[Openstack] [keystone] Rate limit middleware
Rafael Durán Castañeda
rafadurancastaneda at gmail.com
Wed Jul 11 23:28:38 UTC 2012
El 11/07/12 19:23, Jorge Williams escribió:
> More info on the Repose rate limiter here:
>
> http://wiki.openrepose.org/display/REPOSE/Rate+Limiting+Filter
>
> The rate limiter has the concept of limit groups -- you can specify
> rate limits for a particular group -- then introspect the request to
> see which group applies. Typically a user can be placed in a
> particular group etc. When rate limiting keystone, you might want to
> rate limit authentication attempts. The issue there is that the user
> has not gone through an auth process so you can't necessarily ID the
> user. We use the concept of quality, where different middle ware
> components take a guess about what limit group to use. This allows
> the rate limiter to rate limit by say IP address, data in the URI, or
> the content of the message etc.
>
> See: http://wiki.openrepose.org/display/REPOSE/Header+Value+Quality
> And: http://wiki.openrepose.org/display/REPOSE/Identity+Filters
> <http://wiki.openrepose.org/display/REPOSE/Identity+Filters>
>
> Sorry, our docs are a little sparse.
>
> -jOrGe W.
>
>
> On Jul 11, 2012, at 10:56 AM, Dolph Mathews wrote:
>
>> REPOSE would be worth taking a look at, as well (includes rate
>> limiting):
>>
>> https://github.com/rackspace/repose
>> http://openrepose.org/documentation.html
>>
>> -Dolph
>>
>> On Wed, Jul 11, 2012 at 9:19 AM, Kevin L. Mitchell
>> <kevin.mitchell at rackspace.com <mailto:kevin.mitchell at rackspace.com>>
>> wrote:
>>
>> On Wed, 2012-07-11 at 01:50 +0200, Rafael Durán Castañeda wrote:
>> > I'm working on a blueprint [1] and implementation [2] doing
>> rate limit
>> > middleware for Keystone; after discussing it at keystone's meeting
>> > today I was suggested to ask for some feedback from the community.
>>
>> Have you taken a look at Turnstile and the related integration
>> package,
>> nova_limits? Unfortunately, trunk Turnstile doesn't support
>> multiprocess, but I intend to address that as soon as job
>> responsibilities permit.
>>
>> URLs:
>>
>> * http://pypi.python.org/pypi/turnstile
>> * http://pypi.python.org/pypi/nova_limits
>> * https://github.com/klmitch/turnstile
>> * https://github.com/klmitch/nova_limits
>> --
>> Kevin L. Mitchell <kevin.mitchell at rackspace.com
>> <mailto:kevin.mitchell at rackspace.com>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> Post to : openstack at lists.launchpad.net
>> <mailto:openstack at lists.launchpad.net>
>> Unsubscribe : https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> Post to : openstack at lists.launchpad.net
>> <mailto:openstack at lists.launchpad.net>
>> Unsubscribe : https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> More help : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
Thank you guys for the info, I didn't know about some of the projects.
However writing my "on-house" own stuff is not what I was considering
but adding a middleware into Keystone, nothing fancy but extensible so
it covers at least most basic use cases, pretty much like nova
middleware. So , would you like to see something like that into keystone
or you don't?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120712/ba50e1d7/attachment.html>
More information about the Openstack
mailing list