Merge pull request #1051 from 3scale/edge-limiting-matches-op

[THREESCALE-2590] Add matches operation to the Rate Limit policy
3scale · May 29, 2019 · 54bdaa3 · 54bdaa3
2 parents ee32f84 + b1693ed
commit 54bdaa3
Show file tree

Hide file tree

Showing 5 changed files with 285 additions and 148 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Add the option to obtain client_id from any JWT claim [THREESCALE-2264](https://issues.jboss.org/browse/THREESCALE-2264) [PR #1034](https://github.com/3scale/APIcast/pull/1034)
 - Added `APICAST_PATH_ROUTING_ONLY` variable that allows to perform path-based routing without falling back to the default host-based routing [PR #1035](https://github.com/3scale/APIcast/pull/1035), [THREESCALE-1150](https://issues.jboss.org/browse/THREESCALE-1150)
 - Added the option to manage access based on method on Keycloak Policy. [THREESCALE-2236](https://issues.jboss.org/browse/THREESCALE-2236) [PR #1039](https://github.com/3scale/APIcast/pull/1039)
+- The Rate Limit policy now supports conditions defined with the "matches" operation. [PR #1051](https://github.com/3scale/APIcast/pull/1051), [https://issues.jboss.org/browse/THREESCALE-2590](https://issues.jboss.org/browse/THREESCALE-2590)
 
 ### Fixed
 

diff --git a/gateway/src/apicast/policy/rate_limit/README.md b/gateway/src/apicast/policy/rate_limit/README.md
@@ -6,7 +6,8 @@
 - [**Liquid templating**](#liquid-templating)
 - [**Requests over limits**](#requests-over-limits)
 - [**Per-gateway vs shared**](#per-gateway-vs-shared)
-- [**Complete config example**](#complete-config-example)
+- [**Limits with conditions**](#limits-with-conditions)
+- [**Complete config example**](#complete-config-examples)
 
 
 ## Description
@@ -141,6 +142,37 @@ To use Redis, we just need to provide the `redis_url` attribute in the config
 of the policy: `"redis_url": "redis://a_host:6379"`
 
 
+## Limits with conditions
+
+The policy allows to define limits with conditions. The limit will be applied
+only when the condition is true. The following example shows how to define a
+limit that applies only when the path of the request matches
+`/v1/.*/something/.*`.
+
+```json
+{
+  "key": {
+    "name": "limit_path"
+  },
+  "count": 10,
+  "window": 60,
+  "condition": {
+    "operations": [
+      {
+        "left": "{{ uri }}",
+        "left_type": "liquid",
+        "op": "matches",
+        "right": "/v1/.*/something/.*",
+        "right_type": "plain"
+      }
+    ]
+  }
+}
+```
+
+Apart from "matches", the policy also supports operations with "==" and "!=".
+
+
 ## Complete config examples
 
 ```json

diff --git a/gateway/src/apicast/policy/rate_limit/apicast-policy.json b/gateway/src/apicast/policy/rate_limit/apicast-policy.json
@@ -63,8 +63,9 @@
             "type": "string"
           },
           "op": {
+            "description": "Operation to apply. The matches op supports PCRE (Perl compatible regular expressions)",
             "type": "string",
-            "enum": ["==", "!="]
+            "enum": ["==", "!=", "matches"]
           },
           "right": {
             "type": "string"