0ccfa0884b3d67e3ebc38b791bc84edfa6cb852d
+  metadata.gz: 2b54fe16d5c1cfe12c704a4e84cdea8dece8155dcaa04132c9e52442bec03e6338f6a4bcb065aa87931aa2fedcbd2ecb5ecec390b00d110267ee54e95a5c694c
+  data.tar.gz: 8abc6a48c3f1b138a84f8502e5c4300bec5f05f98b0c8defb4280d12b1d424f70cf64e0afe3cc344ce61ceae145e9aaf11f252d9611da1e5c6a1f25aa37fe867

data/.gitlab-ci.yml

@@ -19,13 +19,13 @@ include:
   # It includes standard checks, gitlab-scanners, validations and release processes
   # common to all projects using this template library.
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/templates/standard.md
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/standard-build@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/standard-build@v3.23
 
   # Runs rspec tests and rubocop on the project
   # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/templates/ruby.md
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/ruby-build@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/ruby-build@v3.23
 
-  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/danger@v3.12
+  - component: $CI_SERVER_FQDN/gitlab-com/gl-infra/common-ci-tasks/danger@v3.23
 
 ruby-versions:
   extends: rspec

data/.pre-commit-config.yaml

@@ -25,7 +25,7 @@ repos:
   # Documentation available at
   # https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docs/pre-commit.md
   - repo: https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks
-    rev: v3.12  # renovate:managed
+    rev: v3.23  # renovate:managed
 
     hooks:
       - id: shellcheck  # Run shellcheck for changed Shell files

data/lib/labkit/rate_limit/evaluator.rb

@@ -24,6 +24,7 @@ module Labkit
       rescue StandardError => e
         # Intentionally broad: fail-open applies to any unexpected error (network,
         # timeout, OOM) not only Redis protocol errors.
+        report_error_metrics
         log_error(e, identifier)
         Result.new(matched: false, error: true, action: :allow)
       end
@@ -34,9 +35,12 @@ module Labkit
         @rules.each do |rule|
           next unless rule_matches?(rule, identifier)
 
-          return evaluate_rule(rule, identifier)
+          result = evaluate_rule(rule, identifier)
+          report_matched_metrics(result)
+          return result
         end
 
+        report_unmatched_metrics
         Result.new(matched: false, action: :allow)
       end
 
@@ -53,7 +57,10 @@ module Labkit
         exceeded = count > resolved_limit
         action = exceeded ? rule.action : :allow
 
-        Result.new(matched: true, exceeded: exceeded, action: action, rule: rule)
+        Result.new(
+          matched: true, exceeded: exceeded, action: action, rule: rule,
+          resolved_limit: resolved_limit, resolved_period: resolved_period
+        )
       end
 
       def build_redis_key(rule, identifier)
@@ -85,10 +92,12 @@ module Labkit
       end
 
       def incr_with_ttl(redis_key, period)
-        count = @redis.incr(redis_key)
-        # Set expiry only on first write to avoid resetting TTL on each call
-        @redis.expire(redis_key, period) if count == 1
-        count
+        @redis.with do |conn|
+          count = conn.incr(redis_key)
+          # Set expiry only on first write to avoid resetting TTL on each call
+          conn.expire(redis_key, period) if count == 1
+          count
+        end
       end
 
       def log_error(error, identifier)
@@ -99,6 +108,34 @@ module Labkit
           identifier: identifier&.to_h
         )
       end
+
+      def report_matched_metrics(result)
+        Metrics.calls_total.increment(
+          rate_limiter: @name,
+          rule: result.rule.name,
+          action: result.action.to_s
+        )
+        Metrics.limit_gauge.set(
+          { rate_limiter: @name, rule: result.rule.name },
+          result.resolved_limit
+        )
+        Metrics.period_gauge.set(
+          { rate_limiter: @name, rule: result.rule.name },
+          result.resolved_period
+        )
+      end
+
+      def report_unmatched_metrics
+        Metrics.calls_total.increment(
+          rate_limiter: @name,
+          rule: "unmatched",
+          action: "allow"
+        )
+      end
+
+      def report_error_metrics
+        Metrics.errors_total.increment(rate_limiter: @name)
+      end
     end
   end
 end

data/lib/labkit/rate_limit/metrics.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Labkit
+  module RateLimit
+    module Metrics
+      module_function
+
+      def calls_total
+        Labkit::Metrics::Client.counter(
+          :gitlab_labkit_rate_limiter_calls_total,
+          'Total number of successful rate limit checks',
+          { rate_limiter: nil, rule: nil, action: nil }
+        )
+      end
+
+      def errors_total
+        Labkit::Metrics::Client.counter(
+          :gitlab_labkit_rate_limiter_errors_total,
+          'Total number of rate limit check errors',
+          { rate_limiter: nil }
+        )
+      end
+
+      def limit_gauge
+        Labkit::Metrics::Client.gauge(
+          :gitlab_labkit_rate_limiter_limit,
+          'The configured rate limit threshold',
+          { rate_limiter: nil, rule: nil },
+          :max
+        )
+      end
+
+      def period_gauge
+        Labkit::Metrics::Client.gauge(
+          :gitlab_labkit_rate_limiter_period_seconds,
+          'The configured rate limit period in seconds',
+          { rate_limiter: nil, rule: nil },
+          :max
+        )
+      end
+    end
+  end
+end

data/lib/labkit/rate_limit/result.rb

@@ -3,18 +3,22 @@
 module Labkit
   module RateLimit
     # Result is the return value of Limiter#check.
-    # matched?  - true if a rule's match conditions were satisfied
-    # exceeded? - true if the matched rule's counter exceeded its limit
-    # action    - the outcome: what the caller should do
-    #             :block = rule matched, exceeded, rule configured to block
-    #             :log   = rule matched, exceeded, rule configured to log only
-    #             :allow = rule matched but count within limit, or
-    #                      no rule matched, or error (fail-open)
-    #             The rule's configured action is available via rule.action
-    # rule      - the matched Rule object (nil when matched? is false)
-    # error?    - true if Redis was unavailable; result fails open (exceeded? is false)
-    Result = Data.define(:matched, :exceeded, :action, :rule, :error) do
-      def initialize(matched:, action:, exceeded: false, rule: nil, error: false)
+    # matched?         - true if a rule's match conditions were satisfied
+    # exceeded?        - true if the matched rule's counter exceeded its limit
+    # action           - the outcome: what the caller should do
+    #                    :block = rule matched, exceeded, rule configured to block
+    #                    :log   = rule matched, exceeded, rule configured to log only
+    #                    :allow = rule matched but count within limit, or
+    #                             no rule matched, or error (fail-open)
+    #                    The rule's configured action is available via rule.action
+    # rule             - the matched Rule object (nil when matched? is false)
+    # error?           - true if Redis was unavailable; result fails open (exceeded? is false)
+    # resolved_limit   - the resolved limit value as Integer (nil when matched? is false or error)
+    # resolved_period  - the resolved period value as Integer (nil when matched? is false or error)
+    Result = Data.define(:matched, :exceeded, :action, :rule, :error, :resolved_limit, :resolved_period) do
+      def initialize(
+        matched:, action:, exceeded: false, rule: nil, error: false,
+        resolved_limit: nil, resolved_period: nil)
         super
       end
 

data/lib/labkit/rate_limit.rb

@@ -6,7 +6,7 @@ module Labkit
   #
   # @example Configuration (e.g. in a Rails initializer)
   #   Labkit::RateLimit.configure do |c|
-  #     c.redis  = Redis.current
+  #     c.redis  = ConnectionPool.new { Redis.new }  # must respond to .with { |conn| }
   #     c.logger = Labkit::Logging::JsonLogger.new($stdout)
   #   end
   #
@@ -23,6 +23,7 @@ module Labkit
     autoload :Rule, "labkit/rate_limit/rule"
     autoload :Evaluator, "labkit/rate_limit/evaluator"
     autoload :Limiter, "labkit/rate_limit/limiter"
+    autoload :Metrics, "labkit/rate_limit/metrics"
 
     class << self
       def configure

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-labkit
 version: !ruby/object:Gem::Version
-  version: 1.15.1
+  version: 1.17.0
 platform: ruby
 authors:
 - Andrew Newdigate
@@ -603,6 +603,7 @@ files:
 - lib/labkit/rate_limit/evaluator.rb
 - lib/labkit/rate_limit/identifier.rb
 - lib/labkit/rate_limit/limiter.rb
+- lib/labkit/rate_limit/metrics.rb
 - lib/labkit/rate_limit/result.rb
 - lib/labkit/rate_limit/rule.rb
 - lib/labkit/rspec/README.md