Implement tests

Implement rate limit middleware
Implement rate limit ingress
4 changed files with 60 additions and 17 deletions
--- a/src/main/cljc/dda/c4k_forgejo/core.cljc
+++ b/src/main/cljc/dda/c4k_forgejo/core.cljc
@ -49,8 +49,11 @@
                   (forgejo/generate-service-ssh)                   
                   (forgejo/generate-data-volume config)
                   (forgejo/generate-appini-env config)
-                   (forgejo/generate-secrets auth)] 
-                  (forgejo/generate-ingress-and-cert config)
+                   (forgejo/generate-secrets auth)]
+                  (if (contains? config :average)
+                      (do (forgejo/generate-rate-limit-ingress-and-cert config)
+                          (forgejo/generate-rate-limit-middleware config))
+                      (forgejo/generate-ingress-and-cert config))
                  (when (contains? config :restic-repository)
                    [(backup/generate-config config)
                     (backup/generate-secret auth)
--- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc
+++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc
@ -42,6 +42,8 @@
 (s/def ::mailer-pw pred/bash-env-string?)
 (s/def ::issuer pred/letsencrypt-issuer?)
 (s/def ::volume-total-storage-size (partial pred/int-gt-n? 5))
+(s/def ::average int?)
+(s/def ::burst int?)

 (def config? (s/keys :req-un [::fqdn
                              ::mailer-from
@ -51,7 +53,9 @@
                     :opt-un [::issuer
                              ::deploy-federated
                              ::default-app-name
-                              ::service-domain-whitelist]))
+                              ::service-domain-whitelist
+                              ::average
+                              ::burst]))

 (def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password ::mailer-user ::mailer-pw]))

@ -121,15 +125,24 @@

 (defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
  [config config?]
-  (let [{:keys [fqdn average burst period]} config]
-    (-> 
-     (generate-ingress-and-cert config)
-     (#(cm/replace-key-value %
-      :traefik.ingress.kubernetes.io/router.middlewares 
-      (str 
-       (:traefik.ingress.kubernetes.io/router.middlewares 
-        (:annotations (:metadata %))) 
-       ", default-ratelimit@kubernetescrd")))))) ; ToDo: Rate Limit Konfig Optionen
+  (->
+   (generate-ingress-and-cert config) ; returns a vector
+   (#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
+               [1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
+               (str
+                (-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
+                ", default-ratelimit@kubernetescrd")))))
+
+
+; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
+(defn-spec generate-rate-limit-middleware pred/map-or-seq?
+  [config config?]
+  (let [{:keys [average burst]} config]
+  (->
+   (yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
+   (cm/replace-key-value :average average)
+   (cm/replace-key-value :burst burst)
+   )))

 (defn-spec generate-data-volume pred/map-or-seq?
  [config vol?]
--- a/src/main/resources/forgejo/middleware-ratelimit.yaml
+++ b/src/main/resources/forgejo/middleware-ratelimit.yaml
@ -1,10 +1,8 @@
-# Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: ratelimit
 spec:
-  rateLimit: # ToDo: Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
-    average: 100
-    burst: 50
+  rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
+    average: AVG
+    burst: BRS
--- a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc
+++ b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc
@ -130,3 +130,32 @@
          :storage-c2 "15Gi"}
         (th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
                      (cut/generate-data-volume {:volume-total-storage-size 15})))))
+
+(deftest should-generate-middleware-ratelimit
+  (is (= {:apiVersion "traefik.io/v1alpha1",
+          :kind "Middleware",
+          :metadata {:name "ratelimit"},
+          :spec {:rateLimit {:average 10, :burst 5}}}
+         (cut/generate-rate-limit-middleware {:fqdn "test.de"
+                                              :mailer-from ""
+                                              :mailer-host "m.t.de"
+                                              :mailer-port "123"
+                                              :service-noreply-address ""
+                                              :average 10
+                                              :burst 5}))))
+
+(deftest should-generate-middleware-ratelimit-ingress-and-cert
+  (is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
+          :traefik.ingress.kubernetes.io/router.middlewares
+          "default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
+          :metallb.universe.tf/address-pool "public"}
+         (-> (second
+              (cut/generate-rate-limit-ingress-and-cert
+               {:fqdn "test.de"
+                :mailer-from ""
+                :mailer-host "m.t.de"
+                :mailer-port "123"
+                :service-noreply-address ""
+                :average 10
+                :burst 5}))
+             :metadata :annotations))))
Author	SHA1	Message	Date
erik	054e6954af	Implement tests	4 months ago
erik	2a6b6ccf3f	Implement rate limit middleware	4 months ago
erik	13e718ca37	Implement rate limit ingress	4 months ago
erik	52e43fe23c	Add specs for rate limit options	4 months ago
erik	a63f170ace	Generate ingress with rate limit conditionally	4 months ago
erik	220eb337f9	No default values for optional rate limiting	4 months ago