backport of commit b54ac98 (#25615) (#25680)

Co-authored-by: Mike Palmiotto <[email protected]>
hashicorp · Feb 27, 2024 · c04a33d · c04a33d
1 parent 0627bb9
commit c04a33d
Show file tree

Hide file tree

Showing 23 changed files with 114 additions and 995 deletions.
diff --git a/changelog/25093.txt b/changelog/25093.txt
@@ -1,5 +1,5 @@
 ```release-note:feature
-**Request Limiter**: Add adaptive concurrency limits to write-based HTTP
-methods and special-case `pki/issue` requests to prevent overloading the Vault
-server.
+**Request Limiter (enterprise)**: Add adaptive concurrency limits to
+write-based HTTP methods and special-case `pki/issue` requests to prevent
+overloading the Vault server.
 ```
diff --git a/command/command_stubs_oss.go b/command/command_stubs_oss.go
@@ -31,3 +31,7 @@ func entCheckStorageType(coreConfig *vault.CoreConfig) bool {
 func entGetFIPSInfoKey() string {
 	return ""
 }
+
+func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string {
+	return ""
+}
diff --git a/command/command_testonly/server_testonly_test.go b/command/command_testonly/server_testonly_test.go
diff --git a/command/server.go b/command/server.go
@@ -1437,15 +1437,15 @@ func (c *ServerCommand) Run(args []string) int {
 		info["HCP resource ID"] = config.HCPLinkConf.Resource.ID
 	}
 
+	requestLimiterStatus := entGetRequestLimiterStatus(coreConfig)
+	if requestLimiterStatus != "" {
+		infoKeys = append(infoKeys, "request_limiter")
+		info["request_limiter"] = requestLimiterStatus
+	}
+
 	infoKeys = append(infoKeys, "administrative namespace")
 	info["administrative namespace"] = config.AdministrativeNamespacePath
 
-	infoKeys = append(infoKeys, "request limiter")
-	info["request limiter"] = "disabled"
-	if config.RequestLimiter != nil && !config.RequestLimiter.Disable {
-		info["request limiter"] = "enabled"
-	}
-
 	sort.Strings(infoKeys)
 	c.UI.Output("==> Vault server configuration:\n")
 
@@ -3118,12 +3118,6 @@ func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.
 		AdministrativeNamespacePath:    config.AdministrativeNamespacePath,
 	}
 
-	if config.RequestLimiter != nil {
-		coreConfig.DisableRequestLimiter = config.RequestLimiter.Disable
-	} else {
-		coreConfig.DisableRequestLimiter = true
-	}
-
 	if c.flagDev {
 		coreConfig.EnableRaw = true
 		coreConfig.EnableIntrospection = true

diff --git a/command/server/config_test_helpers.go b/command/server/config_test_helpers.go
@@ -614,7 +614,6 @@ func testLoadConfigFile_json(t *testing.T) {
 					Type:                  "tcp",
 					Address:               "127.0.0.1:443",
 					CustomResponseHeaders: DefaultCustomHeaders,
-					DisableRequestLimiter: false,
 				},
 			},
 
@@ -905,6 +904,7 @@ listener "unix" {
   redact_addresses = true
   redact_cluster_name = true
   redact_version = true
+  disable_request_limiter = true
 }`))
 
 	config := Config{
@@ -961,14 +961,15 @@ listener "unix" {
 					DisableRequestLimiter: true,
 				},
 				{
-					Type:              "unix",
-					Address:           "/var/run/vault.sock",
-					SocketMode:        "644",
-					SocketUser:        "1000",
-					SocketGroup:       "1000",
-					RedactAddresses:   false,
-					RedactClusterName: false,
-					RedactVersion:     false,
+					Type:                  "unix",
+					Address:               "/var/run/vault.sock",
+					SocketMode:            "644",
+					SocketUser:            "1000",
+					SocketGroup:           "1000",
+					RedactAddresses:       false,
+					RedactClusterName:     false,
+					RedactVersion:         false,
+					DisableRequestLimiter: true,
 				},
 			},
 		},

diff --git a/command/server/config_util_test.go b/command/server/config_util_test.go
@@ -6,7 +6,6 @@
 package server
 
 import (
-	"fmt"
 	"testing"
 
 	"github.com/hashicorp/vault/internalshared/configutil"
@@ -87,55 +86,3 @@ func TestCheckSealConfig(t *testing.T) {
 		})
 	}
 }
-
-// TestRequestLimiterConfig verifies that the census config is correctly instantiated from HCL
-func TestRequestLimiterConfig(t *testing.T) {
-	testCases := []struct {
-		name              string
-		inConfig          string
-		outErr            bool
-		outRequestLimiter *configutil.RequestLimiter
-	}{
-		{
-			name:              "empty",
-			outRequestLimiter: nil,
-		},
-		{
-			name: "disabled",
-			inConfig: `
-request_limiter {
-	disable = true
-}`,
-			outRequestLimiter: &configutil.RequestLimiter{Disable: true},
-		},
-		{
-			name: "invalid disable",
-			inConfig: `
-request_limiter {
-	disable = "people make mistakes"
-}`,
-			outErr: true,
-		},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			config := fmt.Sprintf(`
-ui = false
-storage "file" {
-	path = "/tmp/test"
-}
-
-listener "tcp" {
-	address = "0.0.0.0:8200"
-}
-%s`, tc.inConfig)
-			gotConfig, err := ParseConfig(config, "")
-			if tc.outErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, tc.outRequestLimiter, gotConfig.RequestLimiter)
-			}
-		})
-	}
-}
diff --git a/go.mod b/go.mod
@@ -193,7 +193,6 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pires/go-proxyproto v0.6.1
 	github.com/pkg/errors v0.9.1
-	github.com/platinummonkey/go-concurrency-limits v0.7.0
 	github.com/posener/complete v1.2.3
 	github.com/pquerna/otp v1.2.1-0.20191009055518-468c2dd2b58d
 	github.com/prometheus/client_golang v1.14.0