Page MenuHomePhabricator
Create Task
Maniphest T408128

api-gateway chart: make cookie name configurable for testing
Closed, ResolvedPublic
Actions

Description

In order to safely test user identification for rate limiting based on cookies in production, we need the following in the api-gateway chart:

  • the name of the cookie must be configurable, so we can set it to something other than the cookie set by actual clients
  • the name of the fallback ratelimit class must be configurable, so we can set it to something other than "anon", since "anon" will actually enforce rate limits.
  • a special rate limit class "no-limit" that will disable rate limiting by unsetting the request headers used to construct the rate limit descriptor. If headers needed for the descriptor are missing, Envoy does not send a request to the ratelimit service and passes the request unchallanged.
NOTE: Using plain cookies for user identification is of course insecure. This is a stepping stone to the next phase which will transition to JWT cookies.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
api-gateway: Release patch for ratelimit testoperations/deployment-chartsmaster+142 -38
api-gateway: make cookie name configurable for testingoperations/deployment-chartsmaster+49 -21
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Oct 23 2025, 2:59 PM
gerritbot added a comment.Oct 23 2025, 7:24 PM

Change #1198385 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] api-gateway: make cookie name configurable for testing

https://gerrit.wikimedia.org/r/1198385

gerritbot added a project: Patch-For-Review.Oct 23 2025, 7:24 PM
gerritbot added a comment.Oct 28 2025, 2:47 PM

Change #1199331 had a related patch set uploaded (by Clément Goubert; author: Polishdeveloper):

[operations/deployment-charts@master] api-gateway: Release patch for ratelimit test

https://gerrit.wikimedia.org/r/1199331

gerritbot added a comment.Oct 28 2025, 3:28 PM

Change #1198385 abandoned by Clément Goubert:

[operations/deployment-charts@master] api-gateway: make cookie name configurable for testing

Reason:

Stacked in Iec9ddec04c7d1a82bf48d2a0e54bbec2aa29f4dc

https://gerrit.wikimedia.org/r/1198385

JTweed-WMF moved this task from Inbox, needs triage to Next (DO NOT USE) on the MediaWiki-Platform-Team board.Oct 30 2025, 3:30 PM
daniel closed this task as Resolved.Oct 30 2025, 5:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits