// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.ratelimit;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.util.Collections;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.naming.ConfigurationException;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.apache.cloudstack.api.response.ApiLimitResponse;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import com.cloud.configuration.Config;
import com.cloud.exception.RequestLimitException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.AccountVO;
import com.cloud.user.User;
import com.cloud.user.UserVO;
public class ApiRateLimitTest {
static ApiRateLimitServiceImpl s_limitService = new ApiRateLimitServiceImpl();
static AccountService s_accountService = mock(AccountService.class);
static ConfigurationDao s_configDao = mock(ConfigurationDao.class);
private static long s_acctIdSeq = 5L;
private static Account s_testAccount;
@BeforeClass
public static void setUp() throws ConfigurationException {
when(s_configDao.getValue(Config.ApiLimitInterval.key())).thenReturn(null);
when(s_configDao.getValue(Config.ApiLimitMax.key())).thenReturn(null);
when(s_configDao.getValue(Config.ApiLimitCacheSize.key())).thenReturn(null);
when(s_configDao.getValue(Config.ApiLimitEnabled.key())).thenReturn("true"); // enable api rate limiting
s_limitService._configDao = s_configDao;
s_limitService.configure("ApiRateLimitTest", Collections.<String, Object> emptyMap());
s_limitService._accountService = s_accountService;
// Standard responses
AccountVO acct = new AccountVO(s_acctIdSeq);
acct.setType(Account.ACCOUNT_TYPE_NORMAL);
acct.setAccountName("demo");
s_testAccount = acct;
when(s_accountService.getAccount(5L)).thenReturn(s_testAccount);
when(s_accountService.isRootAdmin(5L)).thenReturn(false);
}
@Before
public void testSetUp() {
// reset counter for each test
s_limitService.resetApiLimit(null);
}
private User createFakeUser() {
UserVO user = new UserVO();
user.setAccountId(s_acctIdSeq);
return user;
}
private boolean isUnderLimit(User key) {
try {
s_limitService.checkAccess(key, null);
return true;
} catch (RequestLimitException ex) {
return false;
}
}
@Test
public void sequentialApiAccess() {
int allowedRequests = 1;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
User key = createFakeUser();
assertTrue("Allow for the first request", isUnderLimit(key));
assertFalse("Second request should be blocked, since we assume that the two api " + " accesses take less than a second to perform", isUnderLimit(key));
}
@Test
public void canDoReasonableNumberOfApiAccessPerSecond() throws Exception {
int allowedRequests = 200;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
User key = createFakeUser();
for (int i = 0; i < allowedRequests; i++) {
assertTrue("We should allow " + allowedRequests + " requests per second, but failed at request " + i, isUnderLimit(key));
}
assertFalse("We should block >" + allowedRequests + " requests per second", isUnderLimit(key));
}
@Test
public void multipleClientsCanAccessWithoutBlocking() throws Exception {
int allowedRequests = 200;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
final User key = createFakeUser();
int clientCount = allowedRequests;
Runnable[] clients = new Runnable[clientCount];
final boolean[] isUsable = new boolean[clientCount];
final CountDownLatch startGate = new CountDownLatch(1);
final CountDownLatch endGate = new CountDownLatch(clientCount);
for (int i = 0; i < isUsable.length; ++i) {
final int j = i;
clients[j] = new Runnable() {
/**
* {@inheritDoc}
*/
@Override
public void run() {
try {
startGate.await();
isUsable[j] = isUnderLimit(key);
} catch (InterruptedException e) {
e.printStackTrace();
} finally {
endGate.countDown();
}
}
};
}
ExecutorService executor = Executors.newFixedThreadPool(clientCount);
for (Runnable runnable : clients) {
executor.execute(runnable);
}
startGate.countDown();
endGate.await();
for (boolean b : isUsable) {
assertTrue("Concurrent client request should be allowed within limit", b);
}
}
@Test
public void expiryOfCounterIsSupported() throws Exception {
int allowedRequests = 1;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
User key = createFakeUser();
assertTrue("The first request should be allowed", isUnderLimit(key));
// Allow the token to expire
Thread.sleep(1020);
assertTrue("Another request after interval should be allowed as well", isUnderLimit(key));
}
@Test
public void verifyResetCounters() throws Exception {
int allowedRequests = 1;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
User key = createFakeUser();
assertTrue("The first request should be allowed", isUnderLimit(key));
assertFalse("Another request should be blocked", isUnderLimit(key));
s_limitService.resetApiLimit(key.getAccountId());
assertTrue("Another request should be allowed after reset counter", isUnderLimit(key));
}
@Test
public void verifySearchCounter() throws Exception {
int allowedRequests = 10;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
User key = createFakeUser();
for (int i = 0; i < 5; i++) {
assertTrue("Issued 5 requests", isUnderLimit(key));
}
ApiLimitResponse response = s_limitService.searchApiLimit(s_testAccount);
assertEquals("apiIssued is incorrect", 5, response.getApiIssued());
assertEquals("apiAllowed is incorrect", 5, response.getApiAllowed());
// using <= to account for inaccurate System.currentTimeMillis() clock in Windows environment
assertTrue("expiredAfter is incorrect", response.getExpireAfter() <= 1000);
}
@Test
public void disableApiLimit() throws Exception {
try {
int allowedRequests = 200;
s_limitService.setMaxAllowed(allowedRequests);
s_limitService.setTimeToLive(1);
s_limitService.setEnabled(false);
User key = createFakeUser();
for (int i = 0; i < allowedRequests + 1; i++) {
assertTrue("We should allow more than " + allowedRequests + " requests per second when api throttling is disabled.", isUnderLimit(key));
}
} finally {
s_limitService.setEnabled(true); // enable api throttling to avoid
// impacting other testcases
}
}
}