openstack team mailing list archive

[Rafael Durán Castañeda <rafadurancastaneda@xxxxxxxxx>]

El 11/07/12 19:23, Jorge Williams escribió:
> More info on the Repose rate limiter here:
>
> http://wiki.openrepose.org/display/REPOSE/Rate+Limiting+Filter
>
> The rate limiter has the concept of limit groups -- you can specify 
> rate limits for a particular group -- then introspect the request to 
> see which group applies.  Typically a user can be placed in a 
> particular group etc.  When rate limiting keystone, you might want to 
> rate limit authentication attempts.  The issue there is that the user 
> has not gone through an auth process so you can't necessarily ID the 
> user. We use the concept of quality, where different middle ware 
> components take a guess about what limit group to use.  This allows 
> the rate limiter to rate limit by say IP address, data in the URI, or 
> the content of the message etc.
>
> See: http://wiki.openrepose.org/display/REPOSE/Header+Value+Quality
> And: http://wiki.openrepose.org/display/REPOSE/Identity+Filters 
> <http://wiki.openrepose.org/display/REPOSE/Identity+Filters>
>
> Sorry, our docs are a little sparse.
>
> -jOrGe W.
>
>
> On Jul 11, 2012, at 10:56 AM, Dolph Mathews wrote:
>
> > REPOSE would be worth taking a look at, as well (includes rate 
> > limiting):
> >
> > https://github.com/rackspace/repose
> > http://openrepose.org/documentation.html
> >
> > -Dolph
> >
> > On Wed, Jul 11, 2012 at 9:19 AM, Kevin L. Mitchell 
> > <kevin.mitchell@xxxxxxxxxxxxx <mailto:kevin.mitchell@xxxxxxxxxxxxx>> 
> > wrote:
> >
> >     On Wed, 2012-07-11 at 01:50 +0200, Rafael Durán Castañeda wrote:
> >     > I'm working on a blueprint [1] and implementation [2] doing
> >     rate limit
> >     > middleware for Keystone; after discussing it at keystone's meeting
> >     > today I was suggested to ask for some feedback from the community.
> >
> >     Have you taken a look at Turnstile and the related integration
> >     package,
> >     nova_limits?  Unfortunately, trunk Turnstile doesn't support
> >     multiprocess, but I intend to address that as soon as job
> >     responsibilities permit.
> >
> >     URLs:
> >
> >           * http://pypi.python.org/pypi/turnstile
> >           * http://pypi.python.org/pypi/nova_limits
> >           * https://github.com/klmitch/turnstile
> >           * https://github.com/klmitch/nova_limits
> >     --
> >     Kevin L. Mitchell <kevin.mitchell@xxxxxxxxxxxxx
> >     <mailto:kevin.mitchell@xxxxxxxxxxxxx>>
> >
> >
> >     _______________________________________________
> >     Mailing list: https://launchpad.net/~openstack
> >     <https://launchpad.net/%7Eopenstack>
> >     Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
> >     Unsubscribe : https://launchpad.net/~openstack
> >     <https://launchpad.net/%7Eopenstack>
> >     More help   : https://help.launchpad.net/ListHelp
> >
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack 
> > <https://launchpad.net/%7Eopenstack>
> > Post to     : openstack@xxxxxxxxxxxxxxxxxxx 
> > <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
> > Unsubscribe : https://launchpad.net/~openstack 
> > <https://launchpad.net/%7Eopenstack>
> > More help   : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
Thank you guys for the info, I didn't know about some of the projects. 
However writing my "on-house" own stuff is not what I was considering 
but adding a middleware into Keystone, nothing fancy but extensible so 
it covers at least most basic use cases, pretty much like nova 
middleware. So , would you like to see something like that into keystone 
or you don't?